www.isaca.org
Open in
urlscan Pro
2606:4700::6811:fdcb
Public Scan
Submitted URL: https://click.em.isaca.org/?qs=abdbde87d383f45ef990dbe9105e871ae317471dc0a989f56447b90a8b7a3058ece0fc78909e9d354006f3d08a42...
Effective URL: https://www.isaca.org/resources/news-and-trends/isaca-now-blog/2024/navigating-the-ai-maze-an-it-auditors-guide-utiliz...
Submission: On June 04 via api from CA — Scanned from CA
Effective URL: https://www.isaca.org/resources/news-and-trends/isaca-now-blog/2024/navigating-the-ai-maze-an-it-auditors-guide-utiliz...
Submission: On June 04 via api from CA — Scanned from CA
Form analysis 0 forms found in the DOM
Text Content
ISACA_logo_RGB
* Credentialing
* Membership
* Enterprise
* PARTNERSHIPS
* Training & Events
* Resources
*
* Join
* PROFESSIONAL JOIN
* RECENT GRAD JOIN
* STUDENT JOIN
* About Us
* ABOUT US HOME
* WHO WE ARE
* NEWSROOM
* PARTICIPATE & VOLUNTEER
* LEADERSHIP & GOVERNANCE
* ADVOCACY
* ISACA FOUNDATION
* CONTACT US
* CODE OF PROFESSIONAL ETHICS
* CAREERS
* Career Center
* Careers at ISACA
* SUPPORT
* Store
Total
View Cart Checkout
No items have been added to your cart yet
Browse Search
* Cart (0)
* Sign In
* MEMBERSHIP
* CERTIFICATIONS
* CERTIFICATES
* CPE CERTIFICATES
* LEARNING ACCESS
* RESOURCES
* ORDER HISTORY
* Redeemable Products
* Sign Out
* Sign In
* Create an Account
* CERTIFICATIONS
* CISA—Certified Information Systems Auditor
* CISM—Certified Information Security Manager
* CRISC—Certified in Risk and Information Systems Control
* CDPSE—Certified Data Privacy Solutions Engineer
* CGEIT—Certified in the Governance of Enterprise IT
* CET—Certified in Emerging Technology Certification
* CSX-P—CSX Cybersecurity Practitioner Certification
* ITCA—Information Technology Certified Associate
* View More
* CERTIFICATES
* CCAK—Certificate in Cloud Auditing Knowledge
* COBIT
* COBIT 2019 Foundation
* COBIT 2019 Design & Implementation
* Implementing the NIST Cybersecurity Framework using COBIT 2019
* COBIT 5 Certificates
* Cybersecurity Audit
* Cybersecurity Fundamentals
* Digital Trust Ecosystem Framework Foundation Certificate
* Emerging Technology
* AI Fundamentals
* Blockchain Fundamentals
* Cloud Fundamentals
* IoT Fundamentals
* Information Technology
* Computing Fundamentals
* Data Science Fundamentals
* Networks and Infrastructure Fundamentals
* Software Development Fundamentals
* IT Audit Fundamentals
* IT Risk Fundamentals
* View More
* WHICH CERTIFICATION IS RIGHT FOR YOU?
* RENEW A CERTIFICATION
* MAINTAIN A CERTIFICATION
* VERIFY A CERTIFICATION
* DIGITAL BADGES
* Which Exam Prep is Right for You?
* TRAIN YOUR WAY WITH OFFICIAL ISACA EXAM PREP
* BUILD YOUR TEAM'S PERFORMANCE WITH CUSTOMIZED TRAINING
* BECOME A MEMBER
* Browse Chapters
* Find Your Membership Type
* Member Benefits
* ENGAGE ONLINE COMMUNITY
* GET INVOLVED
* Advocacy
* Author an Article
* Chapter Events Calendar
* ISACA Awards
* SheLeadsTech
* Speak at Conferences
* Volunteer
* Write an Exam Question
* MAXIMIZE YOUR MEMBERSHIP
* Career Center
* Discounts & Savings
* Free CPE
* Free Resource Previews
* Member-Exclusive Speaker Series
* Mentorship
* Personalize Your Experience
* UPDATE YOUR PROFILE
* CMMI PERFORMANCE IMPROVEMENT SOLUTIONS
* CMMI Performance Solutions
* CMMI Cybermaturity Platform
* Voluntary Improvement Program
* ENTERPRISE TRAINING & CREDENTIALS
* ISACA Credentials
* CMMI Training
* CMMI APPRAISALS (PARS)
* ENTERPRISE SUPPORT
* CONTACT US
* Empower Your Team to Power Business Growth
* CUSTOMIZE YOUR IT TEAM TRAINING
* BECOME A TRAINING PARTNER
* BECOME A CMMI PARTNER
* BECOME AN ACADEMIC OR WORKFORCE PARTNER
* BECOME A SPONSOR
* FIND A TRAINING PARTNER
* Certification Training Partners
* Certification Training Partners
* Americas
* Asia and Oceania
* China
* EMEA
* COBIT Training Partners
* Academic & Workforce Partners
* CMMI Performance Improvement Partners
* Over 100,000 People Were Trained by ISACA in 2022
* BECOME A PARTNER TO CAPITALIZE ON THIS HIGH DEMAND
* CONFERENCES
* CMMI Conference
* GRC Conference
* ISACA Europe Conference
* ISACA North America Conference
* CHAPTER EVENTS
* Training Week
* TRAIN YOUR WAY
* All Training Types
* Online Review Courses
* Webinars
* Virtual Summits
* GROUP/ENTERPRISE TRAINING
* TRAINING FROM AN ACCREDITED PARTNER
* TRAINING BY TOPIC
* All Training Topics
* Artificial Intelligence
* Cybersecurity
* IT Audit
* Certification Exam Preparation
* COBIT
* CPE ON-DEMAND
* Ready to Take Your AI Knowledge to the Next Level?
* BROWSE ISACA’S NEW AI TRAINING COURSES
* DIGITAL TRUST
* ISACA JOURNAL
* INSIGHTS & EXPERTISE
* NEWS & TRENDS
* ENGAGE ONLINE COMMUNITIES
* COBIT
* RESOURCES BY TOPIC
* Artificial Intelligence
* Cybersecurity
* Emerging Technology
* Governance
* IT Audit
* IT Risk
* Privacy
* FRAMEWORKS, STANDARDS AND MODELS
* ISACA NOW BLOG
* ISACA VIDEOS
* ISACA PODCAST
* GLOSSARY
* Announcing ISACA’s Digital Trust Ecosystem Framework and Portfolio
*
* Advance Digital Trust
* Credentialing
* CREDENTIALING
* CERTIFICATIONS
* CERTIFICATIONS
* CISA—Certified Information Systems Auditor
* CISM—Certified Information Security Manager
* CRISC—Certified in Risk and Information Systems Control
* CDPSE—Certified Data Privacy Solutions Engineer
* CGEIT—Certified in the Governance of Enterprise IT
* CET—Certified in Emerging Technology Certification
* CSX-P—CSX Cybersecurity Practitioner Certification
* ITCA—Information Technology Certified Associate
* CERTIFICATES
* CERTIFICATES
* CCAK—Certificate in Cloud Auditing Knowledge
* COBIT
* COBIT 2019 Foundation
* COBIT 2019 Design & Implementation
* Implementing the NIST Cybersecurity Framework using COBIT 2019
* COBIT 5 Certificates
* Cybersecurity Audit
* Cybersecurity Fundamentals
* Digital Trust Ecosystem Framework Foundation Certificate
* Emerging Technology
* AI Fundamentals
* Blockchain Fundamentals
* Cloud Fundamentals
* IoT Fundamentals
* Information Technology
* Computing Fundamentals
* Data Science Fundamentals
* Networks and Infrastructure Fundamentals
* Software Development Fundamentals
* IT Audit Fundamentals
* IT Risk Fundamentals
* WHICH CERTIFICATION IS RIGHT FOR YOU?
* RENEW A CERTIFICATION
* MAINTAIN A CERTIFICATION
* VERIFY A CERTIFICATION
* DIGITAL BADGES
* TRAIN YOUR WAY WITH OFFICIAL ISACA EXAM PREP
* BUILD YOUR TEAM'S PERFORMANCE WITH CUSTOMIZED TRAINING
* Membership
* MEMBERSHIP
* BECOME A MEMBER
* BECOME A MEMBER
* Browse Chapters
* Find Your Membership Type
* Member Benefits
* ENGAGE ONLINE COMMUNITY
* MAXIMIZE YOUR MEMBERSHIP
* MAXIMIZE YOUR MEMBERSHIP
* Career Center
* Discounts & Savings
* Free CPE
* Free Resource Previews
* Member-Exclusive Speaker Series
* Mentorship
* UPDATE YOUR PROFILE
* GET INVOLVED
* GET INVOLVED
* Advocacy
* Author an Article
* Chapter Events Calendar
* ISACA Awards
* SheLeadsTech
* Speak at Conferences
* Volunteer
* Write an Exam Question
* Enterprise
* ENTERPRISE
* CMMI PERFORMANCE IMPROVEMENT SOLUTIONS
* CMMI PERFORMANCE IMPROVEMENT SOLUTIONS
* CMMI Performance Solutions
* CMMI Cybermaturity Platform
* Voluntary Improvement Program
* CUSTOMIZE YOUR IT TEAM TRAINING
* ENTERPRISE TRAINING & CREDENTIALS
* ENTERPRISE TRAINING AND CREDENTIALS
* ISACA Credentials
* CMMI Training
* CMMI APPRAISALS (PARS)
* ENTERPRISE SUPPORT
* CONTACT US
* PARTNERSHIPS
* PARTNERSHIPS
* BECOME A TRAINING PARTNER
* BECOME A CMMI PARTNER
* BECOME AN ACADEMIC OR WORKFORCE PARTNER
* BECOME A SPONSOR
* FIND A TRAINING PARTNER
* FIND A TRAINING PARTNER
* Certification Training Partners
* Certification Training Partners
* Americas
* Asia and Oceania
* China
* EMEA
* COBIT Training Partners
* Academic & Workforce Partners
* CMMI Performance Improvement Partners
* BECOME A PARTNER TO CAPITALIZE ON THIS HIGH DEMAND
* Training & Events
* TRAINING AND EVENTS
* CONFERENCES
* CONFERENCES
* CMMI Conference
* GRC Conference
* ISACA Europe Conference
* ISACA North America Conference
* CHAPTER EVENTS
* Training Week
* TRAIN YOUR WAY
* TRAIN YOUR WAY
* All Training Types
* Online Review Courses
* Webinars
* Virtual Summits
* GROUP/ENTERPRISE TRAINING
* TRAINING FROM AN ACCREDITED PARTNER
* TRAINING BY TOPIC
* Find Training by Topic
* All Training Topics
* Artificial Intelligence
* Cybersecurity
* IT Audit
* Certification Exam Preparation
* COBIT
* CPE ON-DEMAND
* BROWSE ISACA’S NEW AI TRAINING COURSES
* Resources
* RESOURCES
* DIGITAL TRUST
* ISACA JOURNAL
* INSIGHTS & EXPERTISE
* NEWS & TRENDS
* ENGAGE ONLINE COMMUNITIES
* COBIT
* RESOURCES BY TOPIC
* Artificial Intelligence
* Cybersecurity
* Emerging Technology
* Governance
* IT Audit
* IT Risk
* Privacy
* FRAMEWORKS, STANDARDS AND MODELS
* ISACA NOW BLOG
* ISACA VIDEOS
* ISACA PODCAST
* GLOSSARY
*
* Advance Digital Trust
* Join
* PROFESSIONAL JOIN
* RECENT GRAD JOIN
* STUDENT JOIN
* About Us
* ABOUT US HOME
* WHO WE ARE
* NEWSROOM
* PARTICIPATE & VOLUNTEER
* LEADERSHIP & GOVERNANCE
* ADVOCACY
* ISACA FOUNDATION
* CONTACT US
* CODE OF PROFESSIONAL ETHICS
* CAREERS
* Career Center
* Careers at ISACA
* SUPPORT
* Store
* Cart
Sign In
HOME / RESOURCES / NEWS AND TRENDS / ISACA NOW BLOG / 2024 / NAVIGATING THE AI
MAZE AN IT AUDITORS GUIDE UTILIZING ISACAS DIGITAL TRUST ECOSYSTEM FRAMEWORK
NAVIGATING THE AI MAZE: AN IT AUDITOR’S GUIDE UTILIZING ISACA’S DIGITAL TRUST
ECOSYSTEM FRAMEWORK
Author: Chidambaram Narayanan, CISA, Chartered Accountant, Azure Cybersecurity
Architect Expert (SC-100)
Date Published: 13 May 2024
To paraphrase Spiderman’s Uncle Ben: “With great power comes a labyrinth of
responsibilities & challenges.”
Artificial intelligence (AI) is no longer science fiction. It is revolutionizing
industries, from healthcare and finance to manufacturing and customer service.
However, as IT auditors, ensuring responsible AI that benefits the organization
and its stakeholders is paramount, thereby ensuring that enterprise decisions
are aligned with strategic goals and that IT resources are adequately managed.
This alignment requires careful navigation guided by the six core principles of
responsible AI, based on frameworks independently developed by Microsoft and
IBM: fairness, accountability, transparency, safety, privacy and human
oversight/inclusiveness.
But navigating the complexities of AI and ensuring its responsible
implementation can feel like venturing into a labyrinth. This is where ISACA's
Digital Trust Ecosystem Framework (DTEF) comes in. ISACA's recent white paper
Using the Digital Trust Ecosystem Framework to Achieve Trustworthy AI can be a
compass for IT auditors. It serves as a beacon guiding us through the
complexities of AI adoption and implementation while upholding the six core
principles of responsible AI. DTEF also is cohesive with established industry
frameworks such as COBIT and COSO, ensuring a comprehensive approach to
evaluating compliance with enterprise policy and industry regulatory guidance.
WHY RESPONSIBLE AI AUDITS MATTER
Imagine AI-powered diagnostics personalizing patient treatment or chatbots
handling customer inquiries with human-like efficiency. These are just a few
possibilities, but ensuring responsible AI development is crucial for several
reasons:
* Fairness and non-discrimination: IT auditors can leverage DTEF to assess
potential bias in AI models. We can review data sets for imbalances and test
algorithms for fairness, mitigating discriminatory outcomes.
* Accountability and human oversight: DTEF emphasizes clear lines of
accountability. IT auditors will be able to map stakeholders involved in AI
development and deployment, ensuring human oversight and ethical
decision-making.
* Transparency and explainability: “Black box” AI models erode trust. DTEF
promotes Explainable AI (XAI). IT auditors can assess the interpretability of
AI models, understanding how they arrive at decisions.
* Safety and security: AI systems are susceptible to cyberattacks. IT auditors
could deploy DTEF to assess the security of AI systems and data, employing
vulnerability testing and penetration testing to identify and mitigate risks.
* Privacy and data governance: AI relies on data, but privacy concerns are
paramount. IT auditors can review and alert the makers to ensure responsible
data collection, storage and usage practices according to DTEF and relevant
regulations.
DTEF: A HOLISTIC FRAMEWORK FOR RESPONSIBLE AI AUDITS
DTEF provides a holistic framework for building and maintaining responsible AI
throughout the lifecycle. It considers not just technology, but also people,
processes and organizational culture, ensuring alignment with the six core
principles. Here’s how IT auditors can leverage DTEF:
* Understanding your business environment: DTEF encourages defining AI vision,
mission and goals. IT auditors ensure alignment between AI initiatives and
overall business strategy, fostering responsible development.
* Mapping your digital landscape: DTEF promotes identifying existing AI assets,
stakeholders and user touchpoints. IT auditors use this mapping to pinpoint
potential trust gaps and areas needing focus on fairness, transparency and
privacy.
* Developing a digital trust strategy: Based on the business and digital
landscape understanding, DTEF helps develop a strategic plan for building
responsible AI. IT auditors can use DTEF to identify key performance
indicators (KPIs) to measure progress on fairness, accountability,
transparency and other principles.
* Implementation and continuous improvement: DTEF emphasizes an iterative
approach. IT auditors can collaborate with developers to pilot AI projects,
monitor their impact on trust and adherence to the six principles, and
continuously refine the strategy based on learnings.
BEYOND THE FRAMEWORK: ADDITIONAL CONSIDERATIONS FOR RESPONSIBLE AI
While DTEF offers a valuable roadmap, here are some additional tips:
* Invest in Explainable AI (XAI): Promote the development of AI models that are
interpretable, aligning with the transparency principle of DTEF.
* Prioritize human oversight: AI should augment human judgment. Maintain human
oversight loops to ensure ethical decision-making and mitigate potential
risks.
* Foster a culture of trust: Open communication and employee buy-in are
crucial. Educate your workforce on AI and its implications, addressing any
concerns.
ENSURE THAT AI BENEFITS YOUR ORGANIZATION
AI holds immense potential, but navigating its complexities requires a
well-defined strategy grounded in the six core principles. ISACA's DTEF empowers
IT auditors to play a vital role in assessing the governing structures put in
place to build responsible AI. By leveraging DTEF, we can ensure AI benefits the
organization, fosters trust with stakeholders and adheres to ethical
considerations. Remember, AI is a powerful tool, and with the right guidance, we
can navigate the AI maze responsibly and reach the destination of success.
About the author: Chidambaram Narayanan is a highly experienced internal auditor
with over 20 years of expertise in accounting & audit disciplines. He
specializes in both financial and IT domains, having served Fortune 500
companies across diverse industries including manufacturing, automotive,
engineering, and retail.Mr. Narayanan is a Chartered Accountant and holds a
comprehensive suite of certifications, including CISA and the Microsoft
Cybersecurity Expert (SC-100). He currently contributes his leadership as a
Board Member for the ISACA Muscat Chapter.
ADDITIONAL RESOURCES
WEBPAGE
ARTIFICIAL INTELLIGENCE TRAINING AND RESOURCES
Build AI skills at any level. Access articles, whitepapers, and publications.
Explore new training courses and discover how to harness AI's power for success.
BOOK
DIGITAL TRUST ECOSYSTEM FRAMEWORK EBOOK | DIGITAL | ENGLISH
In the digital economy, the foundation of enterprise success lies in cultivating
trusted and valuable relationships, interactions, and transactions.
WHITE PAPER
USING DTEF TO ACHIEVE TRUSTWORTHY AI
This white paper explores the benefits of using ISACA’s Digital Trust Ecosystem
Framework (DTEF) for enterprises adopting artificial intelligence (AI)-enabled
technologies and services.
30 April 2024
BLOG POST
A BETTER PATH FORWARD FOR AI BY ADDRESSING TRAINING, GOVERNANCE AND RISK GAPS
New ISACA survey data on artificial intelligence realities show that companies
need to ramp up training and policies to deal with emerging risks from the
powerful technology.
7 May 2024
Previous Article
Next Article
ISACA NOW BY YEAR
2024
2023
2022
2021
2020
*
*
*
*
*
* Contact Us
* Terms
* Privacy
* Cookie Notice
* Cookie Settings
* Fraud Reporting
* Bug Reporting
1700 E. Golf Road, Suite 400, Schaumburg, Illinois 60173,
USA | +1-847-253-1545 | ©2024 ISACA. All rights reserved.
COOKIE SETTINGS
Your Opt Out Preference Signal is Honored
* YOUR ISACA COOKIE PRIVACY...
* STRICTLY NECESSARY COOKIES
* PERFORMANCE COOKIES
* FUNCTIONAL COOKIES
* TARGETING COOKIES
YOUR ISACA COOKIE PRIVACY...
When you visit our website, it may store or retrieve information on your
browser, mostly in the form of cookies. This information might be about you,
your preferences or your device and is mostly used to make the site work as you
expect it to. The information does not usually directly identify you, but it can
give you a more personalized web experience. Because we respect your right to
privacy, you can choose not to allow some types of cookies. Click on the
different category headings to find out more and change our default settings.
However, blocking some types of cookies may impact your experience of the site
and the services we are able to offer.
More information
User ID: eaf41df1-051f-4a2e-8b9c-3ca11c7cc777
This User ID will be used as a unique identifier while storing and accessing
your preferences for future.
Timestamp: --
STRICTLY NECESSARY COOKIES
Always Active
These cookies are necessary for the website to function and cannot be switched
off in our systems. They are usually only set in response to actions made by you
which amount to a request for services, such as setting your privacy
preferences, logging in or filling in forms. You can set your browser to
block or alert you about these cookies, but some parts of the site will not then
work. These cookies do not store any personally identifiable information.
Cookies Details
PERFORMANCE COOKIES
Performance Cookies
These cookies allow us to count visits and traffic sources so we can measure and
improve the performance of our site. They help us to know which pages are the
most and least popular and see how visitors move around the site. All
information these cookies collect is aggregated and therefore anonymous. If you
do not allow these cookies we will not know when you have visited our site, and
will not be able to monitor its performance.
Cookies Details
FUNCTIONAL COOKIES
Functional Cookies
These cookies enable the website to provide enhanced functionality and
personalisation. They may be set by us or by third party providers whose
services we have added to our pages. If you do not allow these cookies then
some or all of these services may not function properly.
Cookies Details
TARGETING COOKIES
Targeting Cookies
These cookies may be set through our site by our advertising partners. They may
be used by those companies to build a profile of your interests and show you
relevant adverts on other sites. They do not store directly personal
information, but are based on uniquely identifying your browser and internet
device. If you do not allow these cookies, you will experience less targeted
advertising.
Cookies Details
Back Button
COOKIE LIST
Filter Button
Consent Leg.Interest
checkbox label label
checkbox label label
checkbox label label
Clear
checkbox label label
Apply Cancel
Confirm My Choices
Deny All Allow All