W ith the rise of AI and regulatory uncertainty, Chief Audit Executives (CAEs) are expected to face mounting pressure from the board to address emerging risks and strengthen mitigation efforts. According to Gartner, a technological research and consulting firm, as AI has emerged as both a valuable business asset and a potential threat, CAEs are pressured by the board to provide assurance over risk management.
“2025 brings more high-profile risks and opportunities that are driving growing board focus on risk management, so CAEs need to be sure they are effective in helping the audit committee (AC) discharge its risk oversight responsibilities,” said Margaret Porter, Chief of Research in the Gartner Assurance Practice.
Most of the time CAEs only get less than 30 minutes with audit committees and are therefore forced to maximize their limited time. During these meetings, CAEs should prioritize highlighting risk trends, root causes, and systemic governance issues. Meanwhile, they can hand out supplemental materials in order to provide an understanding of the background information.
AI Risks
According to Gartner, AI risks can take on many forms, including behavioral risks, transparency risks, and security and data risks:
- Behavioral risks are related to the ways algorithms and IT systems can misbehave in their performance, such as by creating inaccurate or biased results, providing outdated information or not complying with scoping requirements.
- Transparency risks are related to model explainability and disclosure of AI involvement.
- Security and data risks are related to the ways in which accidental or intentional leakage or misuse of personal or confidential information can impact the enterprise.
“While most audit leaders accept it is important to cover key AI risks in the next 12 months, less than a quarter feel confident in their ability to do so,” said Porter. “To increase their confidence in providing assurance over complex AI risks, audit should collaborate with assurance partners to assess and prioritize AI risk coverage needs.”
To better support the organization in managing and assessing AI risks, Gartner experts recommend internal audit work with legal, compliance, and risk teams to:
- Get organized for AI accountability and define enterprise practices
- Discover and inventory all AI used in the organization
- Revisit and implement AI data classification, protection and access management
- Implement technical controls to support and enforce policies
- Conduct ongoing governance, monitoring, validation, testing and compliance throughout the whole process.
Despite the risks, many internal audit functions are moving quickly to implement aspects of AI in their daily processes. yet exactly what the future of AI hold for internal audit is anyone’s guess. 