S6 · Independent review

Independent assurance,
delivered to internal audit standard.

A 28-day independent review of your AI control environment, deployments, and governance posture. Delivered to internal-audit standards with strict independence requirements, suitable for board, audit committee, regulator, or insurer review.

Book a discovery call All services
Engagement summary

What we deliver, and why.

The AI Assurance & Audit engagement is for organisations that need an independent perspective on their AI control environment. Across 28 days we run a four-phase review covering planning and risk assessment, fieldwork and testing, analysis and reporting, and follow-up and closure. The engagement is delivered under strict independence rules: Optivity will not be retained for remediation or implementation arising from the audit, ensuring the assurance opinion holds up under board, audit committee, or regulator scrutiny.

The phases

How we run this engagement.

  1. Plan & risk-assess

    Confirm scope with the audit committee, identify in-scope use-cases, controls, and obligations. Develop the audit programme. Confirm independence and disclose any prior engagements.

  2. Fieldwork & testing

    Test design and operating effectiveness of in-scope controls. Sample-test deployments. Interview accountable executives, control owners, and second-line risk and compliance staff.

  3. Analyse & report

    Produce the assurance report with findings, severity ratings, and recommendations. Walk the audit committee through findings. Issue final report after management response is integrated.

  4. Follow-up & closure

    Track management responses against committed action plans. Close out the engagement with a follow-up report at six months. Confirm independence is preserved through closure.

Deliverables

What you actually receive.

Every artefact below is yours to keep, drafted in your house style and language, and designed to be defensible to your board, audit committee, or regulator.

  • Audit plan and independence declaration
  • Control testing workpapers
  • Findings register with severity ratings
  • Management response and action plan
  • Audit committee report
  • Executive summary suitable for board
  • Six-month follow-up review
  • Closure memo
Frequently asked

Answers to the questions we get most.

Because assurance opinions only hold value if they are produced independent of the work being audited. Optivity does not deliver remediation or implementation arising from an S6 engagement; that work would have to go to a different provider.
No. S6 is co-sourced or external assurance, typically engaged by audit committees who want a specialist AI lens applied to their existing assurance plan. Most engagements complement an existing internal audit function.
Yes, and increasingly is. APRA-regulated entities, federal agencies, and listed companies use S6 outputs as evidence of independent assurance over AI risk. The report is structured to be defensible under regulator review.
Predominantly financial services, public sector, and healthcare, where independent assurance over emerging risk categories is an established expectation.

Want this delivered?

Book a 30-minute discovery call. We'll confirm fit, walk you through the playbook in detail, and shape a proposal calibrated to your context.

Book a discovery call Explore other services