Artificial Intelligence (AI) is no longer a “future state” technology; it’s here and is moving at a breakneck pace. Unless you’re a “frontier” organization, your company isn’t deploying fully autonomous AI systems. However, AI is reshaping your businesses; sometimes through official initiatives, other times through employees quietly adopting tools on their own. It’s driving financial modeling, informing strategic decisions, powering customer interactions, automating routine business processes, and strengthening security. Even subservice organizations are leaning on AI to deliver more value. For example, a payroll provider may use AI to flag anomalies in wage calculations before errors reach its clients.
As AI becomes further established within business operations, processes, and controls, questions of trust and transparency grow – specifically around processing integrity. And with AI, you’re dealing with a “black box.”
Trust is key, but let’s be honest: AI faces a lot of skepticism. When people think of AI, they might remember movies like The Terminator, the fear of technology running unchecked. This skepticism, fueled by real-world issues like job displacement concerns, AI “hallucinations,” and the fact that we often can’t see inside the AI black box, is something we have to address head-on.
So, how do you approach black box testing for systems you can’t fully see inside?
What Is Processing Integrity in AI Systems (& Why Should You Care?)
Processing integrity, as defined by the AICPA, means that “system processing is complete, valid, accurate, timely, and authorized.” This standard may apply, depending on scope, whether you’re undergoing a SOC 1 or SOC 2 audit. In SOC 2, the focus is on operational systems supporting security, availability, and other trust services criteria. In SOC 1, it’s narrower, targeting systems that impact financial reporting and internal controls over financial reporting (ICFR).
In the context of AI, processing integrity must be assessed at every phase, from design and training through deployment and ongoing monitoring. This is how we introduce auditable transparency into the AI black box. Each phase introduces risks to completeness, accuracy, timeliness, and authorization. A drift in data, a bug in retraining, or an unapproved API call can compromise integrity at any stage, which directly erodes the stakeholder trust we need to maintain.
AI-Specific Threats to Processing Integrity
- Completeness
- AI-Specific Threat: Missing or unrepresentative training data.
- Example: Excludes an entire transaction class, leading to incomplete processing.
- Accuracy
- AI-Specific Threat: Model drift or hallucinations.
- Example: Recommender suggests the wrong product
- Timeliness
- AI-Specific Threat: Latency or degraded performance.
- Example: Fraud alerts arrive too late to prevent fraudulent transactions.
- Authorization
- AI-Specific Threat: Uncontrolled API or model access.
- Example: Unauthorized queries retrieve sensitive data
Traditional systems make evaluating processing integrity straightforward, as auditors can trace logic and data flow. In traditional, logic-driven systems, auditors are able to reperform or recalculate processed items to validate the outputs, and can easily trace input data back to source systems. AI systems don’t play by those rules. Their unclear, data-driven decision-making demands new approaches to make certain that integrity remains intact.
The Black Box Problem: Why Traditional Auditing Fails AI
AI systems, especially machine learning and deep learning models, don’t follow traditional, rule-based logic. Instead, they use neural networks trained on large datasets to recognize patterns and generate probabilistic outcomes. This means even developers often can’t explain exactly how or why a particular decision was made. A phenomenon known as the “black box” problem has been well documented by researchers at MIT and Stanford. Add to that hallucinations (where AI confidently delivers inaccurate information) and the inability to consistently reproduce outputs, and the risks to processing integrity become impossible to ignore.
To make matters more complex, some AI systems are not just influenced by data; they’re shaped by the subjective choices of their developers or corporate interests. For example, certain large language models have been reported to alter outputs based on stakeholder preferences or reputational concerns. When these types of unclear systems are inserted into business-critical or financial workflows, processing integrity becomes even harder to assess and even more critical to verify.
So, when you’re asked to demonstrate integrity in AI-driven systems, vague assurances like “the model figured it out” won’t cut it. Auditors and stakeholders need structured, evidence-based assurance, even if the logic behind the model remains elusive.
Broadening the Lens: AI Accountability Beyond Processing Integrity
While processing integrity is critical, it doesn’t exist in a vacuum. AI systems also intersect with broader domains like security, privacy, and transparency. These areas are not only emphasized in SOC 2 but also in other frameworks like ISO 27001 and NIST’s AI Risk Management Framework. For organizations using AI in production workflows, aligning with these broader principles helps establish a more defensible compliance posture.
This means going beyond technical testing. You’ll want to show evidence of governance, clearly defined responsibilities for model management, and regular evaluations of model fairness, bias, and risk. When regulators and customers ask, “How do you know your AI is behaving?”, you’ll have an answer grounded in oversight, not just optimism.
Why Black Box Testing Matters to Your Auditor
As auditors, we have to derive an opinion or conclusion on audit objectives and whether systems are operating as intended. Auditors want proof, hard evidence, to support their conclusions. Auditors can’t take “your word for it” or say “the system figured it out.” When we audit, we need logs, test results, and solid paperwork that shows exactly how that black box acts under pressure. Remember, I’m the one signing the final report, and an explanation like “the AI did it” just won’t cut it.
Black Box Testing Approaches: What Auditors Need to Verify
Just like a human mind, AI lacks transparency and predictability. To counter this, AI governance and strong controls are essential. Controls like effective risk assessment, model testing, change management, and monitoring transform the black box into a verifiable record. This is how we achieve reliable outcomes that generate trust. When AI outputs are governed by clear controls, auditors and stakeholders can rely on the system, even if they can’t see every neuron or weight. This structured approach establishes a roadmap for creating auditable trust around the AI black box.
Auditing AI systems for processing integrity compliance requires a comprehensive set of controls grounded in frameworks like SOC 1, SOC 2, ISO 42001, and NIST AI RMF. The subsections below outline key control domains that should be present in any defensible AI governance program.
Governance, Policies, & Accountability
Implement governance structures that define AI ownership, responsibilities, and escalation paths. Frameworks like ISO 42001 emphasize this domain for audit readiness. Clear governance doesn’t just tick a box; it assigns responsibility, making it clear who will protect stakeholder trust.
Risk Assessment Controls
AI-related risks should be integrated into your enterprise risk management framework. Controls should cover periodic risk reviews of model reliability, bias, drift, and misuse. By proactively identifying and addressing these risks, you transform uncertainty into a foundation of trust for stakeholders and auditors.
Model Development & Documentation Controls
Maintain comprehensive documentation that describes the model’s purpose, data sources, logic, training process, assumptions, and retraining cadence. This supports both traceability and auditability. Thorough documentation makes the AI’s inner workings auditable, turning this lack of visibility into trust.
Thorough Testing & Validation Controls
Pre-deployment and ongoing testing should verify model accuracy, stability, and edge-case performance. Testing should include scenario validation, adversarial testing, and repeatability of results. Consistent, repeatable testing not only improves accuracy, it also demonstrates to stakeholders that you are serious about earning their trust.
Change Management Controls
AI models and data pipelines must be subject to formal change control procedures, including impact assessments, rollback strategies, and approval workflows. These should also cover version tracking, documentation updates, and regression testing following model modifications. For instance, when a model is retrained with new data or updated for improved performance, the changes should be validated against historical baselines to make certain outputs remain consistent and aligned with business objectives. Change logs and sign-offs from accountable stakeholders should be part of the audit trail. Transparent change control shows that your AI isn’t a loose cannon; it’s a controlled, trustworthy system subject to oversight.
Access & Authorization Controls
Restrict access to AI model configurations, training data, APIs, and runtime environments to authorized personnel. Beyond technical access, organizations must also control who is authorized to run, query, or rely on AI outputs. This includes validating that end users have the appropriate domain expertise and authority. For example, AI-generated financial forecasts should only be accessible to individuals in finance or strategy roles, not marketing or support teams. Additionally, if APIs are used to interface with AI models, access should be governed by role-based permissions and monitored to prevent unauthorized or unintended usage (e.g., API injections or improper chaining of requests). By ensuring only authorized individuals can influence or use the AI, you signal that trust isn’t taken for granted; it’s protected.
Data Input & Output Controls
Systems must validate inputs and verify that outputs are complete, accurate, timely, and authorized. Look for monitoring capabilities that detect anomalies or unexpected outputs. These controls often include automated reconciliations, exception reporting, and edit checks that flag inconsistencies between expected and actual data patterns. For example, if a model designed to approve invoices suddenly starts rejecting a large volume of legitimate vendor payments due to a shift in data formatting or an unanticipated input pattern, input/output validation (or exception edit reports) should catch this before it impacts operations or financial reporting. When you validate every input and output, you give auditors confidence that the black box’s conclusions can be trusted.
Monitoring, Drift Detection, & Continuous Improvement
Monitoring and drift detection take a broad, continuous view of model behavior over time. These controls help identify when the AI begins to perform differently than expected, whether due to data drift, model degradation, or changes in the operating environment. Implementing thresholds and alerts for performance metrics (such as accuracy or bias indicators) and performing regular reviews helps catch subtle shifts before they affect business outcomes. This continuous process ensures the model not only maintains integrity but is constantly improved, keeping trust intact.
Explainability & Human Oversight
AI systems should include mechanisms to help stakeholders and clients understand how decisions are made (explainability). Beyond internal review, organizations must define a strategy for communicating AI performance, risks, and accountability to customers. Additionally, establish policies requiring human review and intervention for sensitive or high-impact decisions. Even if a model produces a result, a knowledgeable person must be accountable for interpreting or approving that output, especially when it affects financial reporting, compliance, or customer outcomes. Combining explainability with human signoff ensures that trust isn’t outsourced to the algorithm alone.
Trust Signals for Stakeholders
We’ve all seen examples of media outlets that have published embarrassing, AI-generated articles filled with errors because they trusted the algorithm without proper human review. Building trust isn’t just about doing the right things; it’s about being prepared to prove it. This means showing the complete lifecycle of your model, from its creation to its daily performance. Auditors, regulators, and customers need to see tangible artifacts, like documentation of the model’s lineage, test reports showing processing integrity, real-time drift dashboards, and human approval logs. These documents ensure you’re not just hoping your AI behaves; you’re controlling and verifying every step of its process.
Privacy & Security Considerations for AI Systems
While privacy and broader cybersecurity are critical, this article focuses on processing integrity. That said, privacy controls, such as data minimization, consent handling, and pseudonymization, are often tightly connected to AI usage and should not be overlooked. Standards like SOC 2 Privacy, ISO/IEC 27701 for privacy information management, and ISO 31700 for privacy by design introduce additional expectations when personal data is involved.
Organizations should also consider compliance obligations under federal laws like HIPAA, as well as state-level regulations such as the California Consumer Privacy Act (CCPA) and the Colorado Privacy Act (CPA), which impose strict rules on how personal information is collected, processed, and shared, especially when automated decision-making tools like AI are used. Together, these controls build a foundation for trustworthy AI use in enterprise environments, ones that stand up to scrutiny from both auditors and stakeholders.
Real-World Risk: When AI Goes Unchecked
Consider an AI-driven loan approval model. The organization starts seeing a disproportionate number of rejections in certain demographics. Processing integrity isn’t just about whether the math is correct; it’s about whether the system is fair, accurate, and functioning as intended. And when stakeholders ask “Why did this happen?”, you’d better have a control environment that provides answers, not just probabilities.
Imagine an AI-powered customer support system designed to route incoming complaints to the right department. Over time, the model begins misclassifying legal concerns as general feedback, resulting in delays in legal review and potential compliance exposure. This isn’t a breakdown in logic; it’s a drift in how the model interprets input over time. The issue isn’t just accuracy; it’s oversight. And when leadership asks, “Why weren’t we made aware sooner?”, it’s the integrity of your monitoring and escalation controls that will be under the microscope.
Imagine an AI system used in a hospital to prioritize patient cases for specialist review. Over time, the model begins misclassifying urgent cardiac cases as routine due to subtle shifts in language used in referral notes. Critical patients experience delays in treatment, not because of negligence, but because the AI quietly drifted from its original sensitivity. No alarms sounded, no human caught it in time. In healthcare, that kind of lapse isn’t just a metrics issue; it’s a matter of life and death. And when leadership asks, “How did this happen?”, the answer needs to come from a well-governed system, not a shrug from a machine learning model.
Final Thoughts: The Shift to Controls-Based Assurance
Testing AI for processing integrity isn’t some impossible mystery; it just requires a different mindset. You’re no longer checking whether a formula was applied correctly; you’re evaluating whether the outputs of a probabilistic system are trustworthy, consistent, and aligned with your business intent. This means embracing new audit methods, investing in cross-functional understanding, and ensuring someone, not something, is accountable for every outcome.
The biggest shift I emphasize to clients is this: when AI joins the equation, you can’t just trust the math; you have to trust the controls surrounding it. Governance, documentation, oversight, change management, and access boundaries aren’t just abstract audit checklist items. They are the mechanisms that turn the AI black box into a transparent system of record.
Processing integrity isn’t about achieving perfect predictions; it’s about predictable governance. Trust in the age of AI isn’t earned by the algorithm; it’s earned by the organization that governs it.
If you are interested in engaging Linford & Company for our auditing services, if you need a SOC audit report, or if you have any questions, please feel free to contact us. Our team consists of IT audit professionals who are highly skilled and experienced. We will be happy to answer any questions you may have and to assist with your compliance needs.
Ben Burkett is a partner at Linford & Company, where he specializes in IT compliance and risk management audits. With more than twenty years of technology and audit experience that began at KPMG in 2002, Ben has led IT risk management initiatives, directed an IT Project Management Office and a Technology Business Management function, and served in finance and technology leadership roles. He holds certifications as a CPA, CISA, CISSP, CRISC, and as a Lead Auditor for ISO/IEC 27001 and ISO/IEC 42001.
At Linford & Co., Ben guides clients through HIPAA, SOC 2, SOC 1, and ISO readiness and attestation engagements, with a focus on efficient, risk‑based audits that deliver actionable insights.