This session examines what auditors are focusing on as organizations integrate GenAI models and agent-based systems into their operations. Participants will explore audit considerations around legacy and proprietary data, Retrieval-Augmented Generation (RAG) pipelines, and agent-based systems leveraging Model Context Protocol (MCP). The discussion also highlights the distinction between human and non-human identities and how privacy regulations, data rights usage, and third-party risk management intersect with AI deployments.

In this session you will:

• Understand key audit focus areas for GenAI, RAG pipelines, and agent-based systems
• Examine the role of human vs. non-human identities in AI governance
• Explore how privacy regulations, data rights, and third-party risk shape compliance
• Learn how to prepare for audits, align with regulatory expectations, and build trust in AI initiatives