Part Five in a Series: Managing Risks of Technologies Emerging as Business Opportunities: Chatbots

What are chatbots?

Chatbots are computer programs or artificial intelligence (AI) that conduct a conversation via audio or text.  These programs are typically used in dialog systems, including customer service scenarios, and are often designed to simulate how a human would behave during conversation.  Chatbots can be programmed to respond the same way each time or differently to messages containing keywords.  They can also use machine-learning to adapt their responses to fit the situation, as they are built to automatically engage with received messages.

One way for businesses to stay competitive is to automate as many of their processes as possible.  Chatbots assist in saving time and money which can then be allocated to other efforts.  They are also used for other business tasks, such as collecting information about users and showcasing new products and services.  Today, most chatbots are accessed via virtual assistants (Amazon’s Alexa), messaging apps (Facebook Messenger), or individual organizations’ websites or apps.

What does this growing digital technology mean for Internal Audit

As auditor skills must keep pace with growing technologies, audit efforts should be focused on where risk is going.  Technological risk factors continue to evolve as companies increase reliance on new technologies.  Emerging risk considerations for chatbots include the following:

  • Customers have poor experiences with chatbots and are unable to accomplish their objectives when contacting a company.
  • High dependencies on the network capacity and size lead to unreliable performance of chatbots for customers.
  • Chatbot rules/scripts are incomplete or lead to inaccurate responses.
  • Compliance with regulatory requirements is not assessed related to usage and rules/scripts.
  • Inadequate governance procedures are performed to identify processes to implement chatbots, resulting in operational inefficiencies and investment losses.
  • Attackers exploit vulnerability in chatbots, leading to a loss of sensitive information.

Additionally, as interactions with chatbots continue to grow, new opportunities emerge for phishing, hacking and other cyber-related attacks.

Internal auditors must consider different support models for emerging technologies to provide businesses value.  Progressive risk management practices, such as assessing the impact of potential future events, should be utilized.  Internal auditors must respond proactively by helping organizations identify, monitor and manage risk.  This can be introduced by looking at risks from a high-level perspective, examining policies/procedures, inspecting current project plans, communicating risks in the context of the business’s goals/objectives, and giving an overall opinion on how the business is managing emerging risk. 

If you have additional questions related to chatbots, we welcome the opportunity to discuss and advise on risk assessment.  Please visit our Risk Advisory Services page.

You’ve heard our thoughts… We’d like to hear yours

The Schneider Downs Our Thoughts On blog exists to create a dialogue on issues that are important to organizations and individuals. While we enjoy sharing our ideas and insights, we’re especially interested in what you may have to say. If you have a question or a comment about this article – or any article from the Our Thoughts On blog – we hope you’ll share it with us. After all, a dialogue is an exchange of ideas, and we’d like to hear from you. Email us at

Material discussed is meant for informational purposes only, and it is not to be construed as investment, tax, or legal advice. Please note that individual situations can vary. Therefore, this information should be relied upon when coordinated with individual professional advice.

© 2020 Schneider Downs. All rights-reserved. All content on this site is property of Schneider Downs unless otherwise noted and should not be used without written permission.

our thoughts on

Ransomware Postpones First Day of School for Hartford Students
Is Your Chip Card Implementation Secure?
Does Your Institution Offer the Correct Number of Courses?
Part of a Data Breach… Now What?
SOC for Supply Chains
Evolving Cyber Threats of the New Normal

Register to receive our weekly newsletter with our most recent columns and insights.

Have a question? Ask us!

We’d love to hear from you. Drop us a note, and we’ll respond to you as quickly as possible.

Ask us

contact us

Map of Pittsburgh Office

One PPG Place, Suite 1700
Pittsburgh, PA 15222
p:412.261.3644     f:412.261.4876

Map of Columbus Office

65 East State Street, Suite 2000
Columbus, OH 43215
p:614.621.4060     f:614.621.4062

Map of Washington Office
Washington, D.C.

1660 International Drive, Suite 600
McLean, VA 22102