"Revolutionizing IT General Controls: Innovations in Automating Comprehensive Control Testing"
IT General Controls, or ITGC testing, can involve testing any general checkpoints (often called “controls” in the world of risk management). ITGC is often related to specific IT systems, ERP systems, or even the IT infrastructure, IT policies, or governance process, depending on the scope of the assessment. As the name suggests, they are “general”, but they often require time-consuming manual effort by subject matter experts, making them difficult to automate using AI-ML or RPA (the breaking news is that we have automated a couple of the major roadblocks in ITGC, paving our innovation journey in ITGC automation).
So here are the 5 steps…
- User needs to select and upload a sample document which will be used a template for testing all ITGC documents
- User can provide sensitive PII aspects which will NOT be used by machine learning models, as part of ethical use of AI.
- AI will scan the images using latest python packages, read the text and ask the user to define the “check-points” or “controls”, this is a configuration step, where human user will have flexibility to define N number of check points
- AI will present a bunch of other options, like selecting a certain area/column of the template for which a summary needs to be generated
- Finally upload the entire zip folder of all similar documents that needs to be tested, which will be analyzed in a few minutes to provide a test result and a test summary created using Generative AI.
iRM helps to leverage the power of generative AI without the associated risks! We do not put customer-sensitive data as input to the model as a default option. Our preprocessing engine is engineered to remove such named entities, which can be persons, places, or anything proprietary. Our flexible control checkpoint design allows the end customer to select from multiple options based on their needs and their information security guidelines to create a controls library dynamically. For example, provide screen shots as part of generating summaries in ITGC testing
- The customer may select not to pass the sensitive PII information as input to the model and thereby minimise risk.
- Customers can decide to use pre-trained generative models like ChatGpt or Bard (with a higher risk of AI hallucination but potentially a higher quality of output using the wisdom of the crowd).
- Customers may opt for a low-risk, low-performing option to generate summaries locally only using customer-owned data with unsupervised machine learning methods like TextRank.
