I attended the launch event of the Institute of Internal Auditors’ (IIA) Global Audit Committee Center last week in Washington, D.C., which addressed the challenges and opportunities facing audit committees. The center is designed to be a resource to strengthen the alliance between audit committees of boards and internal audit in a fast-changing risk environment. It offers research, webinars, and events and will ultimately add formal training programs.
“The center has a very strong core belief—well-informed, engaged, and well-supported audit committees are essential to corporate governance,” said Anthony Pugliese, president and CEO of the IIA.
Pugliese emphasized that board audit committees need to turn to internal audit to truly understand what is happening inside an organization. The event drew members from across the U.S. and around the world, including Canada, Europe, Africa, Latin America, and the Middle East, with Abdullah Alshebeili, CEO of the Saudi Authority of Internal Auditors, in attendance.
During a panel discussion at the event, Ann Cohen, CFO of the IIA, said audit committees are increasingly using AI and advanced technology to connect different types of risk—third-party, financial, operational, cyber, and regulatory. They are using analytics to surface anomalies and emerging risks earlier, support proactive oversight, and run “what if” analyses before risks materialize. “It allows us to be more responsive to risks and provide more robust assurance to stakeholders,” she said.
A major focus is “everyday AI,” said Sarah Francis of the EY Center for Board Matters. “I think audit committees are really also looking at, ‘How do we start to touch, feel, smell, and get used to the products that are out there?’” Directors, many of whom are active executives, are also thinking about how to deploy these tools effectively. “There have to be clear governance frameworks for AI and analytics,” she said, noting that prompts—and the people who craft them—matter. She highlighted the need for experts who can help frame broader questions around ethics within responsible AI frameworks.
Audit committees can and should engage with technology as they work toward a fully defined plan, commented Luke Whorton, executive search and leadership consultant at Spencer Stuart in the firm’s Financial Officer Practice. “How do you create a foundation, but one that’s agile and responsive, because it’s going to continue to change rapidly?” he asked.
“Audit committees need to be curious,” Cohen said. “They need to challenge management on their inputs, on their assumptions and their judgment, and on what they’ve embedded into their AI outputs.”
The committees that challenge assumptions and lean into technology, alongside strong partnerships with internal audit, could be well-positioned to safeguard trust in an uncertain world.
