AI-Driven SOC Audits and the Growing Trust Gap

The award winning, Compliance into the Weeds is the only weekly podcast which takes a deep dive into a compliance related topic, literally going into the weeds to more fully explore a subject. Looking for some hard-hitting insights on compliance? Look no further than Compliance into the Weeds! In this episode of Compliance into the Weeds, Tom Fox and Matt Kelly discuss concerns that AI-driven automation may be weakening SOC 1 and SOC 2 audits used to assure vendor financial reporting controls and cybersecurity/privacy controls. They focus on allegations by an anonymous whistleblower (“Deep Delver”) that tech startup Delve fabricates audit documentation with AI and relies on audit firms to rubber-stamp reports, claims Delve denies, potentially undermining trust in hundreds of SOC reports. Beyond Delve, they warn that startups are “fracturing” the traditional SOC audit model, driving timelines and costs from months and tens of thousands of dollars to days and a few thousand, encouraging check-the-box, low-quality audits, sometimes via little-known overseas firms. They note regulators are unlikely to intervene, leaving companies to reassess due diligence and the real assurance value of SOC reports. Key Highlights · Delve Whistleblower Claims · Red Flags in Audit Firms · How SOC Audits Work · Check the Box Trap · Regulatory Blind Spots · What Companies Should Do Resources Delve accused of misleading customers with ‘fake compliance’ in YaHoo!Finance Delve response Promises of ‘fast and easy’ threaten SOC credibility in Journal of Accountancy Tom Instagram Facebook YouTube Twitter LinkedIn A multi-award winning podcast, Compliance into the Weeds was most recently honored as one of a Top 25 Regulatory Compliance Podcast and a Top 10 Business Law Podcast, and a Top 12 Risk Management Podcast. Compliance into the Weeds has been conferred a Davey, Communicator and w3 Award, all for podcast excellence. Learn more about your ad choices. Visit megaphone.fm/adchoices