Page 33 - iiA
P. 33
AI in Internal Audit:
The CAE’s Call to Action
to your organization (like biased algorithms, “black
box” decisions, or model drift) that your current
risk management might not have accounted for,
but it also creates new opportunities for efficiency
and insight. A strong governance program helps
take advantage of the opportunities responsibly.
It’s important to understand that AI can enter your
organization in multiple ways:
Trent Russell • “Bring Your Own AI” (BYOAI): Departments
Greenskies Analytic using AI tools specific for their professions use
trent.russell@gskanalytics.com cases (e.g. a team using a third-part report
writing tool or a self-service AI app for a
specific task).These decentralized tools that are
super easy to acquire can fly under the radar if
Internal audit is entering a new era powered by not governed.
artificial intelligence. According to one CFO,“The
old-fashioned way of auditing is to find the needle • Embedded AI: AI built into the software you
in a haystack. In the new way, I remove the haystack already use (for instance, an audit management
and I’m left with the needles. The technology platform with AI features). Gartner predicts
allows me to remove the noise and focus on the 80% of software vendors will have AI features
real issues.For Chief Audit Executives, this is call by 2026!.
to action rather than just another quote. AI is
changing how audits are conducted very quickly, • Built or Blended AI: AI solutions developed
and CAEs must figure this transformation out in-house or custom-integrated (e.g. an in-
by balancing strategic governance with practical house developed predictive model, or a blend
implementation. In this article, we’ll discuss the of an enterprise solution like CoPilot or
always changing role of AI in internal audit, from ChatGPT.
establishing a strong governance foundation and
implementing current AI use cases, to looking Governing AI means accounting for all three
into emerging AI technologies like autonomous types. Better ensuring organizational readiness
AI agents. The goal is to provide a perspective with involves assessing where AI is being used and who
actionable insights, so you can use AI’s potential oversees it.
while mitigating its risks.
Tone at the top will make or break these efforts.
Governance and Readiness: Laying the The #1 success factor for tech adoption in audit
Foundation for AI is leadership support. If the CAE legitimately
and with intention, champions AI (attends the
CAEs need to ensure their organization is AI- trainings and shows how they’ve used AI) then
ready and AI-responsible. AI governance is just the team will follow. It’s on the CAE to set a vision
an extension of your enterprise risk management that embraces innovation while managing risks.
framework, focused on the unique risks posed by If adhering to the Global Internal Audit Standards
AI. Why is this important? AI introduces new risks you’ll know that it’s also required.
INTERNAL AUDIT TODAY 30
