AI-Related Risks See Greatest Audit Coverage Increases In 2024: Gartner Survey
Chief audit executives expect audit coverage of AI-related risks to grow as organisations increasingly adopt the technology.
The rapid growth and adoption of generative artificial intelligence has resulted in a rush to provide audit coverage over potential risks arising from the use of the technology, according to a survey by Gartner.
The research and consulting firm surveyed 102 chief audit executives to rate the importance of providing assurance over 35 risks.
The top six risks with the greatest potential for audit coverage increases are strategic change management, diversity, equity and inclusion, organisational culture, AI-enabled cyberthreats, AI control failures and unreliable outputs from AI models.
“As organisations increase their use of new AI technology, many internal auditors are looking to expand their coverage in this area,” said Thomas Teravainen, research specialist at Gartner. “There are a range of AI-related risks that organisations face, from control failures and unreliable outputs to advanced cyberthreats. Half of the top six risks with the greatest increase in audit coverage are AI-related.”
The survey found that internal auditors lack confidence in their ability to provide effective oversight on AI risks. Only 11% of respondents rating one of the three top AI-related risks as very important considered themselves very confident in providing assurance over it.
Publicly available gen AI applications and those built in-house create new and heightened risks for data and information security, privacy, IP protection and copyright infringement, as well as trust and reliability of outputs.
Many enterprise gen AI initiatives are in customer-facing business units, and the proliferation of gen AI makes increasing coverage of unreliable outputs from AI models (e.g., biassed or inaccurate information) a priority to protect the organisation from reputational damage or potential legal action.
“With such a broad array of potential risks coming from all over the business, it’s easy to understand why auditors aren’t confident about their ability to apply assurance,” said Teravainen. “However, with CEOs and CFOs rating AI as the technology that will most significantly impact their organisations in the next three years, continued gaps in confidence will undermine CAEs’ ability to meet stakeholder expectations.”
