What an Auditor Will Actually Ask About AI in 2026

The ICO has published AI-adoption guidance. External auditors are using it. Here are the seven specific questions to expect — and the difference between an answer that passes and one that doesn't.

An auditor sits down across from your DPO. Coffee, laptop, notepad. Friendly. The first question lands at minute three:

"How do your employees use generative AI tools, and what controls do you have to prevent personal data exposure through that channel?"

What does your DPO say next?

If the answer starts with the word "policy," you've already lost the room.

Why audit posture is shifting in 2026

The ICO's AI-adoption guidance for controllers, published last year, treats prompt-channel data exposure as a recognised processing activity under UK GDPR. External auditors — Big Four, mid-tier, ISO 27001 lead implementers — have started writing AI-specific control questions into their workpaper templates.

The shift is concrete: a year ago, "we don't have an AI policy" was a finding. In 2026, "we have a policy but no logged enforcement" is also a finding.

Which means the audit conversation has moved from existence-of-policy to evidence-of-control. That's a much harder bar.

The seven questions to prepare for

These are drawn from real audit interviews compliance leaders have shared with us, plus the ICO's published assessment framework. Each comes with a weak answer and a strong answer — the gap between them is what an auditor will write up as a finding.

1. "Which AI tools are your employees using?"

Weak. "ChatGPT and Copilot."
Strong. "As of last month's discovery scan, 11 tools across DNS logs and proxy data — here's the inventory with usage volume."

The weak answer commits you to two tools and gives the auditor permission to find the other nine.

2. "Who decided which tools are permitted?"

Weak. "It's in the AI policy."
Strong. "Our IT Security Committee approves AI tools quarterly. Here are the minutes from January's meeting and the current permitted-use list, version-controlled."

Decisions need a documented owner. "In the policy" is a noun, not a process.

3. "What categories of data are prohibited from AI tools, and how is that enforced?"

Weak. "PII, financial data, and confidential client information are not allowed."
Strong. "Prohibited categories are listed in the policy. Enforcement is layered: contractual obligation in the staff handbook, prompt-level pattern detection on permitted tools, and a monthly review of high-risk submissions. Last month we reviewed 47 flagged prompts and took action on three."

4. "If an employee submitted personal data to ChatGPT yesterday at 15:00, would you know?"

Weak. "We'd hope they followed the policy."
Strong. "Yes. The submission would be classified at prompt time, redacted in our log, and flagged for monthly review if it matched a sensitive pattern. We can show you a sample."

This question separates auditable from non-auditable. There is no middle answer.

5. "Show me the audit trail for AI processing activity in the past quarter."

Weak. "We don't have one specifically — the policy is the control."
Strong. Pulls up a redacted log of high-risk prompt submissions, classification, action taken, reviewer.

This is the question most teams fail. The fix isn't a project. It's the existence of prompt-level logging.

6. "How do you train staff on AI usage, and how often?"

Weak. "It's in onboarding."
Strong. "Quarterly mandatory training, last completed by 94% of staff in March, with a knowledge check. Records are in our LMS. Refreshed annually as the policy updates."

Training isn't optional under Article 32. Documentation isn't either.

7. "What's your incident response procedure if a sensitive prompt is submitted?"

Weak. "We'd investigate."
Strong. "Triage within 4 working hours. Containment — extension flag, employee conversation, log review. If personal data was exposed, breach assessment per Article 33 starts immediately, with the 72-hour clock from the moment of detection. Here's our runbook."

A 6-item evidence checklist to assemble before the audit

Before your next compliance review — internal or external — assemble these six artefacts. Most teams need 2-4 weeks to pull this together; an auditor will give you a day.

AI tool inventory. A list of tools observed in DNS or proxy logs, with usage volume per tool, dated within the last 30 days.
Approved-use register. A version-controlled document naming permitted AI tools, prohibited data categories, and the approval body. Signed minutes for each addition.
Prompt-level audit log. A redacted sample (not raw content) of submissions classified by sensitivity category over the past 90 days.
Training records. Completion data per employee, with the most recent training date and module version.
Incident runbook. A one-page response procedure with named owners and timing commitments aligned to Article 33.
Quarterly review minutes. Documentation of when high-risk submissions were last reviewed, by whom, and what action was taken.

If you can produce all six, you're audit-ready. If you can produce four, you have specific gaps to close before the next review window.

!A redacted prompt-level audit log used in a real compliance review

The honest answer most teams give

In practice, when we sit with compliance leaders and walk through these seven questions, the candid answer is some version of: "We have a policy. We have training. We don't have the log."

The log is the bottleneck. It's also the only one of the six artefacts you can't fix in a sprint without changing the underlying capability.

Which is why the right project isn't "draft a better policy." It's "install the missing visibility, then tighten the policy around what the data shows." The data almost always reveals tighter rules are needed in some places and looser ones are workable elsewhere — both findings come from the log.

Run a free AI prompt audit. Install Prytive on a small team for 7 days. Walk away with a redacted log you can hand to your next auditor. → prytive.com/start