Internal auditors 'flying blind' on AI risks - report
A major disconnect between artificial intelligence (AI) understanding and risk assessment has been unveiled in a comprehensive new report examining the future of internal audit.
The “2025 Focus on the Future” report, released by AuditBoard, found that while 61% of internal audit leaders admit they lack AI expertise, they paradoxically ranked AI risks as their lowest concern among 14 key risk areas.
“This creates a significant credibility gap,” says Richard Chambers, former CEO of the Institute of Internal Auditors. “How can we assess AI risks if we don’t understand the technology?”
The findings become more concerning when compared to wider business trends. While 55% of organizations are actively implementing AI according to recent data, only 2-4% of internal audit departments report making substantial progress with AI implementation. Around half have made no effort at all.
The report reveals a profession struggling to keep pace with technological change. Less than 1 in 10 audit departments use AI in annual planning, while only 20% employ it in engagement planning or fieldwork. Perhaps most concerning, just 32% of audit leaders believe AI will significantly transform internal audit processes.
This hesitation to embrace AI comes despite mounting evidence of its importance. In a separate “Vision 2035” report cited in the study, 74% of internal audit professionals identified AI as crucial to the profession’s future. This disconnect between recognized importance and actual implementation suggests a profession at a crossroads.
Resource and Implementation Challenges
The study identifies several barriers to AI adoption in audit departments. Beyond the widely acknowledged lack of expertise, other key challenges include:
- Insufficient resources and budget constraints
- Concerns about data security and privacy
- Lack of clear organizational policies on AI use
- Uncertainty about regulatory requirements
Small audit teams face particular challenges, with 42% of departments with six or fewer staff members reporting significant difficulties in implementing new technologies.
The AI blind spot appears to be part of a broader pattern of misalignment between risk assessment and audit effort. The report identifies several areas where audit attention doesn’t match perceived risk levels:
- Economic conditions rank as the second-highest risk but receive the eleventh-highest audit effort
- Talent management ranks fifth in risk but thirteenth in audit coverage
- Traditional areas like fraud receive disproportionate attention despite lower risk rankings
Future Focus
The report outlines a comprehensive roadmap for audit departments looking to bridge the AI capability gap. At its foundation, investment in AI education and training for audit staff emerges as a critical first step. This doesn’t necessarily mean pursuing advanced technical qualifications – rather, departments should focus on building practical understanding of AI applications in audit contexts.
For departments just beginning their AI journey, the report recommends starting with proven AI applications in risk assessment. This approach allows teams to gain confidence with the technology while delivering immediate value. Examples might include using AI to analyse historical audit data, identify patterns in risk assessments, or automate routine documentation tasks.
Resources & Whitepapers
Accounting Software The power of customisation in accounting systems
Developing clear AI governance frameworks represents another crucial element of the transformation process. These frameworks should outline how AI tools will be used, what safeguards need to be in place, and how results will be validated. The report emphasizes that such frameworks should be living documents, evolving as technology and organizational needs change.
Collaboration with IT departments emerges as a key success factor. Rather than viewing AI implementation as solely an audit initiative, successful departments are partnering with IT teams to leverage existing expertise and infrastructure. This collaborative approach not only accelerates implementation but also helps ensure alignment with organizational technology standards.
The report also stresses the importance of proactive AI risk monitoring. As organizations increasingly deploy AI solutions across different business functions, audit departments need to develop new monitoring approaches and risk indicators specific to AI systems. This includes considering aspects such as AI bias, decision transparency, and data quality.
Finally, the study emphasiaes the need to integrate AI considerations into broader audit planning. This means not only using AI as a tool within audit processes but also considering AI-related risks when planning audits of other business areas. As AI becomes more prevalent across organizations, this integrated approach will become increasingly important for effective risk management.
“Internal audit will unquestionably be transformed by AI’s impact,” Chambers notes. “Instead of burying our heads in the sand, we must embrace this opportunity to define our profession’s future.”
Broader Context
The findings come at a critical time for the profession. The report indicates that 35% of organizations don’t expect to fully implement new Global Internal Audit Standards by January 2025, suggesting broader challenges in adapting to change.
Moreover, with budget constraints affecting many departments (only 54% expect budget increases in 2025), the need to leverage technology to do more with less becomes increasingly important.
he report suggests the profession stands at an inflection point. As organisations rapidly adopt AI technologies, internal audit’s ability to provide meaningful oversight appears increasingly limited. This gap could become more pronounced as AI adoption accelerates and regulatory scrutiny increases.
“We can’t afford to pass up the opportunities we ourselves identify as central to our future,” concludes Chambers, highlighting the urgent need for change in the profession’s approach to AI.
The findings suggest that while the challenges of AI adoption are significant, the risks of inaction may be even greater. As organisations increasingly rely on AI for critical business processes, internal audit’s ability to understand and assess AI risks will become fundamental to effective risk management.
