ServicesGovern & AssureFinance & TransactionsTransform & DigitizeOperate & Scale
FrameworkAI Policy DevelopmentResponsible AIData Governance
RegulationsGCC regulationsRegulations & standardsResearch & benchmarks
Insights
About
Contact
Book a consultation
Practice · AI Audit & Assurance

Independent assurance. Objective evaluation.

We test AI systems the way auditors test controls — independently, against defined criteria, with evidence — and report what we find in language an audit committee can act on.

What this practice does

The opinion your vendor can't give you.

Most AI assurance on the market is performed by the same firm that built or sells the system. This practice is independent of both. It exists to answer one question for boards and audit committees: does this AI system actually do what management says it does — fairly, safely and within its mandate?

Core deliverables

AI audit programmeBias & fairness test resultsExplainability assessmentGenAI red-team findingsAgentic AI control testingAudit-committee evidence pack
At a glance
DifferentiatorG1 · Independent assurance
OutputAudit-committee evidence pack
Cycle optionsOne-off · quarterly · annual
ConflictsNone — independent assurance only
Tested against
Why it matters now

Self-assessment is not assurance.

Vendors marking their own homework

The team that built the model reporting on the model is a conflict of interest, not a control. Independence is the whole point of assurance.

Audit committees fed slideware

Committees are being asked to take comfort from vendor decks and demo videos. Comfort should come from tested controls and logged evidence.

GenAI in production, untested

Customer-facing LLM applications ship without prompt-injection testing, jailbreak testing or output monitoring — risks no traditional audit plan covers.

Agents acting without audit trails

Agentic systems take actions, not just make predictions. If an agent can move money, send mail or change records, its controls need testing like any other actor's.

Scope of work

What we test.

Audit programme design

Risk-based AI audit universe, criteria and cycle — built to slot into your existing internal audit plan.

Bias, fairness & explainability

Documented testing against defined fairness metrics, with explainability evidence a reviewer can reproduce.

GenAI red-teaming

Prompt injection, jailbreak and data-leakage testing for LLM applications, with severity-rated findings.

Agentic AI control testing

Mandate limits, human-in-the-loop gates, action logging and rollback controls for autonomous agents.

Evidence & audit-trail review

Are decisions logged, attributable and retained? We test the trail a regulator would walk.

Audit-committee reporting

Findings, ratings and management actions in standard audit-report form — plus continuous-assurance options for recurring cycles.

How we engage

Point-in-time audit or recurring cycle.

1

Plan

  • Scope & criteria agreement
  • System documentation review
  • Test plan sign-off
2

Test

  • Control & model testing
  • Red-team execution
  • Evidence collection
3

Report

  • Findings & ratings
  • Management action plans
  • Audit-committee presentation

Get an opinion nobody paid to be positive.

Tell us which AI system keeps your audit committee up at night. We'll scope an independent review of it.

Book a consultation