Field Note #3: The Missing Accessibility Audit
Every organization audits for financial risk, almost none audit for accessibility risk in their AI systems. Here is what that audit looks like.
Governance Without a Body | Field Notes | AI Accessibility Audit | 15 min read
This is the third field note in the Governance Without a Body series — the June arc written and scheduled in advance, the system running while I step back into treatment. This week’s thesis is simple to state and uncomfortable to act on: your organization already audits everything it considers material to its survival, and it has quietly decided that whether your AI tools work equally well for every member of your workforce is not material. That decision was made by omission. No one wrote it down. This field note is about writing it down — and then undoing it.
Every organization I have ever worked with audits for financial risk, cybersecurity risk, and often begrudgingly yet always thoroughly, for regulatory compliance risk, because the consequences of failing those audits are legible: fines, breaches, restatements, headlines. The audit function is one of the most mature capacities a modern organization has. It has named owners, scheduled cadences, board-level reporting lines, and external validators whose entire profession is to come in and check the work.
And yet almost none of those same organizations audit for accessibility risk in the AI systems they have deployed across their workforce. This is a large gap, and its defining feature is that it is invisible to precisely the people with the authority to close it. The executives who would never sign off on an unaudited financial statement are, at this very moment, running voice interfaces, transcription engines, hiring tools, avatar generators, and customer-service systems that have never once been tested against the actual range of people those systems touch.
Let’s walk through what an accessibility audit of your AI stack actually looks like — not the checkbox version that produces a tidy PDF and changes nothing, but the version that matters. Later I’ll explain why the regulatory environment shifting underneath all of us in 2026 makes this work more urgent rather than less.
THE THREE-QUESTION PULSE
Two minutes. It shapes what I write next.
Which of these is the biggest unknown in your organization right now: (a) what AI tools you actually have deployed, (b) how those tools perform across your real workforce, (c) who owns the risk if they fail, or (d) what regulators will require next?
Has your organization ever run any form of demographic or accessibility testing on a deployed AI tool? (Yes, formally / Yes, informally / No / I don’t know)
What would make this series most useful to you over the next month: ready-to-use audit templates, regulatory-change briefings, real case studies, or peer benchmarks on what other organizations are doing?
WHAT THE AUDIT ACTUALLY LOOKS LIKE
Step one is inventory. Identify every AI system in your stack that processes human faces, voices, names, or bodies. This is a wider net than most teams expect, because the tools that do this are rarely labeled as “AI that processes human faces, voices, names, or bodies.” Instead, they are labeled as productivity enhancers, meeting assistants, applicant tracking systems, content generators, and customer-service platforms. The meeting-transcription tool that produces your searchable record of who said what is processing voices, and the hiring platform that ranks applicants is processing names; the avatar tool your marketing team uses to generate training videos is processing faces and bodies. Each of these is making demographic-sensitive judgments thousands of times a day, and each belongs on the inventory.



