To AI or Not to AI: Temptation, Risks, and Responsible Use

I was completing an Audit Report recently and one of the first heading sections was the Executive Summary. I sat and looked at the heading and thought to myself that I wouldn’t know what to include in the Executive Summary until I had completed the rest of the report.

With that in mind, I thought I would loop back around and make it the last thing that I completed. As I neared the end of the report I had an idea. What if I copied all of the report content into ChatGPT and asked it to write me an Executive Summary? 

Is anyone cringing right now? Are you too scared to keep reading? 

If you were cringing, what concerns did you have? 

I can tell you that my main concern was confidentiality and information security. Are you now breathing a sigh of relief? 

Of course, I could replace the company name with a generic name like ABC company and I would also have to make sure that there was no other references that could be traced back to the real company.  

Anything that is input into ChatGPT could be retained and accessed by OpenAI staff or contractors which could also lead to disclosure of businesses confidential information as well as breaches of contractual duties of confidentiality to third parties. 

This brings me to wondering how Certification Bodies (CABs) and Consulting Agencies are managing the risk of their contractors and employees using ChatGPT to assist with their audit report writing. Jackie Lyons, Cyber AI CFO and Board Director has provided some guidance for organizations searching for sample ChatGPT Corporate Policies. 

Anyway, to get back on track with my audit report and ChatGPT story, I decided that I would just write my own Executive Summary. I decided to avoid the risk. 

 "Only those who will risk going too far can possibly find out how far one can go”
 – T.S Eliot

Automation vs. Expertise: Why you’re irreplaceable 

This doesn’t mean that I am against using ChatGPT, I absolutely love it and it blows me away every single day.  

OpenAI launched ChatGPT last November and saw an astounding uptake: 1 million users in just four days and 100 million in a mere two months. This growth outpaced other tech giants by over 75%. Initially introduced as a chatbot responding solely to user queries, ChatGPT has rapidly expanded its capabilities.

It now offers data analysis and image interpretation features. As a result, individuals ranging from high schoolers to top-tier executives are eagerly learning about ChatGPT to leverage its potential in innovative and beneficial manners. 

So as ISO auditors and consultants, what can we use ChatGPT for? 

• Create draft policies – provide the business information that meets the criteria and ask ChatGPT to ‘arrange’ it in a policy format. 

• Check the tone of a document – provide the document and request it to be reworded using a different tone, possibly more suited to the organization you are working with.  

• Review that a policy or procedure meets criteria – this provides a summary of findings for you, as the ISO expert to review and expand on, checking accuracy along the way. 

• Summarise a document – request a summary of key areas of a large document, so you can focus your attention on these. 

• Interrogate documents – ask to compare documents to ISO criteria and provide a summary of conformance and nonconformance.  

• Audit reports – key in your audit notes as you are auditing and then ask ChatGPT to expand into sentences and paragraphs to formalise the wording  

But won’t this do me out of a job? No! 

This is just a tool to use as a knowledge multiplier and increase your productivity. You are still the expert and the holder of the tacit knowledge. You are still required to manage the risks and ensure that the output is accurate. This is YOUR responsibility as an expert. 

You still need to be aware of:  

• Confidentiality 

• Information security 

• Hallucinations (accuracy of information) 

You can see that as auditors and consultants we are still the experts with the tacit knowledge providing the core information for ChatGPT to then do the heavy lifting. This way we can focus on what we do best, sharing our tacit knowledge, getting others passionate and excited about what a high-performing ISO system can do for them and their business.  

Integrating AI: Enhancing the Bridge from ISO Standards to Expertise 

In essence, the focus model moves from the foundational criteria (Requirements) to the practical application (System), enhanced by technology (AI), and finally overseen and directed by human expertise (Expert). 

Requirements (ISO Standards) 

Definition: The foundational criteria and guidelines that guide businesses towards standardized, best practices. 

Role: Acts as the benchmark against which all processes, systems, and outcomes are measured. ISO Standards ensure that businesses maintain quality, safety, and efficiency across their operations. 

Importance: Having a clear set of requirements allows businesses to align their strategies and operations with internationally recognized standards, ensuring their services or products are of consistent quality and are globally accepted. 

System 

Definition: The structured and organized set of processes, tools, and methodologies that businesses implement to meet the established requirements. 

Role: Acts as the mechanism through which the requirements are translated into actionable steps and processes. It's the practical application of the ISO Standards. 

Importance: Without a well-defined system in place, businesses can't effectively adhere to or implement the required standards. The system acts as the bridge between the theoretical standards and real-world application. 

AI 

Definition: Advanced computational tools and algorithms that enhance the capabilities of the system and provide support to experts. 

Role: AI serves as an intermediary between the system and the expert, analyzing vast amounts of data, optimizing processes, and offering predictive insights to support decision-making. 

Importance: As businesses grow and data becomes more complex, human expertise alone may not suffice. AI steps in to process this data efficiently, identify patterns, and offer suggestions, making the system more adaptive and responsive.

Expert 

Definition: Highly skilled professionals who leverage their domain knowledge, experience, and the insights provided by AI to ensure the system meets the requirements. 

Role: The expert interprets the data and insights from AI, makes strategic decisions, and ensures that the system remains aligned with the ISO Standards. They also adapt and modify the system based on changing requirements or business needs. 

Importance: While AI can process data and offer insights, the human touch is irreplaceable. Experts bring understanding, intuition, and critical thinking to the table, ensuring that the system is not just efficient, but also effective and ethically sound. 

Your Next Steps

Lead Auditor ISO 42001 AI Management Systems

AU$1,895.00

Step into the future of responsible AI with the Lead Auditor ISO 42001 Course. This program equips you to design, implement, and manage an Artificial Intelligence Management System (AIMS) in line with ISO/IEC 42001:2023, the world’s first certifiable AI governance standard.

Learn more

1. Play with AI and manage the risks.

2. Review the output.

3. Be supported by an expert

Continue the Conversation with the LTS Podcast

This article is just the beginning. Join us for the extended discussion on the podcast, available on Spotify and YouTube.