Glossary term
Glossary term
Governance and Compliance
An independent, systematic review of whether the AIMS conforms to requirements and is effectively implemented. Internal audit should sample real AI use cases, test the inventory for completeness, inspect risk decisions, verify control operation, and challenge whether human oversight is meaningful.
The Institute of Internal Auditors (IIA) published its AI Auditing Framework in 2017 and updated guidance in 2023 covering AI strategy, governance, and the human factor.
Big Four firms including Deloitte, PwC, EY, and KPMG offer AI internal audit services aligned to NIST AI RMF, ISO 42001, and the EU AI Act.
Under ISO 42001 clause 9.2, internal audits must be conducted at planned intervals to provide information on conformity and effective implementation of the AIMS.