By Phares Chege and Daniel Njogu
The emergence of unanticipated technological changes has significantly increased the degree of error in forecasting models and human imaginations about the future. It has also brought a sort of equity, as now we are all drifting through murky waters in the perspective of what the future holds. The development of blockchain, generative Artificial Intelligence (AI) tools and quantum computer has redefined our day-to-day lives. AI technologies have been integrated into devices we are using making them more responsive and capable of interacting in ways that feels helpful and natural.
This article proposes deconstructing fallacies around AI on business processes and continuity. According to ISO/IEC 22989:2020, AI is the capability to acquire, process, create and apply knowledge held in the form of a model to perform tasks. AI applications are revolutionizing business operations through innovation and processes optimization. Machine learning and deep learning have drastically created a paradigm shift in almost every economic sector. As AI grows exponentially, there are deep concerns about privacy, inequality, bias, safety and security. There is also concerns on transparency and fairness in AI algorithmic processing. The risks and complexity of AI call for robust governance mechanisms and frameworks to guide businesses on sustainable adoption and management of AI technologies.
Organizations are walking a tightrope between embracing AI models opportunities and related risk exposures. As AI innovations are disrupting business, audit processes and methodologies are expected respond to changing business needs. Internal audit just like the business will be required to leverage technology by being agile and innovative to be in position to redefine new ways of doing business. For a harmonized growth and management of AI associated technologies, governance and regulatory guidelines need to keep up the speed. The future auditor should continuously learn or upskill to keep abreast of new trends and standards in order to help businesses derive maximum value from the use of AI.
Internal audit has changed from the tradition practices where the auditor would wait for the business to explore, acquire and adopt technologies then evaluate compliance to internal controls and regulations later. The internal audit of the future will have to walk with the business in every stage of acquisition, implementation and operationalization of new technologies for timely if not real-time assurance of effective controls and legal compliance. This will promote provision of proactive insights and enhance organization`s resilience to navigate dynamic risk landscape.
There is a gap in the practical integration of AI with the existing cybersecurity frameworks like National Institute of Standards and Technology Cybersecurity Framework (NIST-CSF) and The International Organization for Standardization (ISO) especially in e-commerce sector (Obisesan, S. M., 2024). The traditional risk management approaches and business continuity planning are becoming obsolete as quickly as the threats they are designed to address. Dynamic business environment has led to adoption of antifragile approach in risk management. The traditional risk management focused on threat mitigation, emphasized protection, reduced uncertainty and values stability while antifragile risk management identifies growth opportunities, encourages controlled exposure, embraces uncertainty and values adaptation. The technology-driven risk landscape has led to redesigning of risk approaches from Volatile, Uncertain, Complex and Ambiguity (VUCA) to Brittle, Anxiety, Non-linearity and Incomprehensible (BANI). The approach underscore the importance of organizations to adapt proactively to disruptions by integrating strategic foresight with operational adaptability. Risk management and business continuity plan should be integrated in order to leverage their benefits in creation of comprehensive strategy for actualization of preparedness and effective response. The following depict the difference between traditional business continuity, organizational resilient and antifragility approaches in managing disruption:
| Traditional Business Continuity | Organization Resilience | Antifragility |
| Emphasis on maintaining critical functions | Focuses on adaption to changing conditions | Gains from disorder |
| Strives to return to normal operations | Maintain core capabilities | Improves through stress |
| Focuses on survival through disruption | Aims at returning stronger after disruption | Transforms challenges into advantages |
| Relies on a predefines response plan | Develops agile response capabilities | Creates opportunity from uncertainty |
Misconceptions are like old habits, they are great until it is time to switch gears. AI is not competing but collaborating with the existing audit processes to enhance performance. It is helping auditors in handling and evaluating big data. Unprecedented AI applicationsautonomous ability in testing entire population is empowering auditors to provide accurate findings that will enable organizations thrive amid multifaceted disruptions. Machine learning models are helping auditors to be efficient and effective in risk assessment by integrating insights from internal and external data sources. AI is also automating routine tasks like extraction of data, reconciliation and document classification. These has enabled auditors to focus on complex judgment-based areas. Natural Language Processing (NLP) has enabled auditors to analyse unstructured data for key insights such as emails, contracts and invoices. AI models support prescriptive and predictive analytics, enhancing quality of decisions while promoting professional scepticism. The technology advancement can be collaborated with the Five P’s of Internal Auditors, that is, purpose, people, process, progress and performance to guide in empowering teams and promoting audits that are aligning with strategic business goals.
The standards and frameworks guiding audit profession emphasis on the need of adopting technology in auditing. In an effort to meet better evolving business needs, Internal Audit profession through International Internal Audit Standards Board replaced International Standards Professional Practice of Internal Auditing with Global Internal Audit Standards (GIAS). To ensure professional uniformity and consistency with PFM Act 2012 and International Standards, the Public Sector Accounting Standards Board (PSASB) updated internal audit guidelines. Section 194 of the PFMA, 2012, mandates PSASB to prescribe Internal Audit procedures. The revised International Standards for the Professional Practice of Internal Auditing (IPPF) 2024 includes GIAS, topical requirements and Global guidance. In performance of their responsibilities, internal auditors must possess sufficient knowledge, skills and competencies in technology-based audit techniques, and information technology risks and controls (IIA Standard 1210.A3, & 2010). The internal audit is also required to evaluate the effectiveness and efficiency of controls, including Information Technology control on automated processes (IIA Standard 2130). Rapid uptake of AI has made ISO/IEC 42001 an integral part of institutions by guiding on safety and efficient utilization of AI for maximum derivation of value. Auditors also leverage on frameworks like Control Objectives for Information and Related Technologies (COBIT), NIST Cybersecurity Framework, ISO 27001 (standards on information security) and ISO 31000 (standards in risk management) in mapping their reviews. To maximise utilization of AI in auditing, Institutions are encouraged to embed AI in providing services by:
1. Encouraging staff to train on AI _ self-training and organised trainings.
2. Deliberate steps on research and benchmarking with other entities.
3. Encourage the use of AI in audit work and proposals on innovative ideas using AI to improve processes.
4. Participation in taskforces on AI related projects.
Great power calls for great responsibility, nations globally have been losing revenue through tax evasion. The traditional tax enforcement mechanisms have been rendered inefficient by complexity and sophistication of modern financial systems that span across several jurisdictions. Kenya Revenue Authority has made steps towards embracing technology in its operation. There are efforts that have been made in implementing technologies like blockchain supported processes in tax administration and data analytics.
Tax administrations like Australia, United States and India have embedded AI technologies on language processing and predictive analytics (Rawanda, Nisa et.al, 2025). China has employed AI systems in provision of real-time analysis on financial transactions. This enables proactive enforcement by providing insights on potential tax evasion cases.
Developing countries are facing infrastructure and regulatory barriers in accessing data and integration of AI in their tax systems (Aggarwal, 2024). AI helps in streamlining data processing and enhance precision of decisions on fraud detection and tax audits. It enables creation of robust risk models and scores by inclusion of additional data and variables. The predictive capability helps in ensuring proactive measures are designed to counter forecasted tax non-compliance cases before they manifest (Yalamati, 2024). Cooperation between tax administrations in integration of AI tools with international tax systems will be important in improving international tax fairness and curbing tax evasion (OECD, 2020). This will also help in enforcing global Anti-money Laundering and Counter Terrorism Financing (AML/CFT) policies.
Phares Chege is an Audit and Risk Management practitioner and trainer with over 18 years’ experience in Public and Private Sectors. He is Head of Internal Audit at Kenya Revenue Authority.
Email; [email protected]
Daniel Njogu is an Audit and Assurance professional with a passion in Research in finance and public policy. He is an Internal Audit Supervisor at Kenya Revenue Authority.
Email; [email protected]
