Integrating AI into GRC

By Jannie Wentzel, Partner, Cential and Andrew Gunter, Partner, Cential

Artificial intelligence has the power to transform nearly every aspect of business – including GRC. Machine learning has long helped analyze data and predict outcomes. But the introduction of generative AI – like ChatGPT – takes that power to a new level.

For GRC, AI presents new opportunities to automate, augment, and accelerate work processes. It can expand your abilities and reach by reimagining how work gets done.

We are now on the precipice of major change. The way we operate in the world, the way we do our jobs, and the way we interact with technology are about to change forever.

You Can’t Sit This One Out

ChatGPT is built on a large-language model trained on massive amounts of text scraped from the internet to learn the patterns of human language. The data supercharges its capabilities, allowing it to analyze data, find patterns, and devise solutions faster than any human could.

The potential impacts on GRC are wide. Already, AI is assisting with testing controls, reviewing evidence, and documenting findings. Companies are asking how AI can make board reporting faster, easier, and better.

To be sure, generative AI is not without concerns. Everyone – from regulators to the inventors themselves – is trying to figure out the proper safeguards. Meanwhile, organizations cannot simply shut off AI until official rules and regulations fall into place. Generative AI is moving too fast and offers too much promise to ignore even for a moment.

Your Opportunity to Strengthen GRC

In any process, the weakest link in a chain is the step that requires the most manual work. Adding automation to processes enhances efficiency and strengthens your overall chain.

AI can extend the reach of GRC by making associated tasks easier and faster. AI can even shorten the chain by reducing the steps needed in a workflow. With more automation, you have fewer manual interactions, and those actions combine into stronger chains.

What AI-Powered GRC Can Do for You

To zero in on where AI is the right tool to solve a problem and at what point in the process, we came up with the “blank-page challenge.”

Any new task – writing an email, filling out a form, drafting a policy – starts with a blank page. Just getting something on the page is often the most challenging part. And that’s where AI, like ChatGPT, excels.

With just a few prompts, ChatGPT can spit out a draft in a matter of seconds. That initial draft may not be flawless, but it can probably bring you about 50% – 70% of the way there. Then you can refine it with substance, tone, and voice to fit your organization.

Think of AI as an accelerator.
You still must review the response, adjust it, and take it forward.

Clear GRC use cases for ChatGPT include:

• Risk statements and ratings
• IT product demand
• Policy drafts
• Control content
• Laws and regulations interpretation
• Potential controls
• Language translations

ChatGPT will populate the risk statements and ratings with the appropriate prompts. It can summarize a list of laws and regulations in plain English – and, if you like, translate that into Spanish, French, or other language of your choosing. It can draft a policy in a matter of seconds. ChatGPT is a starting point to help you springboard off the dreaded blank page.

This list is just a start. AI could easily be used to draft business continuity plans or get started with third-party risk. The potential is almost endless. It’s all about understanding what you are trying to accomplish and where AI can provide a boost.

Chat GPT is best at:

• Generating content.
• Simplifying complex data.
• Translating lengthy and technical information (like regulations) into plain English.
• Eliminating tedious manual work.

Considerations

ChatGPT and other AI tools can provide answers at mind-boggling speed – but that doesn’t come without risk. Here are a few to watch out for:

Hallucinations – ChatGPT is programmed to provide a response, specifically the best next word in a sentence. In that process, it could make up the answer with no basis in fact. Always review and validate the response before you pass along information.

Bias – ChatGPT uses historical information to build new content. The problem is that what was acceptable in, for example, 1970, may not match today’s standards. And vice versa. Ensure the content generated by ChatGPT is relevant and appropriate for your question and for your organization’s policies and culture.

Data privacy and security – ChatGPT captures everything you type into the prompt and incorporates it into the model. Be cognizant of what information you are sharing outside of your organization. Protect yourself by defining proper use cases and your parameters for using them safely.

ChatGPT also does not cite sources, making it difficult to verify the accuracy and reliability of the information provided.

What to Do Next

Explore AI and use cases. Create a ChatGPT account and experience what people are talking about.  Begin thinking about how it could be used in your business. What technology is out there, what is coming forward, and how will that impact you? Check out podcasts, newsletters, and general news stories to help you keep up with this fast-moving trend.

Define AI organizational policies. Figure out how to get the benefits and speed of AI within your risk tolerance.

Start simple. You don’t need to build your own artificial intelligence models to begin enjoying the advantages. Start with public models through APIs, Riskonnect, Cential, and others to accelerate the processes you’re currently doing without making a considerable investment.

Or you could simply ask ChatGPT what to do next. Just be sure to validate the response.

Riskonnect + Cential + Chat GPT

Cential and Riskonnect teamed up to bring the power of AI to GRC processes. Watch this short video to see how ChatGPT can help create a risk record in Riskonnect.

Interested in learning more about the benefits of leveraging AI in GRC processes? Check out Riskonnect’s webinar, “The Future is Here: Integrating AI into GRC,” featuring Cential. Learn more about Riskonnect’s GRC software here.

Cential is part of PartnerKonnect, Riskonnect’s fast-growing, global network of partners delivering value-added services, integrations, and customized solutions to some of the world’s most prestigious organizations. Learn more about Cential’s GRC consulting services here.