What is AI and automation assurance?

An independent check on the AI and automated workflows your business has already deployed. It does not ask where you could use them. It asks whether what you are already running does what it should, whether it is safe and compliant, and whether someone is accountable when a routine or a model gets it wrong. The output is a report you can act on, hand over, or take to your board.

How is this different from the AI and Automation Audit?

The AI and Automation Audit finds opportunities: where AI and automation would be worth doing in a business that has not started. This reviews what you already run. If you are still deciding where to begin, the audit is the right door. If you have already turned things on and want an independent set of eyes over them, this is.

What do you actually check?

Seven areas, against evidence rather than opinion: who owns each system, where the data goes, whether there are controls and a record of what happened, whether outputs are fair and explainable, whether it is reliable, whether it is secure, and whether it does what it was deployed to do. The discipline is internal audit. The subject is your AI and automation.

Do you take commission from any AI vendor?

No. No vendor pays us and no commission flows from any finding. Independence is the product. The party that sold you the AI, or the platform your automations run on, is not the party to tell you whether it is working, or where the control gap is.

Can you train our team as well?

Yes. Assurance often surfaces capability gaps, so the work pairs with AI and automation governance and safe-use training for the people who run the tools and routines day to day.

Independent assurance

AI and Automation Assurance.

Quick answer

Independent assurance over the AI and automation your business already runs. We assess whether your tools and automated routines do what they should, whether they are safe and compliant, and who owns the risk, then hand you a report and a plan to close the gaps that matter. Done by an internal auditor, not a vendor, and on no commission from anyone.

Who runs it

An internal auditor, not a vendor.

The assessment is run by an IIA-certified internal auditor with around fifteen years' practice, across central government, national infrastructure, and financial services. Process auditing is the day job. AI and automation are what it now points at.

The credential is real and checkable. Around fifteen years of internal audit across the Home Office, Highways England, Nationwide Building Society, Network Rail, and most recently a household-name UK brand. The methodology here is internal audit, applied to AI.

The framework

Seven areas to assess.

Each one is assessed against evidence, not opinion: what is in place across your AI and your automated workflows, what it touches, and who is accountable when it goes wrong.

Governance and ownership

Is there a named owner for each AI use case and automated routine, a record of what they do, and a clean way off a supplier if you need one? Unowned AI, orphaned automations, and quiet lock-in are the most common findings.

Data and GDPR

Where client and personal data flows once AI or an automated workflow touches it. Article 28 obligations do not disappear because a routine was easy to switch on.

Controls and human oversight

Whether a person can see, check, override, and understand what the AI or automation does before it acts, and whether the outputs that affect people are fair. A routine running unattended with nobody watching the output is exactly what this surfaces.

Reliability and outcomes

Whether automations are monitored, fail safely, and alert someone when they break or quietly drift off course, and whether the AI and automation still deliver what they were turned on to do. A workflow failing silently for months is a real exposure.

Security and robustness

Whether the AI and automations can be misled or misused. Prompt injection, sensitive data leaking out through a model, a workflow tricked into acting on bad input. The newest attack surface, and the one most teams have not looked at.

Compliance and policy

Whether there is a written AI and automation use policy, whether it matches what the team actually does, and whether it meets what your sector expects.

People and capability

Whether the team trusts the tools, knows when to override them, and has somewhere to raise a problem. Adoption is a behaviour, not a licence count.

Why independent matters

Independent means independent.

The reason independent assurance matters is the reason an independent audit of any kind matters. The platform you build on is not the right party to assess whether the platform you build on is the right choice. Anthropic will not tell you Claude is the wrong fit. Microsoft will not tell you Copilot is being oversold inside your own business. The vendor whose tool runs your automations will not tell you a routine has been failing quietly for a month. A vendor’s job is to grow its seat count, not to flag the control you are missing.

We are independent AI and automation specialists. No vendor pays us, no commission flows from any finding, and the finding is the finding whether it suits a supplier or not. The output is a report on our brand: what is working, what is exposed, who owns each risk, and the shortest route to closing the gaps that matter.

If the report surfaces work worth doing, that is your decision and a separate engagement. You can act on it yourself, hand it to the team already building, or ask us to help. The assurance is the assurance.

Vendor-agnostic, no commission. No supplier pays us and no commission rides on any finding. The review runs on your stack, and the report is yours to keep, act on, or hand over.

Assurance plus capability

The team that runs it should understand it.

Assurance routinely surfaces a capability gap: the people running the AI and the automations day to day were never shown where they help, where they do not, and where to draw the line. So the work pairs with training.

AI and automation governance and safe-use training. Practical sessions built on your team's actual work, so the judgement and the guardrails sit with the people, not just in a policy document.

See AI Training

Is this you?

For businesses already running this, not just thinking about it.

If you have moved past the pilot and AI and automation are now touching real work, the question changes from "where do we start" to "is this safe, and who is checking".

You are already investing in AI and automation, perhaps with people building it in-house, and want an independent set of eyes over it.

Automated routines are firing across the business, some unattended, and you need to know they are owned and monitored.

Someone senior has asked whether the AI and automation you run are safe, compliant, and owned, and you want a straight answer.

What it costs

Scoped to your programme.

The right depth depends on how much AI and automation you are running and how much is at stake, so the fee is agreed on a short scoping call before any work starts. No vendor commission sits underneath it, so the number is the number.

Audit or assurance?

Which one do you need?

Two different jobs, easy to mix up. One finds where AI and automation are worth doing. The other independently checks the AI and automation you already run.

AI and Automation Audit

“Where should we use AI and automation, and what is it worth?”

For businesses working out where to start, or where to invest next.
You leave with the opportunities worth doing, a maturity scorecard, and a 30-day plan.

Go to the Audit →

You are here

AI and Automation Assurance

“Is the AI and automation we already run safe, controlled, and owned?”

For businesses already live, often building in-house.
You leave with an independent review of the risks and controls, and the gaps that matter.

Want an independent set of eyes over your AI and automation?

Start with a short scoping call. No commitment and no sales pitch. We agree the review is the right shape for where you are, or we do not.

Book a scoping call

Last updated: 19 June 2026