As explained in Artificial Intelligence – Considerations for the Profession of Internal Auditing, internal audit’s role in AI is to “help an organization evaluate, understand, and communicate the degree to which artificial intelligence will have an effect (negative or positive) on the organization’s ability to create value in the short, medium, or long term.”
To help internal audit fulfill this role, internal auditors can leverage The IIA’s AI Auditing Framework in providing AI-related advisory, assurance, or blended advisory/assurance services as appropriate to the organization. The Framework comprises three overarching components — AI Strategy, Governance, and the Human Factor — and seven elements: Cyber Resilience; AI Competencies; Data Quality; Data Architecture & Infrastructure; Measuring Performance; Ethics; and The Black Box.
Internal audit should consider numerous engagement or control objectives, and activities or procedures in implementing the Framework and providing advisory, assurance, or blended advisory/assurance internal audit services related to the organization’s AI activities. Relevant objectives and activities or procedures that address the Strategy (Cyber Resilience and AI Competencies elements) and Governance (Data Architecture & Infrastructure, and Data Quality elements) of the Framework are provided in this document. Relevant objectives and activities or procedures that address Governance (Measuring Performance element) and the Human Factor (Ethics and The Black Box elements) will be provided in Part III of this three-part series.