Article Search :  Pn. Nurfarah Hanani Abdul Hamed (Pegawai Kewangan)

Article by : Sakthiswaran Rangaraju, CIA, CISA, CDPSE, CISSP 

Source : https://internalauditor.theiia.org/en/articles/2024/february/online-exclusive-reporting-transformed/

 

The recent emergence of Generative Pre-trained Transformer (GPT) models such as OpenAI’s ChatGPT is a significant development. GPT’s ability to understand, predict, and generate human-like text has opened new frontiers in artificial intelligence (AI), making it a cornerstone technology that is reshaping a wide range of industries from health care to finance.

GPT models have rapidly evolved from their initial roles in simple text generation to becoming complex applications. Their ability to understand language and context, generate coherent and relevant text, and learn from vast amounts of data makes them ideal for tasks such as drafting internal audit reports.

A critical output of internal auditors’ assurance work, audit reports summarize key findings and identify risks needing remediation for the audit committee, executives, and senior leadership. However, writing these reports takes a significant amount of time.

This is where a GPT-powered service can revolutionize the process, offering efficiency and enhance analytical depth. GPT models, with their ability to understand and generate human-like text, can transform how audit reports are created and analyzed immensely. By training these models to identify patterns, anomalies, and insights from past audit reports, auditors can gain a powerful tool to enhance their work.

 

Creating an Internal Audit GPT Service

A GPT service is an AI-driven solution with a comprehensive set of features and capabilities designed for language processing. It is generally offered as a software as a service solution to help organizations leverage the power of advanced AI for various applications. The key features include text generation, conversational AI capabilities, and natural language understanding, which can be tailored to specific needs. Internal auditors can use services such as OpenAI or Azure Copilot to develop a new GPT service without having to write software code, by following a four-step process.

Step 1: Collect and Prepare Data. Practitioners should begin by gathering a substantial dataset of past internal audit reports and cleansing and formatting that data to ensure it is consistent and relevant. For easier processing, auditors should identify and tag key elements such as audit findings, recommendations, management responses, and follow-up actions.

Step 2: Select and Train Model. Selecting the right GPT model, such as GPT-4 or a similar variant, is crucial. Auditors should fine-tune the model with the prepared audit report dataset. This involves training the model to understand the specific language, format, and content typically found in audit reports within the specific organizational context.

Step 3: Develop Analysis Module. The analysis module should be capable of learning from the historical audit reports and providing insights. For example, it could identify commonly reported issues, track the status of past recommendations, and highlight areas that frequently pose risks. Natural language processing techniques will play a significant role in this module.

Step 4: Create Report Generation Module. This module will use the GPT model to assist in drafting audit reports. By feeding the model with data from current audits, it can generate draft reports that include findings, risk assessments, and recommendations, all in a coherent and professional language.

Step 5: Securely Deploy and Operate Service. Although it is easy to build custom GPT services, it is essential for internal auditors to understand how and where these applications store and process data to ensure security. GPT services are an emerging technology that could introduce new risks that should be addressed before they are deployed.  

 

Challenges and Considerations

Internal auditors should keep a few challenges and key considerations in mind while building custom GPT services.

Data Privacy and Security. 

Ensuring the confidentiality and security of audit data is paramount. The GPT service must comply with relevant data protection laws and organizational policies.

Data Integrity, Completeness, and Reliability. 

Internal auditors should ensure the training datasets are restricted to authorized users and adequately log and review any changes to ensure data integrity and reliability. Further, they should validate the completeness of the data to ensure reliability. The quality of output is based on the input data and the model training.  

Model Bias and Accuracy. 

Internal auditors should regularly scrutinize the model for biases and inaccuracies. They should continuously update the dataset and retrain the model to maintain its relevance and reliability.

User Training and Adoption. 

Auditors should be trained to effectively use the tool. Demonstrating how the tool will enhance audit quality and efficiency can encourage auditors to adopt it.

Risks. 

Internal auditors should understand the potential risks of using GPT tools in their organization. As GPT technology evolves, so are the threats and potential risks. Auditors should be aware of these risks and their potential impacts on their organizations.

Future Prospects

Integrating GPT models into internal audit functions represents a significant leap forward in leveraging AI for enhanced risk assessment and reporting. By automating and enriching the analysis and report generation processes, internal audit functions can achieve greater accuracy, efficiency, and depth. However, it is vital to approach this integration with a thorough understanding of the technical, ethical, and operational implications to fully harness its potential.

The future of GPT in internal audit looks promising, with potential expansions into predictive analytics, real-time risk monitoring, and interactive audit management systems. As AI technology continues to evolve, its applications for internal auditing could become more sophisticated and integral to organizational governance and risk management strategies.

Date of Input: 21/03/2024 | Updated: 21/03/2024 | muhammad.isam