Twelve to fifteen AI tools in active use, and the IT team knows about three of them. That is the typical result of our first shadow AI audit at an Australian mid-market business. Between forty and sixty percent of knowledge workers have used a consumer AI tool for work in the last month. Most of those tools have already touched customer data, financial figures, or internal strategy.
The seven-pillar AI governance framework we wrote about in our AI Governance Australia guide is what closes that gap. This piece is the bit that comes earlier. The audit. The four to six week discovery sprint we run before anyone writes policy or deploys a control.
Governance frameworks that do not match the actual environment fail. You cannot write an Acceptable Use Policy for tools you do not know are in use. You cannot configure a DLP rule for an endpoint you have not catalogued. You cannot risk-rate a vendor your staff have never told you about. Every AI governance programme we have rolled out has started with this audit, because the framework only works once you know what is actually happening.
There is also a regulatory angle worth being honest about. The December 2025 National AI Plan walked back the proposal for mandatory AI guardrails, replacing it with the voluntary Guidance for AI Adoption. That removed one driver for governance work. But the Privacy Act 1988 still applies to AI use today. APRA CPS 234 still applies to regulated entities. From 10 December 2026, Privacy Act amendments require disclosure of substantially automated decisions affecting individuals. The legal exposure has not gone anywhere. It has just become less visible.
Seven activities, run in sequence over four to six weeks depending on the size of the environment. Each one feeds the next. We deliver a board-ready report at the end mapping findings to each of the seven governance pillars, so you know exactly where you sit before policy work starts.
Start with what you can measure. Pull the last ninety days of Microsoft 365 audit logs and DNS query logs. Look for traffic to consumer AI domains: chatgpt.com, claude.ai, gemini.google.com, perplexity.ai, copilot.microsoft.com, character.ai, midjourney.com, suno.ai. Then check the Chrome Web Store and Edge Add-ons for AI extensions installed on managed devices.
The category most audits miss is AI embedded inside SaaS your staff already use. Notion AI, Slack AI, Atlassian Rovo, HubSpot Breeze, Grammarly Premium. Gartner expects seventy percent of 2026 employee AI interactions to come through features inside sanctioned applications, not standalone tools. If you are only watching for ChatGPT traffic, you are seeing maybe a third of the picture.
Complement the logs with a short anonymous staff survey. Anonymous matters. People will not tell IT what they have been using if they think it will land them in trouble.
For each tool found in step one, work out which data classifications it has likely seen. This is where most audits stop short and where the actual risk lives.
A useful matrix is tool name by data class by volume by frequency by business function. The four data classes worth tracking at minimum: customer personally identifiable information, financial data (yours and your clients’), commercially sensitive information including pricing, strategy and intellectual property, and employee data including health information.
The Netskope 2026 enterprise study found the average organisation logs 223 AI data policy violations per month. Most of those are not malicious. They are someone trying to clean up a board pack at 9pm or draft a difficult client email.
Build a scorecard. We use seven criteria, each scored 1 to 5:
| Criterion | What you are looking for |
|---|---|
| Data retention policy | Zero retention for enterprise tiers, no model training on customer data |
| Data residency | Australian or compliant overseas hosting under APP 8 |
| Authentication model | SSO with your identity provider, MFA enforced, no consumer accounts |
| Admin controls | Workspace management, audit logging, usage quotas, deprovisioning |
| Security certifications | SOC 2 Type II, ISO 27001, ideally ISO 42001 |
| Transparency | Published model behaviour, breach disclosure history, sub-processor list |
| Vendor viability | Funding, customer base, likelihood the vendor still exists in 24 months |
Tools that score above your threshold become candidates for sanctioning. Tools that fail need to be blocked or replaced. Tools in the middle need conditions of use.
This is the step most CIOs skip and should not. Before you block anything, find out why staff reached for that specific tool. The answer is almost always: the sanctioned alternative did not exist, was slower, or did not do the thing they needed.
Block without offering an equal or better alternative and you push the usage further underground. Personal phones, personal email accounts, BYO browser profiles. Worse exposure, less visibility.
We have run this audit for clients across legal, healthcare, and professional services in Perth, and the same pattern shows up. Staff are not trying to leak data. They are trying to clear their inbox before they go home.
The output of steps three and four is your AI tool vetting register. Every approved tool gets a tool owner (the senior person accountable for its use), a data class boundary (what may and may not go in), a six-monthly review date because the AI vendor landscape moves fast, documented conditions of use mapped to data classes, and a documented alternative for things the tool may not be used for.
The register is a real artefact, kept current, available to all staff. Not a PDF that gets emailed once and forgotten.
Policy without enforcement is fiction. The control stack we deploy with every AI Governance engagement uses your existing Microsoft 365 estate:
This is straight Microsoft 365 work for any Microsoft Solutions Partner, sitting on top of the managed cybersecurity baseline. The only AI-specific element is the endpoint list, which needs maintenance as new tools emerge. We refresh ours monthly.
Three artefacts close the loop. An AI Acceptable Use Policy that names tools, sets data class boundaries, and clarifies enforcement consequences. Staff awareness training refreshed every six months because the vendor landscape moves. Quarterly governance reviews that revisit the register, the risk scores, and the incident log.
The training piece is the one businesses consistently underspend on. Forty-five percent of staff say they learned AI on their own. They will reach for what they already know, not what you have approved, unless you actively show them the approved tools and the use cases.
The audit is not the destination. It is the diagnostic that tells you where to start. Every finding from steps 1 through 7 maps to one or more of the seven governance pillars covered in our AI Governance Australia framework. The audit produces the evidence base. The framework defines what you build with it. Most clients move from audit to framework rollout in the same quarter, with the audit findings shaping where the framework gets prioritised.
For the full cross-platform methodology including the audit architecture and the deployment review process, our AI Governance white paper covers everything in detail.
Pull your last 30 days of DNS logs. Filter for traffic to the ten most common consumer AI domains listed in step one. You will have a workable first picture inside an hour. If your current IT provider cannot do this in an hour, that is itself a finding.
Send a five-question anonymous staff survey. Ask which AI tools they have used at work in the last month, on which devices, for which tasks, and what would stop them using them. The pattern matters more than any single answer. Promise no consequences for honest answers and mean it.
Book a Shadow AI Discovery. If you have an active managed services agreement with Epic IT, the first three months are complimentary. If you do not, we run the discovery as a one-off engagement and it usually pays for itself in the exposures it surfaces. Book an AI Readiness Assessment to get started.
A full audit covering inventory, data classification, risk rating, sanctioned tool register, technical control deployment, and a board-ready report takes four to six weeks for a mid-market business of 50 to 200 staff. A first-pass discovery to identify the highest-risk exposures can be done in five to ten business days. Every new and renewing Epic IT managed services client receives a complimentary three-month Shadow AI Discovery.
No. We run the shadow AI audit as a standalone engagement for businesses that want to understand their exposure before committing to a longer programme. Once the audit is complete, the AI Governance service requires an active managed services agreement to deploy and maintain the technical controls.
The audit is the discovery method. It maps your current state in four to six weeks. The seven-pillar framework, covered in our AI Governance Australia guide, is the operating model you build on top of those findings. The audit answers what is happening today. The framework answers what good looks like and how to maintain it. You need both, in that order.
Yes, mostly. Microsoft Defender for Cloud Apps catalogues over 30,000 cloud services including all the major AI tools and can surface usage from your network and endpoint signals. Microsoft Purview adds DLP rules and sensitivity labels that detect when classified data is being pasted into AI endpoints. The gap Microsoft 365 cannot close on its own is AI embedded inside other SaaS, which needs additional tooling or vendor-level review.
Five artefacts. A complete inventory of every AI tool found, classified by sanctioned, conditional, or shadow. A data exposure register showing what data has touched which tool. A risk-rated tool list with pass, fail, or conditional status. A draft sanctioned AI tool register ready for executive sign-off. A roadmap mapping the findings to the seven AI governance pillars with a 90-day remediation plan.
From 10 December 2026, the Privacy and Other Legislation Amendment Act 2024 requires organisations to disclose substantially automated decisions affecting individuals. Hiring, lending, insurance, customer analytics. If your shadow AI audit reveals tools being used for any of these functions without your knowledge, you have a disclosure obligation you cannot meet because you do not know it is happening. The audit closes that visibility gap.
At Epic IT, our specialists focus on long-term solutions for your business.
Our 90-day guarantee is simple: if you’re not satisfied, we’ll refund your onboarding fee and give you $5K. Contact us today!
Call Us
1300 EPIC IT
Email Us
info@epicit.com.au
Perth HQ
HQ – Unit 2, 62 Angove Street North Perth WA
Queensland Office
12 The Cct, Brisbane Airport QLD
Sydney Office
Unit 3, 104 Anglesea Street, Bondi NSW
