Part Five in a Series: Managing Risks of Technologies Emerging as Business Opportunities: Chatbots

What are chatbots?

Chatbots are computer programs or artificial intelligence (AI) that conduct a conversation via audio or text.  These programs are typically used in dialog systems, including customer service scenarios, and are often designed to simulate how a human would behave during conversation.  Chatbots can be programmed to respond the same way each time or differently to messages containing keywords.  They can also use machine-learning to adapt their responses to fit the situation, as they are built to automatically engage with received messages.

One way for businesses to stay competitive is to automate as many of their processes as possible.  Chatbots assist in saving time and money which can then be allocated to other efforts.  They are also used for other business tasks, such as collecting information about users and showcasing new products and services.  Today, most chatbots are accessed via virtual assistants (Amazon’s Alexa), messaging apps (Facebook Messenger), or individual organizations’ websites or apps.

What does this growing digital technology mean for Internal Audit? 

As auditor skills must keep pace with growing technologies, audit efforts should be focused on where risk is going.  Technological risk factors continue to evolve as companies increase reliance on new technologies.  Emerging risk considerations for chatbots include the following:

• Customers have poor experiences with chatbots and are unable to accomplish their objectives when contacting a company.
• High dependencies on the network capacity and size lead to unreliable performance of chatbots for customers.
• Chatbot rules/scripts are incomplete or lead to inaccurate responses.
• Compliance with regulatory requirements is not assessed related to usage and rules/scripts.
• Inadequate governance procedures are performed to identify processes to implement chatbots, resulting in operational inefficiencies and investment losses.
• Attackers exploit vulnerability in chatbots, leading to a loss of sensitive information.

Additionally, as interactions with chatbots continue to grow, new opportunities emerge for phishing, hacking and other cyber-related attacks.

Internal auditors must consider different support models for emerging technologies to provide businesses value.  Progressive risk management practices, such as assessing the impact of potential future events, should be utilized.  Internal auditors must respond proactively by helping organizations identify, monitor and manage risk.  This can be introduced by looking at risks from a high-level perspective, examining policies/procedures, inspecting current project plans, communicating risks in the context of the business’s goals/objectives, and giving an overall opinion on how the business is managing emerging risk. 

If you have additional questions related to chatbots, we welcome the opportunity to discuss and advise on risk assessment.  Please visit our Risk Advisory Services page.