Internal Auditor’s blogs reflect the personal views and opinions of the authors. These views may differ from policies and official statements of The Institute of Internal Auditors and its committees and from opinions endorsed by the bloggers’ employers or the editors of Internal Auditor.

​Internal Audit's Role in AI Success

Comments Views

With artificial intelligence (AI) top of mind for many executives, the rush to adopt and adapt often leads to superficial, ad hoc, or limited use, a similar story to the adoption of any new technology. The reasons for this limited success may have little to do with how AI works and everything to do with how work gets done in an organization.

In a recent Harvard Business Review article on AI implementation, the authors make a compelling case that culture at most organizations that weren't born digital runs counter to what is needed for successful AI. They argue that such companies must make three fundamental shifts to scale up AI:

  • From siloed work to interdisciplinary collaboration.
  • From experience-based, leader-driven decision-making to data-driven, front-line decision-making.
  • From rigid and risk-averse to agile, experimental, and adaptable.


Internal auditors can play an important role in determining if their organizations are positioned to scale up AI. By focusing on certain issues during engagements, internal auditors can quickly establish where their organizations fit in the three categories identified by the authors. They can then make recommendations to encourage changes that position their organizations for AI success.

The first step is understanding the organization's current use of data analytics or other technologies that could mature into an AI program. This would provide a baseline on what and how the organization is doing today. Audits could examine organizational attitudes and practices involving collaboration, decision-making, and innovation.

Collaboration. Breaking down silos is common in discussions about enterprise risk management (ERM) and good governance practices. Most audit functions are in a position to provide assurance on the organization's risk management strategy and ERM program (if one exists). And, internal audit must be creative, as technology can help the CAE identify risks and test controls in all new ways. Start by reviewing all the risk assurance duties within the organization to understand what management's second line of defense functions are focused on, clearly defining who does what. Breaking down old silos in an organization is a prerequisite to meaningful change.

Decision-making. While you likely would not perform an audit on "decision-making," auditors should look out for decision-making processes across all engagements. These insights not only provide a view into the culture of the entity being audited, they help connect the dots limiting an organization's ability to make critical decisions timely. Engagements that include a look at decision-making processes and attitudes can begin with established decision-making protocols and examine how they are carried out within the organization. Such audits also would likely stray into softer areas, such as examining what influences decision-making, interpersonal relationships, internal politics, and leadership styles.

Innovation. Begin by understanding your organization's technology strategy. Examining how an organization approaches innovation is largely based on understanding the culture, including how innovation is incentivized and how the company reacts to new ideas that don't ultimately meet expectations. Such knowledge may prove to be the most challenging to gain, but also the most enlightening when understood. How an organization approaches experimentation, short-term failures, agility, and adaptability will be a strong predictor of its success with implementing disruptive technologies such as AI.

AI is following the same path that most technologies go through. Business leaders hear promises of how a new technology will transform their organization. They jump in hoping to reap the benefits and quickly realize it is much harder — and often much more expensive — than imagined. Many implementations will initially fail, strategies will be reset, and after significant time and investment, varying levels of success will be achieved. Internal auditors can seize this opportunity to disrupt this normal course of technology implementation and support their organizations in achieving success more efficiently.

That's my point of view; I'd be happy to hear yours.

Internal Auditor is pleased to provide you an opportunity to share your thoughts about these blog posts. Some comments may be reprinted elsewhere, online or offline.

 

 

Comment on this blog post

comments powered by Disqus
  • Fastpath_Oct 2019_Blog 1
  • IIA GAM_Oct 2019_Blog 2
  • IIA Training_Oct 2019_Blog 3