AI & Automation AI Adoption AI Agents Application Security Artificial Intelligence Authentication Authorization Automation Business CI/CD Security Cloud Cloud Integration Cloud Networking Cloud Security Cyber Risk Cybersecurity Data Analytics Data Privacy Data Protection Finance IT Infra IT Operations IT Security IT Strategy Secure by Design Secure Coding Secure Connectivity Secure Development Secure Integration Secure Software Practices Security Security Security Automation Security Best Practices Security Engineering Security Operations Security Policy Security Strategy Whitepapers

Navigating the Benefits and Risks of AI as an Internal Auditor

1,289 1 minute read

Cybersecurity is the top risk consuming internal auditors’ greatest time and effort, according to The IIA’s Risk In Focus 2024 report series. A significant emerging cybersecurity risk area is artificial intelligence, or AI. Although AI is a sophisticated tool that can help improve efficiency, productivity, and risk management across the organization, it also presents challenges including ethical and security considerations. Additionally, while AI can be a valuable tool in the battle against cyberattacks, bad actors can also leverage it to perpetrate their crimes.

The IIA’s Global Knowledge Briefs on Cybersecurity, produced in collaboration with AuditBoard, discuss the importance of examining the uses and threats of AI in internal audit. Part 2: Artificial Intelligence as Friend and Foe explores ways AI can be utilized as a positive cybersecurity tool, as well the negative ramifications of AI’s potential. Download your free copy to explore the following topics in more depth:

The Use of AI as a Cybersecurity Tool

One way that AI and machine learning can significantly enhance cybersecurity efforts is in threat detection and data analysis. In the past, organizations relied on system administrators to review events related to these external threats. However, because of the advancement of automation and other technologies, the growing volume of such attempts from bad actors has overwhelmed the capacity for effective human review. AI can review large volumes of threat events, recognize patterns, and learn from them over time. In addition, more sophisticated malware detection tools have better capabilities, as do other malicious activity defense solutions.

Risk Considerations

Some of the threats of AI are internal, but they can be just as damaging as cyberattacks. For example, a customer-facing chatbot could provide biased, inaccurate, or completely fabricated information, depending on how they are trained. Or an employee might post information into publicly available generative AI that the program will retain, potentially exposing company or customer data and personal identifiable information outside the organization.