Risks of intelligent automation and their impact on internal audit
Kovanen, Anni (2020)
2020
Kauppatieteiden maisteriohjelma - Master's Degree Programme in Business Studies
Johtamisen ja talouden tiedekunta - Faculty of Management and Business
This publication is copyrighted. You may download, display and print it for Your own personal use. Commercial use is prohibited.
Hyväksymispäivämäärä
2020-05-20
Julkaisun pysyvä osoite on
https://urn.fi/URN:NBN:fi:tuni-202004294595
https://urn.fi/URN:NBN:fi:tuni-202004294595
Tiivistelmä
New technologies are driving transformative changes in all industries. Organizations are adopting new technologies seeking more efficiency and ways to capture value. The role of risk management as a part of organization's decision-making process is emphasized especially now when organizations are facing increasing uncertainty due to the opportunities and risks presented by new technology. Also, increasing uncertainty makes regulatory environment more complex and increases requirements of reporting organizational risks to external stakeholders.
Emerging technologies bring significant opportunities, which sometimes can overshadow their risks. Emerging technologies can complicate existing risks and create risks that organizations have not experienced before. To reach the full potential of technology investments, organizations are seeking new ways to manage their risks. One of the technologies transforming businesses in all industries is artificial intelligence, which can be combined with Robotic process automation.
Robotic process automation (RPA) alone can have significant impacts to organization’s processes but has certain limitations. RPA can only automate specific rule-based tasks. When artificial intelligence capabilities are added to RPA, organizations are able to automate entire workflows. Artificial intelligence capabilities combined to RPA is called intelligent automation. With intelligent automation, predictions and decisions requiring human perception can be automated. Opportunities are clear but intelligent automation creates new kind of risks.
As organizations are seeking new ways to manage risks of intelligent automation, internal audit faces need to develop as well. In general, development of internal audit, the third line of defense, is actual topic. Especially opaque nature of intelligent systems makes understanding them more difficult and artificial intelligence is often referred as “black box”. The objective of this research is to find out the key risks intelligent automation creates to organizations, what kind of challenges they pose to internal audit and what can internal audit do to keep up and stay relevant. The research is multi-method research, consisting expert interviews as qualitative method and survey as quantitative method.
Based on the interviews and survey conducted, five most relevant risk categories were identified. They are technology risks, cyber-risks, people related risks, risks related to strategy of intelligent automation and risks related to design and implementation of intelligent automation. Many of the key risks of intelligent automation are related to competence gaps in organization, increased reliance in intelligent systems and opacity of algorithmic decision-making. In addition, the big amounts of data used by intelligent automation and new access points it crates make cyber-risks relevant especially concerning this technology.
The key challenges, which risks of intelligent automation forces internal audit to face are increasing competence requirements, internal audits role and position in intelligent automation adoption and methods monitoring and auditing intelligent automation. Four key ways to tackle these challenges are improving internal audit’s competences when possible, flexible resourcing models and internal audit’s early involvement in intelligent automation adoption process. Based on the interviews and survey conducted, increased competence requirements is the biggest challenge to internal audit, especially in small internal audit organizations. In addition to technical skills required, internal auditors should have adequate understanding of many other aspects of intelligent automation, like regulation and ethicality questions.
Emerging technologies bring significant opportunities, which sometimes can overshadow their risks. Emerging technologies can complicate existing risks and create risks that organizations have not experienced before. To reach the full potential of technology investments, organizations are seeking new ways to manage their risks. One of the technologies transforming businesses in all industries is artificial intelligence, which can be combined with Robotic process automation.
Robotic process automation (RPA) alone can have significant impacts to organization’s processes but has certain limitations. RPA can only automate specific rule-based tasks. When artificial intelligence capabilities are added to RPA, organizations are able to automate entire workflows. Artificial intelligence capabilities combined to RPA is called intelligent automation. With intelligent automation, predictions and decisions requiring human perception can be automated. Opportunities are clear but intelligent automation creates new kind of risks.
As organizations are seeking new ways to manage risks of intelligent automation, internal audit faces need to develop as well. In general, development of internal audit, the third line of defense, is actual topic. Especially opaque nature of intelligent systems makes understanding them more difficult and artificial intelligence is often referred as “black box”. The objective of this research is to find out the key risks intelligent automation creates to organizations, what kind of challenges they pose to internal audit and what can internal audit do to keep up and stay relevant. The research is multi-method research, consisting expert interviews as qualitative method and survey as quantitative method.
Based on the interviews and survey conducted, five most relevant risk categories were identified. They are technology risks, cyber-risks, people related risks, risks related to strategy of intelligent automation and risks related to design and implementation of intelligent automation. Many of the key risks of intelligent automation are related to competence gaps in organization, increased reliance in intelligent systems and opacity of algorithmic decision-making. In addition, the big amounts of data used by intelligent automation and new access points it crates make cyber-risks relevant especially concerning this technology.
The key challenges, which risks of intelligent automation forces internal audit to face are increasing competence requirements, internal audits role and position in intelligent automation adoption and methods monitoring and auditing intelligent automation. Four key ways to tackle these challenges are improving internal audit’s competences when possible, flexible resourcing models and internal audit’s early involvement in intelligent automation adoption process. Based on the interviews and survey conducted, increased competence requirements is the biggest challenge to internal audit, especially in small internal audit organizations. In addition to technical skills required, internal auditors should have adequate understanding of many other aspects of intelligent automation, like regulation and ethicality questions.