AI is transforming how organisations operate, and with it comes a new set of risks and responsibilities. As the EU’s AI Act sets the regulatory stage, internal auditors are expected to understand, assess, and navigate this evolving landscape.
Based on the recent paper by IIA Global and IIA Spain: “Internal audit of artificial intelligence applied to business processes.” this webinar came just in timem bringing together over 350 participants, confirming that AI is top of mind for the internal audit community.
So, what did we learn?
AI Is Here to Stay
- We started with a clear, practical definition of AI (based on the OECD) and explored its main types—classic AI, machine learning, generative AI, and reinforcement learning—each with real business implications and risks.
Fast Adoption, New Risks
- As AI spreads fast across industries, regulators are also stepping up. This creates a complex landscape of risks, spanning from governance and operational to reputational, financial, and cyber that internal auditors need to monitor and address. AI washing is starting!
The Role of Internal Audit
- Internal auditors are expected to play an active role in the AI journey. That means:
- Setting up an AI strategy for IA
- Engaging early in AI projects
- Evaluating governance and risk structures
- Providing assurance on data, privacy, and model performance
- Ensuring human oversight and proper documentation
- Training and advising boards and senior management
A Practical Framework for Auditing AI
- The speakers shared a structured work programme, with key focus areas:
- Governance: roles, responsibilities, policies, and inventories
- IT Security: access controls, backup policies, and privacy protections
- Data Quality: integrity checks, change management, and monitoring
- Performance: testing, transparency, and model explainability
- Bias & Ethics: legal reviews, bias detection, and avoiding “AI washing”
Governance, Culture & Training Matter
- Strong governance and a culture of accountability are essential. Training isn’t just for tech teams. Boards and top management must understand AI’s potential, risks, and ethical challenges.
Speakers:
Pablo Ausín Sánchez is a Control Systems Engineer with an MBA, a PMI-PMP certification, and a CertGED qualification. He currently works as the Internal Audit Data Analytics and AI Manager at Inditex. Pablo brings extensive experience in auditing artificial intelligence systems, data governance, and leading complex projects. His background combines strong technical expertise with strategic insight, making him a key contributor in the field of data-driven internal audit.
Juan José Villar Roldan serves as a Senior Data Analyst within the Internal Audit department at Iberdrola and is currently pursuing a PhD in Quantitative Economics. He applies his extensive expertise in data analytics and Artificial Intelligence to drive innovation in Internal Audit, thereby enhancing operational efficiency and continuous monitoring within the department.