Internal auditors are becoming increasingly concerned about the potential for cyber criminals to weaponise artificial intelligence to commit bigger, more sophisticated and more dangerous crimes.

Research published this week by the Chartered Institute of Internal Auditors shows that 78% of chief internal auditors believe AI will negatively impact cyber security and data security; and that 58% believe it will exacerbate fraud.

The survey of 985 chief internal auditors across Europe indicates that the top five risks in the context of AI are:

1. Cyber security and data security (78%)
2. Fraud, bribery and the criminal exploitation of disruption (58%)
3. Digital disruption, new technology and AI (55%)
4. Human capital, diversity, talent management and retention (48%)
5. Communications, reputation and stakeholder relationships (41%)

The results suggest that the boards and senior management of organisations should harness the skills and expertise of their internal auditors and seek independent internal assurance that the controls used to mitigate and manage AI-related risks are working effectively. Where controls are found deficient or ineffective internal audit can make recommendations for management to implement corrective action to address control weaknesses, helping to enhance business resilience and performance.

Commenting on the findings of the research, Anne Kiem, chief executive of the Chartered Institute of Internal Auditors said: “AI is evolving rapidly and as with all new technologies it can be used for positive and negative reasons. Our research has shown that Chief Internal Auditors are alert to the threats and this should bring some comfort to those organisations that have a strong focus on risk control, risk mitigation and having a well-resourced internal audit function. Internal auditors remain a force for good.”

The Chartered IIA’s research was commissioned as part of its annual Risk in Focus report, and was carried out over March and April 2024. The part of the research that focused on understanding the business risks negatively impacted by AI was based on a quantitative survey of 985 chief internal auditors from 20 European countries.

Countries represented include Albania, Armenia, Austria, Belgium, Bulgaria, France, Germany, Greece, Hungary, Ireland, Italy, Luxembourg, The Netherlands, Norway, Poland, Portugal, Spain, Sweden, Switzerland and the UK.

The full Risk in Focus 2025 report and survey findings will be published in September 2024.



SUGGESTED READING

EDITOR'S COMMENT
Artificial intelligence is everywhere. From IT departments to boardrooms, and from conferences to the corridors of power, the recent excitement around generative AI, in particular, has precipitated a surge in efforts to predict and understand how the upsides of AI can be harnessed...

---