4.2 AI model audit
Level: Intermediate
Machine learning is increasingly being integrated into business operations, bringing with it a host of new risks and controls that must be considered by internal auditors as well as management.
One natural key area of interest is the IT general controls, such as change management, logical security, and incident management. These controls help to ensure a robust implementation of machine learning technology into the environment, as well as protect the integrity and reliability of the systems and processes that use and support AI operations.
Of course, auditors must also consider the process by which management integrates machine learning into business operations. This includes evaluating the selection and design of the machine learning models, as well as the data used to train and test them. Auditors must also assess the controls in place to monitor and manage model performance over time, including the handling of model drift. There are many new areas to consider over traditional “rules-based” technologies, that sometimes get overlooked.
This presentation dives into the range of risk and control considerations from both the technology and business standpoints when implementing and managing a business process that include a machine learning component.