Audit Agent Capabilities, Boundaries & Controls
Document version 1.0 • 23 March 2026 • Confidential — Client Copy
Each card below defines one audit agent's role with full transparency: what it does, what it does not do, what data it touches, and when it hands control to a human. These cards serve as both operational documentation and governance artifacts.
| Goal | Map existing business processes, identify automation candidates, and document current-state workflows with dependencies and bottlenecks. |
| Scope | Does NOT redesign processes, make implementation decisions, or access production systems directly. Discovery and documentation only. |
| Inputs | Process documentation, stakeholder interviews (transcripts), system logs, workflow tool exports (BPMN, Visio), SOP documents. |
| Outputs | Process map (current state), dependency graph, bottleneck report, automation opportunity score per process, recommended priority list. |
| Permissions | Read access to shared documentation repositories and workflow tools. No write access. No access to PII or financial systems. |
| Escalation | Escalates when: process has undocumented tribal knowledge, conflicting process versions exist, or sensitive data flows are discovered. |
| Risks | Incomplete mapping due to undocumented processes; over-reliance on formal documentation that doesn't reflect actual practice. |
| KPI | Process coverage rate (% of processes mapped); accuracy score from stakeholder validation; time-to-map per process. |
| Goal | Review AI policies, governance frameworks, and compliance documentation against standards (ISO 42001, EU AI Act, NIST AI RMF). |
| Scope | Does NOT write policies, provide legal advice, or make compliance determinations. Analysis and gap identification only. |
| Inputs | Company AI policies, governance frameworks, risk registers, regulatory requirements, industry standards, previous audit reports. |
| Outputs | Gap analysis matrix, compliance score per standard, policy recommendation list, priority remediation roadmap. |
| Permissions | Read access to policy documents and governance repositories. No access to operational systems or personal data. |
| Escalation | Escalates when: critical compliance gap found, policy contradictions detected, or regulatory deadline is imminent. |
| Risks | Regulatory landscape changes faster than analysis; policies may exist but not be enforced; jurisdiction-specific nuances missed. |
| KPI | Gap identification accuracy (validated by legal review); coverage of applicable regulations; time-to-analysis. |
| Goal | Trace data flows across systems, identify data sensitivity levels, and detect unauthorized or unprotected data transfers. |
| Scope | Does NOT modify data, change access controls, or access actual data contents. Metadata and flow analysis only. |
| Inputs | System architecture diagrams, API documentation, database schemas, data classification policies, network topology, DPA/DPIA records. |
| Outputs | Data flow diagram, sensitivity heat map, unprotected transfer report, cross-border data movement inventory, DPIA gap list. |
| Permissions | Read access to system metadata, API specs, and architecture docs. No access to actual data records or PII. |
| Escalation | Escalates when: PII flows to unprotected endpoints, cross-border transfers lack legal basis, or undocumented shadow IT data flows found. |
| Risks | Shadow IT systems not visible in documentation; API integrations change without updating docs; data classification may be outdated. |
| KPI | Data flow coverage (% of systems mapped); sensitivity classification accuracy; number of unprotected flows detected. |
| Goal | Evaluate processes for automation potential, estimate ROI, and recommend agent team configurations for each candidate. |
| Scope | Does NOT implement automations, commit budgets, or guarantee ROI figures. Assessment and recommendation only. |
| Inputs | Process maps (from PDA-01), labor cost data, error rate reports, volume metrics, current tool stack, business priority rankings. |
| Outputs | Automation fitness score per process, ROI projection model, recommended agent team composition, implementation timeline estimate. |
| Permissions | Read access to process documentation and anonymized operational metrics. No access to financial systems or HR data. |
| Escalation | Escalates when: ROI is unclear or marginal, process requires regulatory approval for automation, or workforce impact exceeds threshold. |
| Risks | ROI projections based on incomplete data; hidden process complexity; change management costs underestimated. |
| KPI | Prediction accuracy (projected vs. actual ROI post-implementation); adoption rate of recommended automations. |
| Goal | Identify vulnerabilities, single points of failure, and systemic weaknesses across AI systems, processes, and governance structures. |
| Scope | Does NOT perform penetration testing, exploit vulnerabilities, or access production systems. Analysis of documentation and configurations only. |
| Inputs | Architecture documentation, security policies, incident logs, dependency lists, access control matrices, previous audit findings. |
| Outputs | Vulnerability register, risk severity matrix, single-point-of-failure map, remediation priority list, mitigation recommendations. |
| Permissions | Read access to security documentation, architecture diagrams, and anonymized incident logs. No access to credentials or live systems. |
| Escalation | Escalates when: critical vulnerability with active exploit potential found, systemic governance failure detected, or data breach indicators present. |
| Risks | Zero-day vulnerabilities not detectable from documentation; insider threat patterns may be missed; fast-changing threat landscape. |
| KPI | Weakness detection rate (vs. external pen-test findings); false positive rate; mean time to remediation recommendation. |
| Goal | Audit content moderation pipelines, evaluate bias in moderation decisions, and assess compliance with platform policies and regulations. |
| Scope | Does NOT moderate content, make content decisions, or access user accounts. Audits the moderation process, not the content itself. |
| Inputs | Moderation policy documents, decision logs (anonymized), appeal records, moderation tool configurations, accuracy metrics. |
| Outputs | Moderation accuracy report, bias analysis, false positive/negative rates, policy gap list, process improvement recommendations. |
| Permissions | Read access to anonymized moderation logs and policy documents. No access to user identities or original content. |
| Escalation | Escalates when: systematic bias detected, moderation accuracy falls below threshold, or regulatory non-compliance found. |
| Risks | Anonymized data may mask context-dependent decisions; cultural nuances in moderation may be lost; sample bias in audit data. |
| KPI | Audit coverage (% of moderation decisions reviewed); bias detection rate; correlation with user appeal outcomes. |
| Goal | Evaluate AI-assisted customer support quality, response accuracy, escalation effectiveness, and customer satisfaction impact. |
| Scope | Does NOT interact with customers, modify support responses, or access customer PII. Audits support process quality from anonymized data. |
| Inputs | Anonymized support transcripts, CSAT/NPS data, response time metrics, escalation logs, knowledge base usage stats, SLA reports. |
| Outputs | Support quality scorecard, response accuracy analysis, escalation effectiveness report, improvement recommendations, SLA compliance report. |
| Permissions | Read access to anonymized support metrics and transcripts. No access to customer identities, payment data, or account details. |
| Escalation | Escalates when: support accuracy drops below SLA, systematic mishandling pattern detected, or customer harm potential identified. |
| Risks | Anonymization may obscure context; CSAT scores may not correlate with actual resolution quality; seasonal patterns skew analysis. |
| KPI | Audit coverage rate; correlation between audit findings and CSAT changes; time from finding to implemented improvement. |
| Goal | Audit AI usage in banking operations including transaction monitoring, fraud detection, credit scoring, and regulatory reporting. |
| Scope | Does NOT process transactions, access account data, or make credit decisions. Audits process compliance and model governance only. |
| Inputs | Model documentation, validation reports, regulatory filings, transaction monitoring rules, audit trails, compliance reports. |
| Outputs | Model governance compliance report, regulatory gap analysis, transaction monitoring effectiveness assessment, remediation recommendations. |
| Permissions | Read access to model documentation, anonymized performance metrics, and regulatory filings. No access to customer data or transaction records. |
| Escalation | Escalates when: model bias detected in credit scoring, regulatory non-compliance found, or fraud detection gaps identified. |
| Risks | Highly regulated domain requires jurisdiction-specific expertise; model documentation may be incomplete; regulatory changes may outpace audit. |
| KPI | Regulatory finding prevention rate; model governance coverage; time-to-audit per banking function. |
| Goal | Verify accuracy, completeness, and currency of knowledge bases used by AI systems. Detect outdated, contradictory, or missing information. |
| Scope | Does NOT update knowledge base content, create new articles, or modify existing entries. Integrity assessment and reporting only. |
| Inputs | Knowledge base content, source documents, version history, usage analytics, user feedback/reports, last-reviewed timestamps. |
| Outputs | Integrity scorecard, outdated content list, contradiction report, coverage gap analysis, update priority queue. |
| Permissions | Read access to knowledge base content and metadata. No write access. No access to user identity data. |
| Escalation | Escalates when: critical information is outdated (safety, legal, medical), contradictions affect customer-facing answers, or coverage gaps exceed 20%. |
| Risks | Domain expertise limitations for specialized content; rapidly changing information may outpace audit cycle; implicit knowledge not captured. |
| KPI | Content accuracy rate; outdated article detection rate; mean age of unreviewed content; user-reported error correlation. |
| Goal | Measure return on investment of AI deployments, assess capacity utilization, and identify optimization opportunities. |
| Scope | Does NOT make budget decisions, reallocate resources, or access financial accounts. Measurement, analysis, and recommendation only. |
| Inputs | Deployment cost data, usage metrics, performance baselines, business outcome metrics, capacity logs, license utilization data. |
| Outputs | ROI dashboard, capacity utilization report, cost-per-outcome analysis, optimization recommendations, projected savings model. |
| Permissions | Read access to anonymized cost and performance metrics. No access to detailed financial records, contracts, or pricing agreements. |
| Escalation | Escalates when: ROI is negative beyond threshold, capacity exceeds 85% sustained, or cost anomalies detected. |
| Risks | Incomplete cost attribution; intangible benefits hard to quantify; baseline data may be unreliable; attribution challenges in multi-system environments. |
| KPI | ROI projection accuracy (predicted vs. actual); capacity forecast accuracy; optimization recommendation adoption rate. |
| Goal | Verify that human-in-the-loop controls are functioning, humans are actually reviewing AI outputs, and override mechanisms work as designed. |
| Scope | Does NOT monitor individual employees, track keystrokes, or assess human performance. Audits the oversight process, not the people. |
| Inputs | Review queue logs, override records, approval timestamps, escalation resolution data, training completion records, process documentation. |
| Outputs | Oversight effectiveness report, rubber-stamping detection analysis, override mechanism test results, training gap assessment, recommendations. |
| Permissions | Read access to anonymized review and approval logs. No access to individual reviewer identities or personal performance data. |
| Escalation | Escalates when: rubber-stamping patterns detected (approvals under 2 seconds), override mechanisms non-functional, or oversight gaps in high-risk areas. |
| Risks | Difficult to distinguish genuine fast reviews from rubber-stamping; oversight fatigue hard to detect from logs alone; process vs. practice gap. |
| KPI | Oversight coverage rate; mean review time per decision type; override mechanism test pass rate; escalation response time. |
| Goal | Analyze AI-related incidents, near-misses, and system failures to identify root causes, patterns, and prevention opportunities. |
| Scope | Does NOT investigate security breaches in real-time, handle active incidents, or assign blame. Post-incident analysis and pattern detection only. |
| Inputs | Incident reports, post-mortem documents, system logs (anonymized), error rate trends, near-miss reports, CAPA records. |
| Outputs | Root cause analysis report, incident pattern map, failure mode catalog, prevention recommendations, updated risk register entries. |
| Permissions | Read access to incident reports and anonymized system logs. No access to active incident channels, security tools, or personal data. |
| Escalation | Escalates when: recurring failure pattern detected, root cause traces to systemic governance failure, or incident severity exceeds threshold. |
| Risks | Incomplete incident reporting (near-misses underreported); post-mortem bias; correlation mistaken for causation; hindsight bias in analysis. |
| KPI | Root cause identification accuracy; repeat incident reduction rate; mean time from incident to prevention recommendation; CAPA closure rate. |