Untitled
Internal auditors are confronting a growing, under‑examined risk: AI hallucinations, which manifest as factual errors, fabricated citations, or flawed reasoning. Recent court sanctions against lawyers who relied on generative AI illustrate the tangible legal and financial fallout of unchecked outputs. The article outlines a three‑line governance model—inventory, verification, and data‑foundation checks—to ensure AI‑driven decisions are both accurate and auditable. It also maps emerging regulatory expectations from the EU AI Act, NIST AI RMF, ISO standards, and IIA guidance, positioning internal audit as the key assurance function.
U.K. Audit Regulator Launches New Supervisory Model
The UK Financial Reporting Council (FRC) unveiled a revamped audit supervisory model that pivots from individual audit checks to assessing firms' Systems of Quality Management (SoQM). The risk‑based, proportionate framework adds targeted follow‑up, thematic reviews and new enforcement tools slated...
Building Risk Reflexes for Stronger, Faster, Smarter Internal Audit
Internal audit faces mounting pressure as risk environments become more complex and CEOs rate risk management over 50% more important. Gartner highlights a widening risk confidence gap—88% of owners are motivated but only 35% feel capable. To close this gap,...
Model Drift: When AI Models Lie and What Internal Audit Must Do About It
Model drift—gradual degradation of AI performance—poses a hidden risk that can silently erode business outcomes. The article breaks drift into three forms: data drift (changing inputs), concept drift (shifting relationships), and output drift (altered score distributions). Regulators, courts, and boards...
The Internal Auditor of the Future
The article argues that internal audit functions must evolve from compliance‑centric, manual processes to outcome‑based, technology‑enabled roles. Auditors are expected to align KPIs with business results, oversee both financial and non‑financial data, and become fluent in AI and data governance....
What Internal Audit Needs to Know About Zero Trust Architecture
Zero Trust Architecture (ZTA) is reshaping security by demanding continuous verification of users, devices, and connections rather than trusting network perimeters. Internal auditors must evaluate ZTA implementations against standards such as MFA enforcement, least‑privilege access, micro‑segmentation, and immutable logging to...
New Study Finds More Synergy Between Internal Audit and Risk Management
A new report by the Internal Audit Foundation, Baker Tilly and Wolters Kluwer TeamMate finds growing synergy between internal audit and risk management. Survey data show 32% of audit leaders now participate in second‑line activities, with ERM involvement rising to...
AuditBoard Unveils New Identy, ‘Optro,’ as AI Transforms GRC
AuditBoard announced it has rebranded as Optro, positioning the company as an AI‑powered governance, risk, and compliance (GRC) platform. The new identity highlights a shift toward proactive, agentic AI that offers continuous risk foresight across audit, risk, infosec, and compliance...
Six Critical Dimensions for Auditing IRRBB Models in Banking
In the post‑Basel III era, interest‑rate risk in the banking book (IRRBB) has become a primary source of earnings and capital volatility for banks. The Basel framework mandates independent audit of IRRBB measurement processes, placing internal audit as the third line...
How Quality Management Assures Value and Builds Trust for Internal Audit
Chief audit executives now face heightened board expectations for assurance that delivers strategic clarity. The Global Internal Audit Standards mandate a Quality Assurance and Improvement Program, yet fewer than half of CAEs trust their current QAIP to boost audit quality....
IIA Calls on Congress to Modernize SOX Act
The Institute of Internal Auditors (IIA) has issued a policy paper urging Congress to modernize the Sarbanes‑Oxley Act. It recommends formally defining internal audit within the law, updating compliance expectations for Sections 302 and 404, and strengthening coordination between internal...
COSO Releases New Guidance on Internal Controls for Generative AI
COSO released "Achieving Effective Internal Control Over Generative AI (GenAI)", a guidance that aligns its Internal Control‑Integrated Framework with the unique risks of generative AI. The publication translates the five COSO components into concrete controls for eight GenAI capability types...
Report: Internal Auditors Skeptical of Ability to Respond to AI Fraud
A joint Internal Audit Foundation and AuditBoard survey of 373 senior audit leaders shows that while AI‑enabled fraud is widely recognized as a growing risk, only four in ten auditors feel their functions are prepared to detect or respond to...
Change Agents: Internal Audit’s Role in Organizational Transformation
Internal audit has evolved from a compliance watchdog to a strategic partner driving organizational transformation. Auditors now embed in steering committees, use real‑time risk mapping, and apply AI‑powered tools to ensure changes align with long‑term goals. Modern audit platforms automate...
When Data Moves, Risk Moves with It: The Hidden Challenges of Warehousing Data
The episode explores how moving data into modern warehouses and lakes introduces hidden risks that go beyond technical challenges, emphasizing governance, data quality, and transformation controls. It highlights that inconsistencies in source systems, ambiguous definitions, and poorly documented transformation logic...