IIA training and events

Smart work: the AI audit revolution

Chances are good that you’ve relied on  artificial intelligence (AI) today. It filters the spam from our email accounts and influences the results of our web searches. It enables digital assistants such as Siri and Alexa, and it powers our voice-recognition software. It can be found in almost every industry, in human resources, finance, accounting, marketing and a host of other functions. And, if it is not yet at work in your internal audit department, it probably will be soon.

According to International Data Corporation, spending on AI systems will reach $97.9bn by 2023, or more than two and a half times the amount being spent this year. Some experts predict that AI technology could also transform as many as 800 million jobs, including those of quite a few internal auditors, by the year 2030.

Changes on this scale obviously entail a host of new risks. Fortunately, it’s not just our organisations’ downside risks that are changing at lightning speed. AI can bring about competitive advantage, increased efficiency, improved safety, enhanced data and myriad other opportunities.

Take the internal audit function itself, for example. I don’t believe that AI will ever replace internal auditors, but it has and will transform how some audits are performed. Under the right circumstances, it can help us to optimise our time, facilitating analysis of broader and deeper data sets and documents. Unconfined by traditional statistical methods, sampling methodologies or audit rules, AI gives us the ability to examine vast data sets in minutes, evaluating incredibly subtle patterns in the data that might not have been detected with more traditional audit techniques.

At times, AI can identify new types of risk that we might have overlooked, evaluating impacts and providing guidance on building new capabilities. This means that, in some situations, AI will help us to work smarter, better and faster.

To some of us, it might seem tempting to leave AI issues to the information technology auditors. After all, AI can be highly complex, requiring knowledge of diverse disciplines, such as data analytics, software engineering, applied statistics and application program interfaces including facial recognition, image analytics and text analytics. But opportunities to improve efficiency and effectiveness using AI can appear at any time in almost any type of audit.

Just as all internal auditors should be able to spot indicators of fraud, we should be knowledgeable enough about AI and machine learning to be able to spot potential issues. It’s our job not just to examine known risks, but also to be alert for potential opportunities and to know when to call in experts with more specialised knowledge.

If it hasn’t happened yet, very soon it will be time for serious discussions about AI governance, risks and controls at your organisation. Internal auditors must be ready to provide advice regarding issues such as AI data readiness, approaches to prioritising AI projects, build-versus-buy decisions, AI configurability, ethics and data bias. Internal audit should be actively involved in AI projects from the earliest planning stages, providing advice and insight and contributing to successful implementation.

Some risks are too big to ignore. As internal auditors, we have a vital role in our organisations’ AI-related activities. We must provide assurance over management’s AI risk management activities. We must evaluate AI’s role in fulfilling strategic objectives. We must help to assure that AI performance measures are appropriate and that the data sets our AI systems rely on are complete, accurate and reliable.
And we must be alert for potential opportunities that management might not yet
have considered.

It’s a big job, and many of us are not yet prepared for it. But heads of internal audit must possess or obtain the resources to address AI risks effectively, and all of us need a basic understanding of AI capabilities. I’d like to invite you to visit IIA Global’s Artificial Intelligence Resource Exchange. It’s a great source for articles, blogs, videos and research related to our role in AI.

The AI revolution is here, and it is transforming our world. Just as it brings new risks and opportunities for our organisations, it brings new challenges and great potential for every internal auditor. The audit leaders who help to ensure that their internal auditors are prepared for the AI revolution may well become the trailblazers in the next generation of internal audit leadership.

Richard F Chambers writes a blog at chambersontheprofession.org and tweets at twitter.com/rfchambers. His third book, The Speed of Risk: Lessons Learned on the Audit Trail, 2nd Edition, is available at theiia.org/bookstore

This article was first published in January 2020.