Artificial intelligence (AI) is not a new concept.[1] For some, AI conjures images of robots taking our jobs and sparking the apocalypse. But the truth is tamer: AI has been around for years. You likely already encountered it numerous times this week in the form of customer service chatbots and smart home devices like voice assistants or an IoT thermostat. Here we’ll talk about internal auditors safeguarding organizations with the AI revolution.
AI presents an immense opportunity for companies to enhance their processes and drive significant improvements by leveraging these technologies. But to realize this opportunity, AI must be adopted in a responsible and well-planned manner.
As internal auditors, we must be the voice of reason and clarity amidst misconceptions surrounding AI. We must emphasize that these technologies are not new but rather a continuation of ongoing technological advancements, and we must offer a strategic, risk-mitigating path forward for our organizations.
The Risks of AI
AI is not new, but it has boomed in popularity recently because companies have streamlined AI interfaces. With tools like ChatGPT, those without a computer science degree can utilize the power of AI. Similarly, with robotic process automation (RPA), workers who lack coding expertise can build powerful API connections with a few clicks of the computer mouse.
Auditors should properly evaluate the risks that AI presents to their organization:
- Rogue Operators: Because of AI’s newly developed ease of use, rogue operators within an organization can implement AI and other automation technologies without proper guidance or governance. This can lead to uncontrolled processes and potential risks.
- Reluctance to Adopt Technologies: A measured embrace of automation can be a catalyst for growth and innovation, and organizations should not let unfounded fears hold them back. Internal auditors need to explain that the proper use of AI is a balance between leveraging the tool for efficiencies while keeping their organization safe.
- Data Security: When building an API connection to platforms like ChatGPT, organizations must evaluate who has access to the data and ensure proper security measures are in place. Understanding the individuals or entities behind the technology is also important to mitigate risks associated with bad actors.
- AI Model Training and Data Quality: Data plays a crucial role in AI models, and internal auditors need to ensure the completeness, accuracy, relevance of the data, and the methodology used for training the models. Managing data bias and model bias becomes crucial to achieve desired outcomes.
- Cost of AI Enablement: Implementing AI technologies requires significant investment, and organizations should spend wisely and assess the return on investment.
How Companies Can Implement AI Correctly
To ensure the successful implementation of automation and AI, organizations should have a multi-year automation strategy in place. This strategy should encompass various IT controls and involve internal audit from the outset. By actively participating in the automation journey, internal auditors can help identify and address potential risks and ensure that the automation initiatives align with the organization’s overall objectives.
A strong automation program requires a structured approach complete with a defined strategy, a steering committee with representative members, and a fully auditable trail of activities. Internal auditors should also ensure the presence of smart IT controls, including the review and validation of automation models, training methodologies, and the underlying data sets.
How Can Internal Auditors Help?
The role of internal audit in this landscape is to drive governance, analyze the automation strategy, maintain internal controls, validate security measures, and uphold independence. Applying established audit methodologies, such as preparing a risk and control matrix (RCM) and adopting frameworks like COBIT, NIST, ICO, or ISO, can provide a structured approach to support the audit process. Internal auditors should also ensure compliance with data privacy regulations, perform data protection impact assessments (DPIA), and promote ethical use of automation technologies.
Safeguarding Organizations in the Age of AI
Internal auditors have a crucial role to play in safeguarding organizations in the age of AI and automation. By actively participating in the implementation of automation, internal auditors will help organizations navigate the potential risks and maximize the benefits of these technologies. They must provide valuable insights and recommendations to ensure that automation initiatives are carried out effectively and in alignment with the organization’s objectives.
[1] In the context of this article, automation encompasses technologies like Artificial Intelligence (AI), Machine Learning (ML), Robotic Process Automation (RPA), Optical Character Recognition (OCR), and Natural Language Processing (NLP)





