Companies are integrating use of AI across the business.
As companies’ use of AI in product and service offerings, production, sales and distribution, maintenance and quality control expands, AI will have an ever greater impact upon a company’s financial results and reporting. For example, the use of machine learning and data analytics in FP&A activities promises to have a significant impact on management’s investment decisions across product lines, research and development, go-to-market approaches and staffing levels. To make sound decisions, management must understand where and how AI is being used, the underlying assumptions and data used to train the models, why a particular model has been chosen, how often the models must be retested and retrained, and the realistic predictive value (or limit) of the tools. Few FP&A personnel today possess the technical skills that will be critical to success in a predictive analytics/AI-driven world.
The company’s financial statements reflect its performance in a given time period and typically include comparisons with a prior period. In the US, for example, management must discuss and analyse present and past financial results in securities filings. As AI increasingly affects financial performance, management will face greater complexity in assuring financial statement integrity and providing transparent disclosure to investors, employees and other stakeholders. Transparency will influence the model selection, as it will not be acceptable for management to be unable to explain how, why or what underpins material decisions or how a particular AI-driven outcome is consistent with the company’s business strategy. Therefore, understanding the ways in which AI is deployed within an organization is increasingly critical to understanding financial statements. To discharge its oversight responsibilities, the Audit Committee must satisfy itself that management has taken the appropriate steps to ensure that the use of AI has not compromised financial statement integrity.
Internal audit functions are increasingly implementing AI to support legal compliance, detect fraud and mitigate risk.
A recent survey of internal audit stakeholders indicated that 13% of respondents have already implemented AI solutions as part of their internal audit process, while another 16% have plans to do so. Within the internal audit function, companies are using AI to collect, analyse and act upon massive amounts of data to help ensure legal compliance, detect fraud and mitigate risk. However, the efficacy of AI in each of these use cases relies on the availability and quality of the required data and the ability of the internal audit staff to review, analyse and make sense of the results. Internal audit heads will need to work to gather the necessary data in a form that is compatible with the AI tools being used to ensure the intended outcomes are reliably achieved. Initially, the use of AI in internal audit operations will entail little more than the application of statistical models and human-supplied thresholds. As internal auditors become more comfortable with applied data science, they will use ever more complex algorithms and data sources. To succeed, internal audit and legal staff will require appropriate training and skills to understand the tools, the inputs, the limitations and the meaning of the outputs with respect to legal compliance and fraud detection/prevention.
External auditors are expected to rapidly integrate AI into all parts of the audit process.
In recent years, each of the Big Four accounting firms has announced initiatives to integrate AI tools into the audit process. For instance, auditors are now using natural language AI tools to extract important terms from lease agreements and other contracts to significantly decrease the amount of time that audit staff spends reviewing such contracts. These terms are critical to determining when income and expense may be recognized for income-statement and balance-sheet purposes. Audit Committee members are ultimately responsible for overseeing the qualifications of the independent auditors, the auditor’s audit plan and the performance of the audit. Therefore, the Audit Committee needs to understand the extent to which management and the independent auditors use AI tools in the preparation of financial statements, in the audit process and in the submission of periodic financial reports and filings required under applicable securities laws.
Recommendations for responsible Audit Committee oversight of AI:
Become and remain educated on AI developments that may affect the company’s business, its financial reporting, data usage, transfer, and storage, risks, benefits and ethical considerations (such as using this toolkit).
Require that the Audit Committee receives periodic reports from management regarding the company’s use of AI.
- Discussions with management should focus on: 1) a framework for governance of and decision-making relating to AI; 2) oversight, quality and accountability of AI tools; 3) risks to the company in connection with the use of AI; and 4) the impact of AI on financial performance.
Be aware of the costs and benefits of implementing AI solutions, especially as compared to other options available.
Encourage internal audit personnel to evaluate potential AI tools and provide sufficient resources to ensure successful implementation.
Regularly discuss the implementation and accountability of AI as part of the audit process with external auditors.
- Discussions should focus on maintaining human oversight of the audit process, identifying areas in which AI is/is not appropriate, measures and controls to ensure that AI achieves its intended purpose and does not cause unintended harm.
Discuss and understand how the use of AI intersects with the company’s data policies, legal requirements and other business conduct rules.
Continue to revise AI governance standards and procedures in light of evolving business conditions and AI technologies.
- This will require Audit Committee members to remain informed about developing AI technologies both in the company’s industry and in the audit field.
Monitor legal and regulatory developments relating to AI, data and privacy.
Recognize that the Audit Committee is ultimately responsible for assisting the board in overseeing management in its preparation of accurate and complete financial statements, as well as the qualifications, independence and performance of the company’s external auditors.
- Request from management a periodic report on current or anticipated use(s) of AI within the company that: a) assist internal audit functions; b) assist external audit functions; and c) indirectly affect the company’s financial reporting and results. Consider commissioning an annual tutorial on available tools. (See Discussion guide, above)
- Consider company-specific guidelines for any AI tools that do or could affect financial statements and/or financial reporting, including standards for vendors and outside auditors who use such tools. Such guidelines might include data policies, accuracy targets, ethical standards and safeguards, reporting and transparency requirements, the capacity to interrogate results, updating requirements and so forth.
- Set up a regular agenda item for [every] Audit Committee to review the current and upcoming uses of AI within the company, including a review of any problems or challenges that have arisen with respect to such usage.
- Request regular reports from management on the deployment and development of AI tools within the company insofar as they affect the audit function.
- Request regular reports from the legal function to obtain an understanding of prevailing legal requirements and standards with respect to the use of AI, which may differ from jurisdiction to jurisdiction, and which may change over time.
- Require that the company’s code of conduct or equivalent policies include clear statements regarding the company’s commitment to the ethical use of AI in the company’s business.