The fast rise and acceptance of generative artificial intelligence (GenAI) has resulted in a race to offer audit coverage over potential risks stemming from the usage of the technology, according to a study conducted by Gartner. As more and more businesses rush to use artificial intelligence, chief audit executives (CAEs) anticipate that audit coverage of risks connected to AI will increase.
In August 2023, 102 chief audit executives (CAEs) participated in this study conducted by Gartner to rank the significance of assurance provision relative to 35 threats. The following six risks have the most potential increases in audit coverage: organizational culture, AI-enabled cyberthreats, strategic change management, diversity, equality, and inclusion, AI control failures, and inconsistent AI model outputs.
“As organizations increase their use of new AI technology, many internal auditors are looking to expand their coverage in this area,” said Thomas Teravainen, Research Specialist with the Gartner for Legal, Risk & Compliance Leaders practice. “There are a range of AI-related risks that organizations face from control failures and unreliable outputs to advanced cyberthreats. Half of the top six risks with the greatest increase in audit coverage are AI-related.”
– story continues below the graphic –
Large Confidence Gaps for AI Risks
“The degree of internal auditors’ lack of confidence in their ability to provide effective oversight on AI risks is perhaps the most striking finding from this data,” added Mr. Teravainen. “No more than 11% of respondents who rated any one of the top three AI-related risks as extremely important felt very confident in their ability to provide assurance over it.”
Both internally developed and publicly accessible GenAI applications would increase and introduce additional threats to privacy, data security, intellectual property protection, copyright infringement, and output reliability. Growing coverage of unreliable outputs from AI models (such as biased or inaccurate information and hallucinations from AI models) is a priority to protect the organization from reputational damage or potential legal action, as many enterprise GenAI initiatives are in customer-facing business units, according to Gartner.
Mr. Teravainen added, “It’s easy to understand why auditors aren’t confident about their ability to apply assurance with such a broad array of potential risks coming from all over the business. But given that CEOs and CFOs believe AI will have the biggest influence on their companies over the next three years, persistent mistrust will make it more difficult for CAEs to live up to stakeholder expectations.”
