A professional services firm using AI tools needed clarity on data risk and compliance. We conducted an independent AI audit to identify exposure and establish clear guardrails for safe use.

Problem

Keystone & Alder had begun using AI tools to support document review and research. While the tools improved efficiency, senior leadership became increasingly concerned about client confidentiality and regulatory exposure. There was no clear picture of what data was being processed, where it was stored, or how vendors handled it.

The firm wanted to continue modernising, but not at the expense of client trust. Before expanding AI usage, they needed an objective assessment of risk and a defensible framework they could stand behind.

Solution

We conducted a structured AI audit that mapped every AI-assisted workflow in use. This included tracing how client data entered systems, how it was processed, and where it was retained. We identified areas of high sensitivity and assessed them against regulatory and professional obligations.

Vendor terms were reviewed alongside technical controls to surface hidden risks. We then provided clear, prioritised recommendations covering data isolation, access controls, and acceptable use policies. The final audit report was written in language suitable for leadership, clients, and regulators, giving the firm confidence to move forward responsibly.