By: Mohd Azis Abdullah
The use of Artificial Intelligence (AI) in Public Universities (UA) is no longer just an experimental project; instead, it has become an integral part of daily operations. From student admission screening systems to research assistance tools, AI offers various advantages to the academic world.
However, reliance on this technology also brings new risks. This is where AI Governance plays a crucial role. The Internal Audit function in Public Universities must now act as a strategic advisor to ensure that AI is used safely, ethically, and in compliance with regulations.
Here are the four focus areas for Internal Audit when evaluating AI systems in universities:
The effectiveness of AI systems heavily relies on the quality of the data they receive. If the data used to train the system is inaccurate or incomplete, the resulting decisions will inevitably be flawed. For instance, if a student performance forecasting system uses records containing errors, the university's subsequent interventions or assistance will be ineffective.
Internal Audit's Role: Auditors must review the university's data governance. This includes ensuring that data is collected accurately, stored securely, and free from any manipulation before being processed by AI systems.
As institutions that uphold fairness, Public Universities must ensure that AI decisions are unbiased. Sometimes, AI systems can "learn" discrimination from historical records. For example, an automated scholarship screening system might inadvertently reject candidates from specific backgrounds or geographical areas simply due to historical data patterns.
Internal Audit's Role: Auditors should assess whether the AI systems in use are transparent about how they make decisions. Audit also needs to ensure that the university conducts regular testing to detect and rectify any elements of bias to guarantee fairness.
In the academic world, the authenticity of work and intellectual property are the most valuable assets. The use of Generative AI tools outside the University's official digital environment (third-party AI applications not subscribed to by the University) by staff and students carries the risk of leaking operational, financial, teaching, and research data.
Internal Audit's Role: Auditors need to ensure that the university has clear and updated policies regarding the use of AI in operational management, teaching, and research.
Universities store massive amounts of personal data, encompassing students' academic records, financial data, and staff information. Using AI to process such large-scale information risks violating privacy laws, such as the Personal Data Protection Act (PDPA), if not managed carefully.
Internal Audit's Role: Auditors must ensure that AI systems are built with privacy protection in mind from the outset (privacy by design). This includes ensuring that personal data is appropriately anonymized before being utilized by AI and that data owners' consent is legally obtained.
Conclusion
The era of automation compels the Internal Audit function to transition from traditional auditing methods to a more proactive approach. By comprehensively evaluating AI Governance, Internal Audit not only protects the university from financial, legal, and reputational risks, but also ensures that AI technology drives national academic excellence safely and with integrity.
References:
Date of Input: 29/06/2026 | Updated: 29/06/2026 | muhammad.isam

Tingkat 2,
Blok F, Bangunan Sekolah Perniagaan dan Ekonomi(SPE),
Jalan Persiaran Tulang Daing,
Universiti Putra Malaysia,
43400 Serdang.