A few files, read carefully, written about openly.

No. 01

The 30 April 2026 letter, CPS 220, CPS 230, CPS 234, CPS 510, read carefully, mapped to AI deployments, written about as the prudential surface develops.

No. 02

The CDR rollout across banking, energy, and non-bank lending; accreditation tiers; action initiation; where AI sits in the data-recipient and action-initiator lifecycle.

No. 03

Where model risk, the CDR consent ledger, and the first-line build team actually sit when half that first line is software. How agentic workflows redistribute decision rights, evidence, and accountability, what that does to three-lines-of-defence and audit programme design, and what the org chart of a regulated AI team should actually look like.

No. 04

Workpapers, evidence, the IIA standards as they apply to AI assurance, and the practical question of what an audit trail looks like for a model.

No. 05

What an audit-committee chair might reasonably ask. What documentary evidence the chair should expect in return. Director-level reading of the regulator file.

No. 06

Material service providers under CPS 230, vendor contract review, exit planning, and the operational resilience layer beneath any production AI deployment.

No. 07

DISR Voluntary AI Safety Standard, the National AI Plan, OAIC privacy intersections, NSW AI Assurance Framework: the federal and state layers read together.