Synergist Technology

AFFIRM Login
Request a Demo
Back

How to Audit Artificial Intelligence Using COBIT 2019

Picture of Synergist Technology

Synergist Technology

  • 5 min. read

Example_Blog_AuditArtificial intelligence (AI) is a rapidly evolving technology that has the potential to transform businesses and society. However, AI also poses significant challenges and risks for auditors, who need to provide assurance over its governance, design, implementation and use. How can auditors prepare themselves to audit AI effectively and efficiently?

In this blog, we will summarize the “Auditing Artificial Intelligence” white paper by ISACA that provides some practical guidance and insights for auditing AI, based on the COBIT 2019 framework. The white paper covers the following topics:

  • The definition and scope of AI, and why auditors should care about it
  • The potential impact of AI on organizations and their stakeholders
  • The challenges and solutions for the AI auditor, and the keys to success
  • The mapping of COBIT 2019 to strategy, and how to apply it in the auditing of AI
  • The resources and references for further learning and exploration

What is AI and Why Should Auditors Care?

AI is a broad term that encompasses machines carrying out tasks based on algorithms in an “intelligent” manner, such as learning, reasoning, perceiving, and decision making. AI can be classified into different types, such as machine learning, deep learning, natural language processing, computer vision, speech recognition, and robotics.

AI has many benefits and opportunities for organizations, such as improving efficiency, productivity, innovation, customer satisfaction, and competitive advantage. However, AI also has many challenges and risks, such as ethical, legal, social, security, quality, and performance issues. AI may also have unintended or adverse consequences, such as bias, discrimination, errors, fraud, or harm.

Therefore, auditors need to care about AI and understand its implications for their profession and their clients. Auditors need to provide assurance that AI is aligned with the business strategy, objectives, and values, and that it is governed, managed, and controlled effectively and appropriately. Auditors also need to assess the risks and impacts of AI on the organization and its stakeholders, and ensure that they are mitigated and monitored adequately.

What is the Impact of AI on Organizations?

AI has a significant impact on many areas in the business world, such as operations, products, services, processes, functions, and roles. AI can enhance, augment, or replace human capabilities and tasks, depending on the level of automation, autonomy, and intelligence. AI can also create new value propositions, business models, and markets, or disrupt existing ones.

The impact of AI on organizations depends on several factors, such as the type, scope, scale, and maturity of AI applications, the industry, sector, and domain of the organization, the culture, readiness, and adoption of the organization, and the external environment, regulations, and standards.

The impact of AI on organizations can be positive or negative, intended or unintended, direct or indirect, short-term or long-term, and certain or uncertain. Therefore, organizations need to evaluate the potential benefits and costs of AI, and balance the trade-offs and dilemmas involved. Organizations also need to monitor and measure the actual outcomes and performance of AI, and adjust and improve accordingly.

What are the Challenges and Solutions for the AI Auditor?

Auditing AI is not an easy task, as it involves many complexities, uncertainties, and unknowns. Some of the challenges for the AI auditor include:

  • Defining and scoping AI, and understanding its design and architecture
  • Identifying and assessing the relevant stakeholders, risks, and controls of AI
  • Obtaining and analyzing the appropriate evidence and data of AI
  • Explaining and communicating the results and recommendations of the audit
  • Keeping up with the fast pace and dynamic nature of AI

However, there are also some solutions that can help the AI auditor overcome these challenges, such as:

  • Becoming informed and educated about AI, and its implications for auditing
  • Involving and collaborating with all the relevant parties, such as AI experts, developers, users, and regulators
  • Adopting and adapting existing frameworks and standards, such as COBIT 2019, to guide and structure the audit
  • Focusing on transparency and accountability of AI, and ensuring its traceability and explainability
  • Adopting and leveraging AI itself as a tool to support and enhance the audit

How to Apply COBIT 2019 in the Auditing of AI?

COBIT 2019 is a comprehensive and flexible framework for the governance and management of information and technology (I&T) in organizations. COBIT 2019 provides the auditor with tools, such as process descriptions, desired outcomes, base practices, and work products, to enable the auditor to provide assurance over the AI initiative for any organization.

The white paper provides a visual representation of how to map COBIT 2019 to strategy, and how to apply it in the auditing of AI. The mapping consists of four steps:

  • Step 1: Define the AI strategy and objectives, and align them with the organizational strategy and objectives
  • Step 2: Identify the AI governance and management objectives, and select the relevant COBIT 2019 processes
  • Step 3: Assess the AI risks and controls, and determine the audit scope and objectives
  • Step 4: Perform the audit procedures and tests, and report the audit findings and recommendations

The white paper also provides some examples of how to use COBIT 2019 processes and practices to address specific AI risks and controls, such as:

  • Ensuring the alignment of AI plans and business needs
  • Defining the target digital capabilities and conducting a gap analysis
  • Assessing the potential of emerging technologies and innovative ideas
  • Ensuring traceability and accountability for information events
  • Managing performance and conformance monitoring
  • Managing system of internal control
  • Managing compliance with external requirements
  • Managing assurance

What are the Resources and References for Auditing AI?

The white paper concludes with a list of resources and references for further learning and exploration of auditing AI, such as:

  • The Association for the Advancement of Artificial Intelligence, Digital Library, Conference Proceedings
  • ISACA, COBIT 2019 Framework: Introduction and Methodology
  • ISACA, COBIT 2019 Framework: Governance and Management Objectives
  • ISACA, The Institute of Internal Auditors, Artificial Intelligence: The Future for Internal Auditing
  • ISACA, The Institute of Internal Auditors, Global Perspectives and Insights Series, Artificial Intelligence—Considerations for the Profession of Internal Auditing
  • ISACA, The Institute of Internal Auditors, Global Perspectives and Insights Series, The IIA’s Artificial Intelligence Auditing Framework—Practical Applications, Part A
  • ISACA, The Institute of Internal Auditors, Global Perspectives and Insights Series, The IIA’s Artificial Intelligence Auditing Framework—Practical Applications, Part B
  • ISACA, The Institute of Internal Auditors, Internal Audit Foundation, Artificial Intelligence: The Data Below
  • ISACA, The Institute of Internal Auditors, Internal Audit Foundation, Request for Proposals, Artificial Intelligence Research Project
  • International Standards Organization (ISO), ISO/IEC 27000:2018(en), Information technology—Security techniques—Information security management systems—Overview and vocabulary
  • Tegmark, M., Life 3.0: Being Human in the Age of Artificial Intelligence

We hope this blog has given you a brief overview of the white paper and some useful tips and insights for auditing AI. If you are interested in reading the full white paper, you can download it from the link below. Happy auditing!

Key Highlights from Our Latest Resource

Discover the essential takeaways from our latest resource.

CDAO - Tradewinds Awardable- Synergist Technology

Synergist Technology Assessed ‘Awardable’ for Department of War work in the CDAO’s Tradewinds Marketplace

  • 5 min. read
READ MORE
Smart_Policy_Image

Leadership Through Policy: How the U.S. Can Stay Ahead in the AI Race

  • 5 min. read
AI is slowly becoming a part of many parts of our lives - everything from the complex to the mundane.
READ MORE
Blog Image24

Understanding OMB M-25-21: Accelerating Federal Use of AI through Innovation, Governance, and Public Trust

  • 5 min. read
On April 3, the U.S. Office of Management and Budget (OMB) released a new memo titled “Accelerating Federal Use of AI through Innovation, Governance, and Public Trust” (OMB M-25-21).
READ MORE
Blog Image23

Synergist Technology and Cyber Eagle Announce Partnership to Enhance AI Cyber Defense Solutions

  • 5 min. read
Synergist Technology and Cyber Eagle are pleased to announce a strategic partnership to tackle the urgent need for advanced AI cyber defense & monitoring solutions for both civilian and defense government sectors.
READ MORE
Untitled_design_15

Synergist Technology Launches Major Release of its Flagship AI, Cybersecurity, and Compliance Platform

  • 5 min. read
Synergist Technology announces a major version release 2.0 of AFFIRM, an innovative software solution for procuring, managing, and monitoring artificial intelligence (AI) systems.
READ MORE
Blog Image27

Public Consulting Group & Synergist Technology Partner to Deliver High-Quality AI Compliance, Security, and Governance

  • 5 min. read
Public Consulting Group (PCG), a leading public sector solutions implementation and operations improvement firm, has announced a new strategic partnership with Synergist Technology, a leader in artificial intelligence (AI) governance, security, and compliance solutions.
READ MORE

Trusted by the Best

AI Procurement Labs Logo
PLIANT Mgmt Services Logo
Minerva Cyber Technologies logo
Carahsoft Logo
National Security Solutions logo
CyberEagle

Ready to Take Control of Your AI? Schedule a Demo Today.

We’ll work around your schedule to find a time a that fits your team.
bg

Discover more from Synergist Technology

Subscribe now to keep reading and get access to the full archive.

Continue reading

Contact Us Form Terms and Conditions

Effective Date: July 2025

Introduction

This agreement governs your use of the Contact Us form provided on the Synergist Technology, LLC website and any related services we offer.

Welcome to the official website of Synergist Technology, LLC (“Synergist,” “we,” “us,” or “our”). These Terms of Service (“Terms”) govern your access to and use of www.synergist.technology (the “Website”). By submitting this form, you agree to be bound by these Terms and Conditions.

Your Agreement to These Terms

By clicking “Submit” or taking any equivalent action, you acknowledge that you have read, understood, and agree to be bound by these Terms and Conditions.

Purpose of the Form

The Contact Us form is intended solely for the purpose of reaching out to Synergist Technology with inquiries, feedback, or to request information about our products, services, or partnerships.

Information You Provide

All information you submit through the form must be accurate, complete, and truthful. You are responsible for maintaining the confidentiality of any credentials or sensitive data you may provide or create in connection with this site, if applicable.

How We Use Your Information (Refer to Privacy Policy)

Personal information collected via the Contact Us form will be handled in accordance with our Privacy Policy

This policy outlines what information we collect, why we collect it, how it is used, and whether it is shared with third parties.

Your Responsibilities

You agree not to use the form or our website to submit content that is illegal, harmful, offensive, defamatory, or that violates the intellectual property or rights of others.

You are also responsible for complying with any additional rules or restrictions governing use of the site or form.

Limitation of Liability and Disclaimer

We assume no liability for any damages or losses resulting from your use of the form or website.

All information and functionality provided through this form is offered “as is”, without warranties of any kind, express or implied.

Governing Law and Dispute Resolution

These Terms are governed by the laws of the State of Florida, without regard to its conflict of laws rules. In the event of any dispute, controversy, or claim (“Dispute”) between you and Synergist (the “Parties” or individually a “Party”), including under or relating to these Terms, the Parties agree that the Dispute shall be exclusively governed and decided by binding confidential arbitration under the then-prevailing commercial arbitration rules of the American Arbitration Association (AAA).

Any arbitration will be held before a single neutral independent arbitrator appointed by the AAA, who is a retired judge and resides in Florida. The arbitrator shall have the sole authority to resolve all claims concerning the formation, legality, and enforceability of this arbitration clause, including its scope and arbitrability. The arbitrator shall not make any ruling or award that conflicts with the terms of these Terms.

The Parties agree that any arbitration shall be conducted in their individual capacities only and not as a class, collective, or representative action. The Parties expressly waive the right to participate in or file any such action.

All arbitration-related fees will be governed by the AAA’s rules. Each Party shall bear its own legal costs, except as otherwise provided under AAA rules or if the arbitrator finds a claim was brought in bad faith, for an improper purpose, or was frivolous.

The arbitrator shall issue a reasoned written decision and the award shall be final and binding. Venue for arbitration shall be Palm Beach County, Florida. Either Party may seek interim relief in a court of competent jurisdiction to maintain the status quo or prevent irreparable harm.

If any part of these Terms conflicts with the terms of this arbitration clause, the arbitration clause shall control.

EXCEPT FOR THE LIMITED EXPRESS PURPOSES DESCRIBED ABOVE, THE PARTIES WAIVE THE RIGHT TO TRIAL BY JURY AND TO BRING OR PARTICIPATE IN ANY CLASS ACTION OR REPRESENTATIVE CLAIM.

Severability

If any provision of these Terms is found to be invalid, unlawful, or unenforceable, the remaining provisions shall remain in full force and effect. Any unenforceable provision shall be modified to the minimum extent necessary to make it enforceable while preserving the original intent.

Changes to the Terms

We reserve the right to update or modify these Terms at any time. When changes are made, we will revise the “Effective Date” at the top of this page. Continued use of the Website and Contact Form following any updates constitutes your acceptance of the revised Terms.

Contact Us

If you have any questions or concerns about these Terms and Conditions, please contact us at:

Email: legal@synergist.technology
Address: 3651 FAU Blvd, Suite 400-DD2, Boca Raton, FL 33431