Publication Peer Review

AICM Auditing Guidelines
Open Until: 09/03/2025
Auditing steps for each of the 243 controls of the AI Controls Matrix for internal or external auditors that are going to examine organizations implementing the AI Controls Framework. These auditing steps are not exhaustive or prescriptive by nature, rather than a generic guide through recommendations for assessment. The auditing guidelines will address the 5 actors of an AI system: Application Provider (AP) Model Provider (MP) Orchestrated Service Provider (OSP) AI Customer (AIC) Cloud Service Provider (CSP).
The AICM auditing guidelines emphasize role-specific accountability across the AI supply chain, requiring tailored evaluation for model providers, application developers, orchestrators, platforms, and customers. Key focus areas include AI-aware change management, structured exception handling, rollback readiness, and rigorous quality testing.
The intent of this public peer review is to ensure the auditing gudelines are clear, scoped appropriately, and aligned with the control’s requirement to "include programs for all the relevant domains of the AICM", while avoiding overemphasis on AI specifics where they may not apply.
Please review the guidelines for:
The AICM auditing guidelines emphasize role-specific accountability across the AI supply chain, requiring tailored evaluation for model providers, application developers, orchestrators, platforms, and customers. Key focus areas include AI-aware change management, structured exception handling, rollback readiness, and rigorous quality testing.
The intent of this public peer review is to ensure the auditing gudelines are clear, scoped appropriately, and aligned with the control’s requirement to "include programs for all the relevant domains of the AICM", while avoiding overemphasis on AI specifics where they may not apply.
Please review the guidelines for:
- Accuracy and completeness of control coverage
- Appropriateness of AICM domain inclusion per actor
- Clarity of expectations and implementation logic
- Consistency in structure and tone across roles
The peer review period has concluded. Stay tuned for the release of the final document!