Online Exclusive: AI in Public Sector Procurement

For internal auditors, developing an understanding of the ins and outs of this regulatory environment takes time and effort. Internal auditors today must also adjust to new artificial intelligence (AI) solutions being developed to overcome the many procurement challenges.

In Deloitte’s 2025 Global Chief Procurement Officer Survey, procurement is described as being at a “true inflection point, with ever-increasing external and internal complexity alongside both the challenges and promise of technology disruption fueled by the rise of Generative AI (GenAI) and Agentic AI.”

To grasp the full scope of procurement risks today in the public sector, internal audit functions have significant ground to cover.

The Future of Public Sector Procurement

AI has the potential to transform virtually every element of the public procurement cycle, from needs assessments and market analyses to budgeting, bidding, and performance evaluations. Within each of these procurement phases, there likely exists an AI-based solution designed to streamline operations and enhance decision-making. A 2023 study on purchasing and supply management, “The Role of Artificial Intelligence in the Procurement Process: State of the Art and Research Agenda,” offers a rough breakdown of the AI solutions landscape:

• 54% of solutions support initial procurement planning.
• 31% of solutions focus on tendering activities, the phase where organizations invite bids for projects, goods, or services.
• 4% address operations activities in the supply phase, such as spending on spare parts, inventory management, and the development of predictive maintenance strategies.
• Additionally, 11% of solutions support the entire procurement life cycle.

Public sector institutions around the world have implemented AI into their procurement processes, based upon their individual needs, budgets, and resources. Examples include:

• Ukraine’s ProZorro e-procurment system, which uses AI to promote efficiency, transparency, and accountability in a region struggling with issues related to corruption and unfair competitive practices. With over 30,000 users, ProZorro’s tools are used to interact with and analyze Ukraine’s procurement market, covering transactions valued at nearly $25 billion.
• Chile’s ChileCompra system, which is the country’s central purchasing body. Originally developed to correct inefficiencies and uneven supplier participation, it later incorporated AI to further modernize procurement practices. New processes informed by ChileCompra have resulted in an annual savings of about 28%.
• The El Paso City Council's AI-based chatbot solution called Ask Laura, which uses open-source algorithms to interpret and handle questions from potential suppliers, gathering information on them to develop business profiles. The city says the chatbot has streamlined processes, reduced response times, and significantly improved satisfaction ratings for all parties.
• Brazil’s AI-powered anti-fraud procurement system, Alice, which analyzed nearly 191,000 purchasing acquisitions in 2023 alone, leading to the triggering of 203 audits of contracts worth nearly $5 billion.

Beyond these examples, much more is coming in response to the current sourcing environment. Chief procurement officers (CPOs) are allocating about 20% of their budget toward procurement technologies, nearly double the figure reported in 2023 according to Deloitte’s survey of CPOs. For respondents considered “digital masters” — those in the top quartile of procurement organizations who are allocating up to 24% of their budgets to technology — they report gains, including 16% citing greater cost savings, 36% citing cash improvements, 23% citing an increase in labor efficiency, and 25% citing improvement in internal stakeholder satisfaction over the last 12 months compared to those not considered digital masters.

Dilemmas and Opportunities

While the potential is there for AI solutions to streamline many aspects of procurement, AI adoption can paradoxically make the auditor’s tasks of providing assurance in this area more complex. Facing this scenario, what is a public sector internal auditor to do?

Fortunately, as complications mount, so do the number of opportunities for internal audit to lead. Even without extensive knowledge of the technology itself, it can help shape governance frameworks that drive innovation. According to a PwC series of articles on responsible AI, here are a few places that the audit function can readily contribute:

• AI governance structures. Internal auditors can evaluate and clarify governance roles, escalation paths, and decision rights regarding AI governance, so stakeholders know who is responsible for what.
• AI risk and control frameworks. Internal auditors can incorporate into their audit plan a periodic review of procurement functions’ conformance to any applicable recognized frameworks such as the NIST AI Risk Management Framework, ISO 42001, or COSO. PwC recommends that internal audit primarily focus on the design and effectiveness of controls for high-impact models, as well as the proper governance and documentation of elements such as training data, validation models, and decision logic.
• AI inventory assessments. Internal audit, with IT, data governance, and the procurement team, should help develop a comprehensive inventory of AI systems and tools used by the organization.

In each of these places, internal audit needs to embrace the role of advisor, specifically for establishing risk tolerances with stakeholders and preparing for what an audit in a particular area might entail.

“In our case, we’ve been told at the state level to accept all risk, but that spot checks might be conducted if something were to happen like a data release,” says Emily Fiocco, CAE at the Oregon Department of Early Learning and Care. “So, in this case, my advisory role has involved interacting with stakeholders and seeing if the area in question is something we could actually audit. Is there a policy or a framework that is enforceable, is it just a risk we’ll have to accept, or is it something that could be reworked into something auditable?”

In all these tasks, it is important to remember, says Fiocco, that collaboration remains essential. “I think the first piece of anything AI audit-related is having a great working relationship with your IT department and, if you’re lucky, an amazing CIO and their team. When asking what their concerns are and what frameworks they’re using, it’s key that they have trust in us to know we’re there to help.”

A Place for Internal Audit

With such a radical transformation of any area, it is healthy for an internal auditor to feel a degree of apprehension. This is especially true when it comes to transformative technologies. However, AI, as with any other risk, is not beyond being addressed through adequate controls, good governance, continued monitoring as part of the risk assessment process, and strong communication and collaboration with senior management and the audit committee. With a sound risk management process in place, an internal audit function can be prepared for anything.

“I think an auditor's role is often just asking about the other side of the coin,” says Fiocco. “It’s making sure our stakeholders are thinking through their decisions and accepting risk intentionally. If we don't have risk tolerances around AI that are reasonable and rational, we don't have a system that we can all operate in.”