Using AI for audit techniques

Context- The article discusses the challenges faced by India’s Comptroller and Auditor General (CAG) in
auditing AI systems, emphasizes ethical use of AI in audits, and highlights the need for AI regulations and
standardized data for accurate and fair auditing. It also briefly discusses global AI regulations and
frameworks.
What challenges does AI present to auditing?

  • Ensuring Ethical AI Use: The CAG, Girish Chandra Murmu, emphasized that utilizing AI for
    auditing must be done ethically and responsibly to avoid inaccurate findings.
  • Data Integrity and Bias: It is crucial that AI uses data that are complete, timely, and relevant, and
    auditors must be cautious of inherent data bias, especially when data are obtained from
    unauthorized sources like social media.
  • AI Regulation and Standardization: The challenge for the CAG involves not only regulating AI use
    but also ensuring standardized data across varied government entity platforms.
  • International Audit Framework: The Supreme Audit Institutions (SAIs) of the G20 conference
    highlighted a need for a shared international audit framework related to AI to address audit
    challenges comprehensively.
  • Adopting Existing Frameworks: Currently, auditors must adopt and adapt existing frameworks
    and regulations related to IT and communicate with all stakeholders due to the absence of
    explicit AI auditing guidance.
  • Data Management Complexity: Managing data, ensuring its integrity, and integrating it from
    diverse platforms and sources become challenging in AI audits.
  • Consulting Experts: AI audit assignments might need the involvement of various specialists, such
    as data scientists and architects, due to the intricacy of AI technologies.
    What regulatory actions have been taken regarding AI?
    Global Level Regulatory Action
  • EU AI Act: The European Parliament approved the act, creating new rules and scrutiny for AI
    tools like ChatGPT. Developers need to get their systems reviewed and approved before they can
    be used commercially. It also restricts real-time biometric surveillance and prohibits “social
    scoring” systems.
  • UK’s AI Safety Regulation Intent: UK Prime Minister Rishi Sunak wants the UK to be the
    “geographical home” of AI safety regulation, signaling a direction towards detailed AI regulatory
    practices.
  • AI Auditing Frameworks: Various frameworks for AI audit, like the COBIT framework and the
    COSO ERM Framework, are in place globally. The UK’s Information Commissioner’s Office also
    published draft guidance on an AI auditing framework.
    Indian Level Regulatory Actions
  • Digitalization of Audit Process: The CAG in India will implement “One Indian Audit and Accounts
    Department One System,” a web-enabled IT application, to digitalize the audit process from April
    1, 2023.
  • Need for AI Regulation: India perceives a need to establish AI regulation, inspired by initiatives
    from global counterparts like the EU. However, specific Indian regulatory actions regarding AI are
    not detailed.