AI is an emerging risk for auditors, new research shows
January 18, 2024
Despite the increased interest in AI and ML, only 12% of respondents indicate their organisations have adopted AI and ML within their audit functions.
Artificial intelligence has been identified as an emerging risk, with gaps in organisational preparedness and audit proficiency, according to new research from Protiviti.
In partnership with The Institute of Internal Auditors (The IIA), Protiviti conducted its 11th Annual Global Technology Audit Risks Survey to understand the impact of technology evolving at an unprecedented pace, and the risks associated with it.
A total of 559 executives and professionals, including chief audit executives and information technology audit directors, completed the online survey.
While only 28% of respondents perceive AI as a significant threat over the next 12 months, it is rated among the most significant risks over the next two to three years. This suggests that while AI may not be perceived as an immediate threat, it is rising rapidly on the risk horizon.
Although AI can provide organisations with advantages like automation and enhanced data analysis, its utilisation can also introduce a new level of complexity and risks that organisations need to address and manage proactively.
Organisations need the talent, now
As AI adoption continues to grow, it represents a latent risk that organisations must start preparing now. Few organisations believe their level of preparedness or proficiency of their technology audit group in handling AI and ML risks are at acceptable levels.
Another growing concern is the talent gap in IT. Companies need to hire talent with a deep understanding of cybersecurity and AI at a time when such talent is scarce.
“Companies with insufficient talent and intellectual capital in areas like cyber and AI will find themselves exposed when these risks become reality,” warns Angelo Poulikakos, Managing Director, Global Leader, Technology Audit and Advisory practice at Protiviti.
IT talent management poses a substantial technology risk concern, primarily because of the ongoing demand for qualified individuals with the required skillset. Amid a long-term talent shortage, those with technology-related skills and talent remain, by fa, the most difficult to locate, recruit and retain, especially for technology audit groups.
Job listings for AI and ML specialists increased by 300%, according to Protiviti’s report, in the past year while other postings for IT roles declining. With this rapid adoption of LLMs and other types of generative AI across most industries comes greater risks.
Cyber security tops the list of concerns
The survey results also reveal that cybersecurity is the top priority for organisations, with nearly 75% of all respondents considering it a high-risk area.
“When it comes to technology challenges, not only are companies facing a wide range of threats, but each of these threats is changing at an alarming rate,” says Poulikakos. He emphasises the importance of conducting frequent internal audits and integrating advanced analytical tools to stay on top of these changes.
Respondents believe next-gen cyber threats post the most significant risk over the next two to three years.
Call to action: Elevating technology audits
The survey report provides key calls to action aimed at assisting IT audit leaders and teams in taking their technology audits to the next level.
These include increasing audit frequency for high-impact areas, maintaining vigilance over well-managed risks, leveraging advanced analytics for deeper insights, and improving organizational preparedness regarding third-party risk management and IT talent management.
Conclusion: The Road Ahead
The 11th Annual Global Technology Audit Risks Survey serves as both a mirror and a roadmap, reflecting the current state of technology risks and guiding technology audit leaders through the challenges and opportunities that lie ahead. As technology continues to evolve, so too must the strategies and tools employed to manage and mitigate the associated risks.