Sign in / up

Live AMA: How Auditors Evaluate AI Risk & Controls

Wondering how your AI program looks in an audit? Ask an auditor.

x
Who is this relevant for

This AMA is relevant for anyone responsible for AI risk and audit outcomes in a mid-market, cloud-first company, including leaders expecting AI, identity, or vendor-AI topics in upcoming SOC 2, ISO 27001, or SOX audits; teams using copilots, agents, or MCP-connected tools in production; and teams where shadow or embedded AI is outpacing controls and need to understand what auditors actually focus on.

You’ll walk away with

Colin will open with what he’s seeing in recent audits—shadow AI, vendor AI buried in SaaS, non-human identities, missing AI-specific tests, and “continuous” checks that aren’t—and then we’ll spend the rest of the hour on your questions and examples.

By the end of the AMA, you’ll have:

  • An audit-side read of your AI, identity, and vendor posture
  • The top AI-related checks auditors are asking for right now
  • Two or three high-impact evidence or control adjustments to consider this quarter
  • Concrete questions you can take back to auditors for more focused planning
Meet our speakers
Colin Larson
Colin Larson
CPA, Sensiba		 Swapnil Tripathi
Swapnil Tripathi
Associate Director (Solutions Engineering), Sprinto

Colin Larson - CPA, Sensiba

Colin is a CPA, licensed in Washington and California, with seven years’ experience across business operations, IT security, and risk compliance. He began his career at a Big Four firm, working on SOC 1, SOC 2, SOX, ISO, NIST, GDPR, and WebTrust engagements for technology companies. At Sensiba, he partners with the Sales, Customer Success, and Audit Delivery teams to help organizations transform day-to-day operations into controls and evidence that withstands audit scrutiny.

Swapnil Tripathi - Associate Director (Solutions Engineering), Sprinto

Swapnil is a seasoned GRC consultant specialising in ISO 27001 lead audits, PCI DSS QSA assessments, and SOC 2/GDPR compliance for SaaS, finance and healthcare clients across India, the EU, USA and Australia. With strong hands-on experience bridging policy, procedure and automation, Swapnil helps organisations build robust continuous-compliance capabilities and embedded governance by design.