Governance, Risk and Compliance, Audits (External, Internal), Compliance Management, Risk Assessments/Management, Audit + Beyond

4 ways AI is transforming audit, risk and compliance

Share
Credit: Adobe Stock Images

Fast-moving trends in cloud, SaaS and especially artificial intelligence are creating a digital disruption within businesses that audit leaders say represent major risks today and more tomorrow, according to a recent Internal Audit Foundation study, Risk in Focus 2025, which was sponsored by AuditBoard.

AuditBoard will discuss the report's findings at its Audit & Beyond 2024 conference from Oct. 22 to 24 in Las Vegas.

AI is especially concerning to compliance leaders as the disruptive tech migrates behind firewalls processing on-prem data on third-party cloud SaaS apps, for example. Fears of AI-fueled shadow IT leading to data breaches, compromised systems and cyberattacks are also keeping IT security teams on edge. And then there are the adversarial uses of AI to consider.

Nowhere is the double-edge sword of tech innovation — as both villain and victor — more apparent than with AI.

On the flip side of digital disruption, Rich Marcus, chief information security officer at AuditBoard, told SC Media that AI, coupled with automation, is transforming audit, risk, and compliance workflows and seamlessly making it part of an overarching cybersecurity risk posture.

AI and automation are two of the most powerful tools helping audit, risk and compliance teams close the risk resiliency gap,” he said. Marcus and AuditBoard believe that if cyber has reshaped the enterprise risk assessments and management world, AI is about to push ESG frameworks into overdrive.

As compliance and IT security professionals gear up for the industry’s bellwether Audit & Beyond 2024 conference, here are four ways AI and automation are transforming audit, risk and compliance.

What role is AI and automation playing in transforming audit, risk, and compliance workflows, particularly in the realm of cybersecurity?

AI and automation are reshaping audit, risk, and compliance workflows, especially in cybersecurity, by boosting efficiency and accuracy. These tools help bridge the gap between fast-evolving threats, regulatory demands, and limited resources. AI enables real-time risk sharing, automates the culling of evidentiary data, and streamlines framework stress testing, allowing teams to conduct more frequent assessments with a more accurate analysis.

This process not only sharpens cybersecurity defenses, but makes it easier for companies to juggle new regulations like the SEC’s cybersecurity disclosure rules.

Marcus suggested the whole of these complimentary technologies is greater than the sum of its parts. By automating labor-intensive tasks like evidence collection, control testing, and risk reporting it allows for real-time risk management.

This transformation frees up compliance teams to focus on strategic decision-making and responding proactively to evolving threats, he said.

How has artificial intelligence and automation transformed audit practices?

Artificial intelligence (AI) and automation have significantly transformed audit practices by enhancing efficiency, reducing manual effort, and improving risk management. Today, 81% of enterprises use AI-powered risk management tools, according to AuditBoard.

AI enables real-time sharing of risk information, allowing auditors to identify patterns and assess risks faster. For instance, 54% of respondents in a recent study highlighted AI's role in strengthening compliance through automation, removing human error, and facilitating more frequent control testing.

Marcus explained that AI and the automation processes is reducing a resiliency gap “created by accelerating risk velocity, expanding regulatory requirements, and shrinking personnel resources.”

“These technologies allow us to remove manual toil from evidence collection and control testing, enabling more frequent and accurate assessments,” he said.

And as AI adoption grows, internal auditors are increasingly called upon to oversee its responsible use, ensuring that AI tools do not create new vulnerabilities, especially when it comes to cybersecurity and fraud.

For instance, AI can continuously monitor transactions, flagging unusual activities or discrepancies, which auditors can then investigate further.

These technologies also help streamline compliance with evolving regulations, such as those in the EU and the U.S., further cementing AI’s role in the audit and risk management landscape.

What risk trends are driving up the value of AI as a compliance tool?

Regulatory changes and complexity, third-party risk management, fraud detection and data privacy and protection are pushing businesses to adopt AI-powered compliance tools that can keep up with the pace of evolving risk landscape.

Emerging regulations like the EU's AI Act and the U.S. Executive Order on AI emphasize the need for robust AI governance. “AI enhances organizations' ability to stay agile and accountable,” Marcus said.

AI's ability to sift, sort and parse massive and discrete data sets using large language models and generative AI can turn a week of mind-numbing human analysis of regulatory rule changes into something that feels more like cutting butter with a hot knife.

In the context of third-party risk, AI can automate assessment of attack surface vulnerability management data, threat intelligence and factor new regulations to determine exposure.

“In the worst-case scenario of a third-party data breach, your organization may need to respond to an incident that wasn’t under your immediate control,” Marcus said. “The key to managing third-party risks is implementing strong data governance, ranking vendors by risk, and regularly testing a cyber incident playbook.”

IT security teams use the same data to improving track and manage risks effectively to predict the likelihood of a successful cyberattack or running afoul of compliance and regulatory guidelines.

How is AI and automation fueling the marriage of cybersecurity practices and ESG, compliance and risk management?

AI and automation are bridging traditionally siloed functions, such as cybersecurity, ESG, and compliance, into a unified framework. These technologies enable real-time risk assessments and streamlined compliance with complex regulations.

In the context of ESG, AI enables continuous tracking and reporting of key sustainability metrics, such as carbon footprint reduction and diversity benchmarks. By automating the collection and analysis of ESG data, AI helps companies stay compliant with regulations and investor expectations. More importantly, it integrates these efforts into a comprehensive risk strategy, ensuring that cybersecurity and ESG initiatives are aligned with broader risk management objectives.

"Breaking down silos between audit, compliance, and cybersecurity teams is crucial to managing today’s complex risk landscape," Marcus added. "AI’s ability to provide a unified view of risks across departments allows us to address threats proactively and maintain resilience."

AI and automation can be the fulcrum bridging cybersecurity, environmental, social, and governance concerns, compliance, and risk management by integrating disparate functions and streamlining processes and decision-making.

In some ways, like Yogi Berra put it, AI is "Déjà vu all over again" for businesses. Encryption and quantum computing were fresh ideas once, presenting adversarial challenges and massive security wins. Now in the spotlight is generative AI and large language models coupled with automation paving a new path forward for businesses.

The dynamic brings to mind another Berra quote, “When you come to a fork in the road, take it.”

Join AuditBoard Oct. 22-24 in Las Vegas, either in-person or virtually, and take the AI fork in the road at Audit & Beyond 2024.

Tom Spring, Editorial Director

Tom Spring is Editorial Director for SC Media and is based in Boston, MA. For two decades he has worked at national publications in the leadership roles of publisher at Threatpost, executive news editor PCWorld/Macworld and technical editor at CRN. He is a seasoned cybersecurity reporter, editor and storyteller that aims always for truth and clarity.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.