Responsible AI for Internal Audit

“Opening the black box will become a priority”

Participate in the sessions using the conference app
Download the ECIIA 2019 Conference App
to participate during this session.

• Select the session through the schedule

icon

• Submit your questions for the session or

to specific presenters by selecting the
DISCUSS icon
Agenda

1. Let’s start with a few facts 03

2. What is AI and the concept of

responsible/explainable AI 09

3. Role of the internal audit function 25

4. Conclusion 34

Responsible AI for Internal Audit 19 September 2019

PwC 3
1
Let’s start with a few
facts
AI is the next main disrupting factor over the 5 coming years

Responsible AI for Internal Audit 19 September 2019

PwC 5
How many companies are using AI, and what are their
concerns ?

Source: PwC, “22nd Annual Global CEO Survey”, 2019

Responsible AI for Internal Audit 19 September 2019

PwC 6
AI will contribute to substantial gains in productivity and
consumption

Global GDP Impact of AI through 2030

Global GDP uplift due to AI

2030 IMPACT:
$15.7T
Consumption Increase in
Contribution: revenue
($ in trillions)

60%

Productivity Increase in
Contribution: productivity
40%

Responsible AI for Internal Audit 19 September 2019

PwC 7
What is AI capable of?

Artificial Intelligence
system

Solves complex Understands Creates

Learns from Uses the learning Recognises
language
experience to reason images problems perspectives
and its nuances

Responsible AI for Internal Audit 19 September 2019

PwC 8
Organisations globally are recognising the need for
Responsible AI

Responsible AI for Internal Audit 19 September 2019

PwC 9
2
What is AI and the
concept of
responsible AI
 What is AI

Artificial Intelligence

Artificial intelligence (AI)

is an umbrella term for
“smart” technologies that
are aware of and can
learn from their
environments, enabling
them to subsequently
take autonomous action.

Responsible AI for Internal Audit 19 September 2019

PwC 11
IT progress has naturally enabled the development of Artificial
Intelligence in companies

Software
Business Data Artificial
Machine learning
programming
Intelligence Science Intelligence

Responsible AI for Internal Audit 19 September 2019

PwC 12
What is artificial intelligence?

• Discipline of systems that

automate human actions
• Multi-skills (capture,
analysis, action)
• Improves productivity

Artificial Intelligence

• Implementation of artificial
learning algorithm
Machine • Built from a learning
Learning database
• Has a measurable
performance

Responsible AI for Internal Audit 19 September 2019

PwC 13
Software programming
From data analysis to artificial intelligence?

Input Algorithm Output

Data

Responsible AI for Internal Audit 19 September 2019

PwC 14
Machine learning
From data analysis to artificial intelligence?

Input Output Algorithm

Data

Responsible AI for Internal Audit 19 September 2019

PwC 15
Artificial Intelligence
From data analysis to artificial intelligence?

Algorithm Business Intelligent

process robot

Responsible AI for Internal Audit 19 September 2019

PwC 16
Value Case

From data analysis to artificial intelligence?

Responsible AI for Internal Audit 19 September

19 September
2019
2019
PwC 17 17
The promise of predicting an event

"The use of data generated through the implementation of event predictive models allows for the
optimisation of human interventions and the optimal use of resources"

Reactive Reduction of downtime

Preventive Decrease in the number of

unwanted events

Predictive
Anticipation of intervention
planning

Failure Failure Scheduled Optimisation of

Failure Alerte
event
avoided event resource
efficiency

Responsible AI for Internal Audit 19 September 2019

PwC 18
… but the reality of a prediction model implementation says

The need to predict the final economic gain must validate the decision to industrialise a service

Predicted TRUE Predicted FAUX

Incident +
Truly TRUE (intervention required) Cost of a necessary
? € intervention ? € cost
intervention

Truly FALSE (intervention not required) ? €intervention

Unnecessary No
? cost
€

All costs must be taken into account to justify the development of a new predictive maintenance service
• Planning of maintenance of activities;
• Consequence of equipment failures;
• Repair times;
• Specific competence for repair;
• Potentially stopping the entire total production chain.

Responsible AI for Internal Audit 19 September 2019

PwC 19
The confusion matrix
An example on the use case of event prediction

Analysis of maintenance cost and associated predictive models is necessary

to find the best maintenance model

Responsible AI for Internal Audit 19 September 2019

PwC 20
 How to limit risk and keep control

Responsible AI for Internal Audit 19 September 2019

PwC 21
What is AI and the concept of responsible AI

The fundamental aspects that makes AI “Responsible”

Performance Operations Society

Robustness & System Ethics,

Bias Interpretability Governance
Security Morality & Legal
Testing for bias in the Adding transparency, Improving security Designing effective AI Helping clients
data, model and explainability and and robustness of AI operating models understand the
human use of AI provability to the through rigorous and processes to systemic and moral
algorithms to improve modelling process to validation, improve implications of their
fairness of treatment improve human continuous accountability and use of AI.
across groups. understanding of the monitoring and quality.
model outputs. maintenance,
verification and
adversarial
modelling.

Responsible AI for Internal Audit 19 September 2019

PwC 22
Bias illustration

Responsible AI for Internal Audit 19 September 2019

PwC 23
Interpretability can be an input of the model
But it implies consequences
“Interpretation is a
function of power and
not truth.” 
White box Black box Friedrich Nietzsche

Statistical Decision Random Deep

Modeling tree Forest Learning

Simple & small Complex &

data big data

Model based on Where to sit ? Model based on

process equations input/output data Interpretability a
posteriori:
• Permutation
importance;
• Partial
A posteriori dependence;
Different kinds A priori Embedded
• Shap values.
“if the variable Xn would have taken
of “The variable Xn follows “The decision is … because variables
the value 42, the decision would have
interpretability a statistical law” X1, X2, X42 have specific values”
been …”

Responsible AI for Internal Audit 19 September 2019

PwC 24
Robustness illustration

Responsible AI for Internal Audit 19 September 2019

PwC 25
3
Role of the Internal
Audit function
AI Risks fall under six broad categories with varying impact on
individuals, businesses and society

• Risk of ‘intelligence divide’

National-level risks
Societal Risk

• Job displacement risks

• Liability risk • ‘Lack of Values’ risk
• Reputation risk Economic Risk Ethical Risk • Value alignment risk
• Unable to quantify ROI • Goal alignment risk
• Loss of institutional knowledge

AI Risks
• Risk of errors
• Risk of bias • Lack of human agency in AI supported process
• Risk of opaqueness/‘black box’ Performance Risk Control Risk • Inability to detect/control rogue AI
• Risk of stability and performance • Inability to control malevolent AI
• Risk of non explainability

Security Risk
• Cyber intrusion risks
• Privacy risks
• Open source software risks
Business-level risks

Responsible AI for Internal Audit 19 September 2019

PwC 27
A roadmap for the Internal Audit function

1. Act as a catalyst to help identifying

and assessing the risks Actions to consider:

• Raise organisation’s awareness on AI

emerging technologies once related risks;
• Assist the project manager and key
stakeholder by ensuring that the related risks
will be clearly identify;
• Advise and assess proposed actions around
Implementation the related governance and internal control
and training processes.

Design
Deployment

1
Strategy Operate
and monitor

Responsible AI for Internal Audit 19 September 2019

PwC 28
A roadmap for the Internal Audit function

2. Review of the strategy and the risk impact analysis

Questions to consider:

• Is there a legal or regulatory basis?

• Are the objectives clearly stated and targeted
towards a specific problem or driving business
transformation?
• What type of AI will support business needs?
• How will this AI project be managed?
Implementation • Has a risk impact assessment been
Design and training conducted?
• What are the operational, ethical and social
impacts?

2 Deployment

Strategy Operate
and monitor

Responsible AI for Internal Audit 19 September 2019

PwC 29
A roadmap for the Internal Audit function

3. Review of the solution design

Questions to consider:

• Have the proper type of AI and models been

selected? Does it include explainable
component?
• Have best practices been followed in model

3
selection?
• Does the organisation have the proper level of
Implementation data management and governance in place?
Design and training • Which data will be used for AI training, testing
and validation?
Design • Is there proper security management in place?
Deployment • What are the controls in place to mitigate the
identified security challenges?
• Are the appropriate stakeholder and business
partners involved (business, experience, skills,
…) to implement AI at the organisation level?

Strategy Operate
and monitor

Responsible AI for Internal Audit 19 September 2019

PwC 30
A roadmap for the Internal Audit function

4. Implementation review

4
Questions to consider:

• Are several models being tested and their

performance validated?
Implementation • What are the parameters chosen to evaluate
and training system performance?
• Is the data used for the AI training, testing and
validation of high quality?
• Has the model been validated with a significant
amount of data?
• Has the data been checked for potential bias?
Design • Are the results of the system as expected?
Deployment • Is there monitoring of the results in place?
Does it look for outliers or unexpected results?
• Is there ongoing validation of the results
against the expected baseline?
• Is the model suitable for the deployment
requirements (e.g. processing time)?
Strategy Operate • Are there sufficient traceability, KPI, KRI
and monitor designed to monitor the defined AI?
• Is there data quality automated controls prior to
data usage by the AI?

Responsible AI for Internal Audit 19 September 2019

PwC 31
A roadmap for the Internal Audit function

5. Pre go-live review

Questions to consider:

• What kinds of stress tests have been

performed on the system?
• If the model supports relearning - are there

5
specific controls designed to limit risks (bias,
threshold, error, divergence…)?
• Has the system been tested against cyber
Implementation attacks?
and training Deployment • Have the risk and internal control frameworks
been updated/adjusted to address the newly
Design identified risks?
• Has change management been duly integrated
at this stage?

Strategy Operate
and monitor

Responsible AI for Internal Audit 19 September 2019

PwC 32
A roadmap for the Internal Audit function

6. Post go-live review

Questions to consider:

• Are adequate policies, processes, roles and

responsibilities and governance in place to
manage solution?
• Is an effective internal control system in place
to mitigate risks?
• Are people sufficiently trained, skilled and
Implementation within the three lines of defense?
and training • Are the effective traceability, KPI, KRI and
monitoring process in place?
Design
Deployment

Strategy
Operate
6
and monitor

Responsible AI for Internal Audit 19 September 2019

PwC 33
Which profiles should your Internal Audit function look for?
Specific skills are required to look inside the blackbox

Responsible AI for Internal Audit 19 September 2019

PwC 34
4
Conclusion
What is Responsible AI?

What it is not? What it is?

• No Silver Bullet; • Collection of tools, techniques;

• Not just about technology; • It is about governance, people, process,

tools, techniques;
• Not just about AI ethics & code of conduct;
• It is about how to contextualise and make
• Not entirely new; it relevant to the front line;

• Not about compliance after model is built. • Leveraging existing governance,

frameworks, tools;

• Designing fairness, interpretability, security

etc., right from the start.

Responsible AI for Internal Audit 19 September 2019

PwC 36
Conclusion

Responsible AI for Internal Audit 19 September 2019

PwC 37
Questions?
Rate this session using the conference app