Auditing AI-Based Systems in Banking Information Security: Auditors’ Perceptions and Expectations

Abstract

The application of artificial intelligence (AI) in banking information systems poses new types of security, control and oversight challenges. The research aims to explore how IT auditors perceive and evaluate the tasks, risks and expectations related to auditing AI-based systems. The study uses a qualitative methodology to collect data from the professional community, with a particular focus on issues of transparency, verifiability, explainability and information security. The research presents the main risks identified by auditors – such as opacity of models, uncertainties in data quality, lack of reproducibility of decision processes and potential biases – as well as the opportunities that arise from the application of AI, such as increased efficiency, automated controls or improved anomaly detection. It also identifies the factors that determine the auditability of AI systems in the field of banking information security, including the quality of documentation, the regulation of model development processes, monitoring mechanisms and organizational maturity. The results contribute to the professional discourse on the methodological and practical frameworks of AI auditing and may inform the development of future regulatory, supervisory and audit practices. The study also highlights that the role and competencies of auditors are also changing with the spread of AI-based systems, creating new knowledge and skill needs in the profession.