KPMG Bluebird IT Audit Challenge 2025

Project Overview

Real-world IT-audit case challenge focused on technology risks in POS/ATM and payment systems. Our team assessed threat surfaces, mapped control objectives, and proposed test plans and remediation priorities under time pressure.

What I Did

• Framed the audit scope quickly: POS/ATM threat model, data integrity, interface security, and change management.
• Built a concise control matrix (design vs. operating effectiveness) and drafted practical test steps/evidence lists.
• Outlined data-consistency checks across POS → clearing/ERP; suggested offline-mode limits and log retention controls.
• Prepared a small set of slides/checklists that teammates (audit background) could execute consistently.

Reflection

The prompt was unexpectedly technical, but my prior exposure to payments and POS architecture helped me lead two audit teammates and push us into the semifinals. The biggest lesson: judges value clear, testable controls more than theory—spell out “objective → risk → control → test step → evidence”. Mapping cloud POS, mobile POS and omni-channel flows to a simple audit path (transaction → logs → interfaces → reconciliation) made the solution actionable. Unfortunately, the offline final overlapped with the start of semester, so we could not attend. Still, this sprint taught me how to bridge tech details with audit rigor, and how to ship a minimal, repeatable audit playbook under tight time constraints.