Independent assurance. Objective evaluation.
We test AI systems the way auditors test controls — independently, against defined criteria, with evidence — and report what we find in language an audit committee can act on.
The opinion your vendor can't give you.
Most AI assurance on the market is performed by the same firm that built or sells the system. This practice is independent of both. It exists to answer one question for boards and audit committees: does this AI system actually do what management says it does — fairly, safely and within its mandate?
Core deliverables
At a glance
Tested against
Self-assessment is not assurance.
Vendors marking their own homework
The team that built the model reporting on the model is a conflict of interest, not a control. Independence is the whole point of assurance.
Audit committees fed slideware
Committees are being asked to take comfort from vendor decks and demo videos. Comfort should come from tested controls and logged evidence.
GenAI in production, untested
Customer-facing LLM applications ship without prompt-injection testing, jailbreak testing or output monitoring — risks no traditional audit plan covers.
Agents acting without audit trails
Agentic systems take actions, not just make predictions. If an agent can move money, send mail or change records, its controls need testing like any other actor's.
What we test.
Audit programme design
Risk-based AI audit universe, criteria and cycle — built to slot into your existing internal audit plan.
Bias, fairness & explainability
Documented testing against defined fairness metrics, with explainability evidence a reviewer can reproduce.
GenAI red-teaming
Prompt injection, jailbreak and data-leakage testing for LLM applications, with severity-rated findings.
Agentic AI control testing
Mandate limits, human-in-the-loop gates, action logging and rollback controls for autonomous agents.
Evidence & audit-trail review
Are decisions logged, attributable and retained? We test the trail a regulator would walk.
Audit-committee reporting
Findings, ratings and management actions in standard audit-report form — plus continuous-assurance options for recurring cycles.
Point-in-time audit or recurring cycle.
Plan
- Scope & criteria agreement
- System documentation review
- Test plan sign-off
Test
- Control & model testing
- Red-team execution
- Evidence collection
Report
- Findings & ratings
- Management action plans
- Audit-committee presentation
Get an opinion nobody paid to be positive.
Tell us which AI system keeps your audit committee up at night. We'll scope an independent review of it.
Book a consultation