Bringing clarity to the foggy world of AI: Strategy governance should be internal audit's focus in assessing artificial intelligence systems.

AuthorAlvero, Kevin M.

In unveiling the U.S. government's updated National Artificial Intelligence (Al) Research and Development Strategic Plan last June, U.S. Chief Technology Officer Michael Kratsios framed the reality many organizations face with AI. "The landscape for Al research and development (R&D) is becoming increasingly complex," Kratsios said, noting the rapid advances in AI and growth in AI investments by companies, governments, and universities. "The federal government must therefore continually reevaluate its priorities for Al R&D investments to ensure that investments continue to advance the cutting edge of the field and are not duplicative of industry investments."

Organizations are indeed investing in AI. About one-third of companies in Deloitte's most-recent State of AI in the Enterprise survey said they were spending $5 million or more on AI technologies in fiscal year 2018. Moreover, 90% expected their level of investment to grow in 2019. These investments are occurring across all facets of business, from production and supply chain to security, finance, marketing, customer service, and internal audit.

With so much money on the line, organizations must invest the right resources in the right places to capitalize on AI. But with the technology evolving rapidly, it's not clear how they can accurately assess AI-related risks and ensure that projects are consistent with the organization's mission, culture, and technology strategy. In this sometimes-foggy environment, internal audit can be a valuable ally by focusing on whether the organization has a sound AI strategy and the robust governance needed to execute that strategy (see "AI Deployments More Difficult Than Expected" on page 11).


The definition of artificial intelligence is somewhat ambiguous. There is not universal agreement about what AI is and what types of technologies should be considered AI, so it's not always clear which technologies should be in scope for internal audits.

Technologies that fall into the realm of AI include deep learning, machine learning, image recognition, natural language processing, cognitive computing, intelligence amplification, cognitive augmentation, machine augmented intelligence, and augmented intelligence. Additionally, some people include robotic process automation (RPA) under AI because of its ability to execute complex algorithms. However, RPA is not AI because bot functions must adhere strictly to predetermined rules.

When considering which...

To continue reading

Request your trial