Course Description
Delivery Method: QAS Self Study
Artificial Intelligence (AI) is fast, complex, and virtually limitless. AI is in the news almost every day highlighting major benefits and corresponding significant risks.
Who will assess the security and controls as this innovative technology interfaces with your enterprise? Unfortunately, this is not easily achieved in AI environments.
We will NOT be addressing the risk of AI destroying humanity. Instead, we will be focused on the risks & controls pertaining to your enterprise developing AI applications or using AI third-party services. The controls discussed are relevant to all AI applications whether developed in-house or using a third-party AI application.
This course provides the opportunity for audit and risk management to move upfront and influence AI security and controls as the technology evolves.
The intended audiences for this course are all auditors (IT Auditors, Business Auditors, Internal and External Auditors), Audit Management and Risk Management who have the responsibility to provide assessments of enterprise risk.
Course Objectives:
- Recognize foundational AI concepts, key risks and associated controls.
- Evaluate controls necessary to protect the integrity of your enterprise’s AI application data.
- Assess risks & controls pertaining to your enterprise developing and using AI.
- Identify controls specific to AI Data Governance, AI monitoring and human oversight.
-
Define an audit strategy to assess Third Party AI security and controls.
Agenda:
IT Risk & AI Technology
- Risk & Risk Management
- Defining AI
- Machine Learning
- Robotic Process Automation (RPA)
AI Risks & Security Resources
- Inaccurate Results & Decisions
- Bias & Discrimination
- Health & Safety
- Regulatory Non-Compliance
- And More …
AI Governance
- AI Accountability & Ownership
- AI Oversight & Monitoring
- AI Liability Considerations
AI Access Management
AI Application Integrity
- “Training” the AI Application
- Change, Patch, Configuration Management
- System Development of AI Applications
AI Human Interface
- Access Management
- Privileged Access
- Data Governance
Middleware, API, & Assessing Third Party Controls
- Cloud Configuration
- Right to Audit
- SOC Reports
AI Audit Strategy
ChatGPT AI Demonstrations
Additional Information:
Program Level: Basic
- No Prerequisite knowledge is required for successful completion of the course.
-
No advance preparation is required for successful completion of the course.
Course Curriculum
- Welcome!
- Session INTRO-1 Table of Contents
- Session INTRO-2 Study Guide
- Session INTRO-3 Course Instructions & Instructor Introduction (1:42)
- Session INTRO-4 Course Objectives & Agenda (5:27)
- Session INTRO-5 Key Learning Objectives & Resources (4:05)
- Session INTRO-6A Learning Objectives (4:02)
- Session INTRO-6B AI Resources & AI Seminar Assumptions (3:25)
- Session INTRO-6C - Introductory Comments (1:37)
- Session INTRO-7 Downloadable Slides & Notes PDFs
- Session INTRO-8 Introduction Review Quiz
- Session INTRO-9 Introduction Review Quiz Answer Explanations
- Session 1-1 IT Risk & AI Technology Introduction (1:46)
- Session 1-2 Risk Definitions (6:31)
- Session 1-3 Risk Management (8:15)
- Session 1-4 Defining Artificial Intelligence (8:02)
- Session 1-5 Historical IT Costs (4:54)
- Session 1-6 Machine Learning (8:13)
- Session 1-7 Robotics Introduction (1:14)
- Session 1-8 Robotics Deeper Dive (6:09)
- Session 1-9 AI Definitions Summary (5:30)
- Session 1-10 Module 1 Conclusion (1:28)
- Session 1-11 Review Quiz #1
- Session 1-12 Review Quiz #1 Answer Explanations
- Session 2-1 AI Risks & Security Resources Introduction (1:31)
- Session 2-2 ChatGPT Risks (4:54)
- Session 2-3 Movies (2:33)
- Session 2-4 AI Headlines (5:02)
- Session 2-5 Movie Trivia (7:26)
- Session 2-6 Security Resources Introduction (0:53)
- Session 2-7 ISACA COBIT (4:30)
- Session 2-8 NIST Cybersecurity Framework (CSF) (1:08)
- Session 2-9 Center for Internet Security (CIS) Critical Controls (5:59)
- Session 2-10 AI Risks (7:56)
- Session 2-11 AI Risks Wharton College (6:07)
- Session 2-12 AI Regulations (4:59)
- Session 2-13 Module 2 Conclusion (1:24)
- Session 2-14 Review Quiz #2
- Session 2-15 Review Quiz #2 Answer Explanations
- Session 3-1 AI Governance Introduction (1:15)
- Session 3-2 Insurance (4:55)
- Session 3-3 FINRA (12:29)
- Session 3-4 AI Governance & AI Risk Management (4:32)
- Session 3-5 Inaccurate AI Processing (7:13)
- Session 3-6 AI Inventory (5:38)
- Session 3-7 COBIT Risk Management (8:25)
- Session 3-8 Audit Considerations (2:24)
- Session 3-9 Module 3 Conclusion (1:58)
- Session 3-10 Review Quiz #3
- Session 3-11 Review Quiz #3 Answer Explanations
- Session 4-1 AI Access Management Introduction (1:31)
- Session 4-2 Access Management - The Basics (2:42)
- Session 4-3 Authentication (6:04)
- Session 4-4 Authorization (5:30)
- Session 4-5 Logs (6:14)
- Session 4-6 AI Access Management Summary (3:29)
- Session 4-7 Module 4 Conclusion (1:43)
- Session 4-8 Review Quiz #4
- Session 4-9 Review Quiz #4 Answer Explanations
- Session 4-10 Midway Review Exercise (0:53)
- Session 5-1 AI Application Integrity Introduction (1:52)
- Session 5-2 AI Applications (7:37)
- Session 5-3 AI Training Part A (6:55)
- Session 5-4 AI Training Part B (2:31)
- Session 5-5 Change Management (7:33)
- Session 5-6 KPMG (5:45)
- Session 5-7 ChatGPT Integrity (4:20)
- Session 5-8 Patch Management (8:09)
- Session 5-9 Configuration (4:58)
- Session 5-10 System Development (9:25)
- Session 5-11 Agile (6:45)
- Session 5-12 Module 5 Conclusion (1:45)
- Session 5-13 Review Quiz #5
- Session 5-14 Review Quiz #5 Answer Explanations
- Session 6-1 AI Human Interface & Data Governance Introduction (1:14)
- Session 6-2 Human Interface (6:08)
- Session 6-3 Access Management (2:19)
- Session 6-4 Privileged Access (7:31)
- Session 6-5 Human Interface Summary (2:21)
- Session 6-6 Data Governance Part A (4:01)
- Session 6-7 Data Governance Part B (9:34)
- Session 6-8 Data Governance Part C (7:15)
- Session 6-9 Module 6 Conclusion (2:52)
- Session 6-10 Review Quiz #6
- Session 6-11 Review Quiz #6 Answer Explanations
- Session 7-1 Middleware, API, & Assessing Third Party Controls Introduction (0:54)
- Session 7-2 Application Programming Interface (API) (3:02)
- Session 7-3 API Risks (5:32)
- Session 7-4 API Audit & Security Resources (5:19)
- Session 7-5 API Audit Considerations (8:51)
- Session 7-6 Cloud & Third-Party Service Provider Risks (5:18)
- Session 7-7 Cloud Configuration Management (6:10)
- Session 7-8 Third-Party Management (10:41)
- Session 7-9 Contracts – Right to Audit (6:08)
- Session 7-10 System & Organization Controls (SOC) Reports (4:14)
- Session 7-11 Third-Party Governance - Audit Considerations (1:58)
- Session 7-12 Module 7 Conclusion (2:14)
- Session 7-13 Review Quiz #7
- Session 7-14 Review Quiz #7 Answer Explanations
- Session 8-1 AI Audit Strategy Introduction (1:19)
- Session 8-2 KPMG Audit Strategy Part A (5:28)
- Session 8-3 KPMG Audit Strategy Part B (9:04)
- Session 8-4 KPMG Audit Strategy Part C (7:31)
- Session 8-5 KPMG Audit Strategy Part D (5:49)
- Session 8-6 ChatGPT Audit Strategy Part A (5:51)
- Session 8-7 ChatGPT Audit Strategy Part B (6:13)
- Session 8-8 ChatGPT Audit Strategy Part C (4:56)
- Session 8-9 AI Risk Management Framework (2:47)
- Session 8-10 Final Exercise & Concluding Remarks (7:01)
- Session 8-11 Review Quiz #8
- Session 8-12 Review Quiz #8 Answer Explanations
- Session 8-13 Video 1: Course Conclusion: Review of Objectives & Assumptions (4:09)
- Session 8-13 Video 2: Course Conclusion: Review of Agenda, IP Reminder, & Thank You! (1:43)
Featured Courses
View our other ERP Armor: Learning courses and get the continuing education hours you need!
Policies:
Refund: ERP Risk Advisors provides refunds in accordance with the refund policy of Teachable, our learning platform host. Refunds must go through the support funnel found at https://support.teachable.com/hc/en-us/articles/360004215372-Request-a-Refund. Teachable’s terms of use, including the refund policy, can be found at: https://teachable.com/terms-of-use. a) In general, all participants purchasing programs that are a part of ERP Armor: Learning are entitled to a thirty (30) day full refund from the date of purchase. Unless authorized by Teachable in Teachable's sole discretion, ERP Risk Advisors will not offer to Participants a refund policy for a period of more than thirty (30) days. b) Teachable reserves the right to refuse refunds to participants who abuse this Refund Policy. Examples of abuse include, but are not limited to, requesting refunds for multiple schools or requesting refunds in consecutive months. c) Regardless of any other section to the contrary in these Terms, Teachable does not establish, maintain, or control refunds or a refund policy for any ERP Armor: Learning Content that was processed through a Custom Payment Gateway, including programs.
Cancellation: If a participant cancels a paid ERP Armor: Learning subscription plan, the cancellation will become effective at the end of the then-current billing cycle. When a participant cancels a paid plan, their account will revert to a free account and Teachable may disable access to features available only to paid plan users.
Complaint Resolution: At ERP Armor: Learning, we are committed to providing a positive learning experience for all our users. If a participant has a complaint regarding any aspect of our learning platform or services, these steps should be followed: Participant(s) should email [email protected] and provide as much detail as possible about the complaint, including any relevant screenshots, account information, or transaction details. Upon receiving the complaint, ERP Risk Advisors’ support team will acknowledge it within 24 hours during business days. ERP Risk Advisors’ support team will investigate the complaint thoroughly. This may involve reviewing relevant records, consulting with appropriate personnel, and gathering additional information as necessary. ERP Risk Advisors aims to resolve all complaints as quickly as possible. Depending on the complexity of the issue, resolution may take up to 5 business days or more. During this time, ERP Risk Advisors will keep the participant(s) informed of the progress and any steps being taken to address their concerns. Once a resolution has been proposed, ERP Risk Advisors will contact the participant(s) to discuss the outcome. If participant(s) are dissatisfied with the initial resolution provided by ERP Risk Advisors’ support team, they may request that their complaint be escalated. Escalations will be reviewed by a senior manager to ensure a fair and impartial review of concerns. ERP Risk Advisors treats all complaints with the utmost confidentiality. Information provided will only be used for the purposes of investigating and resolving a complaint, in accordance with our Privacy Policy. For more information regarding administrative policies such as complaints and feedback, please contact our support desk at [email protected].
*****
ERP Risk Advisors is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have the final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: www.nasbaregistry.org
