In this article we delve into the topic of risk management. Artificial Intelligence (AI) carries many benefits but also a spectrum of risks, many of which are common to all forms of technology, such as data breaches and system/data reliability issues. However, as AI becomes more embedded in financial operations, CFOs must navigate a unique set of AI risks. This article does not seek to provide an exhaustive list but will instead focus on several emerging GenAI risks.
Confidentiality and data access in the age of AI requires careful management. Not only must we exercise precise control over the individuals who can access sensitive information, but we are also tasked with overseeing the AI tools that have access to and use confidential data. This dual responsibility underscores the complex nature of safeguarding information in the age of artificial intelligence. These new AI tools introduce new considerations related to confidentiality and access management, including:
While there are various GenAI set-ups and configurations designed to maintain the security and separation of company data, it's important to highlight that GenAI tools, such as chatbots, can pose inherent risks to data confidentiality.
Let’s consider the scenario of a company employing GenAI chatbots for self-service data access, like allowing users to retrieve crucial financial information such as revenue and expenditure data. This situation can give rise to additional access considerations:
Failure to do so could potentially result in the inadvertent disclosure of confidential information to unauthorized users.
GenAI is recognized for its tendency to embellish or present inaccurate information. The issues of relevance and inaccurate responses can be addressed by improved data quality. A common and powerful approach to improving the relevance of responses is to use RAG (retrieval augmented generation). To do this, a GenAI tool first searches a selected database(s) to find relevant documents/data and then uses the selected content to help generate an accurate and relevant answer. It's like looking up reference material before writing an essay.
In these cases, there are crucial risks surrounding the RAG approach and database, such as:
These complexities and risks are key reasons why users, even those taking advantage of RAG, must continue to use AI in copilot methodology, ensuring there is continued human review and validation, especially of highly complex or critical matters.
Review and validation have continued to be key methods of instilling effective controls in the finance and accounting space. This process often involves some aspect of reperforming the tasks performed by others to ensure the appropriate logic was applied and outcomes achieved. For example, this occurs in the review of account reconciliations, vendor invoices, and explanations of period-over-period variances.
In some cases, AI's complexity can obscure the logic behind its outputs, making traditional process review and validation challenging. Therefore, finance leaders will need to re-evaluate their review and validation activities to determine how they continue to get comfort around financial records and results managed by AI. Methods to address this could include:
The evolution of AI also advances the methods of cyberattacks, including more sophisticated forms of hacking, phishing, and malware. This creates increased exposure, especially as it relates to safeguarding the company’s financial assets (e.g., cash). CFOs and finance leaders must strengthen cybersecurity practices and seriously re-examine their processes and controls. They should evaluate whether these common controls are strong and precise enough to identify AI generate cybersecurity threats, which can appear significantly more “real”:
As CFOs and finance leaders adopt AI, it will be crucial that risk, controls, and compliance requirements are re-examined in a timely manner and that appropriate actions are taken to address new areas of exposure. Furthermore, as this technology is evolving rapidly, this should become a recurring, standard practice as all parties learn to navigate this exciting new technology.
At Connor Group, our AI subject matter experts stand ready to collaborate with you, providing practical AI solutions tailored to your organization's needs. By leveraging their insights and expertise, you can not only stay ahead of the AI curve but also build a powerful technology strategy that maximizes automation and value. As AI continues to evolve, let's embark on this exciting journey together, adapting and thriving in a world of boundless possibilities.
If you're seeking to adopt AI and do so in a controlled and effective way, contact Connor Group. Leveraging both our control and technology expertise, we'll share our experiences and help you create practical AI solutions that are well-controlled.
Managing Partner, Client Experience
Automation and Analytics Leader