As organizations increasingly integrate generative AI into their financial reporting processes, important questions arise: when and how to invest in the right technology that can impact the speed of transformation and the capabilities of each organization. Given these changes, how can audit committees effectively fulfill their oversight responsibilities?
This year's CAQ joint survey of audit committees found that 20% of respondents perceive audit committees to have primary oversight of artificial intelligence governance. As companies explore the transformative potential of artificial intelligence, the role of audit committees is expanding and taking on new oversight responsibilities.
CAQ has published Audit Committee Oversight in the Age of Generative AI as a resource for audit committees navigating these uncharted waters.
Audit committee role
Gen AI's potential to transform business processes, including financial reporting, creates exciting opportunities to improve efficiency, generate new content, and gain better insights. However, this technology is not without risk, and audit committees can play a critical role in overseeing the governance of generational AI and understanding the implications for a company's financial reporting and internal control over financial reporting and external audit. Audit committees are well-positioned to provide effective oversight given their experience in financial reporting, corporate risk management, and other emerging topics.
What is Generational AI?
Audit committees of companies implementing gen AI should have a basic understanding of how gen AI works and the potential benefits and risks of its use. Gen AI is a subset of AI based on probabilistic technologies that can create content such as text, images, audio, and video in response to user prompts. Gen AI creates responses using algorithms trained on open source information such as text and images from the internet. AI chatbots such as ChatGPT and Copilot are well-known examples.
Audit committees should recognize that the probabilistic nature of Gen AI is an important distinction from other technologies that may have been used historically in a company's financial reporting process. To this end, Gen AI technology is particularly useful for tasks that require creativity and diversity of responses, such as the generation of new content and information, but do not always provide reliable or reproducible output. Rather than acting like a search engine that searches for facts in training data, Gen AI technology creates new text that is consistent and human-like. Therefore, human oversight will be required to ensure the accuracy of the information generated by Gen AI.
management supervision
The primary focus of audit committee oversight will likely be management's approach to generational AI oversight and governance. Establishing policies and procedures for acceptable use of gen AI and assigning responsibility for the technology is the foundation for successfully managing the use of gen AI across the enterprise. To facilitate conversations with management, the audit committee may consider asking questions such as:
- Does the company have the expertise needed to select, develop, deploy, and monitor genetic AI technology?
- What are the company's goals and success criteria associated with implementing Gen AI technology? Is Gen AI technology intended to enhance or automate existing processes?
- Who within the company (individual or group) is responsible for overseeing the use of gen AI?
- Has management established a policy regarding the acceptable and ethical use of genetic AI?
- Does the company have a process to track and monitor use of gen AI across the company, including use by third-party service providers?
- How does the company track risks arising from the use of Gen AI technology and mitigation of responses?
Data privacy and security is also likely to be a key focus for audit committees. Maintaining the confidentiality of corporate data, especially data used in financial reporting processes, should be a top consideration when selecting Gen AI technologies and developing policies regarding the acceptable use of those technologies. Additionally, the use of Gen AI technology may introduce new cybersecurity risks to businesses. To protect against malicious threats, appropriate safeguards must be implemented.
Through the audit committee's oversight of the financial reporting process, the audit committee must also understand how Gen AI technologies are integrated into related processes, how those technologies are selected, tested, and monitored, and how the company provides training and guidance to employees to promote consistent and effective use.
Supervision of external auditors
The audit committee's oversight of external auditors is one of its core responsibilities and directly contributes to audit quality. An active and engaged audit committee engages in open dialogue with external auditors on matters important to the audit. This may include discussions to understand how a company's use of genAI in its financial reporting process and internal control over financial reporting impacts auditors' risk assessments and planned audit approaches.
Audit committees can use some of the following questions to better understand how the auditor plans to respond to the company's use of genAI.
- What experience do engagement partners and other senior engagement team members have with Gen AI technology? Can the company supplement the engagement team's expertise as needed (e.g., by bringing in qualified experts)?
- How do auditors understand the impact of the company's use of Gen AI technology on financial reporting?
- How was the impact of the company's use of gen AI technology considered in the auditor's risk assessment process?
- Will a company's use of gen AI technology have a significant impact on its planned audit scope?
- Did the auditor identify any fraud risks associated with the company's use of gen AI technology? How did the auditor address such risks in the audit?
Audit committees play a key role when it comes to the transformative power of Gen AI and its integration into financial reporting processes. Effective oversight by a strong, active, knowledgeable, and independent audit committee significantly advances our collective goal of providing high quality and reliable financial information to the capital markets.
For more information on how audit committees can effectively exercise their oversight responsibilities related to the use of generative AI, please see our resource Audit Committee Oversight in the Age of Generative AI.
