Featured Publication — ISACA · 2025, Volume 6
Innovating Audit for an Innovative World
Traditional audit frameworks were built for static systems. AI systems learn, adapt, and shift between training and deployment. This paper maps what audit must become.
Audit practice has evolved through successive waves of technological change, from paper ledgers to enterprise systems, from on-premise infrastructure to cloud. AI is the next inflection. Unlike prior transitions, AI systems are not static artefacts: their behaviour can shift between training and the moment they are audited.
This paper examines how established audit disciplines, including GRC, IT audit, and financial audit, extend to systems with probabilistic outputs and opaque decision pathways. The authors map the gaps in existing frameworks and propose audit innovations aligned with responsible AI governance requirements.
“Auditing AI is not auditing software. The moment an organisation treats them as equivalent, the audit has already failed.”
Drawing on the NIST AI RMF, ISO 42001, and the EU AI Act, the paper grounds its recommendations in the regulatory context organisations are navigating now. Audit must become a continuous process, not a periodic snapshot.
Authors
Joshua Scarpino
CEO & Founder, Assessed Intelligence
Katie Grillaert
Chief Strategy Officer, Assessed Intelligence
Esther Y. Chung
Chief Privacy & Risk Officer, Assessed Intelligence
Nia Richard
Assessed Intelligence
Keith Parkman
Assessed Intelligence
Publication
ISACA
2025, Volume 6
Published Research
Read the Full Article
Innovating Audit for an Innovative World, published in ISACA, 2025, Volume 6.
