In This Article
Your credit union deployed Microsoft 365 Copilot in February. Three loan officers love it. Your CIO is quietly worried about what's happening inside the prompts. And your NCUA examiner just put "AI governance" on the agenda for your next IT exam.
This is the moment AI governance auditing becomes operationally real. Not a policy on a shelf. Not a vendor questionnaire. An actual quarterly cycle that looks at who used AI, what they asked it, what it produced, and whether your controls held up against the regulatory expectations that already apply.
The good news is that the audit infrastructure mostly already exists inside your Microsoft 365 tenant. The work is connecting it to a defensible cadence and producing the artifacts your examiner is going to ask for.
Why AI Governance Auditing Matters Now
Three forces are converging on community banks, credit unions, and mortgage companies. AI tools are landing in production faster than governance frameworks. Examiners are starting to ask about AI controls. And the underlying audit obligations have not changed at all. They have simply expanded to cover a new technology surface.
The NCUA called this out directly in its April 2025 Cybersecurity Report to Congress, which reported 892 cyber incidents at federally insured credit unions between September 2023 and May 2024, climbing to 1,072 incidents through August 2024. Roughly 69 percent (742 of those 1,072) involved a third-party vendor relationship. The report framed AI as both an emerging operational tool and a threat vector, and emphasized that existing risk-management and governance expectations apply fully to AI and automated decision tools.
How the FFIEC Already Covers AI Without Saying "AI"
The 2024 FFIEC IT Examination Handbook does not have a dedicated AI chapter. It does not need one. AI and machine learning fall inside the existing Model Risk Management framework and the Audit + Information Security booklets, which require ongoing validation, independent audit, and periodic assessment of risks introduced by new technologies, commensurate with risk. Your examiner will treat your Microsoft 365 Copilot deployment as a model, a new technology, and a third-party relationship, all at once.
That last point matters more than it looks. AI does not get a separate exam booklet because regulators decided years ago that the existing frameworks (model risk, third-party risk, information security, audit independence) are technology-neutral by design. They apply to spreadsheets, they apply to core banking platforms, and they apply to Copilot. For the broader regulatory picture, our breakdown of the FFIEC IT Examination Readiness expectations community banks face today traces how examiners blend information security, audit, and model risk into a single workpaper.
What an AI Governance Audit Actually Covers
A real AI governance audit at a community bank or credit union is not a once-a-year compliance exercise. It is a defined scope of controls testing that runs on a quarterly cycle and produces evidence your independent audit function, and your examiner, can rely on.
The audit scope breaks down into five domains:
Domain 1, Usage telemetry. Who in your organization used Microsoft 365 Copilot, Microsoft 365 Copilot Business, or any other AI tool over the period? At what frequency? Against which data sources? Pulled from Microsoft Purview Audit logs.
Domain 2, Prompt and response content. What were the prompts? What were the responses? Were there any prompts that should have been blocked under your AI acceptable use policy? Reviewed via Purview Audit + Microsoft Purview Data Loss Prevention policy hits.
Domain 3, Data exposure. Did Copilot surface any data the prompting user should not have been able to see? Tested against Microsoft Purview sensitivity labels, SharePoint permissions, and Defender for Cloud Apps anomaly detections.
Domain 4, Third-party AI vendor controls. For every AI vendor outside the Microsoft 365 perimeter, including any fintech, mortgage, or loan-origination AI integration, does the relationship satisfy the June 2023 Interagency Guidance on Third-Party Relationships: Risk Management lifecycle expectations?
Domain 5, Policy alignment. Does your AI acceptable use policy still describe the tools you actually run? Has the policy been reviewed by the board IT committee in the past 12 months? Are training records on file for every user with an AI license?
The Microsoft 365 Logging Surface for Copilot Audit
The single most important piece of infrastructure for any AI governance audit at a Microsoft 365 customer is Microsoft Purview Audit. It is where the evidence lives, and it is where your independent audit function will pull the data set the audit relies on. Our companion guide on building a Copilot governance dashboard from the Purview Audit feed walks through the actual queries and dashboard configurations that make this evidence operational.
Microsoft's own documentation specifies that Microsoft 365 Copilot interactions (prompts, responses, file accesses) are recorded in the Microsoft Purview Audit (Standard and Premium) logs. Microsoft Purview eDiscovery covers case-based legal review, Microsoft Purview Compliance Manager scores controls, and Microsoft Defender for Cloud Apps and Microsoft Sentinel can ingest the audit data downstream, but Purview Audit is the primary surface that generates the Copilot interaction record.
Three Microsoft 365 capabilities form the operational floor for an AI governance audit in a regulated tenant:
Microsoft Purview Audit (Standard or Premium). Your Copilot prompt and response log. Premium gives you 12-month retention by default (Standard gives 180 days), which matters because examiners typically ask for a one-year look-back window. Most credit unions, community banks, and mortgage companies we manage are on Premium audit retention by audit-cycle Q1.
Microsoft Purview Data Loss Prevention. Your real-time policy enforcement for Copilot prompts and outputs. DLP policies scoped to financial-data sensitive information types (Social Security Numbers, account numbers, loan numbers) block the highest-risk Copilot outputs before they reach the user. We have written separately about the three Purview DLP configurations banks, credit unions, and mortgage companies should land first.
Microsoft Sentinel. Your alerting and forensics correlation layer. Sentinel ingests the Purview Audit stream and lets your security team build detections for anomalous Copilot usage patterns. A loan officer running prompts against the entire customer file system at 11 p.m. is a typical example.
If your independent audit team cannot pull Copilot prompt records, cross-reference them against DLP policy hits, and reconcile against the user training roster, your AI governance audit will not pass examiner scrutiny.
The Quarterly Audit Cycle ABT Recommends
Regulators do not mandate quarterly AI audits the way SOX mandates quarterly financial controls testing. The cadence is a practical recommendation that comes out of how our team (managing Microsoft 365 tenants for more than 750 financial institutions) has watched AI usage evolve in real customer environments.
AI tools move fast. New features ship from Microsoft monthly. User adoption curves climb fast in the first 90 days after rollout. Acceptable-use policies that made sense at deployment can drift from reality in a single quarter. A yearly audit cycle leaves too much time for that drift to accumulate. A monthly cycle is operationally expensive without proportional risk reduction.
The quarterly cycle splits the AI governance audit into four narrowly scoped reviews:
Pull Microsoft Purview Audit data for the prior quarter. Reconcile against the AI license roster. Flag users who exceeded usage thresholds. Confirm AI acceptable use policy is current and acknowledged.
Test Copilot against a controlled set of sensitivity-labeled documents. Confirm DLP policy hits. Cross-check against Microsoft Defender for Cloud Apps anomaly findings. Document any false positives or false negatives.
Inventory every AI integration outside the Microsoft 365 perimeter. Refresh due diligence files. Reconfirm security and audit-rights clauses in active contracts. Update the vendor risk register.
Produce the annual AI governance audit report. Board IT committee review. Submit to the next safety-and-soundness or IT exam workpaper file. Confirm corrective actions from prior quarters have closed.
The cadence matters more than the individual quarter's depth. A small institution that runs Q1 well and lets Q2 slip will produce a thinner audit work paper at exam time than an institution that runs all four quarters at a moderate depth.
The fastest way to fail an AI governance audit is to discover, on the day the examiner arrives, that no one has been pulling Purview Audit logs and no one knows whether DLP policies are firing.
Third-Party AI Vendor Reviews
Microsoft 365 Copilot is one AI surface. Most credit unions and community banks running into 2026 have two, three, or more. A loan origination system that added an AI document review module. A fintech integration that scores deposit accounts. A vendor-provided fraud detection layer that uses machine learning to flag transactions. Each one is a third-party relationship under the June 2023 Interagency Guidance on Third-Party Relationships: Risk Management, and each one needs to appear on your AI governance audit work plan.
OCC Bulletin 2023-17, the operational expression of the June 2023 Interagency Guidance, does not single out AI. It does require risk-based oversight across the entire third-party relationship lifecycle: planning, due diligence, contracts, ongoing monitoring, and termination. Two scenarios are showing up repeatedly in the engagements we run for our customers:
Your contracted LOS vendor enables an AI document classification feature you did not sign up for. There is no new contract. The data flow has changed. The risk profile has changed. The audit-rights and security clauses written for the non-AI product version may or may not cover the new surface.
A documented re-assessment of the third-party relationship at the next risk-assessment cycle. A determination of whether the AI feature is in-scope of existing contract clauses. If not, a formal change order or contract amendment. Either way, the audit work paper documents the analysis.
The second scenario is the one most internal audit functions are not yet equipped to spot, and it is the one examiners are starting to probe for first.
An employee uploads a customer document into a consumer ChatGPT or Gemini account to summarize it. The document contains nonpublic personal information. There is no business contract. There is no security review. The interaction is invisible to your Microsoft 365 logging surface.
A control assessment of how the institution prevents, or at least detects, shadow AI usage. Microsoft Defender for Cloud Apps generates these reports today. The audit work paper documents the institution's shadow AI detection coverage and any incidents discovered in the prior quarter.
Audit Artifacts Examiners Want to See
Examiners walking into an IT or safety-and-soundness exam are not asking "do you have AI governance." They are asking for evidence. The artifacts your independent audit function produces during the quarterly cycle become the workpaper file you hand over when the exam arrives. We have catalogued the five Microsoft 365 controls examiners ask about before a Copilot rollout, and an audit work paper that maps to those five controls will land on the exam table cleanly.
NIST AI Risk Management Framework 1.0 (January 2023) states that AI risks must be "managed on a continuous basis" and that AI systems should be "routinely monitored, assessed, and updated" over their lifecycle (Function MANAGE). The MEASURE function calls for periodic re-evaluation of metrics, test results, and evaluation procedures.
The full artifact set we recommend financial institutions produce each quarter, and retain for at least the prior 12 months at exam time, looks like this:
- Microsoft Purview Audit pull (CSV export or equivalent) covering all Copilot and other AI tool interactions for the quarter, with the date range, retention setting, and pull-author documented.
- DLP policy hit summary cross-referenced to the AI usage data set, with any policy refinements applied during the quarter.
- Sensitivity label coverage assessment confirming Copilot is honoring SharePoint and OneDrive permissions correctly.
- Vendor risk register entry for each third-party AI relationship, refreshed against the prior quarter's risk determination.
- AI acceptable use policy version log, board IT committee review date, and the per-user acknowledgement roster.
- Microsoft Defender for Cloud Apps shadow AI detection report: what unsanctioned AI usage was detected and what action was taken.
- Training completion report for users with AI licenses.
- Closed-item log for any corrective actions opened in prior quarters.
The Bottom Line
AI governance auditing at community banks, credit unions, and mortgage companies is not a new compliance domain. It is the application of existing FFIEC, NCUA, OCC, and NIST expectations to the Microsoft 365 Copilot, Microsoft 365 Copilot Business, and adjacent AI surfaces that are already running in your tenant. The audit infrastructure (Microsoft Purview Audit, Microsoft Purview DLP, Microsoft Defender for Cloud Apps, Microsoft Sentinel) is mostly already provisioned. The work is connecting it to a defensible quarterly cadence and producing the artifacts your examiner is going to ask for.
Get an AI governance audit baseline for your Microsoft 365 tenant
Our team manages Microsoft 365 tenants for more than 750 financial institutions and can run the Q1 baseline of this quarterly audit cycle against your environment. You get a defensible artifact package, a gap report against the FFIEC + NCUA + NIST + 2023 Interagency expectations, and a working operational cadence your independent audit function can take over.
Frequently Asked Questions
No regulator (NCUA, OCC, FDIC, FRB, or the FFIEC member agencies collectively) has issued a rule mandating a separate AI governance audit. AI is treated as a model, a new technology, and a third-party relationship under existing frameworks (Model Risk Management, the FFIEC IT Examination Handbook, and the June 2023 Interagency Guidance on Third-Party Relationships: Risk Management). Most credit unions, community banks, and mortgage companies fold the AI governance audit scope into the existing IT audit work plan, with the AI section clearly delineated for examiner review.
Microsoft Purview Audit Standard ships with all Microsoft 365 plans at 180-day retention, which is below the 12-month look-back window most examiners expect. Microsoft Purview Audit Premium, which extends retention to one year by default and supports custom audit log retention policies up to 10 years, is the operational floor for a regulated AI audit. Premium is included in Microsoft 365 E5 and is available as an add-on for E3 customers. ABT typically positions Premium audit retention as a Q1 prerequisite when we onboard a Copilot deployment for a financial institution.
Microsoft is a third party. The Microsoft 365 Copilot relationship inherits the third-party-risk treatment of the broader Microsoft 365 contract, with the AI feature set inside it added to the inventory entry and risk assessment. Cloud Solution Providers like ABT manage the operational layer for the customer, but the underlying provider relationship, and the risk-based oversight, contract terms, and ongoing monitoring obligations under OCC Bulletin 2023-17, still rest with the financial institution.
Both paths are supported. Microsoft Purview Audit ships a search interface inside the Microsoft Purview compliance portal that an audit role can use directly. Microsoft offers an Audit Reader role and an Audit Manager role that scope the access without granting broader admin rights. Larger institutions tend to wire the audit data through Microsoft Sentinel and run their reporting from there. Either path preserves audit-function independence as long as the role assignment is documented and reviewed.
This is shadow AI, and the AI governance audit must include a shadow AI detection control assessment every cycle. Microsoft Defender for Cloud Apps maintains a cloud app discovery catalog and can generate reports of unsanctioned AI services accessed from managed devices. The audit work paper documents which tools were detected, what action the institution took (block, restrict, accept with control compensations, or sanction with contract), and any nonpublic personal information exposures that were investigated.
Yes, when the work is split across four narrowly scoped reviews per the cadence in this article rather than treated as one annual all-domains audit. Each quarter takes a small team between four and eight hours when the Microsoft 365 logging infrastructure is set up correctly. The first cycle takes longer because the baseline data set and the policy artifacts have to be established. ABT's managed audit baseline service exists precisely for this. We run the first quarter, document the cadence, and hand the operational running of subsequent quarters back to the institution's audit function.