Articles Collin Brooks, CIA, CPA Apr 08, 2024
Audit functions need to understand the pros and cons of generative AI technology and establish rigorous controls to ensure compliance and preserve human auditors’ value.
As technology rapidly advances, businesses continually find groundbreaking opportunities to optimize their operations, enhance decision-making processes, and improve overall efficiency. Integrating artificial intelligence (AI) into business operations amplifies organizations’ analytical prowess by equipping them with predictive tools to proactively identify risks and inefficiencies and enable strategic decision-making.
For example, Microsoft’s internal audit department has implemented various AI capabilities to optimize its processes. Internal auditors use machine learning algorithms to analyze expense reports and flag high-risk transactions for auditing. They leverage text analytics to swiftly parse contracts and vendor agreements to identify crucial clauses. Robotic process automation speeds routine tasks such as reconciling employee expenses.
Among the latest AI innovations poised to revolutionize internal auditing is ChatGPT, a large language model developed by OpenAI. Generative AI technologies such as ChatGPT offer remarkable capabilities for the profession. However, as internal audit functions begin to explore how to use this technology, they must weigh its benefits against the risks and challenges it presents (see “A Chat About the Chatbot” below).
To integrate ChatGPT into internal audit processes, the department must set up rigorous controls to manage its use. These controls are not only pivotal in protecting sensitive data and ensuring compliance with regulatory standards, but also in preserving the value that human auditors bring to the interpretation and application of audit findings. They should aim to strengthen audit processes without compromising ethical and professional standards.
Data Encryption and Access Controls. Robust data encryption mechanisms and access controls can safeguard sensitive information processed by ChatGPT. Internal audit should limit access to ChatGPT to authorized personnel only and ensure strict compliance with data privacy regulations.
Continuous Monitoring With Human Oversight. While ChatGPT can assist with real-time monitoring, human oversight remains paramount. To balance automation with human expertise, internal audit can establish clear protocols for responding to alerts generated by the system and ensuring that auditors validate potential issues.
Algorithm Transparency. Internal audit should understand the underlying algorithms powering ChatGPT and commit to regularly evaluating its performance. This includes identifying and correcting any biases or inaccuracies that may arise. Continuous training and fine-tuning of the model are essential to ensure alignment with audit objectives.
Human-AI Collaboration. Audit leaders should promote a culture of collaboration between auditors and ChatGPT. They should emphasize that AI tools should augment rather than replace human capabilities and encourage practitioners to exercise critical thinking and professional judgment. Despite ChatGPT’s proficiency, human oversight is essential. By meticulously reviewing and validating the accuracy and relevance of every piece of ChatGPT-generated material, internal audit can mitigate inherent risks of misinterpretation or oversight.
Ethics Training. Internal auditors need comprehensive training on the ethics of using AI. The training should highlight the importance of avoiding bias and discrimination, as well as how to handle data responsibly. This training should be reinforced by establishing ethical guidelines to govern AI-assisted auditing.
Regular Audits and Compliance Checks. Internal audit should periodically audit ChatGPT’s performance and assess its compliance with evolving industry regulations. Auditors should stay informed about emerging AI regulations and frameworks and adapt control measures to align with best practices.
As AI applications like ChatGPT evolve, they will transform internal auditing. Although the technology can enhance efficiency, scalability, and decision support, internal audit must balance these benefits with ethical considerations and robust controls. Success will depend on striking an equilibrium between technological innovation and human expertise.
Collaboration between auditors and AI will be central to maintaining the integrity of audit processes (see “Stepping Into the Future”). Evaluating how AI can enhance those methods is a proactive first step in integrating ChatGPT into internal audit’s practices.
Exploring the pros and cons of using ChatGPT in internal auditing is crucial to understanding how the technology could empower practitioners while they proactively address its risks.
IA: How can internal auditors use ChatGPT for continuous monitoring and compliance?
AI: ChatGPT is renowned for its natural language processing and data analysis capabilities. Internal auditors can harness this technology to efficiently sift through vast volumes of textual data, documents, and reports. This empowers auditors to identify potential risks, anomalies, and emerging trends with unprecedented efficiency.
IA: How can ChatGPT enhance data analysis?
AI: ChatGPT’s real-time monitoring capabilities make it a vigilant overseer of financial transactions, regulatory compliance, and internal controls. ChatGPT can perform continuous monitoring through an application programming interface (API) integrated into the business’s data systems. This API enables ChatGPT to access real-time data streams and apply its machine learning models to analyze transactions, communications, and other relevant data points. Its swift notification system alerts auditors to any suspicious activities or deviations from established norms, enabling quick corrective actions and enhancing organizational resilience.
Additionally, ChatGPT can help keep audit processes up to date with evolving regulatory requirements. For instance, developers can use ChatGPT’s language understanding capabilities to interpret the text of regulatory documents or to help design the logic for flagging relevant changes that need to be reviewed by compliance officers. This dual function streamlines monitoring and compliance efforts for auditors navigating the complexities of modern regulatory landscapes.
IA: Is ChatGPT scalable?
AI: ChatGPT maintains a consistent level of analysis, regardless of the volume of data it processes. This scalability guarantees uniform audit quality and minimizes the risk of oversights because of human error or bias.
IA: Can ChatGPT review documents?
AI: ChatGPT can rapidly review and summarize extensive documentation, although its output is not infallible and should be carefully reviewed and verified by auditors. This capability is particularly valuable when conducting due diligence for mergers and acquisitions or executing compliance audits, significantly reducing the time and effort expended by auditors.
IA: How does ChatGPT support decision-making?
AI: ChatGPT’s capacity to provide valuable insights and recommendations based on historical data and best practices empowers auditors to make informed decisions. It can aid strategic decision-making by identifying potential cost-saving measures and optimization opportunities.
IA: What are the privacy and security risks of ChatGPT?
AI: With its capacity to analyze extensive datasets, ChatGPT raises concerns about data privacy and security. Internal audit needs stringent controls to prevent inadvertent exposure of sensitive information that could lead to potential breaches and regulatory violations.
IA: Does ChatGPT understand context?
AI: While ChatGPT excels in language processing, it sometimes struggles with understanding contextual nuances. In some cases, it may misinterpret statements or miss subtle cues that could lead to misjudgments. Auditors must exercise caution when relying on the application’s interpretations.
IA: What are the dangers of using ChatGPT to automate internal audit tasks?
AI: The convenience offered by ChatGPT could lead internal auditors to rely too much on automation, potentially diminishing their role. This over-reliance may result in a dearth of critical thinking and problem-solving capabilities that are essential in the audit profession.
IA: What are the ethical concerns?
AI: ChatGPT’s responses are generated based on the data it has been trained on, which may perpetuate biases present in that data. To uphold ethical standards, auditors must ensure that the technology’s outputs do not reinforce discriminatory practices or biased decision-making.