Riding the Wave of Change: My Journey with Generative AI in Internal Auditing
Welcome to the forefront of internal auditing, where Artificial Intelligence (AI) is revolutionising traditional practices. Generative AI, a cutting-edge technology capable of creating realistic content across various mediums, is reshaping the landscape of our profession. As internal auditors, we stand poised to harness its potential in advancing our audit practices and mitigating risks effectively.
Generative AI presents internal auditors with a powerful ally in our quest for excellence. By automating tasks such as report drafting, data analysis, and risk assessment, it enhances efficiency and accuracy. However, with great power comes great responsibility. We must remain vigilant against potential risks, particularly concerning data security and privacy.
Practical Applications in Internal Auditing
Now, let us get practical. How exactly can we put this AI powerhouse to work for us? Well, the possibilities are endless, and I am here to explore them with you.
- Fraud Detection on Autopilot: Generative AI sifts through vast data sets, unearthing patterns that signal potential fraud. It is like having a superhero sidekick, tirelessly monitoring for anomalies and safeguarding organisational integrity.
- Risk Assessment Reinvented: With AI by our side, we are not just mitigating risks — we are preventing them. For instance, AI can analyse vast sets of customer complaints, enabling us to unearth potential product safety or quality control issues before they escalate into major crises.
- Optimised Audit Planning: Say goodbye to tedious paperwork and hello to AI-powered efficiency. By combing through documents and regulations, AI helps us pinpoint key controls and prioritise them based on risk.
- Real-Time Monitoring Solutions: Ever wish you had a crystal ball to see into the future? Well, with AI-powered monitoring, you are as close as it gets. By analysing transaction data in real-time, AI helps us spot red flags before they escalate into full-blown crises.
- Enhanced Audit Reporting: AI streamlines the report drafting process, enabling us to deliver timely insights efficiently. This allows internal auditors more time for in-depth analysis and interpretation. However, human review and editing remain essential for ensuring accuracy and upholding professional judgment.
Beyond the Audit: The Assurance and Advisory Role
As trusted advisors, internal auditors play a pivotal role in governing the responsible use of generative AI within organisations. Key focus areas include:
- Establishing Governance Frameworks: Developing robust governance frameworks to ensure responsible AI usage and compliance with regulatory requirements, aligning with the guidelines outlined in the AI Auditing Framework released by The Institute of Internal Auditors in 2023.
- Risk Management for AI: Identifying and mitigating risks associated with bias, explainability, and data security in AI models.
- Assessing AI Controls: Evaluating the adequacy of controls surrounding the development, use, and maintenance of generative AI.
Navigating the Maze: Considerations for Adopting or Auditing AI
Before diving headfirst into the realm of generative AI, internal audit functions must consider several key points. As an internal auditor, I have found that it is crucial to approach this technology with a thorough understanding of its capabilities and implications.
Firstly, embracing Explainable AI (XAI) is paramount. I insist on AI models with explainable outputs. Understanding how AI arrives at its conclusions is not only essential for maintaining professional scepticism but also for ensuring that audit findings are well-supported.
Secondly, the integrity of data quality, bias, and availability must be rigorously assessed. Recognising the interconnectedness of data quality and bias is critical. After all, AI is only as good as the data it is trained on. This necessitates a thorough evaluation of existing data for accuracy, completeness, and potential biases, possibly involving collaboration with the IT department to enhance data collection practices. As the saying goes, "garbage in, garbage out".
Thirdly, upskilling for the future is imperative. The evolution of internal audit involves working alongside AI rather than being replaced by it. Therefore, investing in training for the team is essential. Training should encompass various topics, including XAI principles, bias identification and mitigation in AI models, and the effective integration of AI into the audit process. The IIA Knowledge Centers for AI serve as an invaluable resource for staying abreast of the latest developments and obtaining practical guidance in this domain.
While generative AI models offer immense potential, they also present vulnerabilities to security breaches. Collaborating closely with IT security teams to assess potential security risks associated with AI adoption is essential for safeguarding organisational interests.
The introduction of AI inevitably triggers changes in internal audit processes and workflows. Hence, developing a comprehensive change management strategy becomes imperative to facilitate successful adoption and mitigate resistance from team members. Lastly, assessing cost considerations is prudent. Implementing and maintaining generative AI tools can be a substantial investment. Internal audit functions must evaluate the associated costs, including the acquisition of AI software, staff training, and ongoing maintenance and updates. This may entail advocating for budget allocations, exploring cost-effective solutions such as open-source cloud-based AI tools, or adopting phased implementation strategies to optimise costs.
Embracing the Future of Internal Auditing
As we embrace the evolution of internal auditing, one thing becomes abundantly clear: the future is ours to shape. As we embrace generative AI strategically, we elevate our efficiency, effectiveness, and value proposition as internal auditors. Let us remember that AI is a tool, not a panacea. Our human expertise, critical thinking skills, and commitment to excellence remain paramount as we navigate the evolving landscape of internal auditing with confidence and innovation.
Alexchandar Anbalagan is a seasoned internal audit leader with 20 years of international experience in internal audit, compliance, and risk management across diverse MNCs and a start-up.
The Institute of Internal Auditors Singapore blogs reflect the personal views and opinions of the authors. These views may differ from policies and official statements of The Institute of Internal Auditors Singapore and its committees and from opinions endorsed by the bloggers’ employers.
