How internal auditors audit AI using this framework
Internal auditors can use the key points in the document to develop audit plans or to inform assurance and advisory services. The IIA’s Artificial Intelligence Auditing Framework also includes a practitioner’s guide: a simple checklist that internal auditors can use to begin assessing how an organization approaches, uses, manages, and reports on artificial intelligence. The checklist is intended to be a quick-start guide, but it should be customized based on organizational considerations.
Internal auditors can apply the AI framework to:
- Assess the organization’s artificial intelligence strategy and the maturity of its AI governance.
- Identify AI-related risks across the organization.
- Evaluate controls over data, algorithms, and cybersecurity.
- Support management in developing artificial intelligence policies and oversight.
- Provide assurance over AI-enabled processes.
The framework emphasizes reasonable assurance, recognizing the complexity and evolving nature of AI, while maintaining transparency, traceability, and accountability.
What’s new in the 2024 AI Auditing Framework?
- Expanded coverage of generative AI and large language models.
- Enhanced focus on AI governance, ethics, transparency, and accountability.
- Updated examples reflecting current AI use cases and risks.
- Stronger alignment with enterprise risk management and board oversight.
- Practical guidance for both advisory and assurance engagements.
Who should use the AI Auditing Framework?
The AI Auditing Framework is designed primarily for:
- Internal auditors at all experience levels.
- Chief audit executives.
- Boards and audit committees seeking insight into AI oversight.
The framework is also valuable for:
- Risk management and compliance professionals.
- IT and data governance leaders.
- Organizations at any stage of AI maturity, from early adoption to advanced deployment.
