AI and ML in Internal Audit: The Portal to the Future is Close By

“I think the ultimate responsibility of internal audit is to ensure the company can achieve its strategic objectives and goals in a compliant and risk-managed way. Part of that responsibility must be to ensure the company is prepared — given the dynamic environment that we live in and operate today — with technology and system advancements, an evolving regulatory landscape, and unexpected environmental impacts to operations such as the pandemic. If we can’t adapt, then I don’t know how we continue to add value. To do this, internal audit has to get in early to understand how the organization is adapting to these changes.”—Lisa Lee, Vice President of Audit at Alphabet/ Google.

The ideal option is to conceive an architecture that keeps a tab on risks and provide the auditors and the Management with the necessary insights and reports on demand which enable them to address the risk landscape proactively. The skill deficit in auxiliary IT tools and augmented analytics has led to a reactive decision-making process when it comes to risk control and mitigation in Audit. But with the risk landscape turning out to be more dynamic, the Auditors must ‘audit at the speed of risk’.

Risk is a perception.

A perception of events that may harm your interests over the short to medium to long term. From that perspective, the Global Risks Report series brought out by The World Economic Forum is a treasure trove of such perceptions. It is a comprehensive survey and analysis of global risks related perceptions amongst risk experts and global leaders in business, government, and civil society. An annual publication, the 2022 report ranks “social cohesion erosion” and “livelihood crises” as the topmost risks. The following risks have also received special mentions: “debt crises”, “cybersecurity failures”, “digital inequality” and “backlash against science”.

Of these cohort of risks, two of them are prone to give sleepless nights to Internal Auditors namely cybersecurity failures and digital inequality. The pandemic has changed the way the world works once and for ever. Consequentially, it has also changed the way the world lives! The societal adoption of digital technologies has outpaced the societies’ ability to prevent and manage the associated risks. This does not bode well for IA departments.

Traditionally, the IA function had to find a continual balance between two processes: core financial & operational processes which includes procurement, payrolls, payables and health & safety—alongside organisation’s truly greatest risks (cyber, digitalization risks and change management). Obviously, the age of ‘monster spreadsheets’ and pile after pile of reports and data have added to the sheer size and complexity of an organisation’s risk mitigation processes and operations.

The Internal Audit department being the nerve center or repository of this data agglomeration, is thus restrained to cover a limited ground each year and are thus forced to perform audits on a rotational basis. Core financial & operational processes are done a sampling of and the cyber, digitalization risks and change management auditing are often sidelined. But the fact is that this is far from ideal as stakeholders need assurances over both!

But where there are problems, there are also solutions.

When it comes to Internal Audit, what matters is the quality of relevant insights that can have significant and far-reaching impacts on risk assessment, project scoping, sub-population identification, issue identification, quantification etc. For a human being to sit down and manually analyse data dispersed in hundreds or billions of rows to achieve this end would be a nightmarish scenario. This is where the power of Machine Learning comes in. A subset of Artificial Intelligence, ML can identify trends and patterns hidden in innumerable data sources and provide valid insights which can swiftly be acted upon.

And to get this done, no specialist skills are needed on the part of the Auditor. Off-the-shelf algorithms that enable auditors to carry out k-means clustering, decision tree-based models, affinity analysis etc. are readily available in applications with which insights can be generated. The methods identify items that have a statistically meaningful similarity between them as well as outliers that need closer scrutiny.

The approach comes packed with many benefits:

• Detection of risks, anomalies, and issues of exposures at the snap-of-a-finger-time. Not just 4 times a year, but in near-real time.
• Bringing to the forefront the core causes of issues and ensure faster decision-making.
• Providing insights, oversight, and foresight: Take better actions for the future in the here and now.
• Continuous controls monitoring and action. Fortify your business inside-out from the vagaries of risks.
• Ensuring compliance effectively and efficiently.
• Improving resource utilisation and staff morale.

Before IA personnel start implementing or leveraging the AI tools, there are in fact four basic queries that must be addressed.

1. As an IA professional, do you really know where your data is?
2. Is the facet/ version of the truth known for sure and is mutually agreed upon?
3. Is the data easily accessible?
4. Is the data integrity unquestionable?

Remember, these questions should have affirmative answers as a pre-requisite.

Procurement Analytics and Aurex: A Micro Analysis

Procurement analytics gathers and analyses procurement data to gain business insights and make better decisions. Examples include historical procurement spend analysis reports and advanced analytics to predict and budget future choices. Procurement departments use procurement analytics widely, offering invaluable market information to help business choices.

Procurement analytics can predict the liabilities in financial terms and modify discount levels accurately. It assesses the regularity of vendor deliveries, the caliber of supplies, and the time needed to rectify issue orders. These analytics effectively maintain supplier relationships and review vendor ratings, PO volume, and values. Its merits include lower risk, better resource management, increased compliance, and the potential to predict the average volume of demand during the whole cycle to enhance the organization’s strategic impact on the business.

How Does it Work

In the initial stage, data from the procurement process is analyzed for decision-making. Then, using a machine learning algorithm, we can spot suspicious behaviours occurring during the procurement stage. The next step is to determine the probability of risk that the procurement cycle involves. Finally, one may evaluate the scenarios and use Aurex to verify them.

Procurements analytics is beneficial if you want to move to the next level of your analytics journey. It is a key to gaining a strategic competitive edge as it aids in risk management and gives insight into buyer and supplier functions. Procurement Analytics assists in maximizing the effectiveness of the team and helps to prevent human error and mitigate fraud by audit trails.

When applied in an organization, it is a timesaver, repairing errors and preventing regulatory compliance violations. It manages and scrutinizes contracts to rule out any breach of the rules or regulations.

How does it Help a Client Improve ROI?

Predictive analytics powered by Artificial Intelligence removes data discrepancies and brings attention to fraudulent transactions. It has proven its efficiency as an integrated framework of processes by reducing production costs and time to market your applications.

The Future of AI and IA

"Artificial intelligence (AI) is the science of training machines to perform human tasks. There are three types of AI. Narrow AI is when the machine can perform a specific task better than a human. The current research of AI is here now. General AI reaches the general state when it can perform any intellectual task with the same accuracy level as a human would, and Strong AI is when it can beat humans in many tasks," said Susan Paul, one of the top 10 Internal audit thought leaders for 2020 in the world. She has more than 15 years of experience in IT audits, Information security, Risks and the allied domains.

There is clearly a long way ahead of AI to fulfill the expectations in strong roles.

"The AI used in machine learning is where the machine has built-in algorithms that help it learn based on transactions it is fed. This software platform uses AI and various control points (benchmarks) to analyze the transactions and then puts those transactions into buckets: high risk, medium risk, or low risk. Previously, auditors would manually sample at random to figure out which transactions to review, which was less effective. AI is more comprehensive; it alerts the team when things do not look right and tells auditors where to start and where the risk will be," she added speaking at an event.

We are approaching the age wherein an Internal Auditor’s value-add will also be evaluated on the predictability of what the future holds for businesses.