News & Blogs

AI Governance and Internal Audit: Navigating the Brave New World

Global · · oceg.org

As AI adoption rapidly expands across organizations, internal audit teams face the critical challenge of establishing robust AI governance frameworks. This article highlights the importance of understanding AI fundamentals, including Large Language Models (LLMs) and the three main types of organizational AI use, to effectively manage associated risks. It proposes a seven-step framework for building responsible AI governance, emphasizing cross-functional collaboration and continuous learning to balance innovation with risk mitigation.


The Imperative for AI Governance in Internal Audit

The rapid integration of Artificial Intelligence (AI) into business operations presents both immense opportunities and significant risks. For internal audit and assurance professionals, understanding and governing AI is no longer optional but a critical necessity. With a substantial majority of organizations already adopting AI in various functions, the internal audit function must proactively engage in developing and overseeing AI governance programs. This involves not only identifying and mitigating AI-related risks but also ensuring compliance and ethical use, especially given that a mere 25% of organizations currently have fully implemented AI governance programs.

Understanding AI Fundamentals and Organizational Use Cases

A foundational understanding of AI is essential for effective governance. The article emphasizes the role of Large Language Models (LLMs) as the core of many current AI tools, noting their inherent imperfections and the necessity for human oversight to validate AI-generated content. Organizations typically utilize AI in three main ways:

  • Bring Your Own AI (BYOAI): Employees using external AI tools like ChatGPT for company tasks.
  • Embedded AI: AI functionalities integrated into existing software services (e.g., Google Gemini, Microsoft Copilot).
  • Built and Blended AI: Custom enterprise-level AI solutions developed internally or by combining existing tools.

Each type presents unique governance challenges, with embedded AI posing a significant near-term risk due to its widespread adoption and potential lack of centralized oversight.

A Seven-Step Framework for AI Governance and Addressing Challenges

To establish effective AI governance, the article proposes a practical seven-step framework:

  1. Assemble a cross-functional committee with diverse expertise (legal, technical, ethical).
  2. Create and publish clear AI ethics principles aligned with organizational values.
  3. Inventory all algorithmic AI systems, including BYOAI and embedded AI.
  4. Deploy initial policies and procedures, including a risk review process for AI tools.
  5. Connect potential AI causes to harms, considering broader socio-technical systems.
  6. Prioritize identified harms based on likelihood, frequency, and stakeholder impact.
  7. Document all findings, including prioritized harms and unmitigated risks.

Internal audit plays a crucial role in addressing common AI governance challenges such as uncontrolled AI use, undefined risks, and underdeveloped AI management teams. Solutions include developing advisory projects, auditing AI governance programs, establishing AI risk review protocols, and advocating for a cross-functional AI governance board to ensure holistic oversight and continuous learning.


Read more
Comments

No comments yet. Be the first.


Sign in to join the discussion.

Sign in or Create account
Subscribe

By email

Get audit & assurance news in your inbox.


By feed reader

We publish RSS, Atom, and JSON feeds sliced by category and region.

View all feeds →

Have a tip? Submit a story or job →

Subscribe by email

Get audit & assurance news in your inbox. Or use a feed reader — view all feeds →