I have been following many threads on this topic. I do not profess to be an expert on AI, and I am a retired rather than an active head of internal audit (CAE).
But I have to say that I’m not sure I would be doing everything I see people are doing should I magically lose a few years and get a CAE appointment.
Let me preface my comments by reminding you that before I became a CAE (a position I held for ~20 years), I was a vice president in IT management for a couple of financial institutions. Before that I was with one of the Big Four audit firms and led the Los Angeles IT audit team, and going back even further I was the senior manager responsible for technical IT audit in London. That’s in addition to being a Chartered Accountant and then a CPA.
So I have some understanding and appreciation for technology and technology risks. As a CAE, IT auditors would be as many as 25% of my staff.
What do I see people doing?
- Most recognize that AI is introducing risks to any business that is using it. The information it delivers may be incomplete, inaccurate, out of date, and not tailored to the specific environment in which it is being used. These IA shops are spending a lot of time making sure management is recognizing and addressing those risks.
- They are planning to use AI to expand from testing a sample of…
