Why AI Adoption Lags in Internal Audit and How to Accelerate It: Survey Insights
A recent survey by the Internal Audit Collective reveals surprisingly low AI adoption among internal auditors, even within high-performing teams. Less than 25% of respondents extensively use AI, with key barriers identified as lack of skills, foundational governance, and bandwidth. The article explores these challenges and offers strategies for internal audit functions to overcome them, emphasizing the importance of controlled environments, quick wins, and a shift in mindset towards experimentation and consistent, standardized AI integration.
The Current State of AI Adoption in Internal Audit
Despite the growing buzz around Artificial Intelligence, a survey conducted by the Internal Audit Collective indicates that AI adoption within the internal audit profession remains surprisingly low. Even among members who are typically proactive in adopting new technologies, less than a quarter are extensively using AI in their audit projects. This suggests a significant gap between the perceived potential of AI and its practical implementation across the industry. The findings highlight that while ambition for AI integration exists, numerous foundational and cultural hurdles are impeding widespread adoption.
Key Barriers to AI Integration
The survey and subsequent discussions with internal audit leaders identified several critical barriers preventing more robust AI adoption:
- Lack of Skills and Training: This was cited as the primary obstacle, indicating a need for more structured and comprehensive training programs.
- Immature Governance and Technology: Many organizations lack enterprise-approved AI software with adequate data confidentiality and security safeguards, leading to concerns about data breaches and regulatory compliance.
- Change Management Challenges: AI adoption is not just a technological shift but also a significant organizational and cultural change, requiring careful consideration of evolving rules and talent impact.
- Limited Bandwidth: Audit teams often lack the time and resources to experiment with AI, making it difficult to integrate new tools into their demanding schedules.
- Dual Learning Curve: Auditors must not only learn to use AI but also understand how to audit AI risks (e.g., privacy, security, ethics, bias), which presents a steep and complex learning challenge.
- Intolerance for Imperfection: The traditional audit culture, which values precision, can hinder experimentation with probabilistic AI tools.
Strategies for Accelerating AI Adoption
To overcome these challenges, internal audit functions can adopt several strategies:
- Start with Targeted Use Cases and SOX: Controlled environments like SOX audits offer an ideal starting point for piloting AI. Their standardized processes and predictable data sets reduce risk and allow for quick wins, building confidence and demonstrating ROI.
- Foster a Culture of Experimentation: Leaders should encourage experimentation and accept that failures are part of the learning process. Allocating dedicated time for AI exploration can help teams overcome bandwidth constraints.
- Prioritize Structured Training and Standardization: Beyond individual learning, organizations need formal structures, standardized methodologies, and enterprise-approved tools to embed AI consistently. This includes integrating AI into audit documentation and quality assurance processes.
- Embed AI Across the Audit Lifecycle: Consistent AI use means integrating it into every phase of the audit, from risk universe analysis and scope drafting during planning, to data analysis and anomaly flagging during fieldwork, and even tailoring reports for different stakeholders.
- Focus on Both Enablement and Execution: AI adoption should encompass both using AI for audit tasks (execution) and building the capability to understand and audit AI risks (enablement). This holistic approach ensures long-term relevance and effectiveness.
Ultimately, the article stresses that internal audit's future relevance hinges on its ability to become fluent in AI, not just for efficiency but for advising on its responsible use and making credible recommendations for improving processes, controls, and risk management.
Read more