Ethics Auditing Framework for Trustworthy AI: Lessons from the IT Audit Literature

The European Guidelines on Trustworthy Artificial Intelligence refer to auditing as a key way to implement ethical practices into the development and deployment of artificial intelligence (AI). However, auditing AI, and especially the “ethics audit” (EA, also known as the business ethics audit, social audit, or corporate social responsibility audit) of AI, is still a vague concept. It is unclear what should be the object of the audit – whether the processes used to develop an AI system or the system’s use and real-world application – as well as which aspects of AI systems should be audited – for example, whether the auditing of AI should focus on risk, accountability, or governance. This chapter aims to shed light on EA of AI by analysing the existing relevant literature on auditing information technologies (IT). By using a qualitative evidence synthesis, a method that employs selective or purposive sampling in order to identify ‘themes’ or ‘constructs’ from the literature, this chapter reviews methods for auditing IT, with a particular focus on methodologies connected to three key concepts: governance, assurance, and risk. Its goals are to identify a set of methodologies and standards that can be a source of reference for the AI community when developing EA protocols for AI; and to clarify important lessons and considerations.