Share with your friends

Recoding risk: Riding the AI wave

Advantage Digital: Recording risk

AI is turning IT risk and control upside down and inside out. It has the capacity to revolutionise the way internal audit and risk functions operate. Yet it needs to be treated with care to deliver optimal results.

Andrew Shefford

Head of IT Internal Audit

KPMG in the UK


Also on

Recoding risk: riding the Ai wave

AI is turning IT risk and control upside down and inside out. It has the capacity to revolutionise the way internal audit and risk functions operate. Yet it needs to be treated with care to deliver optimal results.

Sitting right at the heart of digital transformation, AI has unguessed-at potential in terms of efficiency and cost-effectiveness. It also presents a dual challenge: how best to audit your use of AI – and to use AI as an invaluable tool within your internal audit function.

As part of KPMG’s recent Advantage AI event, a group of KPMG experts and business leaders explored the role of AI within Risk functions today –and tomorrow.

  • What does it all mean for me?

Organisations – and the individuals within them – are at different levels of maturity in terms of their understanding and implementation of AI. Some businesses are using machine learning and interpreting data to come up with answers to questions they haven’t even yet thought to ask. Others remain very wary with little understanding of how AI could change their business for the better.

  • Who’s using AI in your business?

It’s likely that AI is already in use within your business, even if you are unaware of it. You need to be having conversations right now – not just with CIOs and CDOs, but across the organisation – to find out who’s doing what: which tools they’re using, the outcomes they need and the risks and controls involved.

  • Not just AI for the sake of it

The ideal approach is to define the parameters for AI right at the start. That means pinning down the business objectives: whether that’s driving down costs, boosting efficiency or augmenting an existing business function.

  • Understand the risks

The very nature of AI – the high velocity continuous learning, adapting and changing based on new information – comes with risk attached. Things can go wrong very quickly. It’s essential to have access to the right capability, perhaps introducing 'audit engineers' to check and challenge the systems, and to ensure your AI systems are built with controls – an audit ‘black box’ – embedded into them.

  • Give yourself guardrails … and an off switch

With so many unknowns at the heart of AI and the surrounding technology landscape, organisations need to define their guardrails and risk appetite. That might include, for example, creating a pause button as part of the close controls culture – to retain control while preserving agility.

  • Getting to grips with governance

In a recent IT Internal Audit KPMG survey from 2017, only 20% of companies said they were comfortable with the level of governance of their AI projects, even though some 62% said their organisations were planning to use AI. Inevitably there may be a conflict between trust and governance on the one hand and competitive advantage on the other – yet compliance and control are a key part of AI in any business.

  • Rely on the best quality data

The pace of machine learning means that the rules of the game are becoming less clearly codified. The original data used for AI needs to be correct and accurate – a complete repository of risk. Deep learning is based on data and decision-based data: in writing a data set, it’s vital to get the parameters right.

  • Embrace the change

AI – and digital transformation generally –- is an unstoppable force. The earlier your business engages with it, the better placed you’ll be to reap the benefits. And they’re undeniable: AI at work in internal audit, say, can detect elements of risk it would otherwise take businesses five years to find. The changes are coming thick and fast – and firms will lose optionality if they don’t get started now.

  • Upping the comfort levels

Understanding the need for ‘explainability’ is all part of creating a culture of confidence within your business. The whole organisation front to back needs to understand the technology, how the models work, why the machines are making particular operational decisions – and where the specific risks and opportunities lie.

Find out more about managing the risk of implementing AI below.

Connect with us


Want to do business with KPMG?


loading image Request for proposal