How internal auditors can support responsible and effective use of AI

Why internal auditors need to be ready for AI

In today’s fast-paced business landscape, internal auditors need to be prepared and informed about the emerging risks that affect their organizations. We are frequently exposed to new regulatory landscapes and emerging techniques. This calls for internal auditors who can be flexible and fast-paced but also open to constantly keeping themselves informed to support and add value to their organizations.

As AI is more frequently used and incorporated into organizations’ strategic goals, internal auditors should be prepared to audit their organization’s use and preparedness for AI. 

Where AI impacts organizations: risks and responsibilities

Here are some of the most common areas that we have encountered in audits and client work: 

Risk management

AI systems introduce new risks, such as biases, errors, and security vulnerabilities. As internal auditors, we help the organization identify and mitigate these risks.

AI regulations and compliance

There are increasing regulations and standards around the use of AI. Auditors ensure that AI systems comply with relevant laws and guidelines, helping the organization avoid legal issues.

Data integrity

AI systems rely on large datasets. Internal auditors can verify the accuracy and integrity of the data used, ensuring that AI outputs are reliable and trustworthy.

Ethical considerations

AI can impact decision-making processes. As auditors, we can assess whether AI systems are used ethically, ensuring fairness and transparency in their application 

How internal audit teams can lead the way in auditing AI

As internal auditors, it is important that we help our organizations to ensure effective and responsible use of AI. All annual audit plans going forward should include AI-use related audits, if you ask us. Here are four key areas we recommend including in future audit plans:

1. Make sure AI is part of  strategic objectives and assess the governance model

It is important that the organization has a strategy and policies for its use of AI systems, including a clear governance model. Clear roles and responsibilities are crucial and fundamental. As internal auditors, we can assess the overall governance and risk management structure for AI systems. This includes reviewing policies, frameworks, and ethical use of AI. We can also ensure that the AI strategy aligns with the overall business objectives. Does your organization have a strategy and clear responsibility for AI usage?

2. Assess preparedness for the new regulatory landscape

Assess how well processes are compliant with current regulations, such as the EU AI Act, and include regular monitoring and intelligence gathering. Has your organization made an assessment and identified AI usage across the organization, including a risk assessment?

3. Assess necessary skills and talent 

Provide assurance that the organization’s AI strategy is underpinned by a skills and talent program that can attract, develop, and retain key capabilities. AI systems, compliance, and use of AI is a field that is constantly changing, and the need to upskill, hire new capabilities, and ensure that you have enough competence within the AI field in your organization is crucial (including us as internal auditors!).

4. Ensure responsible use of AI

Provide assurance that the organization’s use of AI is ethically sound and is seen as trustworthy. Ensure compliance with rules, regulations, internal policies, and the use of AI according to the overarching strategy.

Final thoughts: Internal audit’s evolving role in responsible AI

As AI becomes more deeply embedded in business operations, internal auditors are in a unique position to guide how it’s used. From auditing AI strategy to assessing compliance with AI regulations, our work supports trust, transparency, and responsible innovation.

The time to include AI in your audit plan is now. Let’s make sure our organizations are ready—not just for compliance, but for long-term, ethical, and effective use of AI.