_page-0001.jpg)
What's the article about?
- It talks about challenges and regulations for AI based Auditing in India.
Relevance:
- GS2: Appointment to various Constitutional Posts, Powers, Functions and Responsibilities of various Constitutional Bodies.
Context:
- The Comptroller and Auditor General of India (CAG), Girish Chandra Murmu, who is the chair for the Supreme Audit Institutions (SAIs) of the G20, warned that absolute dependence on Artificial Intelligence (AI) for auditing purposes may lead to inaccurate findings, and emphasised ethics as the cornerstone of responsible AI.
Analysis:
- Challenges of AI Auditing:
- The auditing challenges of AI include ensuring transparency, objectivity, fairness, and avoiding bias. Responsible AI must be ethical and inclusive.
- Only ethical AI can add credibility, trust, and scalability to the CAG audit. Data sets must be complete, gathered on time, accurate, available, and relevant. If integrity of the data fields is not ensured, we will have inaccurate audit findings.
- The AI auditor must be extra-vigilant about the risk of inherent AI data bias if data are taken from unauthorised sources like social media, where data manipulation and fabrication are common.
- Need for AI Regulation in India:
- In June, the European Parliament approved the EU AI Act, the first of its kind in the world.
- The Act ensures that generative AI tools such as ChatGPT will be placed under greater restrictions and scrutiny. Developers will have to submit their systems for review and approval before releasing them commercially.
- Parliament also prohibited real-time biometric surveillance from all public settings and “social scoring” systems.
- India needs to take a cue from the EU and make appropriate legislation about the use of AI systems.
- Challenges before the CAG:
- The CAG faces many challenges in auditing AI systems. AI regulation and data standardisation are critical.
- Since the data for various government entities are taken from different sources and stored in multiple divergent platforms, the AI auditor will face enormous risks and challenges.
- Audits cannot be based on big data from unauthorised sources. Data integration and cross-referencing become cumbersome.
- The data platforms of all entities must be synchronised through the government’s IT policies.
- Need for a Common International Audit Framework:
- The SAI G20 conference emphasised the need for a common international audit framework relating to AI.
- At present, auditors can only adopt and adapt existing frameworks and regulations relating to IT.
- As there are limited precedents for AI use, the national audit institution needs to communicate with all the stakeholders.
- The existing definitions and taxonomies of AI must be examined to adopt what is legally acceptable.
- Since there is wide variance among AI systems and solutions, the auditor must adopt an appropriate AI design and architecture while defining the audit’s objective, scope, approach, criteria, and methodology.
- Compliance Issues:
- Global organisations have developed many AI auditing frameworks. These include the COBIT framework for AI audit, the US Government Accountability Office framework, and the COSO ERM Framework.
- The U.K.’s Information Commissioner’s Office has published draft guidance on the AI auditing framework.
- Data Protection Impact Assessments are legally required if organisations use AI systems that process personal data to avoid potential risks.
- The AI auditor must ensure that personal data is processed in a manner that guarantees appropriate levels of security.
- With few frameworks available for auditing AI, auditors can only focus on the risks, controls and governance structures that are in place to determine whether they are operating effectively.
Way Forward:
- AI auditing poses significant challenges, and a multifaceted approach may be required to mitigate bias and ensure the safety and accuracy of AI models. The CAG of India emphasises the need for ethics, authentic data sources, legal compliance, and IT controls and governance. AI audit assignments may require consultation with data scientists, data engineers, data architects, programmers, and AI specialists.
