Schellman

Schellman is a specialized IT audit and compliance firm that has built a strong reputation for delivering high-quality SOC 2, ISO 27001, FedRAMP, PCI-DSS, and HITRUST assessments, and has expanded its practice to include AI-specific audit and assurance services. Founded in 2003 and headquartered in Tampa, Florida, Schellman distinguishes itself from the large professional services firms through its exclusive focus on IT audit and attestation, bringing deep technical expertise and operational efficiency to every engagement. The firm's decision to specialize solely in compliance assessment rather than offering a broad range of consulting services means that clients benefit from assessors who are deeply experienced in audit methodology and technical evaluation. Schellman's AI audit capabilities build on the firm's established expertise in evaluating complex technology systems against defined criteria and controls frameworks. The firm provides AI system assessments that evaluate governance, risk management, data practices, model development processes, fairness and bias controls, security, and operational monitoring. Schellman's AI auditors combine knowledge of established IT audit frameworks with emerging AI-specific standards and guidelines, including the NIST AI Risk Management Framework, ISO 42001, and requirements arising from the EU AI Act. The firm's approach to AI audit emphasizes technical depth and efficiency. Schellman's assessors are trained to understand the technical underpinnings of AI systems, including data pipelines, model training processes, feature engineering, and deployment architectures. This technical proficiency allows Schellman to conduct thorough evaluations that go beyond checklist compliance to assess the genuine effectiveness of AI governance controls. The firm's focused business model also allows for more efficient engagements with shorter timelines and more predictable costs compared to large consulting firms. Schellman targets mid-market to enterprise organizations, with particular strength in technology companies, SaaS providers, and cloud service providers that need to demonstrate compliance to their customers and regulators. While the firm is primarily US-focused and has less global reach than the Big Four or larger mid-tier firms, its deep technical audit expertise, efficient engagement model, and specialist focus make it an excellent choice for organizations seeking rigorous AI audit and assurance from assessors who understand the technology at a fundamental level.