Financial Services Leaders Shift Internal Audit Upstream for Responsible AI Deployment
Xin "Cindy" Tu, an audit executive, advocates for a proactive approach to AI governance, urging internal audit to become a strategic partner rather than a post-deployment reviewer. She emphasizes embedding governance from day one, fostering technical literacy among auditors, and establishing continuous training programs to ensure responsible AI innovation. Tu believes this shift is crucial for audit to remain relevant and add significant value in the rapidly evolving technological landscape.
Internal Audit's Evolving Role in the Age of AI
The advent of artificial intelligence is fundamentally reshaping the landscape for internal audit, demanding a significant shift from its traditional, often adversarial, role. Audit executive Xin "Cindy" Tu, with extensive experience in AI, data, and IT risks across major financial institutions, argues that internal audit must move beyond being a "police function" and instead become a strategic partner in the responsible deployment of AI. Her core philosophy is that governance must be embedded from the very inception of AI projects, not as an afterthought, to effectively mitigate risks and enable innovation.
Key Pillars for Strategic AI Governance
Tu outlines a three-pronged approach for internal audit to successfully navigate this transformation. Firstly, auditors must change the narrative, positioning themselves as enablers who can guide responsible AI deployment rather than simply blockers. This involves a collaborative mindset, helping teams achieve their AI goals responsibly. Secondly, digital fluency is paramount. Auditors need to develop deep technical literacy in AI, data, and IT to understand the underlying technologies and effectively audit them. This continuous learning is essential to stay relevant as the risk landscape shifts from manual to AI-assisted processes. Finally, operationalizing governance requires ongoing education and communication. Designing a framework is only the first step; enforcing it across diverse business lines necessitates constant reinforcement of the reasoning behind the governance framework to prevent non-compliant AI projects from going into production.
Continuous Learning and Opportunity in Uncertainty
To ensure the effectiveness of AI governance, Tu stresses the importance of a formal, ongoing training program. This program should evolve with new insights and ensure all stakeholders are informed about the latest guidance, reflecting the iterative nature of AI development and governance. The rise of autonomous systems, in particular, presents new challenges for IT audit regarding process ownership and liability, creating a "hot potato" of shared responsibility. Despite these complexities and the feeling that "the floor is shifting underneath us," Tu views this period of profound uncertainty as a significant opportunity for both organizations and individual auditors. By investing in learning and contributing to this technological movement, auditors can maintain their competitive advantage and redefine their value in the industry.
Read more