Govern · Audit & Compliance
What auditors ask about AI now
May 2026 · Jason Lee
For two decades, “how do you manage vendor risk” and “show me your access controls” were the reliable rhythm of a SOC 2 or compliance audit. AI has added a new verse, and organizations are discovering it mid-audit, which is the most expensive place to discover anything.
Having built SOC 2 Type II systems from scratch — controls, evidence, audit — I can tell you the AI questions are not exotic. They are the same five questions auditors have always asked, pointed at a category of tool nobody registered.
The five questions
- “What AI tools are in use in your environment?” Not “what have you approved” — what is in use. The gap between those two lists is the finding. If your answer comes from a policy document rather than an inventory, the auditor has learned something, and not the thing you wanted.
- “What data can each of them reach?” Per tool: can it touch production data, customer records, regulated data classes? An AI meeting-notetaker authorized against the whole calendar tenant reaches more than most databases.
- “What agreements govern each vendor?” BAA or DPA status, training and retention terms, and — the question that catches everyone — which tier of the product the agreement actually covers.
- “Who owns each of these, and who approved them?” An owner per tool, an approval trail, and a named executive accountable for the program overall. “IT, sort of” is a finding wearing a costume.
- “Show me the record.” Usage attributable to individuals, review cadence, offboarding (does departing staff’s AI access die with their SSO?), and evidence the policy is enforced rather than published.
Notice what’s absent: nothing about model architecture, nothing technical. Auditors audit governance. The organization that can produce a current inventory with owners and agreements passes; the organization with a beautiful policy and no inventory does not.
The document that answers all five
The instrument is boring, which is why it works: the AI register. One structured record per tool. If your organization maintains a vendor register or an asset inventory, this is the same discipline with three AI-specific columns added.
Per tool: name and tier, business owner, data classes it can reach, agreement status (BAA/DPA, training excluded, retention terms), approved use cases, enforcement mechanism (SSO-only, network policy), and last review date. One spreadsheet, maintained quarterly, beats any quantity of policy prose — because it is evidence, and audits run on evidence.
The register also compounds quietly: it is the artifact your cyber-insurance renewal will ask about, the annex your counsel wants when a client questionnaire arrives asking “describe your use of AI,” and the first thing a diligence team requests if you ever sell the company. One document, four audiences.
Building it is a two-week task, not a program
Week one: the shadow AI inventory (identity-provider logs, network destinations, expense reports, connected apps) produces the tool list — including the tools nobody admits to. Week two: owners assigned, agreements pulled and verified against actual tiers, data-reach classified, first review dated. From zero to auditor-ready in the time most organizations spend scheduling the kickoff meeting.
The trap to avoid: treating the register as an IT artifact. Data-reach and agreement decisions are business-risk decisions; the register needs an executive owner, with IT as its maintainer. Unowned registers rot in a quarter, and a stale register answers the auditor’s questions worse than no register — it proves you knew and stopped looking.