Why AI Audits Matter: A Strategic Guide for In-House Counsel

Is your legal team prepared to defend your company’s use of AI under regulatory and public scrutiny? As artificial intelligence becomes central to business decision-making, the risks—from legal liability to reputational damage—are mounting fast. Therefore, AI audits for in-house counsel have shifted from a theoretical concern to a real-world necessity. So, are you ready?

To help unpack this urgent issue, we draw on insights from Jey Kumarasamy, an associate at a boutique law firm specializing in AI and data analytics. With a hybrid background in both legal strategy and technical implementation, Jey offers a unique perspective. He discusses how in-house legal teams can approach AI audits not just as compliance obligations, but as strategic assets in today’s digital economy.

Watch the full conversation with Jey Kumarasamy here:

Jey points to the NIST AI Risk Management Framework (AI RMF) as an essential foundation. This model breaks AI governance into four key areas: mapping risks, measuring risks, managing those risks, and establishing governance processes. Notably, AI audits are critical to the first two: identifying potential harms and quantifying them effectively.

For in-house lawyers, understanding where and how AI is used—and what risks those applications pose—is key to building internal policies. These policies must hold up to legal scrutiny. An audit doesn’t just flag problems; rather, it equips the legal team with the facts needed to recommend meaningful risk mitigation.

While national AI regulations remain uneven, localized laws like New York City’s Local Law 144 are setting early precedents. The law mandates annual bias audits for AI systems used in employment. Thus, it serves as a model for broader legislation on algorithmic accountability. However, even without direct AI laws, Jey cautions that existing anti-discrimination and consumer protection statutes often apply.

That’s why AI audits for in-house counsel are essential—even in less regulated regions. In fact, a proactive approach reduces the chance of noncompliance. It also demonstrates good faith efforts should an investigation or litigation arise. Legal teams must evolve with the technology; otherwise, they risk being caught unprepared.

Jey emphasizes that no single audit template fits every organization or use case. The audit process should begin by pinpointing relevant risks—like algorithmic bias, accuracy, IP concerns, or privacy issues. Moreover, appropriate methods are needed to measure and interpret those risks. Even when internal teams handle the audit, collaboration across departments is crucial.

Once risks are identified, legal teams must ensure they are addressed. That may mean retraining models, revising data sources, or creating stronger documentation. The outcome isn’t just a report—it’s a roadmap for smarter, safer AI implementation.

AI audits aren’t a one-off project—they’re part of long-term governance. Jey draws parallels to privacy compliance. Companies must maintain an inventory of AI models, formalize approval processes, and continuously monitor performance. This includes keeping logs, updating policies, and ensuring cross-functional teams remain aligned.

For in-house counsel, embedding AI audits into existing compliance frameworks allows legal to lead—not react—when it comes to risk management.

When working with external vendors, the complexity multiplies. Jey recommends treating vendor audits as seriously as internal ones. Ask for documentation of testing protocols, risk mitigation practices, and support commitments. Strong contract terms ensure your organization retains oversight, even when technology is outsourced.

Thorough vendor audits and negotiation tactics not only reduce legal exposure. They also set expectations for responsible AI practices across your supply chain.

Jey Kumarasamy makes it clear: AI audits for in-house counsel are no longer a luxury or “future problem.” They’re happening now, and legal teams that act proactively can shape the narrative. By identifying risks early, driving internal accountability, and building trust with stakeholders, legal departments can turn compliance into a competitive advantage.

In this fast-moving space, preparedness isn’t just smart—it’s essential. And it starts with the audit.

Watch the full conversation here:  Notes to My (Legal) Self: Season 6, Episode 4 (ft.Jey Kumarasamy)

At Notes to My (Legal) Self®, we’re dedicated to helping in-house legal professionals develop the skills, insights, and strategies needed to thrive in today’s evolving legal landscape. From leadership development to legal operations optimization and emerging technology, we provide the tools to help you stay ahead.

What’s been your biggest breakthrough moment in your legal career? Let’s talk about it—share your story.