Transparency is a fundamental legal and ethical requirement for AI systems, particularly under regulations like GDPR, which mandate that data subjects be informed of automated decision-making. If an auditor finds that applicants were not informed, the immediate " First " step is to " Evaluate transparency controls " to determine why the notification process failed and to assess the scope of the non-compliance. This includes reviewing user agreements, privacy notices, and communication procedures. Once the failure is understood and the risk assessed, the auditor can move on to evaluating the appeal process (Option C) or preparing the final report (Option B).