Your auditor is about to ask about AI agents. 9 things they’ll want to see<\/p>\n
Studies show that AI adoption outpaces understanding: 72% of organizations are already using or planning to use agentic AI, while 65% say their use of AI is moving faster than their ability to fully understand it, according to the 2025 Vanta State of Trust report.<\/p>\n
Audits are starting to reflect that gap. In 2025, 72% of S&P 500 companies disclosed<\/a> at least one material AI risk, up from 12% in 2023. Yet, only 26% of organizations<\/a> have comprehensive AI governance policies in place. \u200d<\/p>\n That shift is also formalizing. ISO 42001, published in 2023, gives organizations a structured AI Management System (AIMS) that auditors can certify against\u2014and it aligns closely with the EU AI Act, which becomes fully enforceable in August 2026. For companies building or deploying AI, it’s quickly becoming the governance benchmark, Vanta<\/a> reports.<\/p>\n What auditors actually evaluate in AI systems<\/p>\n Auditors aren\u2019t waiting for AI-specific frameworks to catch up\u2014they\u2019re applying the ones that already exist. Even though SOC 2 and the NIST AI RMF weren\u2019t designed with autonomous agents in mind, auditors map agent behavior directly to those controls. And with ISO 42001\u2014the first certifiable international standard built specifically for AI management systems\u2014auditors now have a dedicated framework to evaluate how organizations govern AI. If an AI agent can access data, trigger workflows, or make decisions, it\u2019s treated like any other system that can introduce risk.<\/p>\n \u200dThat shift is only speeding up. NIST\u2019s AI Agent Standards Initiative is expected<\/a> to shape compliance frameworks and vendor assessments as soon as 2027.<\/p>\n They\u2019re looking for control, which usually comes down to answering a few questions:\u200d<\/p>\n Can you explain what your AI systems do?<\/p>\n Can you show how access and decisions are controlled?<\/p>\n Can you provide evidence that oversight is consistent?<\/p>\n Underneath all of it is a simple standard: Your AI systems should behave predictably, securely, and in line with defined controls. Here are nine factors your auditor will likely want to see at your organization.<\/p>\n 1. A complete inventory of AI agents across your environment<\/p>\n Auditors will expect a clear list of every AI agent in use, so they can understand where automation is happening and what risks it may introduce. That includes agents across departments and functions, such as:\u200d<\/p>\n A support agent drafting and sending replies in Zendesk<\/p>\n A finance agent approving low-risk invoices in NetSuite<\/p>\n A sales agent updating Salesforce records<\/p>\n A security agent triaging alerts in real time<\/p>\n They\u2019ll also expect context like:<\/p>\n Where each agent is deployed<\/p>\n What systems it connects to<\/p>\n What actions it can take\u200d<\/p>\n Most organizations don\u2019t have this fully mapped. That\u2019s where shadow AI<\/a> starts to creep in.\u200d<\/p>\n 2. Defined ownership for every AI system<\/p>\n To help mitigate that shadow AI risk, every AI system needs a clear owner. That owner should be responsible for:\u200d<\/p>\n Approving agent use cases<\/p>\n Managing changes and updates<\/p>\n Monitoring performance and risk\u200d<\/p>\n Without ownership, issues tend to stall. A finance agent might be configured by engineering, used by finance, and reviewed by security. When something breaks, no one is fully accountable.<\/p>\n 3. Clear boundaries on what agents can and cannot do<\/p>\n Auditors will look closely at how access and permissions are defined and enforced\u2014what each agent is allowed to do, what it\u2019s blocked from doing, and what systems or data it can access. After all, Vanta\u2019s report found that only 48%<\/a> of organizations have frameworks in place to limit AI autonomy.<\/p>\n Each agent should be treated like its own identity, with scoped permissions that can be audited and reviewed. In practice, this might look like:\u200d<\/p>\n A support agent that\u2019s allowed to issue refunds under $100, but is prevented from issuing larger refunds without human approval.<\/p>\n A procurement agent that can draft purchase orders, but can\u2019t approve or send them without a reviewer.<\/p>\n A CRM automation agent that can update customer records, but has no access to financial systems.\u200d<\/p>\n These boundaries map directly to access control requirements in SOC 2 and ISO 27001. ISO 42001 goes further\u2014it explicitly requires organizations to define the scope of AI autonomy, document whether they serve as an AI developer, deployer, or user, and conduct AI impact assessments that evaluate downstream risks of agent actions.<\/p>\n 4. Evidence of human oversight and intervention points<\/p>\n Autonomy needs guardrails. Auditors expect human approval for sensitive actions, clear escalation paths, and the ability to override or stop an agent.\u200d<\/p>\n In practice, issues often emerge gradually: An agent starts by recommending refunds, then auto-approves under a threshold, and eventually expands its scope without formal review. Oversight needs to stay consistent as autonomy increases.<\/p>\n 5. Logging and traceability of AI decisions<\/p>\n If an AI agent takes action, you need a record of it. Auditors expect logs that capture what happened, when it happened, what inputs were used, and why the decision was made.<\/p>\n For example, if an agent updates 200 CRM records in an hour, you should be able to trace exactly what triggered that behavior.\u200d<\/p>\n This visibility supports both auditability and incident response.<\/p>\n \u200d6. Data handling and model input controls<\/p>\n AI systems are only as controlled as the data they use. Auditors want to see clear rules around what data an agent can access, how it\u2019s used, and whether sensitive information is properly protected.<\/p>\n \u200dIn practice, that means limiting agents to only the data they need, anonymizing or minimizing personal data, and ensuring consent where required. For example, a support agent shouldn\u2019t have access to full customer records if it only needs ticket history to do its job.<\/p>\n Many controls are still uneven. Vanta\u2019s report found that only 35% of organizations rely solely on anonymized data, and just 31% require opt-in for AI data usage, leaving plenty of room for inconsistent handling.<\/p>\n \u200d7. Risk assessments specific to AI systems<\/p>\n AI introduces new types of risk, and auditors expect formal assessments that account for things like misuse scenarios, model failures, and downstream impact across systems. ISO 42001 formalizes this through a requirement for AI impact assessments\u2014structured evaluations of how an AI system could affect individuals, groups, and society, including considerations around bias, transparency, and ethical use.<\/p>\n That means you\u2019ll want to add AI-specific risks to your risk planning. That might include creating plans for scenarios like what happens if an agent approves fraudulent invoices or exposes sensitive data through outputs or logs.<\/p>\n \u200dOnly 45% of organizations conduct regular AI risk assessments today, according to the Vanta report.<\/p>\n \u200d8. Continuous monitoring, not point-in-time reviews<\/p>\n AI systems don\u2019t adhere to audit schedules. Auditors expect ongoing monitoring of behavior and access, alerts for anomalies, and clear visibility into how systems change over time\u2014because models, integrations, and permissions can shift quickly, introducing new risks without obvious signals.<\/p>\n At the same time, Vanta research shows teams already spend an average of 12 weeks per year on compliance work, making manual reviews hard to sustain in dynamic environments. Continuous monitoring is what actually scales.<\/p>\n 9. Evidence, not policies<\/p>\n Auditors want proof that controls are working in practice. Sixty-one percent of organizations say they spend more time proving security than improving it, according to Vanta\u2019s report\u2014highlighting how critical automation has become. Evidence should be continuously collected, easy to verify, and directly tied to controls.<\/p>\n This includes process documentation that clearly defines roles and responsibilities, along with systems that automatically collect and map evidence to controls. This is where your ticketing or workflow system comes in.<\/p>\n What to do now before your next audit<\/p>\n You don\u2019t need to solve everything at once. Start with structure. Focus on building a centralized inventory of AI agents, assigning clear ownership, implementing identity-based access controls, monitoring activity continuously, and automating evidence collection and reporting. Documented processes need to be made available and updated regularly when changes are made.<\/p>\n These steps align closely with how auditors are already evaluating AI systems.<\/p>\n This story<\/a> was produced by Vanta<\/a> and reviewed and distributed by Stacker<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"Your auditor is about to ask about AI agents. 9 things they’ll want to see Studies show that…\n","protected":false},"author":2,"featured_media":40289,"comment_status":"","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[405,4638,7537,513,647],"class_list":{"0":"post-40288","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-agentic-ai","8":"tag-ai-agents","9":"tag-ai-systems","10":"tag-artificial-intelligence-agents","11":"tag-autonomous-agents","12":"tag-organizations"},"_links":{"self":[{"href":"https:\/\/www.europesays.com\/ai\/wp-json\/wp\/v2\/posts\/40288","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.europesays.com\/ai\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.europesays.com\/ai\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.europesays.com\/ai\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.europesays.com\/ai\/wp-json\/wp\/v2\/comments?post=40288"}],"version-history":[{"count":0,"href":"https:\/\/www.europesays.com\/ai\/wp-json\/wp\/v2\/posts\/40288\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.europesays.com\/ai\/wp-json\/wp\/v2\/media\/40289"}],"wp:attachment":[{"href":"https:\/\/www.europesays.com\/ai\/wp-json\/wp\/v2\/media?parent=40288"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.europesays.com\/ai\/wp-json\/wp\/v2\/categories?post=40288"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.europesays.com\/ai\/wp-json\/wp\/v2\/tags?post=40288"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}