IIA Offers Guidance on AI Action Plan
The IIA underscored the need to establish well-defined and balanced safeguards for AI applications, highlighting the substantial impact this technology will have on Americans.
The Institute of Internal Auditors submitted a comment letter in response to the U.S. Office of Science and Technology Policy (OSTP)’s request for information titled “Development of an Artificial Intelligence Action Plan.”
In the letter, the IIA reiterated the value of clear and measured safeguards governing AI applications, emphasizing the significant implications for people throughout the country.
Specifically, the IIA noted that “a thorough AI Action Plan must also highlight the importance of governance, internal controls, and risk management” to help organizations that employ AI.
Additionally, the letter stated that “a critical element of any robust risk management assessment – and one the IIA proposes should be recognized in the AI Action Plan – is the complementary position of an organization’s internal audit function. An internal audit team, following the Global Internal Audit Standards, provides independent assurance over AI-related risk management and internal control processes to an organization’s governing body.”
The IIA advocates that the AI Action Plan enable the private sector to fulfill assurance responsibilities through internal audit, rather than “establish a conventional regulatory framework designating one government agency to audit AI operations.”
As OSTP explores policy options to enhance U.S. leadership in AI, the internal audit community is uniquely suited to foster transparency and accountability within the private sector.
With this in mind, the IIA requested that OSTP address the following considerations in the AI Action Plan:
1) Recognize the Importance of AI Risk Management and Governance: The IIA endorses stronger policy emphasis on effective risk management and governance mechanisms to guide the use of AI in business processes.
2) Strengthen Internal AI Oversight: Implement assurance frameworks led by internal audit to evaluate an organization’s AI-related internal controls, risk management, and governance. A capable internal audit function will bolster independent oversight efforts and enhance consumer trust.
The IIA is grateful for OSTP’s review of these recommendations on behalf of the internal audit profession and looks forward to maintaining a constructive dialogue on this vital topic for all Americans.