ChaptersEventsBlog
Register for DataSecAI 2025 in Dallas – Protect Data, Secure AI, and Drive Innovation

Publication Peer Review

AICM Auditing Guidelines
AICM Auditing Guidelines

AICM Auditing Guidelines

Open Until: 09/03/2025

Auditing steps for each of the 243 controls of the AI Controls Matrix for internal or external auditors that are going to examine organizations implementing the AI Controls Framework. These auditing steps are not exhaustive or prescriptive by nature, rather than a generic guide through recommendations for assessment. The auditing guidelines will address the 5 actors of an AI system: Application Provider (AP) Model Provider (MP) Orchestrated Service Provider (OSP) AI Customer (AIC) Cloud Service Provider (CSP).
The AICM auditing guidelines emphasize role-specific accountability across the AI supply chain, requiring tailored evaluation for model providers, application developers, orchestrators, platforms, and customers. Key focus areas include AI-aware change management, structured exception handling, rollback readiness, and rigorous quality testing. 

The intent of this public peer review is to ensure the auditing gudelines are clear, scoped appropriately, and aligned with the control’s requirement to "include programs for all the relevant domains of the AICM", while avoiding overemphasis on AI specifics where they may not apply.
Please review the guidelines for:

  • Accuracy and completeness of control coverage

  • Appropriateness of AICM domain inclusion per actor

  • Clarity of expectations and implementation logic

  • Consistency in structure and tone across roles



The peer review period has concluded. Stay tuned for the release of the final document!