The Future is Now: Navigating the Digital and AI Convergence in Controls

The landscape of business is undergoing a seismic shift, driven by the relentless convergence of digital technologies and Artificial Intelligence (AI). This transformation isn't just about efficiency; it's about fundamentally reimagining how organisations operate, manage risk, and ensure control. A recent Deloitte webinar explored these megatrends, charting a course for the future of controls.

The AI Tsunami: From Discovery to Diffusion

The webinar highlighted the staggering pace of AI adoption, noting that AI spending accounted for an astonishing 80% of US GDP growth in Q4 last year, primarily driven by investment in digital infrastructure. This signifies a crucial pivot: we are moving "from the era of discovery to the era of diffusion," with a focus on enterprise-wide uptake rather than marginal model improvements.

However, this rapid evolution presents challenges. Many organisations find themselves in "pilot purgatory," struggling to scale proof-of-concept projects. Finance leaders also face hurdles with the shift to consumption-based charging models. Furthermore, a "shadow IT" phenomenon is prevalent, where employees adopt unsanctioned AI tools for productivity. This underscores the urgent need for organisations to engage in a "grown-up dialogue" with their workforce about AI usage and to provide sanctioned, effective tools.

Reshaping Risk and Controls: A New Mandate

Building on the understanding of AI's rapid diffusion and its associated challenges, the webinar underscored that risk and control functions face a dual mandate: leveraging AI for operational excellence while simultaneously managing its inherent risks. The goal is to move beyond mere process optimisation to a complete reimagination of the function.

Key trends emerging in this space include:

• Dynamic Risk Assessments: A shift from static, annual reviews to real-time, continuous risk assessments powered by AI, allowing for more agile responses to emerging threats.
• Continuous Controls Monitoring: Utilising AI and machine learning to orchestrate and monitor controls dynamically, moving beyond retrospective reviews to provide ongoing assurance.
• Evolving Workforce Capabilities: The necessity for risk and control professionals to develop new skills, moving beyond traditional auditing to understanding, implementing, and managing AI-driven processes.

Unlocking AI's Potential in Controls: From Manual to Intelligent

To address the new mandate for risk and control functions, AI offers a transformative solution. The current state of controls management in many organisations is often manual, slow, reactive, and expensive – akin to "driving a car by looking in the rearview mirror." AI promises not just significant cost reduction but also deeper insights, proactive management, and the creation of "self-feeding control loops."

AI offers a powerful solution, promising not just significant cost reduction but also deeper insights, proactive management, and the creation of "self-feeding control loops."

• Cost Reduction: AI can dramatically reduce the cost of demonstrating control by automating repetitive, manual tasks that currently consume a substantial portion of budgets. This includes automating data collection, initial review of control documentation, and even aspects of control testing, freeing up human resources for more strategic activities.
• Deeper Insights: Beyond mere automation, AI can analyse vast, complex datasets that would be impossible for humans to process efficiently. This capability allows for the identification of subtle patterns, anomalies, and emerging risks that might otherwise go unnoticed. For instance, AI can correlate disparate data points from IT systems, customer feedback, and regulatory updates to provide a holistic and predictive view of the control environment.
• Proactive Management: AI enables a shift from reactive problem-solving to proactive risk mitigation. By continuously monitoring data streams and applying predictive analytics, AI systems can flag potential issues before they escalate. This allows organisations to intervene early, preventing incidents rather than merely responding to them.
• Self-feeding Control Loops: This represents a transformative capability where AI not only detects issues but can also initiate corrective actions. A closed-loop system of detection, analysis, action, and learning can prevent major outages or compliance breaches before they materialise, creating a truly resilient control environment.

Deloitte identifies three transformation horizons for organisations:

• Optimise: Augmenting human tasks with AI to enhance existing processes (e.g., AI-assisted documentation review).
• Transform: Making processes smarter and quicker end-to-end by leveraging AI (e.g., AI-driven control testing solutions like Deloitte's 'Sherlock').
• Reimagine: A complete overhaul towards an "always-on, predictive, self-healing control environment."

Critical success factors for this journey include establishing clear measures, demonstrating quick value, building internal capabilities, addressing data quality, and strategically integrating AI with existing Governance, Risk, and Compliance (GRC) platforms.

Navigating the AI Frontier: Trustworthy AI and Governance

While the potential of AI in controls is immense, it is equally crucial to address the inherent risks and ensure trustworthiness. The webinar highlighted three key characteristics of AI that introduce new considerations:

• Probabilistic Nature: AI models are not deterministic, necessitating robust controls and validation.
• Non-Static Systems: AI systems are dynamic, requiring continuous monitoring beyond pre-deployment testing.
• Agentic AI: The rise of autonomous AI agents shifts focus to "human over the loop," demanding effective oversight and clear accountability.

Responsible AI, or trustworthy AI, is about building confidence that these systems are accurate, compliant, secure, and ethical. While the debate continues on whether AI governance should be a new, standalone function or an evolution of existing tech governance, its role as the "connective tissue" between technology, business functions, and risk functions is clear. It provides clarity on the risks associated with specific AI deployments, recognising that the context of deployment is a significant driver of AI-related risks.

The Opportunity is Now

The webinar made it clear: Organisations must embrace the digital and AI convergence not just to accelerate existing activities, but to fundamentally reimagine their risk and control functions. By focusing on strategic investment, capability building, and robust AI governance, businesses can unlock unprecedented value, enhance assurance, and navigate the complexities of this exciting new era. The time to act is now.