Signify Insights
Signify Insights
Spotlights
A publishing & interactive-learning property · Philadelphia · est. 2019
Back to Spotlights
VOL. II  ·  Compliance  ·  AI, Automation & Agents

Your AI Agents Are Employees Now. Audit Them Like It.

AI agents, copilots and RPA bots don't replace your control environment — they slide a new, fast-moving layer underneath it. Here's the architecture you have to understand first, and the seven hotspots a real AI & automation risk assessment has to reach.

By the Signify Insights deskMay 20269 min read

When a person leaves your company, you de-provision their access, recover their devices and close their accounts. When you deploy an AI agent or a software robot, you hand a digital worker the keys to multiple production systems — and far too often, nobody treats it like the employee it has effectively become. AI and automation don't replace your control environment; they slide a new, fast-moving layer underneath it.

This is no longer just about classic RPA. The same pattern now runs through copilots wired into your email and code, retrieval-augmented assistants reading your knowledge base, and autonomous agents that chain tool calls to get work done. Each one promises productivity and quality across an end-to-end process — and each one's effectiveness depends entirely on correct design, grounding and integration. That is exactly where the new inherent risk lives.

You can't assess what you don't understand

Before you can lay out a single test, you have to understand the architecture. Strip away the branding and almost every AI-or-automation system — a UiPath bot, a Blue Prism process, an LLM agent, a vendor copilot — resolves to the same handful of components:

  • The build surface. Where the logic, prompts, tools and guardrails are authored — a developer studio, an agent framework, or a prompt-and-policy console.
  • The digital worker. The bot or agent that executes that logic, interacting with your systems exactly as a user would — and, for AI, the model that reasons behind it.
  • The control plane. The web-based orchestrator where administrators deploy workers, manage authentication, ground the model on data, and start, stop and troubleshoot. This is the crown jewel — it is where production agents are born.

In UiPath terms that is Studio, Robot and Orchestrator, usually paired with a vault such as CyberArk for credentials. In an LLM-agent stack it is the framework, the model endpoint, and the orchestration-plus-tooling layer that decides what the agent is allowed to touch. Get the map wrong and every test downstream is aimed at the wrong target.

An agent is an account with system access and no conscience. The control question is the same one you'd ask of any privileged user — you just have to remember to ask it.

Inherent versus control risk — still the right lens

The discipline hasn't changed. Inherent risk is a process's susceptibility to material error, fraud or unsafe action before any controls are considered; control risk is the risk that a material failure occurs in the absence of effective control design and operation. For AI, the inherent risk is higher and stranger — a model can be confidently wrong, can be steered by a malicious instruction buried in the data it reads, and can take an action no one explicitly approved. A useful heatmap plots hotspots by significance to compliance against impact on controls — and those hotspots should change to fit your environment, not the other way round.

Seven hotspots a real assessment has to cover

The AI & automation risk surface
  1. Governance and oversight. A named oversight structure — federated, centralised or distributed — an AI use-case inventory, independent compliance reviews, and a control framework communicated all the way down to the people building agents.
  2. Build and change management. Requirements reviewed before build, version control over logic and prompts, evaluation sets that run before anything ships, post-production review against those requirements, and strict separation of development and production.
  3. Model, data and grounding integrity. Know which model and data version is in production, how the model is grounded and retrained, and how you'd roll back a bad model the way you'd roll back bad code. Treat the model supply chain like any other third-party dependency.
  4. Cloud and cyber-threat management. Encryption of sensitive data, hardened infrastructure, review of third-party reports such as SOC 1 and SOC 2, and AI-specific threats — prompt injection, tool-abuse and data exfiltration through the agent itself.
  5. Monitoring, error and issue resolution. Log messages and reconciliation checks, drift and quality monitoring on model output, root-cause analysis for failures, and business-continuity plans with manual workarounds for when an agent stops — or goes wrong quietly.
  6. Authentication and identity access management. Treat every bot and agent as an identity: segregated, least-privilege access to each architecture layer, timely provisioning and de-provisioning, and credentials that are vaulted — never hard-coded into a prompt or a script.
  7. Data security and privacy. Data-handling policies, owner-approved access to classified data, controls on what flows into training and inference, and an absolute rule: production data does not get replicated into non-production environments without documented approval and scrubbing.

All of this is the tip of the iceberg, and the specific technologies will keep multiplying — today's RPA estate is tomorrow's fleet of autonomous agents. But the logic for managing the risk doesn't change with the vendor or the model. The leaders who get ahead of automation — who upskill their teams and assess the new inherent risk deliberately — are the ones who keep the productivity gains without inheriting an ungoverned, unsupervised shadow workforce.

Companion piece — play itAuditing the Machine
Keep readingStop Writing Audit Plans. Start Running Value Streams.Internal AuditAuditing the MachineSimulationA Privacy Program Is an Operating ModelData Privacy