There is clearly a mixture of excitement about a future driven by digital and AI and a desire to better understand what it means and how to prepare for it. Everybody is discerning and working on AI and their digital future. Many executives have come to terms with the idea that disruption is a fact of life and that their companies need to transform.
But what exactly is AI and how can it shape the future of GRC?
Artificial intelligence (AI) deals with building smart machines capable of performing tasks that typically require human intelligence. Patrick Winston, the Ford professor of artificial intelligence and computer science at MIT, defines AI as “algorithms enabled by constraints, exposed by representations that support models targeted at loops that tie thinking, perception and action together.”
According to Wikipedia, AI, sometimes called machine intelligence, is intelligence validated by machines, in contrast to natural intelligence displayed by humans and animals. It is the study of “intelligent agents”: any device that perceives its environment and takes actions that maximize its chance of successfully achieving its goals.
The term is often used to describe machines (or computers) that mimic “cognitive” functions that humans associate with the human mind, such as “learning” and “problem solving”
Although artificial intelligence educes thoughts of science narrative, studies have shown that it already has many usages today:
• Spam filters on email;
• Personalization: Online services use artificial intelligence to personalize experience. Services, like Amazon or Netflix, “learn” from an individual’s previous purchases and the purchases of other users in order to recommend relevant content;
• Fraud detection: Banks, for instance, use artificial intelligence to determine if there is strange activity on an account. Unexpected activity, such as foreign transactions, could be flagged by the algorithm;
• Smart assistants (like Siri and Alexa);
• Disease mapping and prediction tools;
• Manufacturing and drone robots;
• Optimized, personalized healthcare treatment recommendations;
• Conversational bots for marketing and customer service;
• Robo-advisors for stock trading;
• Social media monitoring tools for dangerous content or false news; and
• Song or TV show recommendations from Spotify and Netflix.
Hardly a day passes without a news story about a high-profile data breach or a cyber-attack costing millions and millions of dollars in damages. Cyber losses are difficult to approximate, but the International Monetary Fund [IMF] places them in the range of US$100–$250 billion annually for the global financial services industry.
Furthermore, with the ever-growing pervasiveness of computers, mobile devices, servers and smart devices, the cumulative threat exposure grows each day.
While the business and policy groups are still beleaguered to shawl their heads around the cyber realm’s brand-new importance, the use of AI to cyber security is foreshowing even greater changes.
One of the fundamental purposes of AI is to automate tasks that heretofore would have required human intelligence. Cutting down on the labor resources an organization must employ to complete a project, or the time an individual must devote to routine tasks, enables terrific gains in efficiency.
The nature of risks is unremittingly fluctuating and evolving at unprecedented levels and hence implementing a successful risk management program is the call for organizations looking to safeguard their hard-earned reputation. Failure to do so could be injurious, as many organizations in the past have realized the hard way.
The standard organizational framework used to manage risk and compliance are the three  lines of defense:
• The first line of defence (functions that own and manage risks);
• The second line of defence (functions that oversee or who specialise in compliance or the management of risk); and
• The third line of defence (functions that provide independent assurance).
A key requirement of the lines of defense is the assistance provided to various levels of management. While first and second lines of defense are archetypally organized to support levels of management, the 3rd line of defense classically works with management and the board to surface risks and compliance issues and works to address slits and deficiencies.
In order to provide proper assistance for these levels of management, the lines of defense need to provide insights that enable:
• Enriched execution on a daily basis of the performance of risk and control activities;
• Finer and tenacious control and management of the activities, and
• Forward and outward looking comprehensions for strategic risk management.
Integrated GRC platform is the only solution to help businesses manage risks across the organization while driving overall enterprise performance and being flexible enough to keep pace with a rapidly-changing environment.
As these platforms allow companies to meet their GRC targets by automating the workflow, many organizations are espousing GRC platforms to augment their operational activities.
In this day and age of disruption, technology is a sturdy enabler of business. And arguably, few developments in technology have generated as much interest as AI. From digital assistants to streaming services, AI is ubiquitous, with seemingly endless possibilities. But beyond all the flimflam, what are the practical applications of AI in GRC?
Artificial Intelligence (AI) in GRC is the need of the hour. As companies expand their digital footprints, cyber security vulnerabilities increase due to huge amount of data being produced. Surely, the demand for intelligent use of accumulated risk data will only increase.
GRC solutions that incorporate AI and its application Machine Learning (ML), will play a key role. The key players in GRC industry are working hard to offer AI-as-a-Service (AlaaS), particularly to industries where data is too valuable.
A recent report found that the use of artificial intelligence will bring about massive changes to GRC. By automating payments, calculating risk, and maintaining records, the study broke down how the technology will influence each role within GRC:
• Risk manager –With the rise of AI, risk managers’ tasks will fundamentally shift to data-based identification and interpretation of changes in risk exposures. This includes the ability to assess trends by exploring existing facts and applying cognitive skills to understand the analyses of large volumes of data;
• Compliance manager –With automated reports, the future responsibility of compliance managers goes one step further: identifying internal or external dangers as well as the management of cybercrime. This will require the ability to work adroitly and to solve problems independently;
• Fraud examiner – The role of the fraud examiner will shift intensely as artificial intelligence becomes more ubiquitous. The main tasks will move from reviewing reports to performing fraud assessments and developing KRIs for avoiding future cases of fraud;
• Auditor – The role of the auditor may not change markedly; and
• Treasury manager –With AI, the treasury manager must build up new expertise to be able to utilize technology to monitor liquidity and risk management, to monitor and optimize cash-flow streams, and to give recommendations to the executive board with regard to strategy development.
While many fear that the widespread use of automation will displace white-collar jobs, AI is far more likely to be used as an augmentation tool.
Overall, productivity will improve and fast-track implementation of elementary financial tasks. It will also impact almost every role within finance and GRC, and rather than hiding behind fear, should motivate everyone to further develop their methodological skills to keep pace with transformation.