CSMG043 — Leveraging AI for Audit GRC Service Delivery | KEVIN OWOAMANAM скачать в хорошем качестве

CSMG043 — Leveraging AI for Audit GRC Service Delivery | KEVIN OWOAMANAM

The presentation by Kevin Owoamanam focuses on transforming the Governance, Risk, and Compliance (GRC) and Audit functions by moving beyond traditional manual processes and leveraging AI as a core workforce. Key Challenges in Traditional GRC/Audit: ● Data Silos: Risk, compliance, and audit teams operate separately, leading to fragmentation and inefficient information sharing (17:41). ● Sample-Based Testing: Reliance on sampling for logs and transactions limits the scope, only allowing GRC professionals to look at a small section of the overall risk exposure (15:47, 18:33). ● Reactive Posture: Auditors often find out about incidents after the fact, during quarterly or half-year reviews (18:47). ● System Fatigue: The manual effort of combining data from disparate systems for reporting is tiring and inefficient (19:07). The Future: AI Agents as a GRC Workforce The core idea is to shift the GRC professional's role from a "monitoring staff" to an "AI Orchestrator" (16:52, 26:52). ● AI as a Workforce: AI agents should be used as an end-to-end evidence collection system, collecting real-time data from multiple systems (e.g., SIM, log solutions, GitHub) (26:03, 29:29). ● The GRC Symphony: This framework positions the human as the Conductor (responsible for strategy and fine-tuning) and the AI agents as the Orchestra (responsible for execution) (30:34). ● Prompt as Code: The orchestrator uses efficient and effective natural language prompts as code to guide the agents' work, moving beyond simple summarization (27:17). ● The Ecosystem of Trust: The system must be governed by controls, ensuring: ○ ○ Transparency: Full traceability and logging of every single AI action and decision (34:04). ○ ○ Accountability: Maintaining a Human in the Loop to verify results and take final corrective action, such as disabling a resigned employee's access (34:34). ○ ○ Reliability: Continuous monitoring and fine-tuning of the agents to reduce false positives and ensure accuracy (35:00). Conclusion: AI is not here to replace GRC professionals, but to automate friction and upskill the workforce, enabling teams to move from compliance work to designing certainty and trust within the enterprise (29:49, 37:08, 37:21)