Auditing in the digital age: Assessing risk with AI
Jump to:
According to a recent survey by Protiviti and The Institute of Internal Auditors (IIA), almost 75% of respondents, including 82% of technology audit leaders, view cybersecurity as a high-risk area, and with good reason.
As technologies increasingly integrate into business functions, they create significant vulnerabilities in organizations that have more and more devices connecting to those business functions. Bad actors are continuously developing new attack methods to stay ahead of security protocols. They can exploit these technologies to identify and take advantage of vulnerabilities, similar to an invasive plant finding its way into cracks in your home’s foundation.
Unfortunately, there isn’t a single digital pesticide strong enough to protect the foundations of your business, even if you can find enough skilled security professionals. The good news is that while technology can’t prevent all cyber risks, it does give us more ways to detect and combat them. Artificial intelligence (AI), for instance, has emerged as an essential tool for helping security teams patch those inviting holes in business functions before they’re exploited, reducing breach risk and improving security posture efficiently and effectively.
AI can swiftly analyze millions of events and detect many types of threats, from malware to risky user behaviors that might lead to successful phishing attacks. AI learns over time, drawing from the past to identify new types of attacks. It uses behavior histories to build profiles on users, assets, and networks, enabling AI to detect and respond to deviations from established norms.
Deploying AI may seem daunting, but by sticking with it, you can usher in a new era of proficiency and strategic risk advisory for your firm and clients.
The role of AI in risk assessment
To assess risk, you must thoroughly analyze threats and the vulnerability of the client’s systems. Advanced AI—that is, AI that understands the meaning of words as opposed to just exact word matches—is ideally suited to solving cybersecurity challenges because of its continuous self-learning, which analyzes data from across the enterprise information systems and performs correlation of patterns across millions (or billions) of signals relevant to the enterprise attack surface.
In this way, AI identifies patterns related to past incidents so that forward-looking. plausible scenarios can be constructed to predict events and project risk. Because AI provides a transparent link between processes and risk, controls and adequacy can be assessed to ensure corrective actions are taken to mitigate risk.
Because AI analyzes complete groups of data and transactions rather than sampling, auditors get a more complete digital audit to identify anomalies for additional scrutiny. This also ensures that smaller transactions get the same level of scrutiny as bigger transactions.
Greater intelligence on policies, processes, and procedures
Apart from addressing historical anomalies and behaviors, AI also provides support for protection and detection by testing and reviewing policies, processes, and procedures to ensure compliance with IT governance and industry best practices. It facilitates business continuity and crisis management by coordinating and communicating with all levels of an organization and preparing for various disasters, including cyber-attacks. This is important even in situations where an attack is successful because business continuity management can mitigate the cost of a data breach by approximately $280,000, based on a breach of $3.92 million.
With AI, human teams have increased intelligence across many categories of cybersecurity, including:
Leveraging automation in digital audits
Companies can enhance the accuracy of predicting outcomes and instantly verify actual values by incorporating automation into AI-based systems. This creates a proactive control verification process where risk managers and auditors no longer must limit themselves to provided evidence. Advanced algorithms, such as deep learning, can extract meaningful and contextual information from various sources like contracts, conference calls, and emails, serving as supporting evidence.
Whenever there is updated data, the AI system can immediately analyze it and convert it into actionable information. With deep learning algorithms, the continuous control monitoring system can reconfigure itself based on the feedback from the previous set of results. This approach ensures optimal design, configuration, and implementation of controls with minimal human intervention.
Furthering the intelligence of humans
Although AI technology provides many benefits, it can never replace humans. It’s essential to have human insight and experience to interpret the output, determine if the information is accurate, and understand the implications of any anomalies, insights, or patterns in the overall context.
Because AI and automation can handle the deeper analysis of detecting threats and vulnerabilities, auditors can focus on higher-level business-growth tasks rather than searching for vulnerabilities. AI also allows them to spend less time drafting risk treatment plans after the risk assessment phase, which means companies can not only block invasive threats but also eradicate them from their roots when a petiole finds a crack in the system.
By combining the capabilities of AI and human expertise, you can usher in a new era of proficiency and strategic risk advisory with the help of a digital audit workflow.
Learn more about the role of auditors in risk management in today’s auditing environment by reading our new white paper, “Finding an advantage at the edge: What AI can do for Auditing.”
To learn more about Thomson Reuters Cloud Audit Suite and its AI capabilities, visit