Key Takeaways:
- The Framework Gap: Traditional SOC reports and other frameworks don’t validate AI model logic or bias.
- Answer To The Key Question: “How do we know your AI model can be trusted?”
- The Solution: AI Agreed-Upon Procedures (AUP) provide CPA-verified evidence of model performance.
- Strategic Value: Independent assurance helps accelerate enterprise sales and meets emerging 2025 regulatory requirements like the EU AI Act.
Artificial Intelligence is no longer experimental. It is embedded in revenue-generating products, financial workflows, customer decisioning, and regulated processes. As AI adoption accelerates, so does a critical question from customers, regulators, and partners:
“How do we know your AI can be trusted?”
Traditional compliance reports were not designed to answer that question. Service Organization Control (SOC) reports focus on IT controls. Security audits address data protection. Neither is built to independently validate AI accuracy, governance, or bias considerations, nor to address model oversight.
That gap is exactly where AI Agreed-Upon Procedures (AUP) reporting comes in.
What Is an AI Agreed-Upon Procedures (AUP) Report?
An AI AUP report is an independent, CPA-performed attestation engagement conducted in accordance with AICPA attestation standards (AT-C Section 215). Unlike opinions or certifications, an AUP engagement allows organizations to define exactly what aspects of their AI they want tested and obtain objective, factual results from an independent firm
AI AUP engagements may include recalculating model accuracy metrics on a sample basis, inspecting model training and validation documentation, reviewing AI governance and oversight structures, evaluating bias and fairness testing procedures, examining monitoring and drift-detection controls, and reviewing access, security, and change-management processes.
Why AI Companies Are Turning to AUP Reports
AI buyers, especially enterprise and regulated customers, increasingly expect independent validation. Marketing claims, internal testing summaries, or whitepapers are no longer sufficient.
An AI AUP report helps organizations:
- Shorten sales cycles: Provide “audit-ready” evidence to enterprise procurement teams.
- Differentiate from competitors: Move beyond self-reported claims to third-party validation.
- Manage regulatory risk: Prepare for the EU AI Act and the NIST AI Risk Management Framework.
- Lower legal liability: Demonstrate “Governance by Design” to stakeholders and insurers.
Why a CPA-Led AI AUP Matters
AI assurance requires more than technical expertise. It requires independence, discipline, and credibility. As a CPA firm, we bring independence under the AICPA Code of Professional Conduct, proven attestation methodology, and experience translating complex systems into trusted reports
What Our AI AUP Covers
Our AI AUP engagements are built around a structured AI Internal Controls Framework (AICF) that covers:
- Model accuracy and performance testing
- Bias and fairness procedures
- Governance and oversight
- Data governance and lineage
- Model development lifecycle
- Bias and fairness procedures
- Security and access controls
- Monitoring and drift detection
- Model change management
Who Is This For?
AI AUP reports are ideal for:
- AI & SaaS Companies Selling to Enterprises
- Companies using AI solutions in financial reporting or billing
- Organizations preparing for AI regulation
- Startups seeking to build trust with customers and investors.
The Future of AI Trust Is Independent Assurance
As AI becomes core to business operations, trust will no longer be built on claims alone. Independent validation will become the expectation. An AI Agreed-Upon Procedures report provides a practical, credible, and scalable way to demonstrate responsibility, transparency, and confidence in AI systems.
Get in touch with our GRC professionals today. We will help you design a customized AI Agreed-Upon Procedures engagement that aligns with your specific models, business goals, and industry requirements.
