AI Governance In Public Universities: Managing Risks In The Era Of Automation | INTERNAL AUDIT DEPARTMENT
» ARTICLE » AI Governance in Public Universities: Managing Risks in the Era of Automation

AI Governance in Public Universities: Managing Risks in the Era of Automation

By: Mohd Azis Abdullah

 

The use of Artificial Intelligence (AI) in Public Universities (UA) is no longer just an experimental project; instead, it has become an integral part of daily operations. From student admission screening systems to research assistance tools, AI offers various advantages to the academic world.

However, reliance on this technology also brings new risks. This is where AI Governance plays a crucial role. The Internal Audit function in Public Universities must now act as a strategic advisor to ensure that AI is used safely, ethically, and in compliance with regulations.

Here are the four focus areas for Internal Audit when evaluating AI systems in universities:

 

  1. Ensuring Data Integrity (The "Garbage In, Garbage Out" Principle)

The effectiveness of AI systems heavily relies on the quality of the data they receive. If the data used to train the system is inaccurate or incomplete, the resulting decisions will inevitably be flawed. For instance, if a student performance forecasting system uses records containing errors, the university's subsequent interventions or assistance will be ineffective.

Internal Audit's Role: Auditors must review the university's data governance. This includes ensuring that data is collected accurately, stored securely, and free from any manipulation before being processed by AI systems.

 

  1. Addressing Algorithmic Bias (Model Bias)

As institutions that uphold fairness, Public Universities must ensure that AI decisions are unbiased. Sometimes, AI systems can "learn" discrimination from historical records. For example, an automated scholarship screening system might inadvertently reject candidates from specific backgrounds or geographical areas simply due to historical data patterns.

Internal Audit's Role: Auditors should assess whether the AI systems in use are transparent about how they make decisions. Audit also needs to ensure that the university conducts regular testing to detect and rectify any elements of bias to guarantee fairness.

 

  1. Protecting Intellectual Property and Preventing Plagiarism

In the academic world, the authenticity of work and intellectual property are the most valuable assets. The use of Generative AI tools outside the University's official digital environment (third-party AI applications not subscribed to by the University) by staff and students carries the risk of leaking operational, financial, teaching, and research data.

Internal Audit's Role: Auditors need to ensure that the university has clear and updated policies regarding the use of AI in operational management, teaching, and research.

 

  1. Ensuring Privacy Compliance and Data Protection

Universities store massive amounts of personal data, encompassing students' academic records, financial data, and staff information. Using AI to process such large-scale information risks violating privacy laws, such as the Personal Data Protection Act (PDPA), if not managed carefully.

Internal Audit's Role: Auditors must ensure that AI systems are built with privacy protection in mind from the outset (privacy by design). This includes ensuring that personal data is appropriately anonymized before being utilized by AI and that data owners' consent is legally obtained.

 

Conclusion

The era of automation compels the Internal Audit function to transition from traditional auditing methods to a more proactive approach. By comprehensively evaluating AI Governance, Internal Audit not only protects the university from financial, legal, and reputational risks, but also ensures that AI technology drives national academic excellence safely and with integrity.

 

References:

  • The Institute of Internal Auditors (IIA). (2024). Global Internal Audit Standards (GIAS).
  • International Organization for Standardization. (2023). ISO/IEC 42001: Information Technology - Artificial Intelligence Management System.
  • Personal Data Protection Act 2010 (Act 709), Malaysia.
  • (2024). AI Governance and Risk Management in Higher Education.

 

Date of Input: 29/06/2026 | Updated: 29/06/2026 | muhammad.isam

MEDIA SHARING

INTERNAL AUDIT DEPARTMENT
Universiti Putra Malaysia
43400 UPM Serdang
Selangor Darul Ehsan
03-9769 1346
03-9769 6176
X, (02:26:38pm-02:31:38pm, 04 Jul 2026)   [*LIVETIMESTAMP*]