Chair opening comments | Derek Jamieson | Director of Regions, Chartered IIA UK and Ireland Artificial intelligence (AI) is moving along at a huge pace. Our speakers today will share insight into the context and practicalities of AI. Merve Ugurlu, Senior Manager, Protiviti. Iain McGregor, Director of Innovation and Development and Arsalan Hussain, Head of Data Analytics, Government Internal Audit Agency (GIAA). |
Results of poll questions
1. Are you confident that you are up to date with the extent to which AI is being deployed in your organisation? |
Yes 34% |
No 65% |
2. Has your organisation developed a set of policies and protocols to address AI? |
Yes 15% |
No 84% |
3. Are you already deploying AI in the IA function? |
Yes 21% |
No 78% |
Key Takeaways
Click here for the presentation slides, including a useful one-page assurance approach for AI.
GIAA findings/lessons from a cross-departmental survey over the last year.
Examples of how GIAA internal audit are using AI
Large team, c350 internal auditors, c1500 audit reports each year.
Philosophy for using AI is to put human at the centre of the process and provide super-human skills to internal auditors
Click here for GIAA’s presentation slides.
Chair closing comments Ahead of today I asked Chat GPT about the value of AI to an organisation; automation and efficiency, data analysis and insight, customer experience, predictive analytics, enhanced decision-making, improved cybersecurity, innovation and competitive advantage, cost reduction. Click here for more detail. In a nutshell, the value is immense, but we must be careful. This is a developing area which we will return to. The Chartered Institute is continually developing guidance and welcomes new authors. Check out this topic in our How to audit and Technical Skills sections of Resources on our website. We are now moving to six forums a year – every two months. Our next meeting will be 27 September where we will discuss the newly launched Risk in Focus 2024 report. Dates for your diary
|
Chat comments including Q&A
Merve | ChatGPT is becoming a common tool but poses new risks. Two countries within EU banned its use in certain circumstances for example. GIAA’s is a great example of how AI can be used effectively and efficiently. There needs to be end-to-end governance and it’s good to see the human intervention for oversight – embedding these factors is crucial to the use of AI.
Question | Can you advise how the GIAA tool was created? ie how is it programmed?
Arsalan | We have used RShiny to develop this application.
Question | Did you have to do any configuration to the software or was it directly deployed through a Microsoft app?
Iain | We designed it ourselves. It communicates with ChatGPT in a private cloud/private version. We tell the software that ‘you are an experienced internal auditor.’ It thinks and responds as an internal auditor – cause/event/consequence. An important aspect is to stay in control, we always give our human internal auditors the ability to control the AI tools.
Question | What about data privacy? When using ChatGPT we have to provide content that includes banking secrecy, company data etc?
Merve | Some member states taking action to ban – when building any AI need to consider data privacy – eg the question/response/the source data scraped. When using it commercially there needs to be consideration of its impact on liability and professional indemnity.
Comment | When having ERM discussions in new locations I have used AI as a tool to provide some general examples of the type of risks that are prevalent in that location - useful for speeding up the establishment of risk registers for new market entry countries.
Comment | Fireflies.ai to capture system notes, it also links into ASANA, so good for internal audit action plans being updated in real time.
Comment | Not implemented its use to any great extent yet but thinking so far includes i) similar to the other delegate's point for a bit of horizon scanning to feed into either specific audits or overall audit planning, and ii) potentially looking at our organisation's external reporting (financial, ESG etc) and reconciling to our internal view of what is reported externally.
Comment | ChatGPT as a virtual assist to support the audit cycle ie it is used to QA written reports, generate test plans for actual controls.
Comment | We need to bear in mind that ChatGPT only has data up to September 2021.
Iain | We are using it for its language skills rather than the latest data.
Question | How do we get comfort over the security of the data / information that we are uploading to ChatGPT? I have used it sporadically for scoping but have not uploaded any findings from our work for analysis.
Answer | There was no time to answer this question – however here is what ChatGPT had to say about it.
Ensuring the security of data and information is crucial, especially when dealing with large organizations. While I, as an AI language model, don't have direct control over the security measures in place, I can provide you with some general guidelines to help you gain comfort over the security of the data and information you upload to ChatGPT. Here are a few steps you can take: