2-week AI Audit
AI AuditVisibility, risk, outcomes.AI TransformationCapture AI value across workflows.AI GovernanceContinuous evidence for live AI.AI FluencyWorkforce that compounds.All servicesThe full service map.
Not sure where to start?Take the 5-min maturity assessment →Maturity modelOpen assessment
By industry
Private equityPortfolio-wide value capture.Regulated financeThe finance umbrella.Banks & capital marketsRegulator-defensible under SR 11-7.FintechShip trusted AI fast.Asset & wealthFor advisors and ops.REITs / real estateAI-driven NOI uplift.InsuranceUnderwriting + claims, instrumented.
Guides, templates, frameworks
Field notesEditorial reads on where AI work stalls.GuidesFinance AI systems, controls, and evidence.FrameworksLevers, maturity models, and control maps.TemplatesAudit memos and reusable eval artifacts.ScorecardsFast reads on adoption, strategy, and governance.Case studiesProof from AI work in finance.Golden datasetsReusable test sets for AI evaluation.NL-to-SQL evalsAudit-grade evidence for finance data agents.AI Audit resourcesInventory, Shadow AI, and board evidence.All resourcesBrowse the complete editorial library.
Featured field note
AI Fluency Is a Learning Curve.
What Anthropic's Economic Index means for workforce fluency.
Read more →
Diagnostic / AI Audit

Shadow AI self-diagnostic for finance.

19 questions to surface where Shadow AI, MCP connectors, OAuth grants, code-surface exposure, EU AI Act logic, AIUC-1 evidence, and independent-audit readiness actually stand.

TrustEvalsJune 6, 20267 min readAI Audit
AI AuditScore shadow exposure.

This diagnostic gives a finance team a fast read on Shadow AI and Shadow MCP exposure. It is designed for a CIO, CISO, CAIO, internal audit lead, operating partner, or board member who needs to know whether the firm can produce evidence before the next AI governance conversation hardens.

Use it with the Shadow MCP audit methodology. The questions below map to the same operating artifacts: endpoint discovery, identity correlation, OAuth grant inventory, git history, attestation, risk classification, EU AI Act role and technical-file logic, AIUC-1 agent-control evidence, coverage caveat, and independent reporting.

How to use it.

Score each lineUse the scoring note under each question. Some controls are inverted, so yes is not always the good answer.
Full evidenceScore 1 point when the control or artifact exists and can be produced today.
Partial evidenceScore 0.5 points when the answer exists but is informal, stale, limited, or only partly mapped.

"Do not know" is not a failure. It is a useful signal. It tells the team where the operating read should begin.

Framework logic

EU AI Act readiness starts by naming the system boundary, role, risk tier, and evidence set. AIUC-1 readiness asks whether each agentic workflow has evidence across data and privacy, security, safety, reliability, accountability, and societal risks.

A. Visibility.

  1. Can your security team produce a list of every AI client installed on the engineering fleet, including Claude Desktop, Cursor, Windsurf, VSCode extensions, Gemini CLI, Amazon Q, and similar tools?Scoring: 1 point for a current fleet-wide list; 0.5 for partial coverage; 0 if the team cannot produce it.
  2. Can your team produce a list of every MCP server configured on those AI clients, by user?Scoring: 1 point for a user-level MCP map; 0.5 for partial coverage; 0 if the team cannot produce it.
  3. Are MCP server installations gated by a sanctioned-tool list, or can any engineer install any package they discover?Scoring: 1 point for enforced sanctioned installs; 0.5 for informal approval; 0 for open installation. Use 0.5 if unknown.
  4. Does your identity provider map AI-tool sessions to user, role, department, and business unit?Scoring: 1 point for role and department mapping; 0.5 for partial mapping; 0 if the team cannot produce it.

B. Delegation.

  1. Have you audited third-party OAuth grants in Google Workspace, Microsoft 365, Notion, Slack, Salesforce, HubSpot, and adjacent systems in the last 90 days for AI-tool patterns?Scoring: 1 point for a review in the last 90 days; 0.5 for an older review; 0 if there has been no review.
  2. Are users permitted to grant OAuth scopes to third-party SaaS apps without admin consent?Scoring: 1 point if admin consent is required; 0.5 for limited exceptions; 0 if users can self-grant. Use 0.5 if unknown.
  3. Does employee offboarding include revocation of OAuth grants made to AI tools and agent connectors?Scoring: 1 point for a documented revocation step; 0.5 for ad-hoc review; 0 if OAuth grants are not checked.

C. Code surface.

  1. Have you scanned org-level code hosting for MCP configuration files, known MCP package references, and server-side connector implementations?Scoring: 1 point for an org-level scan; 0.5 for repo-by-repo coverage; 0 if no scan has been run.
  2. Do engineering policies state whether MCP configuration files can be committed into application repositories?Scoring: 1 point for written policy; 0.5 for informal guidance; 0 for no policy. Use 0.5 if unknown.

D. Non-technical exposure.

  1. Have you surveyed non-technical populations, including finance, operations, marketing, sales, legal, and leadership, about AI tool usage in the last 90 days?Scoring: 1 point for a structured survey; 0.5 for informal check-ins; 0 if no survey has been run.
  2. Does the Mac fleet have IT-managed install gating through Jamf, Kandji, Intune, or a similar control, or are users local administrators?Scoring: 1 point for managed install gating; 0.5 for partial gating or no Mac fleet; 0 if users are local administrators.

E. Risk posture.

  1. If the board asked tomorrow, could you map Shadow AI and Shadow MCP findings to a recognized framework such as OWASP Agentic Applications, NIST AI RMF, ISO 42001, EU AI Act, AIUC-1, or your internal AI policy?Scoring: 1 point for exportable framework mapping; 0.5 for partial mapping; 0 if findings are not mapped.
  2. Does your AI security posture document state what it does not catch, including browser-only use, unmanaged personal devices, install-and-remove activity between scans, and unknown future connectors?Scoring: 1 point for an explicit coverage caveat; 0.5 for implied limits; 0 for no caveat or overclaimed coverage.

F. EU AI Act and AIUC-1 readiness.

  1. For AI systems or agent workflows with EU exposure, can you document the system boundary, organizational role, risk tier, and whether GPAI, transparency, or high-risk obligations could apply?Scoring: 1 point for documented role and risk-tier logic; 0.5 for partial or informal classification; 0 if the boundary is not documented.
  2. For workflows that may be high-risk or transparency-relevant under the EU AI Act, can you produce technical-documentation inputs, logs, human-oversight ownership, post-market monitoring, and incident-handling evidence?Scoring: 1 point for a current evidence pack; 0.5 for partial or stale evidence; 0 if the pack does not exist.
  3. For each agentic workflow, can you map evidence to AIUC-1's six categories: data and privacy, security, safety, reliability, accountability, and societal risks?Scoring: 1 point for mapping across all six categories; 0.5 for category-level or partial mapping; 0 if unmapped.
  4. Can you trace agent tool calls, prompts, model changes, policy changes, exceptions, and remediation back to a human owner and evidence record?Scoring: 1 point for owner-linked evidence; 0.5 for partial traceability; 0 if actions cannot be traced.

G. Independence.

  1. If your AI governance is audited, is the audit team independent from the team that designed and operates the AI stack?Scoring: 1 point for an independent third party; 0.5 for same firm but different team; 0 for same-team review or no audit. Use 0.5 if unknown.
  2. Does AI audit reporting bypass operational leadership when needed and reach internal audit, the audit committee, or the board directly?Scoring: 1 point for direct audit committee, board, or internal-audit reporting; 0.5 for dual reporting; 0 if reporting stays inside operational leadership.

Scoring.

15 to 19

Visible AI.

You have sanctioned tools, identity correlation, OAuth review, framework mapping, EU AI Act and AIUC-1 evidence, coverage limits, and independent review. Move toward continuous monitoring for residual Shadow AI.

10 to 14

Sanctioned but ungoverned.

You have partial visibility, but usage, delegation, framework evidence, and independent reporting are not connected. Run the full Shadow MCP audit.

5 to 9

Sprawling MCP.

Agentic tools are in real use, but connector, OAuth, and user mapping are fragmented. Start with endpoint discovery, identity correlation, and OAuth grants.

0 to 4

Shadow zone.

The organization knows AI is happening but cannot map its shape. Start with a scoped AI Audit to produce the first board-readable inventory.

The score is not the point. The operating artifact is. A useful result names which evidence exists, which evidence is stale, which evidence is missing, and what decision that changes this quarter.

Framework source notes.

Related resources

Keep the operating read connected.

ArticleAudit hidden connectors.
AI AuditShadow MCP audit methodology for finance.
GuideInventory without panic.
AI AuditShadow AI needs an audit, not a panic.
GuideCheck audit readiness.
AI AuditThe AI Audit checklist.

Turn the score into an operating read.

Bring one workflow, vendor, or AI portfolio. We will map the evidence needed for finance leaders to fund, ship, or stop it.

Read the methodology →