3 Tactics to Reduce Generative AI Risk

3 Tactics to Reduce Generative AI Risk

Generative AI models exist in two forms today: as open-source models or third-party offerings like OpenAI. AI’s security and data quality risks are important to consider. This is especially true when dealing with third-party vendors. Generative AI products are trained to sound confident and authoritative, but they can provide wrong or inaccurate responses. 

Three facets of generative AI changed in November 2022. 

  • The democratization of AI in a way we’ve never seen before. With ChatGPT, you can access endless insights with accessible technology. 
  • The amount of investment in AI. There has been a 429% increase in AI investment. 
  • The emergent capabilities of this technology. AI generates new opportunities and risks every day. 

Audit, risk, and compliance professionals should treat generative AI outputs with healthy skepticism. Before AI outputs go live in your environment, teams must review and confirm all responses. At its best, generative AI is a first draft that requires human intervention and future iteration to be flight-ready. 

Of course, generative AI users must ask a critical question. Do their activities align with their organization’s approach, strategy, and values? It’s important to address the following questions before the content is used: 

  • Fairness and bias
  • Dependency and accuracy
  • User privacy

In this article, we’ll cover shaping the risk culture of your organization, creating an integrated, interdependent view of risk, and what’s next for AI.

Shape the Risk Culture of Your Organization

Generative AI technologies currently rely on a process called k-shot prompting. That means the language model has not been trained on the specific prompts put into the model. Instead, the model generalizes based on previously learned knowledge. 

An example of a generic risk statement prompt may be: “Please generate a concise risk statement for a financial institution considering the potential risks associated with a new product launch in a highly competitive market.”

To improve this, add existing risk description “pairs” to cue the language model into examples you would like to see in the language and risk culture of your organization. 

To do that, for example, insert the following data into the prompt: “Please generate a concise risk statement for a financial institution considering the potential risks associated with a new product launch in a highly competitive market. Example risk statements include {existing}.”

What’s Next for AI in Audit, Risk, and Compliance?

Risk velocity, volatility, and volume continue to outpace organizational capacity to manage it. Now, audit, risk, and compliance teams must find new ways to elevate risk management for a more holistic view. 

One mandate is better collaboration and alignment in how teams identify, understand, and manage cross-organizational risk. An equally important mandate is to improve their ability to connect the dots across the organization’s data. This creates an integrated view with a focus on how different risks are connected and interdependent.

AI solutions for audit, risk, and compliance are designed to help these teams do the following: 

  • Drive greater efficiency
  • Improve cross-functional visibility
  • Connect risks and teams
  • Proactively surface insights that might otherwise be inaccessible

However, AI doesn’t guarantee results. To make the most of AI’s potential, organizations need the right strategies, teams, processes, and partners in place. AI is only as useful as the data that underpins it. 

Additionally, AI insights only yield value when real people review, refine, and share them — and decide to take action. Accordingly, it’s crucial to understand how different AI solutions embed the risk management, security, and intuitive functionality that will enable teams to leverage AI effectively in their day-to-day work.

AuditBoard AI is purpose-built to address these challenges. It leverages proprietary algorithms and large language models across a full spectrum of AI technology, including generative AI, machine learning, and natural language processing. 

AuditBoard’s flexible, highly intuitive, no-code solution reflects our ongoing commitment to empowering professionals with game-changing tools that save time, effort, and resources.

Generative AI will have an acute impact on the future of work in any organization and may well prove to be the ultimate capacity multiplier. Within audit, risk, and compliance, the opportunities are virtually limitless. AI’s potential to help organizations more quickly and accurately gain a true view of their risk — and translate that view into insights and recommendations — will be transformative, forever changing how audit, risk, and compliance teams deliver value to their organizations. With these benefits on the line, no organization can afford to put off investing in AI


Daniil Karp is a SaaS business professional with over a decade helping organizations bring revolutionary new practices and technologies into the fields of IT security and Compliance, HR/recruiting, and collaborative work management. Prior to joining AuditBoard Daniil worked in go-to-market at companies including Asana and 6sense.