With expectations around AI accountability growing, organisations need to be ready for a future where independent scrutiny becomes the norm. Regulators, customers, and the public increasingly want evidence that AI is being governed responsibly.
This practice is about building the internal capability, processes, and documentation needed to demonstrate accountability, including for sensitive areas like bias and fairness. These concerns are especially relevant in systems such as biometrics, which are widely used across government and commercial settings.
Assurance can take different forms: internal or third-party audits, stakeholder reviews, or the publication of artefacts like model cards, decision logs, or impact assessments.
In practice, this means is identifying which systems or governance processes may be subject to audit, reviewing whether the right evidence is being retained, and ensuring key decisions and risks are traceable. It also involves clarifying responsibilities, particularly when oversight is shared across teams or vendors.
Some organisations may already be subject to extraterritorial regulation, such as the EU AI Act, even if they are based in New Zealand.
New Zealand doesn’t yet have dedicated AI regulation, but existing laws — including human rights, or consumer protection — already apply. Meanwhile, expectations for assurance are rising. Australia is also moving toward regulation and the use of assurance frameworks for higher-risk AI. Preparing now helps reduce future compliance burdens and builds trust across markets.
Why it matters
Governance claims need to be backed by evidence. As AI adoption increases, so do calls for independent oversight, clearer lines of accountability, and proof that organisations are putting principles into practice. Even if audits are not legally required yet, public pressure, procurement conditions, and regulatory developments are quickly moving in that direction.
This practice helps reduce the risk of being caught unprepared. By proactively identifying gaps, aligning with emerging assurance expectations, and documenting decisions as they are made, organisations are equipped to respond to external scrutiny, support internal oversight, and demonstrate trustworthiness to stakeholders.
Implementation tips
- Identify which AI systems are most likely to require assurance or may be subject to future regulation or procurement scrutiny.
- Identify what evidence already exists and where gaps need to be addressed.
- Build internal capability by training relevant teams on audit readiness, documentation practices, and the use of assurance tools.
- Make roles and responsibilities clear, especially where governance is shared across teams or vendors. Define who owns which artefacts and who is responsible for responding to audit requests.
- Link assurance preparation to existing quality, compliance, or risk processes.
- Use mock audits or walkthroughs to test preparedness, drawing on external standards as audit reference points.
- Consider targeted audits (e.g. for fairness, bias, privacy, environmental harm) especially for systems with humans impacted.
Support materials
UK Government – Roadmap to an Effective AI Assurance Ecosystem and Portfolio of AI Assurance Techniques
Outlines the components of a mature AI assurance environment, and provides examples of documentation, testing, and review methods that support assurance of AI systems.
IIA – Artificial Intelligence Auditing Framework
Provides internal auditors with a full framework to support AI assurance and audit cycles.
ForHumanity – Audit Frameworks
Independent audit frameworks for AI systems that cover bias, privacy, explainability, and trust.
Ada Lovelace – AI Assurance?
Introduces assurance approaches such as audits, evaluations, and red teaming, and explains how they support accountability.
IPIE – Global Approaches to Auditing Artificial Intelligence
Summarises how AI audits are being shaped by regulation and policy in leading jurisdictions.
