Home › Going Deeper

Going Deeper

Architecture, governance, and everything your IT team wants to know.

System design

The Two-Tier Notebook Architecture

How to organise your AI audit infrastructure so it scales from one engagement to your entire audit function.

Tier 1

Engagement Notebooks

One notebook per engagement. All sources uploaded progressively throughout fieldwork. Source selection (ticking) controls which documents are active for each query.

Sources in a Procurement Audit notebook: 📄 Procurement SOP  📄 Prior year findings
📄 Walkthrough transcript  📄 POS data
📄 Vendor invoice sample  📄 Management responses
Tier 2

Annual Risk Universe Notebook

One notebook for the full audit function. Fed by Briefing Docs exported from completed engagement notebooks. Use for cross-engagement synthesis and CAE reporting.

Sources in the Annual notebook: 📄 Q1 Procurement Audit Briefing Doc
📄 Q1 F&B Audit Briefing Doc
📄 Q2 IT Audit Briefing Doc
📄 Annual risk register  📄 Board risk appetite
☑️

Source Selection = Audit Scope Control

In NotebookLM, you tick which sources are active before each query. Only ticked sources contribute to the response. This is your scope control. Document your source selections in your work papers: 'AI-assisted analysis conducted using [Source 1, Source 2, Source 3].' This forms part of your audit evidence trail.

For your IT team

Data Privacy FAQ

Does Google use my notebook content to train AI models?
No. Google does not use the content of your NotebookLM notebooks to train public AI models. This is confirmed in Google's enterprise data processing terms for Workspace accounts.
Can Google employees see my uploaded documents?
With Google Workspace accounts, content is not reviewed by Google staff. Your documents stay within your organisation's Workspace boundary under your existing data governance policies.
Is NotebookLM compliant with PDPA and GDPR?
NotebookLM via Google Workspace is compatible with PDPA and GDPR considerations. Google's infrastructure holds relevant data protection certifications. Your organisation's DPO should review the specific processing terms for your Workspace tier.
Who can see my notebooks?
Notebooks are private by default. Only you can access them unless you explicitly share them. No notebook is ever shared without your deliberate action.
Our organisation uses Microsoft 365. What are our options?
Auditors can access NotebookLM with a personal Google account immediately. For full enterprise governance, Google Workspace provides the data processing agreements your IT team will require. A Microsoft Copilot equivalent workflow exists for M365 — the methodology is identical, the interface differs.
Template

CAE Briefing Template

INTERNAL MEMO — AI AUDIT TOOLS BRIEFING

Proposed: NotebookLM Integration into Audit Workflow

Purpose: To brief the CAE on the proposed use of NotebookLM as a source-grounded AI research tool to improve audit efficiency and documentation quality.

What it does: NotebookLM allows auditors to upload audit documents and query them using natural language. Every response is cited back to the exact source passage.

Data governance: Documents remain within Google's infrastructure. Google does not use notebook content for AI training. Compatible with our existing data protection obligations.

Proposed use cases: Risk universe extraction, audit program generation, walkthrough gap analysis, cross-finding synthesis.

Estimated efficiency gain: [X] hours saved per engagement. Full methodology and data privacy FAQ available on request.

Download Word Template →