Assurance in the age of AI

Piers Clinton-Tarestad, Associate Partner.

Emerging technologies are offering unparalleled opportunities for companies to create new products and services, enter new markets and realise efficiencies at a scale and speed that was previously unimaginable.

Yet this rapid change is also creating risks, which traditional approaches to assurance no longer adequately address.

Our report – Assurance in the age of AI – sets out this challenge in detail and identifies the key steps that assurance leaders should take in response.

But, in short, what’s the scale of the problem and why is now the time to act?

Emerging technology and the assurance challenge

Emerging technologies – such as Blockchain, Artificial Intelligence (AI), Internet of Things (IoT) and Robotic Process Automation (RPA) – have four common characteristics that are making assurance more challenging:

Speed – new technologies such as Blockchain and AI are evolving so fast that it is hard for both companies and regulators to stay on top of any potential issues.

Ubiquity – the sheer scale of adoption means that the likelihood and impact of emerging technology risks are increasing.

Complexity – technologies aren’t impacting organisations in bite-sized chunks, they converge and interact, with data often shared between organisations.

Invisibility – emerging technologies are often embedded into processes we use every day, for example machine learning in software.

Addressing the problem

Developing approaches to each emerging technology in turn is useful but is not always possible given the factors above, so we believe that broader, more fundamental shifts in assurance need to be considered:

From post to pre-assurance – as the power and responsibility being entrusted to emerging technologies like AI and RPA increases, assurance after the event is increasingly irrelevant. Detecting discriminatory decisions or unethical behaviour after the event will not be sufficient under the GDPR legislation.

From timely to time-limited assurance – if an assurance model is working as expected now, what guarantee is there that it won’t start producing erroneous decisions and predictions going forward? What is the assurance decay?

From data analytics to data dialectics – assurance teams will need to shift their focus from testing what the system has done to concentrating on what it could and should have done, generating an independent expectation and challenging the output against this.

Ethics, data and assurance

Today, digital trust and embedding ethics can be a key differentiator in the digital economy providing greater reach and competitive advantage but in the future it will be a baseline consumer expectation.

The increased relevance of ethics is driven by the advancing use of emerging technology in areas such as health, privacy and government and increased connectivity which means that systems have the potential to impact a greater set of stakeholders than imagined or intended.

A lack of transparency and rigour over how an organisation obtains, uses and trusts data used by emerging technologies and how predictions and decisions are made will become untenable.

Put simply, organisations will need to move beyond asking whether systems are doing things right to asking whether they are doing the right things.

Start now or wait

Emerging technology is already impacting organisations and this is only going to increase. With neither the option of doing nothing nor the luxury of doing everything they would like, organisations should:

  1. Develop a road map and get started – to address existing emerging technology risks and develop the capability and confidence needed to deal with its future evolution.
  2. Train the troops – get the assurance team out and about to see and try out new technologies first hand as well as build relationships with decision makers.
  3. Adapt – move beyond the ‘iteration’ of continuous improvement to innovate (in areas such as automation) and integrate across the organisation, suppliers and partners to increase capabilities.

Looking ahead

Current assurance approaches alone are insufficient to address the new risks that come with the adoption of emerging technologies. Assurance leaders urgently need to engage with their stakeholders and the rest of the organisation to understand how emerging technologies impact their organisation now, and in the future.

Ethical assurance will be key to help ensure that in embracing these new technologies organisations are confident that the way in which they are doing so is consistent with their brand and culture allowing them to demonstrate integrity and build essential digital trust.

Click here for further information. http://www.ey.com/uk/en/services/assurance/ey-assurance-in-the-age-of-ai

Contact: Piers Clinton-Tarestad