u/Project_Lanky

I keep seeing colleagues submit Claude generated docs directly as deliverables. No edits, no review. Sometimes brackets still in. Sometimes the document contradicts itself. You can tell nobody read it after hitting generate.

I get using AI. I do it too, and a lot. I am just uncomfortable when people bring up "I generated with Claude" in meetings, send me a Claude generated report when I ask them to give feedback on something, or even worse, send some Claude generated docs as final deliverables without even making it look a bit less "Claude".

Seen it in legal, HR, project management, consulting. Everywhere really. The person looks productive but the thinking just... didn't happen.

I do believe that Claude is awesome, I use it all the time, but I just can't stand these AI blurbs everywhere, especially when these are docs I need to review. Why should I spend time giving feedback when the owner of the doc didn't even do the effort to read what Claude wrote?

Do you also see this in your org and how do you deal with it?

For those who have been through ISO 27001/SOC2/PCI DSS and other audits:

What are the most significant human / leadership failures you’ve seen that led to major findings or near audit failure?

Not technical gaps, but things like:

- control owners not actually performing controls

- managers bypassing or not enforcing processes

- low-quality or unreliable evidence being submitted

- lack of accountability or follow-through

How did auditors pick it up, and how was it written up?

Also, have you ever seen some people getting fired after a failed audit, and how did it happen?

Thanks.

For those who have been through ISO 27001 audits:

What are the most significant human / leadership failures you’ve seen that led to major findings or near audit failure?

Not technical gaps, but things like:

- control owners not actually performing controls

- managers bypassing or not enforcing processes

- low-quality or unreliable evidence being submitted

- lack of accountability or follow-through

How did auditors pick it up, and how was it written up?

Also, have you ever seen some people getting fired after a failed audit, and how did it happen?

Thanks.

Looking for people who've been through this.

I'm in a GRC role dealing with an IT manager who consistently works on escalation mode, generates policies straight from GenAI without a single edit, ignores tasks ownership, and provides low quality evidence for the audits if he doesn't go quiet. Leadership is aware, this has been going on for a couple of years. Nothing happens.

The downstream impact lands on GRC every time - audit gaps, unowned risks, and findings that could have been avoided with basic process compliance.

What I actually want to know:

- How did you protect your own audit trail when someone else was generating the risk?

- At what point did you stop fighting it and just document and move on?

Thanks for your input.

Looking for people who've been through this.

I'm in a GRC role dealing with an IT manager who consistently works on escalation mode, generates policies straight from GenAI without a single edit, ignores tasks ownership, and provides low quality evidence for the audits if he doesn't go quiet. Leadership is aware, this has been going on for a couple of years. Nothing happens.

The downstream impact lands on GRC every time - audit gaps, unowned risks, and findings that could have been avoided with basic process compliance.

What I actually want to know:

- How did you protect your own audit trail when someone else was generating the risk?

- At what point did you stop fighting it and just document and move on?

Thanks for your input.