You can build trust with AI

A Canadian financial institution was preparing to expand its use of artificial intelligence (AI) across its operations. While some AI tools had already been developed, the institution recognized they needed the right controls and processes to support broader adoption.

The internal audit team wanted to assess how they were currently managing AI with regards to governance and risk management practices. Knowing that they wanted to use this technology in a more meaningful way, their goal was to identify potential risks and establish the right guardrails to make sure AI was used safely and in a way that people could trust.

The institution also aimed to benchmark its AI initiatives against peers to avoid falling behind or advancing too quickly without adequate governance. Ultimately, they were looking for an actionable roadmap to enhance governance and risk management practices in pursuit of broader AI integration.

To address these challenges, the client engaged KPMG for help. KPMG used its Trusted AI framework, based on 10 pillars that guide responsible AI throughout its lifecycle, including transparency, data integrity, and privacy. This framework provided a structured approach for understanding the risks associated with AI.

The assessment process included several key phases:

• The team conducted discovery discussions with key stakeholders to assess current AI applications and how they are managed. This helped identify specific AI applications that required more analysis based on their risk profiles.
• During field work, evidence was gathered through interviews and documentation related to the AI models in use. A sample of AI models, including the adjudication model for loan approval, was tested against controls in a Risk and Control Matrix to evaluate their effectiveness. This helped identify controls that needed to be established before expanding AI use.
• The team reported their validated findings and recommendations for addressing risks, which included a detailed roadmap of future actions for AI governance and controls development.

At the same time, KPMG conducted a detailed survey of 50 peer organizations to give the client insight into how similar institutions are developing AI capabilities and managing comparable challenges. This process generated valuable information for a roadmap to help the client address issues that could hinder it from achieving its AI goals.

The client received an assessment of their AI practices, focusing on governance and risk management. They gained insights into gaps in their processes and the necessary guardrails to address them. Additionally, the client gained clarity on its position relative to peers, offering a benchmark into how other organizations are navigating the opportunities and challenges associated with AI and generative AI.

The roadmap provided detailed recommendations for developing AI capabilities and implementing necessary controls over the next 12-18 months. It equipped them to responsibly harness AI's potential and manage AI risk with greater confidence.

Discover how we’re making a difference for Canadian organizations