Artificial Intelligence: Risks and Opportunities — How Can Internal Audit Lead the Adoption of AI?
Artificial intelligence (AI) is growing rapidly, with an annual growth rate of 36.6% projected through 2030. Like the internet and personal computers, AI will become central to how businesses operate. Organizations that fail to adapt will fall behind; internal audit units are uniquely positioned to help responsibly manage this transformation.
Opportunities
AI offers significant gains in efficiency and innovation. Studies show that developers using GitHub Copilot work 56% faster; consultants produce more and higher-quality output with AI support; and customer service efficiency improves by up to 45%. Breakthroughs are also seen in areas such as cancer prediction, wildlife conservation, and environmental research.
Risks and Failures
AI’s flaws are also noteworthy. Examples such as Air Canada’s misleading chatbot or McDonald’s’ failed ordering system create reputation and cost risks. Bias, privacy violations, cyber threats, lack of transparency, and excessive dependence on third parties are prominent issues. As Bill Gates pointed out, AI sometimes cannot distinguish fact from fiction, leading to unreliable results. Therefore, strong oversight is essential.
The Role of Internal Audit
Internal audit is a key player in AI governance. Risk-based audits ensure compliance, transparency, and accountability. Audits can be conducted as independent AI audits or integrated into areas such as information security, data privacy, enterprise risk management (ERM), and third-party risk management (TPRM). Teams should understand the unique risks of AI, work with subject matter experts, and develop customized audit criteria.
Standards and Frameworks
Guiding standards are rapidly emerging:
• ISO 42001:2023 — Defines AI management system requirements; integrates with quality and security frameworks.
• NIST AI 600-1 — Risk management framework for generative AI; covers topics ranging from content integrity to environmental impact.
• Industry-specific guidelines — Focused on fairness, transparency, and ethical use, particularly in finance and insurance.
These standards help internal audit design a layered governance approach.
Practical Steps for Implementation
Internal audit teams can start by automating routine tasks such as report summarization, data analysis, or executive summaries. This approach aligns with the practice of OpenAI’s Sam Altman and Nvidia’s Jensen Huang using AI for efficiency. Pilot projects accelerate learning and enable adaptation before scaling.
Clear procedures should be established and training provided to strengthen oversight. AI systems should be regularly monitored using key performance and risk indicators; alignment with compliance, ethics, and business objectives should be maintained through continuous evaluation.
Conclusion
AI holds as many serious risks as it does great promise. Organizations must adopt it strategically; internal audit functions must pave the way. By integrating AI governance into audits, applying global frameworks, and starting with practical use cases, internal audit can assume a trusted advisor role. How well organizations manage AI oversight will determine their success over the next decade.