New York audit reveals gaps in AI governance and agency readiness

The Senate Standing Committee on Internet and Technology convened on May 5, 2025, to discuss the findings of a recent audit focused on New York State's governance of artificial intelligence (AI). The audit revealed significant gaps in the state's approach to managing AI technologies, which are increasingly being utilized across various agencies, including the Department of Corrections and Community Supervision (DOCS), the Department of Motor Vehicles (DMV), and the Department of Transportation (DOT).

The audit highlighted that New York State currently lacks a comprehensive AI governance framework. While the Office of Information Technology Services (ITS) has issued an eight-page acceptable use policy, it fails to provide detailed guidance on implementing risk management, bias testing, and other critical procedures. This absence of clear operational guidelines has led to inconsistent practices among agencies, with some lacking specific rules for AI oversight.

Key findings from the audit indicated that without a statewide AI inventory, agencies struggle to manage and oversee AI applications effectively. The audit team noted that identifying AI technologies can be challenging, as definitions vary and the technology is rapidly evolving. For instance, the DMV did not include a facial recognition application in its AI inventory, raising concerns about oversight and governance.

The audit also pointed out that many agencies are waiting for clearer direction from ITS, which has resulted in mismatched expectations regarding AI use and governance. The lack of standardized risk management structures, minimal bias testing, and inconsistent data governance practices leave state agencies vulnerable to significant risks associated with AI deployment.

In response to these findings, the audit team recommended that ITS expand its current policy into a comprehensive governance toolkit, coupled with statewide training and the establishment of a complete inventory of AI systems in use. The committee acknowledged the importance of training staff to enhance their understanding of AI risks and governance, emphasizing that all personnel, not just technical staff, should be educated about AI implications.

The meeting concluded with a commitment to address the identified gaps and enhance AI governance in New York State, ensuring that as AI technologies evolve, so too will the frameworks that govern their use. The committee plans to reintroduce legislation aimed at establishing a broader governance framework and more robust auditing processes to safeguard against the risks associated with AI.