You Cannot Audit What You Cannot Reconstruct: The AI Paper Trail Most Professional Firms Don't Have

Regulators and insurers are starting to ask for AI audit trails. Here is what one actually looks like, and a three-level test to find out where your firm stands today.

By John Margerison · Sat, 23 May 2026 · 1782 words

Picture a Thursday afternoon at a mid-sized law firm. A senior associate is drafting a due diligence memo for a corporate acquisition. The target company's data room has 400 documents. She opens ChatGPT, pastes in a chunk of the share purchase agreement, types a prompt she half-remembers from a LinkedIn post, reads the response, and types a few lines into a Word document. Then she closes the tab. No record of the prompt. No record of which model answered. No record of what she pasted in. No record of whether the client's commercially sensitive figures just became training data for a third-party model.

The partner reviews the memo, approves it, and it goes to the client.

Six months later, the deal closes badly. The client's lawyers allege the due diligence missed a material liability. The firm's professional indemnity insurer asks a simple question: "Can you show us exactly how AI was used in the preparation of this advice?"

The answer, at most firms right now, is no.

That is not a technology problem. It is a governance problem. And it is about to become an expensive one.

THE DEFINITION THAT MATTERS

"Auditable AI workflow" is a phrase that gets used loosely. Let's be precise about what it actually requires.

An auditable AI workflow is one where, after the fact, a firm can reconstruct: which documents or data were submitted to an AI model; what redaction or anonymisation was applied before submission; the exact prompt used; the specific model and version that responded; the full response received; and the identity of the professional who reviewed that response before it influenced any client-facing output.

Every one of those six elements matters. Miss one and the chain breaks.

Model version is not a minor detail. GPT-4o and GPT-4-turbo produce materially different outputs on the same prompt. If a claim arises eighteen months from now, "we used ChatGPT" is not a sufficient answer. The version, the date, the API parameters - these are the equivalent of knowing which edition of a legal textbook you cited.

Redaction is not optional. Pasting a client's unredacted financial statements into a consumer AI tool may breach confidentiality obligations under ABA Model Rule 1.6, the SRA's Standards and Regulations, and data protection law simultaneously. The audit trail must show what was stripped out before anything was submitted.

Reviewer sign-off is the human accountability anchor. An AI response that goes directly into a client document without a named professional attesting that they read, assessed, and approved it is not supervised work. It is automated output wearing a professional's letterhead.

BEFORE AND AFTER: ONE MATTER, TWO REALITIES

Consider a single task: a tax accountant reviewing a client's corporate structure for transfer pricing risk. Here is how it typically happens today, and how it should happen.

Before (the current reality): The accountant opens a browser, navigates to a public AI tool, pastes in sections of the client's intercompany agreements, asks a question about arm's length pricing, reads the answer, and incorporates some of the language into a client report. The session ends. No log exists. The firm cannot say which tool was used, what version, what was pasted, or what came back. If the client later disputes the advice, the accountant's only record is their own memory and the final report.

After (an auditable workflow): The accountant opens a firm-approved AI environment. Before any document is submitted, an automated redaction step strips entity names, account numbers, and personal identifiers, logging each redaction event with a timestamp and document reference. The accountant types a prompt into a logged interface. The system records the prompt text, the model identifier (including version), the timestamp, and the session ID tied to the matter file. The model responds. That response is stored, immutably, against the matter record. The accountant reviews the response, makes edits to the draft, and clicks a sign-off button that records their name, their bar or professional registration number, and the time of review. The final output is linked to the full chain.

If a claim arises, the firm can produce a complete reconstruction in minutes. The insurer can see exactly what happened. The regulator can see exactly what happened. The client can see exactly what happened.

That is the difference between a workflow and a documented workflow.

WHY THIS IS BECOMING URGENT NOW

The regulatory and insurance pressure is real and accelerating.

On the regulatory side, the American Bar Association published Formal Opinion 512 in July 2024, establishing that lawyers using generative AI must understand how the tool handles data, must obtain informed client consent before using confidential information in self-learning AI tools, and cannot outsource professional responsibility to an AI system. The SRA in the UK published specific AI guidance in 2024 confirming that compliance officers for legal practice are responsible for regulatory compliance when new technology is introduced. The EU AI Act's general-purpose AI model obligations became effective in August 2025, with high-risk system requirements applying by August 2026.

On the insurance side, the shift is sharper. Before 2023, most professional indemnity policies were effectively silent on AI use - neither covering nor excluding AI-related claims. That era is ending. Insurers are now introducing AI-specific endorsements, exclusions, and supplemental disclosure questionnaires at renewal. In 2025, a wave of insurers introduced requirements for granular information about AI governance at underwriting. Lloyd's of London syndicates are increasingly treating AI deployment without adequate controls as a governance failure. The practical consequence: a firm that cannot demonstrate a documented AI workflow may face coverage disputes, higher premiums, or outright exclusions.

The Thomson Reuters 2025 Generative AI in Professional Services Report found that more than 40% of professionals are already using generative AI, and that organisational adoption nearly doubled year-on-year to 22% in 2025. The tools are spreading faster than the governance frameworks designed to contain them.

Ask yourself this: if your firm's insurer sent a questionnaire tomorrow asking you to describe your AI governance controls, what would you write?

THE FOUR TECHNICAL PRIMITIVES

You do not need to build a bespoke system from scratch. But you do need to understand the four components that any credible audit trail requires.

Logged redaction events. Before any client data reaches an AI model, a redaction layer must identify and remove sensitive identifiers, and that process must be logged. The log should record what categories of data were detected, what was removed, and what remained. This is not just about compliance - it is about knowing, provably, that you did not expose client confidences.

Immutable prompt history. The prompt sent to the model must be stored in a way that cannot be edited after the fact. Immutability can be achieved through append-only logging, cryptographic hashing, or write-once storage. The point is that the record of what was asked cannot be quietly amended if a problem later emerges.

Model fingerprinting. Every AI response must be tagged with the specific model identifier and version that produced it. This is a technical primitive that well-designed enterprise AI tools expose through their APIs. If your current tool does not record this, you are missing a critical link in the chain.

Reviewer sign-off step. The workflow must include a mandatory human checkpoint before any AI-assisted output reaches a client. This is not a passive review - it is a recorded attestation. The professional's identity, the time of review, and the matter reference must all be captured. This is the step that converts AI output into supervised professional advice.

None of these primitives require exotic technology. They require deliberate design choices and the discipline to enforce them.

THE THREE-TIER MATURITY MODEL

Here is a simple self-assessment. Be honest.

Level 1 - "I use AI but cannot produce a record." Your team uses AI tools, possibly a mix of consumer and enterprise products. There is no central log of which tools are used on which matters. Prompts are not stored. Model versions are unknown. If asked to reconstruct AI use on a specific matter, you could not do it. This is where the majority of professional services firms sit today.

Level 2 - "I have a tool that logs things." You have moved to an enterprise AI platform that maintains some form of usage log. You can retrieve a history of queries. But the logs are not tied to specific matter files, redaction is not systematically recorded, there is no mandatory reviewer sign-off step, and the logs have not been tested against a realistic audit scenario. You have infrastructure but not a workflow.

Level 3 - "I have a documented, reviewed, audit-ready workflow." Every AI interaction on a client matter is captured end-to-end: redaction events, prompt text, model version, response, and named reviewer sign-off. Logs are immutable and matter-referenced. The workflow is documented in writing, staff are trained on it, and it has been tested against a simulated audit request. You could respond to a regulator or insurer within 24 hours with a complete reconstruction of AI use on any given matter.

Where does your firm sit? Most partners who read this honestly will place themselves at Level 1. Some will be at Level 2 but mistake it for Level 3 because the logs exist and nobody has tested them.

The gap between Level 2 and Level 3 is not technology. It is process discipline and documentation.

WHAT YOU CAN DO THIS QUARTER

Moving from Level 1 to Level 2, or from Level 2 to Level 3, does not require a year-long IT project. Here is what is achievable in the next 90 days.

First, conduct a tool audit. Identify every AI tool currently in use across the firm, including tools individuals have adopted without central approval. Map each tool against the four primitives: does it log prompts, record model versions, support redaction, and allow sign-off capture? This audit alone will surface the exposure.

Second, establish a single approved AI environment for client-facing work. Consumer tools used on client matters should be prohibited by policy, not just discouraged. The approved environment must, at minimum, log prompts and model versions against matter references.

Third, build a redaction checkpoint into the workflow. This does not have to be automated on day one. A manual checklist - "have I removed client names, account numbers, and identifying details before submitting this?" - logged and signed off, is better than nothing and is achievable immediately.

Fourth, create a reviewer sign-off template. A simple form, digital or otherwise, that records the professional's name, the matter reference, the date, and a declaration that they have reviewed the AI output before it was used. File it with the matter. This single step moves you meaningfully toward Level 3.

Fifth, test the trail. Take a closed matter where AI was used and try to reconstruct the full chain from the logs. If you cannot do it in under an hour, you know exactly what to fix.

The firms that build this infrastructure now will not just be better protected when regulators ask. They will be the firms that clients, increasingly aware of AI governance, choose to trust with their most sensitive work.

An audit trail is not a bureaucratic burden. It is the proof that a professional was actually in charge.