Regulatory Compliance Audits
At AI & Partners, our audit practice assists with a range of compliance obligations under the EU AI Act by conducting independent regulatory compliance audits and reviews of related information and data.
AI & Partners assists clients to fulfil a range of compliance obligations by conducting independent audits and reviews of related information and other data. We help our clients identify incidences of non-compliance and increase confidence in the integrity of the information, systems and processes under review.
What Is Covered?
Our regulatory compliance audit assesses how well your business adheres to the rules of the EU AI Act it has to follow and is a fundamental part of any compliance program.
It also addresses the effectiveness of your internal controls, such as 'how do you track and measure your performance against these externally imposed or internal requirements'?
Our regulatory compliance audits are carried out by assessing whether activities, transactions and information comply, in all material respects, with the authorities which govern the audited entity.
Why Are They Important?
Regulatory compliance audits are essential because they give your board full visibility into every aspect of your business, including those areas that might not be reviewed regularly.
As well as having a better understanding of the business, regulatory compliance audits also serve another essential function: they help us strengthen our relationship with the teams responsible for delivering performance.
As frontline workers rarely have opportunities to engage with management and the board, they may perceive regulatory compliance audits negatively as an exercise in identifying deficiencies rather than a forward-looking process to catalyse improvement. By engaging with the wider business, we are able to instil attitudes and behaviours that produce positive change.
What Principles Are Followed?
Our regulatory compliance audits involve a systematic process of objectively obtaining and evaluating evidence as to whether an AI system is in compliance with applicable provisions of the EU AI Act. The principles below are fundamental to the conduct of our regulatory compliance audits. The nature of the audit is iterative and cumulative.
We have devised principles that must be considered prior to commencement and at more than one point during the audit process (General Principles) and those related to steps in the regulatory compliance audit process itself (Regulatory Compliance Audit Process).
What Are The General Principles
Professional Judgement and Scepticism. We plan and conduct the audit with professional scepticism and exercise professional judgement throughout the regulatory compliance audit process.
Quality Control. We take responsibility for the overall quality of the regulatory compliance audit.
Regulatory Compliance Audit Team Management and Skills. We have access to the necessary skills.
Regulatory Compliance Audit Risk. We consider regulatory compliance audit risk throughout the audit process.
Materiality. We consider materiality throughout the regulatory compliance audit process.
Documentation. We prepare sufficient regulatory compliance audit documentation.
Communication. We maintain effective communication throughout the regulatory compliance audit process.
What Is The Process
Planning and Designing a Regulatory Compliance Audit
Regulatory Compliance Audit Scope. We make the regulatory compliance audit scope clear, appropriate and easy to understand.
Subject Matter and Criteria. We identify the subject matter and suitable criteria.
Understanding Our Clients. We understand our clients' in light of the EU AI Act.
Understanding Internal Controls and the Control Environment. We understand the control environment and the relevant internal controls and consider whether they are likely to ensure compliance.
Risk Assessment. We perform a risk assessment to identify risks of non-compliance.
Risk of Fraud. We always consider the risk of fraud.
Regulatory Compliance Audit Strategy and Audit Plan. We develop a regulatory compliance audit strategy and associated audit plan.
Regulatory Compliance Audit Evidence. We gather sufficient appropriate regulatory compliance audit evidence to cover the scope.
Evaluating Regulatory Compliance Audit Evidence and Forming Conclusions. We evaluate whether sufficient and appropriate regulatory compliance audit evidence has been obtained and form relevant conclusions.
Reporting. We prepare a report based on the principles of completeness. objectivity, timeliness and a contradictory process.
Follow-Up. We follow-up on instances of non-compliance when appropriate.