Internal audit is adept at evaluating and understanding the risks and opportunities related to the ability of an organization to meet its objectives. Leveraging this experience, internal audit can help an organization evaluate, understand, and communicate the degree to which artificial intelligence will have an effect (negative or positive) on the organization’s ability to create value in the short, medium, or long term. Internal audit can engage through at least five critical and distinct activities related to artificial intelligence:
- For all organizations, internal audit should include AI in its risk assessment and consider whether to include AI in its risk-based audit plan.
- For organizations exploring AI, internal audit should be actively involved in AI projects from their beginnings, providing advice and insight contributing to successful implementation. However, to avoid the perception of or actual impairments to both independence and objectivity, internal audit should not own, nor be responsible for, the implementation of AI processes, policies, or procedures.
- For organizations that have implemented some aspect of AI, either within its operations (such as a manufacturer using robotics on a production line) or incorporated into a product or service (such as a retailer customizing product offerings based on purchase history), internal audit should provide assurance over the management of risks related to the reliability of underlying algorithms and data on which the algorithms are based.
- Internal audit should ensure the moral and ethical issues that may surround the organization’s use of AI are being addressed.
- Like the use of any other major system, proper governance structures need to be established and internal audit can provide assurance in this space.
Download AI Part 1: Considerations for the Profession of Internal Auditing