By:
More Australian auditors can now pursue the world’s first and only audit-specific artificial intelligence certification, with ISACA expanding eligibility for its ISACA Advanced in AI Audit (AAIA) certification to include Certified Practising Accountants and Fellow Certified Practising Accountants (FCPAs) from CPA Australia.
Built on ISACA’s trusted expertise in IT audit and the rigorous standards behind these renowned credentials, AAIA validates expertise in conducting AI-focused audits, addressing AI integration challenges and enhancing audit processes through AI-driven insights. The credential covers the key domains of AI governance and risk, AI operations and AI auditing tools and techniques.
Phillips shares this and more in the latest episode of The Accountants Daily Insider. Tune in here:
Paul Phillips
Director of Event Content Development
It’s an interesting one, because when this new revolution of AI started a few years ago, you could hear me saying all the time that audit will not, and will never change, and the foundation of audit will not change. Yet I’m starting to change my perspective a little bit now. The foundational concepts of audit will not change, however, because of the impact of AI and the powerfulness, for lack of a better word, of AI, it will allow us to do things differently. I look at the impact in two different ways, impact on the profession and impact on the process.
The first question out of many people’s minds is, will auditors lose their jobs? I say to you, not now. Probably not now. However, it will allow us to do things differently. It would allow us to be more efficient with how we do things, just like it’s doing with many other different professions. So, if you’re an auditor, you won’t lose your job, but it would benefit you to educate yourselves. You should become far more technical than you have been in the past. As auditors, we’re very functional in nature. We understand risk, we understand processes, policies and procedures. Our job is to assess those things. However, historically, many of us have not been technically savvy. Now that AI is upon us and it’s not going anywhere, it’s going to require all types of auditors–IT auditors, financial auditors, operational and compliance auditors–to become far more technically savvy than ever before.
It is critical to develop the skills because of the pace of change of the technology. The technology is changing, the regulations are changing, and companies are adapting the technology. They’re concerned, but companies are doing it anyway – individuals are also adapting their technology. There’s such a thing as shadow AI, which a lot of individuals and employees are using without any overarching governance structure or direction within their organisation. So, this technology is changing quite a bit. In Europe, they’re putting out regulations. In the US, frameworks are changing all the time. So, IT auditors or auditors in general, they need to get on board and learn - and learn fast.
That speaks to that shadow AI previously mentioned. If you have 81 percent of employees using it “under the covers” there will be certain risks involved. Realistically there’s no policy, there’s no structure, and there’s a huge risk there because AI is based on the bread and butter of data. When you’re utilising data and you’re utilising the AI technology, one of the risks may be that you could be importing into the system and there may be outputs of that system that are utilising company data - sensitive data that should be private. Most organisations across the globe are required to adhere to privacy regulations. As employees, we have access to private information. If we are again, inputting private data that is heavily regulated by the government, we are putting our organisations at risk without any rules, any procedures, or even any technology in place to protect against any data leaks that may occur.
This is a really exciting certification for ISACA. We have many certifications, but this might be our most exciting one as of late. The AAIA certification has three domains - an AI governance and risk domain, an AI operations domain and an AI audit techniques domain. These domains teach the auditors about AI, which can be very technical in nature because you can’t effectively audit any technology if you don’t have an understanding of it. The governance and risk domain covers what policies, what procedures and what organisational structures should be in place in order to protect the organisation while utilising this technology. The last domain talks about audit techniques, and that’s really exciting, because it actually talks about how auditors can use this technology in the audit process in order to be more efficient and effective. It is certainly challenging, but I think it’s really going to serve the audit community really well.
That’s a good question, because that’s really our job. Our job is to understand risk, understand the technology or the scope of what we’re auditing, whatever it may be, and understand governance. Our job is to go in and say, “here are the gaps, here are the risks, here are things that could go wrong”, and recommend controls, safeguards or counter-measures that need to be put in place to mitigate or reduce the chances of those bad things happening. We may recommend that you create a policy, which is a common recommendation. We may recommend that changes or updates be made to the policies. We may also recommend that you hire an expert or a consultant. All of those recommendations can be rolled up into a governance structure. So in short, our job is to identify gaps, identify risk, assess the risk and then make recommendations on how to add to or improve the governance structure.
ISACA likes to call itself a learning organisation. It’s our job to help teach the professionals, auditors, security professionals and privacy professionals - that’s what we do. I know what we’re going to have to do is make sure that we continuously pull in individuals that have expertise in this area to provide relevant and practical training. My [Phillips’] job is to program our webinars and our conferences. So, it’s my responsibility to make sure that when the speakers come to present at our conferences, they know the ins and outs of AI and they’re talking about relevant, helpful information. We have to consistently make sure we create up to date relevant whitepapers and other tools that our professions can learn from. That’s our job - we have to stay up to date, ahead of the curve and forever move with the times.
On this episode of ADI, ISACA director of event content development, Paul Phillips, shares professional expertise and advice about how ISACA is revolutionising the audit profession alongside AI.
Paul Phillips
Director of Event Content Development
ISACA is a global professional association and learning organization dedicated to advancing digital trust by empowering over 185,000 members in more than 190 countries. Through industry-leading certifications, ongoing education, research, and a vast professional network, ISACA supports individuals and organizations in IT audit, cybersecurity, risk management, governance, and privacy. Its mission is to equip professionals with the knowledge, skills, and community needed to drive innovation, meet current challenges, and champion trust in technology around the world.
1 min read