When it comes to artificial intelligence (AI), internal auditors have tended to focus more on the risks that AI presents, rather than on how they can help the business capitalize on the potential value of this rapidly advancing technology. In McKinsey’s global survey on artificial intelligence, 22% of respondents reported at least 5% of EBIT (Earnings Before Interest and Taxes) attributable to the use of AI, and 50% reported that AI has been adopted in at least one business function. Despite the global uncertainty that has arisen from the COVID-19 pandemic, the AI sector continues to attract significant investment, garnering $38B of funding in the first half of 2021. Consequently, organizations with a forward-thinking mindset and an adaptive internal audit function — be it small or large — will be more strategically positioned for AI-related revenue opportunities.
To conceptualize how artificial intelligence has evolved and is continuing to evolve, I’ve found Kai-Fu Lee’s bestselling book, AI Superpowers to be an invaluable resource. In this article, I will break down Lee’s “Four Waves of Artificial Intelligence” to make the topic of AI more approachable for non-experts, and offer some key considerations that will enable internal audit to start taking advantage of and providing assurance over artificial intelligence.
What Are the 4 Waves of Artificial Intelligence?
Before diving into the different waves of artificial intelligence, it is important to understand what AI is. While a number of definitions of artificial intelligence exist, AI founding father Marvin Minksy has described it as “the science of making machines do things that would require intelligence if done by man.”
By breaking this broad definition into Lee’s four waves of Internet AI, Business AI, Perception AI, and Autonomous AI — each acting as a building block for the next and harnessing the power of artificial intelligence in divergent ways — we can begin to understand the variety of current AI applications and how the technology is forging ahead.
The First Wave: Internet AI
The first wave of artificial intelligence deals primarily with recommendation engines: systems making suggestions to users based on an analysis of data to deliver personalized content. You may be familiar with recommendation engines in popular apps like Instagram, Spotify, and YouTube. When we like a post, listen to a song, or watch a video, an algorithm analyzes our past history (if tracked) and suggests new tailored content.
Internet AI leverages our small and seemingly innocuous actions online — what we click on or do not, what we watch until the end or skip, where we linger on a webpage, or what we ignore — to recommend content we’re more likely to consume.
The Second Wave: Business AI
In contrast to Internet AI, which leverages the automatic labeling of data based on real-time user actions, Business AI finds correlations in data that companies have previously collected and labeled such as loans and repayment rates, insurance and claim rates, medical diagnoses, and survival rates. To illustrate, Chinese digital lending technology provider Dumiao analyzed hundreds of millions of loan applications to find that individuals who represent a higher default and fraud risk often let cell phone batteries run down and change phones frequently — identifying safer loan candidates based on their phone habits.
By mining this collected data for hidden correlations, Business AI goes beyond predictions based on linear causality (strong features) and analyzes peripheral but correlated variables (weak features). These “weak features,” while appearing unrelated to the outcome, can provide invaluable insight when analyzed in the vast quantities made possible by AI.
The Third Wave: Perception AI
The third wave, Perception AI, expands algorithms to digitize the world around us via sensors and smart devices. A practical example is the retail concept, Amazon Go. Patrons scan a QR code in an app as they enter, and smart cameras and weight-sensing shelves add each item to a “virtual shopping cart” when picked up. Patrons simply exit the store when they’re finished — with no checkout line, AI-enabled transactions are quicker and more efficient.
This same concept of digitizing our surroundings can be applied to other scenarios and content — like voice commands heard by smart speakers — for digital data analysis and optimization by AI-powered deep learning algorithms.
The Fourth Wave: Autonomous AI
An amalgamation of the preceding three waves, Autonomous AI will give machines the ability to sense and respond to the world around them, allowing them to work more safely and productively. One platform that uses autonomous artificial intelligence algorithms is SpaceX’s Dragon spacecraft. It can handle all launch, docking, and handling activities without any human direction — though override capabilities are available if required.
Many technologies in existence today are automated — they repeat an action, but not all are autonomous — responding in an improvised manner to changing conditions. Machines with the sense of touch, sight, and the ability to optimize from gathered data can exponentially expand the number of tasks they can tackle.
Key Internal Audit Considerations for Artificial Intelligence
As we have seen across each of the four waves, the capabilities of AI and opportunities it presents are immense — but what does internal audit need to know about AI, and how can we position the function and organization to benefit? Here are four considerations for audit teams seeking to effectively audit artificial intelligence, as well as take advantage of this technology:
1. Know Your Data
With each artificial intelligence wave comes an abundance of additional data. Being mindful of where the data is, how it is constructed, how accessible it is, and how dependable it is will be pivotal in successfully auditing it and resolving how to appropriately manage any associated risk.
One common data-related issue is that when data used by AI algorithms is skewed to a narrow demographic, the results will also be skewed — thereby posing risks of varying degrees. To assist in the reduction of bias in data, responsibility tools are increasingly becoming available for development teams, with examples including Google’s Know Your Data, released in Beta earlier this year, and IBM’s AI Fairness 360.
2. Embrace New Technologies
Forward-thinking internal audit functions are open to emerging technologies, but you don’t need to jump in the deep end when trying to determine if AI will be a “value add”. Bring advanced technologies into the function where and when it makes sense.
Robotic Process Automation (RPA), a subcategory of artificial intelligence, is an example of a powerful tool that can aid in reducing time spent on repetitive tasks, freeing up auditors for activities that require more judgment and business acumen. CrossCountry Consulting has a helpful quick-start guide to implement RPA for Internal Audit that describes opportunities for embedding automation-enabled controls such as sampling risk and increasing audit frequency.
3. Adopt an “AI-Enabled” Mindset
The most successful organizations and functions don’t only behave differently, they think differently. In executing audits affiliated with artificial intelligence or in employing artificial intelligence empowered technologies, seek to be “AI-Enabled” — auditing and acting in a consistent manner where feasible, with operational approaches frequently evolving based on signals from resultant data.
Many companies find themselves employing artificial intelligence in siloed environments on a use-case-by-use-case level. With its visibility across the organization, internal audit is well positioned to be a key influencer and advocate for interdisciplinary collaboration. Internal audit will also benefit from increased collaboration and consistency in how teams develop AI across the organization to reduce audit complexity in the long run.
4. Stay in the Loop on AI
The U.S. Government Accountability Office (GAO) has released the federal government’s first artificial intelligence accountability framework, enabling non-experts to ask the right questions about AI systems and providing a practical guide laying out audit procedures to use when assessing AI. Another useful resource is The Institute of Internal Auditors’ Artificial Intelligence: Considerations for the Profession of Internal Auditing, which also provides guidance on internal audit’s role and an AI auditing framework.
By keeping abreast of AI-related news, resources, and frameworks created by subject matter experts, you can accelerate the introduction of artificial intelligence risk management practices and minimize all of the unpleasant bewilderment.
In conclusion, with scores of management teams now reevaluating how to more effectually apply audit resources and prioritize audit activities due to the COVID-19 pandemic, the need for internal audit teams to upskill and adapt has never been greater. In their 2021 Pulse of Internal Audit, The IIA noted that when adding headcount, 22% of respondents specified “Adding to the skillsets of my team” as the defining factor. Of these new skill sets, artificial intelligence will be a recurring theme for forward-looking internal audit functions seeking to help their organizations understand their AI-related risks and opportunities to drive business growth.