COSO, Deloitte offer AI risk management guide

The Committee of Sponsoring Organizations of the Treadway Commission has teamed up with Deloitte on a new guide to help organizations combine their risk management efforts with their artificial intelligence initiatives.

COSO and the Big Four firm released Realize the Full Potential of Artificial Intelligence on Wednesday, with advice on ways to combine the COSO Enterprise Risk Management framework with Deloitte’s "Trustworthy AI" framework to provide governance, risk management and oversight strategies and structures to help realize the potential of human beings working with AI technology.

The guidance comes at a time when AI has become a pervasive part of everyday life, showing up more and more whenever people try to write emails and documents, with the suggested wording and spelling appearing on-screen before they can finish typing in a complete thought, and messages being sent that often have little to do with what the writer intended to communicate. That can open up risks for an organization, as can controversial uses of AI that seem to erode privacy and legal protections, and accountants may be able to help organizations deal with setting up the necessary controls.

“AI is still in the early stages of its evolution,” said COSO chairman Paul Sobel. “We are trying to focus on helping companies think beyond just a single AI implementation or project and think more holistically about the governance they need over AI in general, and how to make sure that it links with strategies and business objectives. It does create some new and different risks.”

COSO chairman Paul Sobel speaking at an Institute of Internal Auditors conference
COSO chairman Paul Sobel

Some of the possible risk factors can include cybersecurity, data risks, bias and ethics. In one survey, Deloitte found that 62% of the respondents have significant concerns about cybersecurity vulnerabilities, but only 39% are addressing those risks. The report recommends that the various risks associated with AI projects should be reviewed with senior management and the board of directors of an organization.

“The guidance isn't intended to give people specifics of the exact risks you face and exactly what you need to do because everybody’s going to implement an AI application in a different way,” said Sobel. “It’s intended to be more about how you apply those components and the principles from the ERM framework to make sure the board understands their role, executives understand their role and all the individuals who are part of it can apply risk management thinking to it.”

AI and accounting

Accountants are increasingly turning to AI technology — whether they know it or not — to speed the processing of routine tasks, but they need to be aware of the risks. “Accountants may actually rely on artificial intelligence for some of the transactional processes of the past,” said Sobel. “It’s not necessarily going to change the accounting of the financial reporting per se, but it will change how accounting processes are conducted, which will free up time to focus on more analysis and decision-making.”

Auditing software is becoming more reliant on AI technology to help spot unusual transactions that can be flagged for closer review by auditors.

“You could probably use AI to examine journal entries for anomalies that help you focus on the ones that really need attention,” said Sobel. “Payables and receivables systems will be able to develop AI. There can be a machine learning basis to evaluate whether there are any unusual provisions in smart contracts, and whether companies are fully complying with all the terms of the contracts.”

For reprint and licensing requests for this article, click here.
Technology Artificial intelligence Deloitte Audit
MORE FROM ACCOUNTING TODAY