"Revolutionizing IT General Controls: Innovations in Automating Comprehensive Control Testing"
IT General Controls, or ITGC testing, can involve testing any general checkpoints (often called “controls” in the world of risk management). ITGC is often related to specific IT systems, ERP systems, or even the IT infrastructure, IT policies, or governance process, depending on the scope of the assessment. As the name suggests, they are “general”, but they often require time-consuming manual effort by subject matter experts, making them difficult to automate using AI-ML or RPA (the breaking news is that we have automated a couple of the major roadblocks in ITGC, paving our innovation journey in ITGC automation).
- User needs to select and upload a sample document which will be used a template for testing all ITGC documents
- User can provide sensitive PII aspects which will NOT be used by machine learning models, as part of ethical use of AI.
- AI will scan the images using latest python packages, read the text and ask the user to define the “check-points” or “controls”, this is a configuration step, where human user will have flexibility to define N number of check points
- AI will present a bunch of other options, like selecting a certain area/column of the template for which a summary needs to be generated
- Finally upload the entire zip folder of all similar documents that needs to be tested, which will be analyzed in a few minutes to provide a test result and a test summary created using Generative AI.
- The customer may select not to pass the sensitive PII information as input to the model and thereby minimise risk.
- Customers can decide to use pre-trained generative models like ChatGpt or Bard (with a higher risk of AI hallucination but potentially a higher quality of output using the wisdom of the crowd).
- Customers may opt for a low-risk, low-performing option to generate summaries locally only using customer-owned data with unsupervised machine learning methods like TextRank.