Professional Documents
Culture Documents
ChatGPT
for Internal
Auditors
Use cases, sample prompts, and key
considerations when using Natural
Language Processing tools.
Use Cases. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
• Example 1: General Audit Plan. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
• Example 2: General Audit Plan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
• Example 3: Structure Unstructured Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
• Example 4: Write Your Audit Report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Introduction
By November 2023, over 100 million people can internal auditors. This AI 101 guide will
globally were regularly using ChatGPT. provide novice AI users with use cases and
Businesses and individuals have praised the recommendations for how they can incorporate
AI tool for its ability to save time spent on ChatGPT-style tools into their practice.
manual, time-consuming activities, using However, as with any technology, there are
it for everything from writing emails and both risks and rewards — and the potential risks
summarizing documents to developing code, associated with publicly available tools cannot
Excel shortcuts, and PowerPoint presentations. be overlooked. As always, internal auditors
Because of these and other benefits, should remain vigilant about the inherent risks
organizations across all professions and and diligent about the controls in place to avoid,
industries are using ChatGPT and other Natural share, accept, or mitigate those risks.
Language Processing (NLP) tools — and so
Actual ChatGPT 4.0 Response: Auditing the appropriate • Testing and Calibration: Ensure rigorous testing
use of artificial intelligence (AI) within an organization is a and calibration of models before deployment
relatively new but increasingly important frontier. Given and periodically thereafter.
The IIA’s standards for internal auditing, a Chief Audit • Model Documentation: Review documentation
Executive (CAE) should consider the following components for thoroughness — including assumptions made,
when developing an audit plan for AI: data sources, algorithms used, and decision
rationales.
1. Risk Assessment:
• Identification of AI Systems: Catalog all AI-driven 5. Transparency and Explainability:
systems and applications in the organization.
• Interpretability: Check if the AI model’s
• Risk Prioritization: Evaluate the criticality and decisions can be explained and understood
potential impact of each AI system on the by stakeholders. This is especially crucial for AI
organization. Systems with higher potential systems used in decision-making that affects
impact (financial, operational, reputational) individuals, like hiring or loan approvals.
should receive priority.
4. Conduct Statistical Analysis: • Check if these measures align with best practices
and industry standards.
• Use statistical tools to identify patterns in the
data. For instance, disproportionate outcomes
9. Review Documentation and Transparency:
for certain groups might indicate bias.
• Ensure that there’s comprehensive
• Consider using fairness-enhancing interventions documentation about the AI model’s
and techniques to mitigate identified biases in development, training, objectives, and any known
data. limitations. This can help provide context and
might highlight areas where bias was introduced.
5. Test the Model:
• Check if explanations for AI decisions (especially
• Use adversarial testing: Intentionally input data
those impacting individuals) are clear,
that challenges the AI model to see if it produces
understandable, and free from bias.
biased outcomes.
• Compare model decisions across different 10. Stakeholder Feedback:
groups to identify any disproportionate impacts. • Engage with end-users and those affected by
For instance, compare approval rates between the AI decisions. Feedback from these groups
different ethnic or gender groups. can provide valuable insights into perceived and
actual biases.
6. Review Model Training and Development:
• Understand the objectives and optimization 11. Continuous Monitoring:
criteria of the AI model. If a model is optimized • Bias detection is not a one-off activity. Regularly
for profit maximization without fairness audit and monitor the AI model’s decisions to
constraints, it may produce biased outcomes. ensure that biases do not creep in over time.
• Examine the model’s feedback loops. If a model
is continually learning from biased decisions, it 12. Report and Recommend:
can reinforce and exacerbate those biases. • Document findings, potential risks, and provide
recommendations for rectification. Ensure that
7. Engage External Experts: senior management is aware of any significant
• Consider bringing in third-party experts risks related to bias.
specializing in AI fairness and bias to review • Advocate for training and awareness programs
the model and its outcomes. This can provide within the organization to ensure everyone
an objective perspective and validate internal understands the importance of unbiased AI
findings. systems.
2. Data Segmentation:
• Segment the data based on various
Actual ChatGPT 4.0 Response: Analyzing data for inherent
demographics and analyze each segment to
biases is a crucial step in ensuring fairness and ethical
identify disparities.
use of AI systems. Here are questions to ask and steps to
take for a thorough analysis: • This helps in understanding how different groups
are represented and treated in the dataset.
Questions to Ask
1. Is the Data Representative? 3. Bias Detection Algorithms:
• Does the dataset adequately represent all groups, • Use specialized algorithms designed to detect
especially those that are historically marginalized biases in datasets.
or underrepresented? • Tools and frameworks for fairness assessment
• Are there any groups that are overrepresented or (like IBM’s AI Fairness 360, Google’s What-If Tool)
underrepresented? can be helpful.
5. Data Labeling:
• Who labeled the data, and what criteria were
used?
• Could there be subjective biases in how data was
categorized or labeled?
Disclaimer
The IIA publishes this document for informational and educational purposes. This material is not
intended to provide definitive answers to specific individual circumstances and as such is only intended
to be used as a guide. The IIA recommends seeking independent expert advice relating directly to any
specific situation. The IIA accepts no responsibility for anyone placing sole reliance on this material.
Copyright
Copyright © 2023 The Institute of Internal Auditors, Inc. All rights reserved. For permission to reproduce,
please contact copyright@theiia.org.
IIA Headquarters
1035 Greenwood Blvd., Suite 401
Lake Mary, FL 32746 USA