AI Governance Audit Report Template
A one-page, signed status memo summarizing the firm's AI governance program for malpractice carrier renewal. Pulls from the Policy Template, Acknowledgments, Training records, Vendor diligence, Verification logs, Usage register, and Incident log.
What this is (and is not)
"They're asking firms, 'Do you use AI? Do you police it? Do you have protocols in place?'" Stan Sterna, SVP and risk control lead at Aon, said this in Digital Insurance / Accounting Today, April 2026. The audit report answers all three questions on a single signed page.
A one-page status snapshot signed by the managing partner. It lists the seven other governance artifacts the firm maintains, the version or date of each, and the headcount or activity counts that show the program is alive. Firms produce the report for the renewal binder in lieu of, or alongside, the underlying records.
What the report is not: a policy (see the Policy Template), a checklist (see the Compliance Checklist), or an attestation of compliance with a specific rule (those live in the per-document logs and the Quarterly Attestation). Think of it as the cover memo that ties them together.
When to prepare
For background on the carrier landscape and what underwriters expect at renewal, see AI Liability Insurance for Law Firms.
- 30 to 60 days before malpractice renewal. Most LPL carriers cycle annually. Preparing the report a window ahead leaves time to close documentation gaps before submission.
- On request from the carrier or broker. AmTrust PRO form LPLPRO-APP-01 0523 is the clearest documented LPL AI question to date. It asks firms that allow AI to "attach description." The audit report is the description.
- On material change. Re-issue mid-cycle when a new tool is added to Section 3, when a tier reclassification occurs, or when any incident lands under category (a)-(d).
The report template
Below is the report itself. Print, fill in, sign, and deliver as a single PDF. Headcounts and dates make the report falsifiable in a way prose cannot.
AI GOVERNANCE AUDIT REPORT
Firm: ____________________________________________
Report period: ____________________ to ____________________
Report date: ____________________
Prepared for: ____________________________________________ (carrier / broker / internal)
1. Written AI Policy (Rule 5.1, 5.3; Op 512 Part II)
Policy version: ___________ Adopted: ___________ Last reviewed: ___________
Approver (name, title): ____________________________________________
Material changes since prior period: ____________________________________________
2. Training Records (Rule 1.1; Op 512 Part I)
Attorneys completed initial AI training: _______ / _______ (count / headcount)
Staff completed initial AI training: _______ / _______
Most recent training date: ____________________ Provider: ____________________
3. Approved-Tools List and Vendor Diligence (Rule 1.6; Op 512 Part III)
Tier 1 tools in use: ____________________________________________
Tier 2 tools in use: ____________________________________________
Vendor diligence file complete for each: Y / N. Last vendor review: ____________________
4. Verification Protocol (Rule 3.3; Op 512 Part IV)
Verification logs filed in period: _______
AI-assisted filings in period: _______ (denominator from usage register)
Coverage rate (verification logs / AI-assisted filings): _______ %
5. Usage Register
Register entries in period: _______ Distinct attorneys logged: _______
Quarter-end attestations signed: _______ / 4
Register custodian (name, title): ____________________________________________
6. Incident Log (Op 512 Part V; Rules 1.4, 3.3)
Incidents in period (closed / open): _______ / _______
Categories triggered: (a) ____ (b) ____ (c) ____ (d) ____ near-miss ____
Carrier notice given (count): _______ Tribunal disclosure (count): _______ Client notice (count): _______
7. Employee Acknowledgments (Rule 5.1, 5.3)
Current acknowledgments on file: _______ / _______ (signed / total headcount)
Coverage rate: _______ % Last refresh on policy revision: ____________________
8. Quarterly Attestations (rolling)
Most recent attestation date: ____________________ Signer: ____________________
Attestations in trailing 12 months: _______ / 4
Open items and remediation plan:
_________________________________________________________________
_________________________________________________________________
Statement of accuracy:
The undersigned, in their capacity as Managing Partner of the Firm, certifies that the information above is true and complete to the best of their knowledge after reasonable inquiry. Supporting records are available for inspection on reasonable notice.
Managing Partner signature: ____________________________________________
Print name: ____________________________________________
Date: ____________________________
How to deliver to a carrier
- One PDF, one page where possible. Filled-in fields compress the report into a single page. Two or three pages are acceptable; a 30-page bundle is not. Carriers will already have the supporting records on request.
- Travel with the renewal application, not after. Send the report into the broker's hands at the same time as the renewal application, not as a follow-up. A clean answer to the AmTrust PRO "attach description" prompt, or the Jencap-paraphrased "How are you using AI?" inquiry, is the report itself.
- Be ready to produce backups. Verification logs, usage register snapshot, signed acknowledgments, vendor diligence files, incident reports, and the policy itself should all be retrievable within 48 hours. Credibility rests on the speed with which underlying records can be produced.
- Refresh on material change. Re-issue when a material change occurs (new Tier 1 tool, incident under any category, policy revision under Section 15). Do not wait for the next renewal cycle.
- Retain through the malpractice tail. Reports remain responsive to a malpractice claim or coverage dispute years after issuance. File the signed PDF with the firm's other governance records. Retain at least as long as the longest related matter file plus any extended-reporting period.
Report mapped to ABA Formal Opinion 512 (July 2024) and the eight-artifact set described in carrier renewal documentation. Last verified 2026-05-02.