Deloitte survey suggests time has come for the CICO—‘chief internal controls officer’
Almost half of U.S. executives working in or close to the C-suite, 44.7%, see AI as the emerging technology most likely to put their internal-control systems at risk over the next 12 months.
Trailing far behind, at 17%, is intelligent automation, or IA, which overlaps with AI but isn’t the same.
And barely concerning executives who are presumably aware of the need for internal controls are quantum computing (6.7%) and blockchain (5.8%).
On the other hand, some 40% believe AI will give them a prime opportunity to improve their internal-control environment (followed by 29% for intelligent automation, 9.4% for quantum computing and 5.3% for blockchain).
The results are from a Deloitte survey of a couple thousand business execs, including a number of healthcare leaders. The firm conducted the groundwork in May and released an analysis of the results Sept. 27.
Internal controls defined and defended
The working definition of internal controls favored by Deloitte is:
Processes that are effected by an entity’s board of directors, management, and other personnel to provide reasonable assurance regarding the achievement of objectives related to operations, reporting and compliance.
Given AI’s rising profile since large-language models burst onto the scene almost a year ago, it’s striking that more than half of survey respondents, 52%, said they have no ranking executive focused on the management, transformation and governance of internal controls—and no plans to hire or promote someone to fill that role.
Suggesting this individual might or might not hold the title “chief controls officer,” Deloitte reports that only one-quarter of respondents, 25.4%, have such a professional in place.
A few, 7.5%, lack a chief of internal controls or an equivalent but plan to onboard one over the next 12 months.
‘Pressing need’ for dedicated leadership
Also of note, 32% of represented organizations review and make adjustments to internal controls “as needed”—such as during a transformation project or in response to new technologies like generative AI.
By comparison, 22.2% make such adjustments annually, and a combined 36.4% do so quarterly (19.3%), monthly (8.8%) or weekly (8.3%).
In a news item covering the release of the results, Deloitte risk and AI specialist Casey Kacirek says that, as use cases for AI expand and regulations take shape, “there’s a pressing need for many organizations to appoint a leader who can apply an internal controls lens.”
This leader, Kacirek adds, should focus on making sure risk-management approaches can “scale over time as well as during strategic initiatives like M&A activity, new IT system implementations and other business-transforming efforts.”