Beginner

Introduction to AI Audit & Compliance

AI auditing is the systematic examination of AI systems to verify they meet performance, fairness, safety, and regulatory standards. As AI becomes embedded in critical decisions, auditing is essential for accountability.

What is AI Auditing?

An AI audit is an independent, structured assessment of an AI system's design, development, deployment, and impact. Unlike traditional software auditing, AI auditing must address unique challenges:

  • Non-deterministic behavior: AI systems can produce different outputs for similar inputs, making traditional test-based verification insufficient
  • Emergent properties: Complex models may exhibit behaviors that were not explicitly programmed or anticipated during development
  • Data dependency: AI system performance is fundamentally tied to training data quality, representativeness, and provenance
  • Continuous evolution: Models may be retrained or updated, requiring ongoing rather than point-in-time auditing
  • Opacity: Many AI models, especially deep learning systems, resist straightforward explanation of their decision-making processes

Types of AI Audits

Audit Type Focus Common Triggers
Bias Audit Fairness metrics, disparate impact, protected characteristics NYC Local Law 144, EU AI Act, pre-deployment review
Technical Audit Model performance, robustness, security, data quality Pre-deployment validation, incident investigation
Compliance Audit Regulatory requirements, industry standards, internal policies Regulatory examination, certification, internal governance
Ethics Audit Alignment with ethical principles, societal impact, stakeholder concerns Stakeholder complaints, new deployment contexts
Process Audit Development practices, governance procedures, documentation ISO certification, internal quality assurance

The Regulatory Push for AI Auditing

NYC Local Law 144

Requires annual bias audits by independent auditors for automated employment decision tools (AEDTs) used in hiring and promotion in New York City. The first major U.S. algorithmic auditing mandate.

EU AI Act

Requires conformity assessments for high-risk AI systems before market placement. Mandates ongoing monitoring, documentation, and third-party auditing for certain categories of AI applications.

Financial Regulation (SR 11-7)

U.S. banking regulators have long required model risk management and independent validation for financial models. These requirements now extend to AI and ML models used in banking.

Emerging Standards

ISO/IEC 42001 (AI management systems), IEEE standards for algorithmic bias, and NIST AI RMF all provide frameworks that inform AI auditing practices and expectations.

Growing Demand: The AI auditing profession is in its early stages. There is currently no universally accepted certification for AI auditors, no standardized audit methodology, and limited case law defining audit standards. This course provides the foundational knowledge to navigate this evolving landscape.
💡
Next Up: In the next lesson, we explore structured audit frameworks — how to plan, scope, execute, and report an AI audit systematically.