Govern · Audit & Compliance

What auditors ask about AI now

May 2026 · Jason Lee

For two decades, “how do you manage vendor risk” and “show me your access controls” were the reliable rhythm of a SOC 2 or compliance audit. AI has added a new verse, and organizations are discovering it mid-audit, which is the most expensive place to discover anything.

Having built SOC 2 Type II systems from scratch — controls, evidence, audit — I can tell you the AI questions are not exotic. They are the same five questions auditors have always asked, pointed at a category of tool nobody registered.

The five questions

  1. “What AI tools are in use in your environment?” Not “what have you approved” — what is in use. The gap between those two lists is the finding. If your answer comes from a policy document rather than an inventory, the auditor has learned something, and not the thing you wanted.
  2. “What data can each of them reach?” Per tool: can it touch production data, customer records, regulated data classes? An AI meeting-notetaker authorized against the whole calendar tenant reaches more than most databases.
  3. “What agreements govern each vendor?” BAA or DPA status, training and retention terms, and — the question that catches everyone — which tier of the product the agreement actually covers.
  4. “Who owns each of these, and who approved them?” An owner per tool, an approval trail, and a named executive accountable for the program overall. “IT, sort of” is a finding wearing a costume.
  5. “Show me the record.” Usage attributable to individuals, review cadence, offboarding (does departing staff’s AI access die with their SSO?), and evidence the policy is enforced rather than published.

Notice what’s absent: nothing about model architecture, nothing technical. Auditors audit governance. The organization that can produce a current inventory with owners and agreements passes; the organization with a beautiful policy and no inventory does not.

The document that answers all five

The instrument is boring, which is why it works: the AI register. One structured record per tool. If your organization maintains a vendor register or an asset inventory, this is the same discipline with three AI-specific columns added.

THE INSTRUMENT Anatomy of an AI register One row per tool. Maintained quarterly. This is evidence — audits run on evidence. TOOL + TIER OWNER DATA IT CAN REACH AGREEMENT STATUS APPROVED USES ENFORCED BY REVIEWED LLM platform Enterprise tier COO Client records via gateway, minimized DPA signed · no training · zero retention (verified) Drafting, summarization, intake triage SSO only, gateway Q2 2026 Meeting notetaker Free tier Unowned Full calendar tenant, all recorded meetings No DPA · trains on inputs · retains by default None approved — in use anyway Nothing Never Coding assistant Mixed tiers CTO Source code, config (no secrets) Consolidating to enterprise tier — target: 30 days Code gen + review, non-prod only SSO capture in progress Q3 2026 Row two is why the register exists: the finding, visible before the auditor finds it. Add an executive owner for the register itself — unowned registers rot in a quarter.

Per tool: name and tier, business owner, data classes it can reach, agreement status (BAA/DPA, training excluded, retention terms), approved use cases, enforcement mechanism (SSO-only, network policy), and last review date. One spreadsheet, maintained quarterly, beats any quantity of policy prose — because it is evidence, and audits run on evidence.

The register also compounds quietly: it is the artifact your cyber-insurance renewal will ask about, the annex your counsel wants when a client questionnaire arrives asking “describe your use of AI,” and the first thing a diligence team requests if you ever sell the company. One document, four audiences.

Building it is a two-week task, not a program

Week one: the shadow AI inventory (identity-provider logs, network destinations, expense reports, connected apps) produces the tool list — including the tools nobody admits to. Week two: owners assigned, agreements pulled and verified against actual tiers, data-reach classified, first review dated. From zero to auditor-ready in the time most organizations spend scheduling the kickoff meeting.

The trap to avoid: treating the register as an IT artifact. Data-reach and agreement decisions are business-risk decisions; the register needs an executive owner, with IT as its maintainer. Unowned registers rot in a quarter, and a stale register answers the auditor’s questions worse than no register — it proves you knew and stopped looking.

Want the register in place before your next audit?

The AI register is a first-week deliverable of the AI Readiness Assessment, alongside the usage policy and the vendor risk review — and the assessment ends with one live automation running.