The Audit Society and the Rituals of Machine Accountability
Michael Power's The Audit Society: Rituals of Verification is not a book about artificial intelligence. That is exactly why it is useful for AI governance. It explains how modern institutions learned to answer distrust with verification, uncertainty with control systems, and political pressure with auditable procedures. Read now, the book clarifies a central problem in machine accountability: the audit can expose a system, or it can become the ritual that lets the system continue.
The useful distinction is auditability versus accountability. Auditability means a system can produce records that fit an inspection method. Accountability means those records can change a decision, trigger repair, support appeal, or assign responsibility. AI governance fails when the first is allowed to impersonate the second.
The practical test is not whether a certificate, model card, red-team report, conformity file, or dashboard exists. It is whether the evidence remains connected to scope, independence, affected people, public authority, remediation, and a stop condition when the claim fails.
The Book
The Audit Society: Rituals of Verification was first published by Oxford University Press in 1997 and reissued as a paperback in 1999. Oxford Academic lists the paperback ISBN as 9780198296034 and the hardback ISBN as 9780198289470. Google Books and the Internet Archive bibliographic record list the original edition at 183 pages, with subjects including auditing, responsibility, management, and organizational effectiveness.
Power was writing about the spread of audit beyond financial accounting: medical audits, technology audits, environmental audits, value-for-money audits, quality audits, teaching audits, and many other forms of checking. The question was not simply why accountants had become powerful. It was why so many domains began to treat formal scrutiny as the answer to public mistrust, managerial uncertainty, and demands for accountability.
The author is a professor of accounting at the London School of Economics. LSE's profile says his research and teaching focus on regulation, accounting, auditing, internal control, risk management, and organization theory. That institutional location matters. The book is not a generic complaint about bureaucracy. It comes from inside the study of accounting and governance, where the attraction of verification is understood as well as its dysfunctions.
Auditability Before Accountability
The book's central move is to separate accountability from auditability. Accountability is a political and organizational relation: someone can be called to answer, evidence can matter, and consequences can follow. Auditability is a design condition: the activity has been made inspectable in the particular way an audit can see.
That difference is easy to miss. Once an institution wants an audit, the institution often begins reshaping itself around what can be audited. Work becomes documentation. Judgment becomes procedure. Professional discretion becomes a checklist. Quality becomes evidence of quality. A messy public purpose becomes a set of indicators, controls, and files that can survive inspection.
For AI governance, the useful definition is narrow: an audit is a scoped examination of a claim against evidence. It should name the claim, criteria, system boundary, evidence access, reviewer independence, version, date, known limits, and consequence for failure. If those elements are missing, the review may still help internal learning, but it should not travel as proof that the system is accountable.
A stronger audit also names the remedy chain. Who can suspend the system? Who can require a retest? Who can notify affected people? Who can correct a record, reverse a decision, compensate harm, or update a public register? Without that chain, the audit produces a better description of power without redistributing any power to challenge it.
This is the bridge to The Tyranny of Metrics, Trust in Numbers, and Seeing Like a State. In each case, institutions simplify the world to govern it. Power's specific contribution is to show how the simplification can be demanded in the name of accountability while quietly replacing accountability with a performance of being checkable.
A process can become highly auditable without becoming just, wise, or repairable. The record may be complete while the decision remains wrong. The control may exist while nobody is empowered to halt the system. The certification may be current while affected people have no practical way to appeal. Auditability is a necessary ingredient for some forms of accountability, but it is not the same thing.
The Ritual Problem
The subtitle, Rituals of Verification, carries the book's sharpest warning. A ritual is not fake just because it is ritualized. Rituals can focus attention, allocate responsibility, preserve memory, and make institutions answerable. The problem begins when the ritual becomes self-validating. The inspection happens because inspection is expected. The report exists because the report is required. The pass mark travels farther than the evidence behind it.
Power's account helps explain why weak oversight can feel reassuring. A formal process creates the appearance of seriousness. It has roles, procedures, terms of art, independence claims, templates, signatures, and archives. That form can discipline organizations, but it can also protect them. The audit can become a shield against the very questions that produced it: Does this activity serve its public purpose? Who is harmed? Can outsiders challenge the evidence? What happens when the audit finds a serious problem?
The ritual has a common sequence: uncertainty becomes a form, the form becomes a checklist, the checklist becomes a pass, and the pass becomes an institutional story that risk has been managed. Each translation can be useful. The danger is that each can strip away context while increasing confidence. By the time the result reaches a board, buyer, regulator, or public page, the hard question may have collapsed into a portable word: compliant, certified, assured, evaluated.
The ritual problem is especially dangerous when the audit becomes a purchasing signal. Buyers, regulators, boards, insurers, and journalists often need a compact token of trust. A certificate, model card, system card, conformity assessment, red-team summary, SOC report, or bias-audit notice can travel as that token. The document may be useful. It may also compress a large unresolved situation into a phrase that says, in effect, reviewed.
AI makes the compression easier because the real system is distributed. A safety statement may describe a base model while the deployed product also depends on retrieval, prompts, tools, memory, policy filters, human reviewers, release gates, logging, user population, and incentives. The ritual question is whether the audit follows that whole chain or blesses the part easiest to inspect.
The AI Reading
AI governance is entering its audit-society phase. Organizations are building model inventories, risk registers, evaluation suites, red-team reports, dataset documentation, post-deployment monitoring, AI management systems, conformity assessments, vendor questionnaires, and assurance programs. The movement is necessary. Powerful systems should leave records. Claims about safety, bias, privacy, security, and reliability should meet evidence.
But an AI audit should be defined more sharply than "somebody reviewed the model." The evidence packet matters: intended use, deployed version, dataset or retrieval boundary, test population, evaluation method, excluded cases, unresolved findings, corrective actions, and re-audit triggers. That distinction matters because AI audits and third-party assurance can either make authority answerable or merely turn authority into a better-documented product.
AI audits inherit every failure mode Power describes. The audited object can shrink to the easiest thing to test. The model can be assessed apart from the retrieval layer, interface, workflow, human fallback, vendor contract, deployment population, and update process. A benchmark score can stand in for situated performance. A red-team exercise can stand in for safety. A bias table can stand in for remedy. A policy can stand in for control.
The strongest AI-era use of Power is therefore practical: ask what had to be done to make the system auditable. Which parts of the work were formalized? Which failures became visible? Which failures disappeared? Who chose the scope? Who paid the auditor? Who sees the report? Which finding can stop deployment? What can an affected person do with the evidence?
The last question is the one most likely to be omitted. An audit report that circulates only among vendors, buyers, and lawyers may improve private risk management while leaving the governed person with no leverage. Public summaries, regulator access, worker consultation, complaint routing, and appeal records are not decorative transparency. They are the mechanisms that connect audit evidence to power outside the organization being audited.
An audit that cannot change action is not useless, but it is politically weak. It may produce knowledge without power. For high-impact AI, the governance question is not whether a test occurred. It is whether the test is connected to procurement limits, release gates, monitoring, incident reporting, user notice, appeal, remediation, and withdrawal.
Agentic systems add one more requirement: action evidence. If a system can call tools, update records, send messages, route tickets, spend money, or trigger workflows, an audit of only generated text is not enough. The evidence packet needs delegated authority, credential scope, tool calls, approvals, side effects, rollback, and incident ownership. Otherwise the audit verifies the story the agent told, not the work it did.
Current Governance Context
Read on July 10, 2026, this is no longer only a metaphor. The EU AI Act has been in force since August 1, 2024; Commission pages list AI literacy and prohibited-practice rules as applying from February 2, 2025 and general-purpose AI rules from August 2, 2025. The high-risk calendar moved in the June 2026 simplification package: the European Parliament approved the changes on June 16, and the Council gave final approval on June 29, with new dates described as December 2, 2027 for stand-alone high-risk AI systems and August 2, 2028 for high-risk AI systems embedded in products, subject to Official Journal publication and entry into force. The moving calendar is part of the point: accountability law depends on standards, guidance, conformity routes, national authorities, and audit practices becoming operational, not merely announced.
The Act's high-risk-system architecture is audit logic at product scale: quality management systems, technical documentation, record keeping, human oversight, conformity assessment, registration, post-market monitoring, and serious-incident reporting. None of those artifacts proves safety by itself. Together, they define the evidence trail a provider, deployer, auditor, regulator, or court may later need. That evidence trail connects directly to the site's pages on the EU AI Act, AI audit trails, post-market monitoring, and AI incident reporting.
Standards bodies are building the professional layer around that evidence. ISO/IEC 42001:2023 specifies requirements for an Artificial Intelligence Management System. ISO/IEC 42006:2025 specifies requirements for bodies that audit and certify AI management systems. ISO/IEC 42005:2025 addresses AI system impact assessment across the lifecycle. The Commission's AI Act standardisation page says harmonised standards are still being built, and that prEN 18286 for quality management became the first harmonised AI standard to enter public enquiry on October 30, 2025. This professionalization is useful; it also creates a new overclaim risk when a draft, management-system certificate, or standards-alignment claim is sold as proof that a specific model, dataset, or deployment is safe.
NIST's AI Risk Management Framework and Generative AI Profile remain voluntary, but they give buyers, auditors, and internal reviewers a language for governance, mapping, measurement, and management. NIST's 2026 AI Agent Standards Initiative adds a newer audit surface: identity, authentication, authorization, interoperability, and security evaluation for systems capable of autonomous action. For this review, that is Power's thesis in operational form. The more authority a system receives, the more the evidence must preserve who delegated what, which tools were used, and who could stop or undo the action.
The assessment route itself is a governance fact. Article 43 of the EU AI Act permits internal-control conformity assessment for many Annex III high-risk systems, while specified biometric and regulated-product contexts can require notified-body involvement under defined conditions. A public statement that a system was "assessed" is therefore too coarse. The meaningful questions are which route was used, which evidence was examined, whether the standards applied covered the relevant risks, and who could challenge the provider's own control file.
U.S. public-sector practice is also becoming more audit-like through inventories, impact assessments, procurement files, testing, monitoring, and accountability officials. GAO's AI accountability framework organizes practices around governance, data, performance, and monitoring, and explicitly frames its questions for entities, auditors, and third-party assessors. OMB M-25-21 and M-25-22 add agency-use and acquisition records: high-impact AI should be paired with risk management, testing, monitoring, human oversight, remedies or appeals, feedback channels, and procurement documentation sufficient to track performance and effectiveness. That is a healthier model than certification-as-aura: an audit is a set of answerable questions and procedures, not a badge that closes inquiry.
New York City's Local Law 144 shows the narrower employment version of the same pattern. The city says covered automated employment decision tools cannot be used unless a bias audit was completed within one year, audit information is publicly available, and required notices are provided to candidates or employees. A later New York State Comptroller enforcement audit found complaint-routing and enforcement weaknesses. Power's warning fits that gap exactly: an audit mandate can still fail as accountability if the public cannot find the evidence, understand the scope, file a complaint, force correction, or learn whether enforcement changed behavior.
The July 7, 2026 EU Action Plan on Cybersecurity and Artificial Intelligence adds the security version of the same lesson. The Commission describes plans to strengthen capacity to evaluate advanced AI models before they enter the EU market, create secure-access and secure-testing arrangements, and connect AI evaluation to cybersecurity. This is not merely technical due diligence. It is an audit-society question: who gets evidence about powerful models, under what security conditions, and with what authority to delay, restrict, or repair deployment?
The Institution Around the Model
Power's book also pushes AI criticism away from model isolation. A model is rarely the whole accountable object. The consequential system includes the organization that sets the goal, the data pipeline that defines the world, the interface that asks for trust, the workers who handle exceptions, the policies that narrow discretion, the buyers who accept vendor claims, and the people who must live with the result.
This matters because audits can create a false boundary around responsibility. A vendor says the model was tested. An employer says the vendor supplied the tool. A regulator says disclosures were posted. A manager says the system only recommended. A human reviewer says the interface gave them the options. Everyone can point to a controlled fragment while the institutional chain remains hard to contest.
That is why the accountable object is often a workflow, not a model. The audit should follow the path from organizational purpose to data collection, scoring, interface design, human review, final decision, notice, appeal, and post-decision monitoring. If the review stops at the model because the model is the only part the vendor will expose, the audit has accepted the vendor's boundary as the boundary of accountability.
A serious audit should widen the frame. In hiring, it should include job ads, applicant pools, screening thresholds, accommodation procedures, recruiter discretion, appeal channels, and downstream outcomes. In welfare, it should include eligibility rules, documentation burdens, caseworker workloads, notice language, and hearing rights. In clinical AI, it should include workflow, liability pressure, patient communication, billing, and the medical record. In each case, model performance is only one part of institutional accountability.
This is also a procurement problem. If the buyer cannot obtain documentation, version notice, incident cooperation, audit access, log export, data-processing limits, subcontractor disclosure, and termination rights, the buyer cannot later produce a serious audit. The audit society begins at contract signature, not at the moment an auditor asks for evidence.
This is where audit joins the broader problem of legibility. Making a system inspectable can improve governance, but inspection has a point of view. The audit sees what its method is built to see. If the method sees controls and not people, documents and not remedies, averages and not edge cases, then the audit can make the institution more confident while leaving the governed person less able to answer back. The missing control is often not another metric; it is a usable path for notice and appeal.
From Audit Trails to Data Traces
Power later extended the audit-society thesis into the language of traces and traceability. In his 2022 article "Theorizing the Economy of Traces," he connects the older world of audit trails to platformization, surveillance capitalism, data-driven subject formation, and the possibility that auditing itself becomes increasingly shaped by data architectures. In June 2026, Oxford also published Economy of Traces: Traceability, Tracking, and the Accounts We Live By, which frames traceability as a systemic shift with consequences for governance, oversight, knowledge, selfhood, and the accounts that organize ordinary life.
That newer frame makes the 1997 book feel less like a period diagnosis and more like a prehistory of the present. The audit trail used to be a record that allowed a transaction or decision to be reconstructed. In the platform world, traces are not just after-the-fact evidence. They are raw material. Clicks, prompts, location pings, work logs, ratings, keystrokes, message metadata, biometrics, tickets, commits, and model interactions become the material from which organizations classify, predict, route, and optimize behavior.
This changes the meaning of accountability. The same traces that make a system auditable can also make a person governable. Logging can support appeal, debugging, security, and public oversight. It can also support surveillance, productivity scoring, suspicion, behavioral prediction, and automated discipline. The difference is not in traceability alone. It is in who controls the trace, what it can be used for, how long it persists, and whether the person recorded by it has any right to inspect, correct, or refuse it.
That makes minimization part of accountability rather than its enemy. A system should preserve enough evidence to reconstruct consequential decisions and incidents, but not so much that every prompt, draft, exception, or worker hesitation becomes a permanent managerial asset. The useful record is purpose-limited, access-controlled, versioned, and tied to a review path. Hoarding traces can produce a better archive for the institution while making the person inside the archive less free.
AI intensifies this ambiguity. Every prompt can become training residue, product telemetry, security evidence, compliance artifact, workplace record, or behavioral signal. Every model output can become a draft, a decision support artifact, a case note, a source of future retrieval, or a benchmark example. The audit society becomes recursive when the records produced for accountability become inputs to the next layer of automation.
The safety standard is therefore not "log everything." It is reconstructability with restraint: enough trace to explain and contest consequential events, enough integrity to detect tampering, enough retention to investigate incidents, and enough minimization to prevent the accountability archive from becoming a surveillance product.
Where the Book Needs Friction
The Audit Society is compact and powerful, but it is not a complete politics of oversight. It gives a general theory of audit expansion more than a sector-by-sector account of race, class, gender, disability, colonial administration, policing, or platform capitalism. Readers need other books beside it to understand how audit and measurement fall unevenly on different populations.
The book can also tempt an overly skeptical reading. Because audit rituals can become dysfunctional, it is easy to slide into the view that audits are merely theater. That would be a mistake. In opaque institutions, records matter. Independent testing matters. Logs matter. Public evidence matters. Affected people often need more auditability, not less, because informal discretion can be just as unaccountable as formal control.
The harder limit is political economy. Audits are often bought by the organizations that need favorable assurance, constrained by contracts, filtered through confidentiality, and translated into summaries for audiences with different incentives. Independence is not a label; it is an arrangement of payment, access, publication rights, liability, competence, and protection from retaliation. A weak independence model can make a rigorous-looking audit functionally dependent on the actor it is supposed to scrutinize.
The right conclusion is not anti-audit. It is anti-ritualized innocence. The audit should not let an organization claim virtue simply because a verification procedure occurred. It should create a harder institutional condition: evidence must remain connected to explanation, contestability, repair, and consequences.
The book also needs to be paired with participation. Audits can be technically competent and still miss what workers, applicants, patients, students, tenants, moderators, caseworkers, and disabled users know about the system's failures. Independence from management is not enough if the audit is also insulated from affected knowledge.
What This Changes
Power changes the question from "Was it audited?" to "What kind of world did the audit make?" Did it make the system more answerable, or merely more documentable? Did it reveal the work, or reorganize the work around signs of compliance? Did it give affected people usable leverage, or did it let institutions exchange trust tokens among themselves?
For AI builders, this means auditability has to be designed before deployment. Preserve versioned prompts, data provenance, model changes, retrieval sources, tool calls, human overrides, incident records, and user-facing explanations. But do not confuse the existence of records with the existence of accountability. A log that nobody can use is an archive of helplessness, which is why the audit trail needs an owner, a retention rule, and an action path.
For regulators and buyers, the lesson is to inspect scope and consequence. Ask whether the audit covers the deployed system, not a demonstration object. Ask whether the auditor had independence, access, and publication rights. Ask whether the report can trigger delay, withdrawal, notice, appeal, compensation, contract change, or public-register update. AI procurement should treat stale assurance, model substitution, and missing incident support as contract risks, not as paperwork defects.
For workers and affected communities, the lesson is to ask whether verification reaches the people who know the system's failures. Frontline workers often see workarounds, underreported incidents, false confidence, and dashboard gaming before executives do. People subject to decisions often know which records are wrong and which explanations are unusable. An audit that excludes those viewpoints may be independent of management on paper while remaining dependent on management's map of reality.
The adjacent operational pages turn that lesson into controls: audits and assurance, audit trails, impact assessments, system inventories, procurement rights, post-market monitoring, incident reporting, and public registers. A real audit does not replace those records. It tests whether they exist and whether they can change the system.
For critics, the book offers discipline. It is not enough to denounce compliance theater. The harder task is to specify what would make verification real. A good audit does not sanctify a machine. It gives people a way to see where authority entered the system, how evidence was produced, and what must change when the record does not support the claim.
The Audit Society remains valuable because it names a temptation that is now everywhere in AI governance: the desire to turn accountability into an artifact. The certificate, dashboard, model card, benchmark, and system report can help. They can also become the polished surface of non-accountability. The test is whether verification keeps the question open long enough for power to be challenged.
Source Discipline
This review treats the sources as different kinds of evidence. Power's 1997 book supplies the conceptual thesis. His later article and 2026 Oxford book update the traceability frame. The EU AI Act and NYC Local Law 144 sources support legal-current claims. NIST and ISO sources support voluntary framework and standards claims. Internal pages are used as navigation to related analysis, not as proof of external fact.
That distinction is part of the argument. A regulation is not a completed audit. A standard is not a safety finding. A management-system certificate is not proof that a particular deployment is fair. A bias-audit notice is not proof that rejected applicants can obtain a remedy. A NIST alignment claim is not legal compliance unless some contract, law, procurement term, or regulator makes it so. The evidence only becomes accountability when its source, scope, date, version, access, limits, and consequences remain visible.
Dates are evidence too. This page treats the June 29, 2026 Council approval, the July 7, 2026 Commission cybersecurity-and-AI action plan, NIST's 2026 agent-standards work, and ISO's 2025 audit-body standard as current records reviewed on July 10, 2026. If an article later cites this page, it should preserve those dates rather than turning "AI audit" into a timeless compliance mood.
Related Pages
- AI Audits and Third-Party Assurance
- AI Audit Trails
- AI Evaluations
- Model Cards and System Cards
- Algorithmic Impact Assessments
- The AI Audit Becomes the Compliance Interface
- The Standard Becomes the Law
- The AI Register Becomes Public Memory
- The System Card Becomes a Release Ritual
- The Red Team Becomes the Release Theater
- AI System Inventory
- AI Procurement
- AI Post-Market Monitoring
- AI Incident Reporting
- Notice and Appeal
- Human Oversight of AI Systems
- The Benchmark Becomes the Curriculum
- Agent Audit and Incident Review
- Transparency and Public Registers
Sources
- Oxford Academic, The Audit Society: Rituals of Verification copyright page, publication history, publisher, ISBNs, and Library of Congress subject metadata, reviewed July 10, 2026.
- Oxford Academic, "The Audit Explosion", chapter record, abstract, DOI, pages, publication date, and subject metadata, reviewed July 10, 2026.
- Oxford Academic, "Traceability and Accounts", chapter from Michael Power's Economy of Traces: Traceability, Tracking, and the Accounts We Live By, reviewed July 10, 2026.
- Oxford University Press, Economy of Traces: Traceability, Tracking, and the Accounts We Live By, publication record for Power's 2026 traceability book, reviewed July 10, 2026.
- Google Books, The Audit Society: Rituals of Verification, bibliographic record, publisher, page count, ISBN, summary, and author note, reviewed July 10, 2026.
- Internet Archive, The audit society: rituals of verification, access-restricted bibliographic record for publication date, publisher, topics, physical description, ISBN, references, and index note, reviewed July 10, 2026.
- London School of Economics, Professor Michael Power, official profile for academic role, honors, board experience, and research interests, reviewed July 10, 2026.
- Michael Power, "Theorizing the Economy of Traces: From Audit Society to Surveillance Capitalism", Organization Theory, first published July 30, 2022, open-access article connecting audit society, platformization, traceability, and surveillance capitalism, reviewed July 10, 2026.
- Regulation (EU) 2024/1689, Artificial Intelligence Act, EUR-Lex official text, reviewed July 10, 2026.
- European Commission, AI Act implementation page, implementation status and AI omnibus timing context, reviewed July 10, 2026.
- European Commission AI Act Service Desk, Timeline for the Implementation of the EU AI Act, reviewed July 10, 2026.
- European Commission AI Act Service Desk, Article 17: Quality management system, Article 43: Conformity assessment, Article 49: Registration, Article 72: Post-market monitoring, and Article 73: Serious incidents, reviewed July 10, 2026.
- European Parliament, AI Act simplification measures approval, June 16, 2026, reviewed July 10, 2026.
- Council of the European Union, Artificial intelligence: Council gives final green light to simplify and streamline rules, June 29, 2026, reviewed July 10, 2026.
- European Commission, AI Act standardisation, harmonised-standards status and prEN 18286 public-enquiry milestone, reviewed July 10, 2026.
- European Commission, New EU plan to address the risks and opportunities of advanced AI in cybersecurity, July 7, 2026, reviewed July 10, 2026.
- NIST, AI Risk Management Framework and Generative AI Profile, voluntary risk-management framework and companion profile, reviewed July 10, 2026.
- NIST, AI Agent Standards Initiative, 2026 standards work on identity, authentication, authorization, interoperability, and security evaluation for agentic AI, reviewed July 10, 2026.
- ISO, ISO/IEC 42001:2023 Artificial intelligence management system, ISO/IEC 42006:2025 AIMS audit and certification bodies, and ISO/IEC 42005:2025 AI system impact assessment, reviewed July 10, 2026.
- U.S. Government Accountability Office, Artificial Intelligence: An Accountability Framework for Federal Agencies and Other Entities, GAO-21-519SP, June 30, 2021, reviewed July 10, 2026.
- Office of Management and Budget, M-25-21: Accelerating Federal Use of AI through Innovation, Governance, and Public Trust, reviewed July 10, 2026.
- Office of Management and Budget, M-25-22: Driving Efficient Acquisition of Artificial Intelligence in Government, reviewed July 10, 2026.
- NYC Department of Consumer and Worker Protection, Automated Employment Decision Tools, Local Law 144 requirements and complaint path, reviewed July 10, 2026.
- Office of the New York State Comptroller, Enforcement of Local Law 144 - Automated Employment Decision Tools, December 2, 2025, reviewed July 10, 2026.
- Christopher Hood, review record for The Audit Society, Journal of Public Policy 18(1), 1998, bibliographic record via RePEc, reviewed July 10, 2026.
- Bruce G. Charlton, review record for The Audit Society, Journal of Evaluation in Clinical Practice 4(3), 1998, DOI and bibliographic metadata via PhilPapers, reviewed July 10, 2026.
- Carlos Bruen, "The System Cannot Fail - Reflections on The Audit Society: Rituals of Verification", Policy and Practice: A Development Education Review 11, Autumn 2010, reviewed July 10, 2026.
Book links are paid affiliate links. As an Amazon Associate I earn from qualifying purchases.
- Amazon, The Audit Society by Michael Power, reviewed July 10, 2026.