Internal auditors and insurance companies are still looking for best practices in dealing with the risks and benefits associated with Artificial Intelligence (AI). This position paper elaborates on the progress and relevance of AI within the European insurance industry, the upcoming legislation, and risk response. This is supported by a survey that provides the perspective of the Three Lines and their current state of readiness to manage the risks related to AI.
We then provide suggestions to Internal Audit for a solid audit response on AI, to help the insurance industry prepare for ‘trustworthy AI’ and future legislation. The AI Act is in final discussions at the European Parliament.
An online survey was created to assess data and covered over 80 entities. Out of the total, 28 belong to the Insurance industry and are the reference throughout the paper. Moreover, to facilitate comparisons and avoid scale issues, the companies were clustered into small, medium, and large.
The Internal Audit function can play a vital role in minimizing AI risks by advising on risk mitigation, reviewing potential biases, and ensuring compliance with relevant laws and regulations. Their involvement should begin from the onset of AI implementations, and follow a top-down approach, starting with auditing the AI strategy and governance, then testing individual instances, algorithms, and models. A multidisciplinary audit team including IT, data science, business audit, and ethics professionals can help ensure thorough assessments.
The paper closes with a proposal for an AI audit program to identify and test the key AI-related risks, root causes, and testing strategies, across seven different areas:
- Strategy & Governance
- Legal & Compliance
- Developments of AI systems
- Operations Management for AI systems
- Security & Data Protection
- Human Capital
- Sustainability
The paper: Auditing a Digital Insurance World