Executive summary
As organisations adopt AI at scale, internal audit is increasingly asked to provide independent assurance over the way AI is governed, deployed and controlled. This article sets out a practical approach for auditing AI systems — covering governance, accountability, data, model risk, security, third parties and monitoring — and is distinct from our companion article on using AI inside the internal audit function.
This article focuses on how internal audit should assess the organisation's AI systems. It is distinct from AI in Internal Audit: Practical Use Cases, Risks and Controls, which addresses the use of AI inside the audit function.
Why AI now needs structured internal audit attention
AI is becoming embedded in customer-facing decisions, operational processes and management information. As that happens, audit committees and boards expect internal audit to provide credible, independent assurance that AI is being governed and controlled with the same discipline as any other material risk.
AI governance and accountability
Effective AI assurance starts with governance: is there a clearly mandated body that owns AI strategy, risk appetite, policies and significant use-case decisions? Are roles and responsibilities defined across business owners, model owners, technology, risk, compliance and second-line functions? Internal audit should test whether AI governance arrangements actually operate, not only whether they are documented.
AI inventories and classification
An accurate inventory of AI systems — including generative AI, third-party AI features embedded in core platforms and material agentic AI use cases — is fundamental. Internal audit should evaluate completeness, classification by risk, tiering and the link between inventory and oversight: high-impact systems should attract proportionate governance, controls and monitoring.
Board and executive oversight
Audit should assess how AI is reported to the board and executive committees: visibility of material AI use cases, residual risks, incidents and dependencies. Reporting should be decision-useful — not a technology catalogue.
Policies and standards
Audit should evaluate the AI policy framework: acceptable use, prohibited use, data handling, human-in-the-loop requirements, approval gates, model documentation, monitoring and incident management. Policies should be aligned with relevant frameworks and proportionate to risk.
Data quality, lineage and privacy
AI outcomes are only as good as the data behind them. Audit should test data quality, lineage, access controls, retention and the privacy and confidentiality controls applied to data used for training, fine-tuning, prompts and inference, including the implications for personal and confidential data.
Model risk and validation
Audit should consider whether models are documented, validated and reviewed proportionate to risk: purpose, intended use, limitations, performance metrics, validation evidence, change control and retirement. For high-impact models, independent challenge and ongoing monitoring should be evidenced.
Bias, fairness and explainability
For decisions that affect customers, employees or other stakeholders, audit should evaluate how bias and fairness risks are identified, tested and mitigated, and how explainability is provided to users, customers and supervisors where required.
Human oversight and the human-in-the-loop
Internal audit should test whether human oversight is real, not nominal: documented authority to override, evidence of intervention, training, escalation routes and clarity on which decisions must not be fully automated.
Cybersecurity for AI
AI introduces new threat vectors — prompt injection, model exfiltration, training data poisoning, prompt and output logging risk, and supply-chain exposure. Audit should evaluate how cybersecurity controls have been extended to cover AI development, deployment and operation, in partnership with information security.
Third-party and vendor AI risk
Material AI capability often sits in third-party platforms. Audit should test how third-party AI is selected, contracted, governed and monitored: model documentation, data protection, security, sub-processors, lock-in, contractual rights of audit and exit arrangements.
Generative AI and agentic AI risks
Generative AI raises specific risks: hallucinations, intellectual property exposure, confidentiality leakage and inconsistent outputs. Agentic AI — systems taking actions on behalf of the organisation — raises further risks around authority, traceability and reversibility. Audit should test whether use cases are scoped, authorised and monitored against these risks.
Legal and regulatory considerations
Audit should assess how the organisation tracks and responds to evolving AI regulation, sector guidance and emerging case law, and whether material AI use cases are reviewed against legal and regulatory expectations as part of approval and ongoing monitoring.
Performance monitoring
AI performance can drift. Audit should test whether monitoring covers accuracy, fairness, stability and operational metrics, with defined thresholds, alerts and management response — and that monitoring outputs are reviewed by accountable owners, not only by the model team.
Incident management for AI
Audit should evaluate how AI incidents and near-misses are identified, triaged, escalated, remediated and learned from — and how lessons feed back into governance, controls and the wider risk framework.
Audit evidence considerations
Auditing AI requires evidence that is reproducible, traceable and proportionate: documented use cases, model documentation, validation reports, monitoring outputs, access logs, change records and incident logs. Where evidence relies on technical artefacts, audit should ensure those can be re-examined.
Example audit scope and work programme
A pragmatic first AI audit scope often covers: governance and accountability, AI inventory and classification, a sample of material high-impact use cases (data, model, security, human oversight, monitoring), third-party AI risk and incident management. Subsequent audits drill into specific themes — model risk, data, security, customer outcomes — and into individual high-impact systems.
Reporting to the board and audit committee
Reports should be clear and decision-useful: what was in scope, what good looks like, where the organisation stands, what the residual risks are and what management is being asked to do about them. Heat-maps, maturity views and forward look-aheads usually land better than long technical narratives.
How DisInnova supports internal audit on AI
DisInnova helps internal audit functions design proportionate, credible assurance approaches for AI through our internal audit advisory and assurance services and internal audit transformation, alongside our companion article on AI inside the audit function and our broader perspective on AI governance for boards. Explore DisInnova's advisory services for the wider governance, risk and transformation context.
Key takeaways
- Anchor AI assurance in governance, accountability and inventory before drilling into model detail
- Treat data, model risk, security and third-party AI risk as core audit themes, not specialist niches
- Test human oversight and incident management — not only design, but real operation
- Report to the board and audit committee in clear, decision-useful language
- Sequence coverage as a programme, not a one-off engagement
Written by
DisInnova Advisory Team
DisInnova's insights are prepared by a senior practitioner-led advisory firm with credentials across internal audit, IT audit, governance, risk management, controls, fraud examination, strategy, corporate governance and financial services, including CIA, CISA, CFE, CRMA, CRISC and related professional certifications.
This article is general advisory information and does not constitute legal, regulatory, audit, tax, investment or professional assurance advice.