Realizing the full potential of artificial intelligence

Applying the COSO ERM framework and principles to help implement and scale AI

Artificial intelligence (AI) will continue to transform business strategies, solutions, and operations. Consequently, AI-related risks have become a top-of-mind priority, particularly for AI at scale. The COSO ERM framework, with considerations from the Deloitte Trustworthy AI™ Framework, can help your organization think through the risks and fully realize the potential of AI.

Deloitte Omnia l Trustworthy AI™ Module

Learn how Omnia Trustworthy AI can help you manage the risks and tap the full potential of AI

The COSO ERM framework: Addressing AI risks

As AI becomes more pervasive in business and our everyday lives, organizations will likely no longer have the option of ignoring or avoiding the unique risks that accompany AI adoption. Instead, they must learn to identify, manage, and respond to these risks effectively. Compounding the problem is the fact that AI is often not isolated to a specific function such as IT, but rather affects multiple functions in an organization. Organizations need to design and implement governance, risk management, and control strategies and structures to realize the potential of humans collaborating with AI. Fortunately, AI is like other technological components of an organization and thus can be successfully governed by effective ERM.

Realize the Full Potential of Artificial Intelligence


Since 1985, the voluntary, private-sector Committee of Sponsoring Organizations of the Treadway Commission (COSO) has been focused on helping organizations improve performance by developing thought leadership that enhances internal control, risk management, governance, and fraud deterrence. The most recent iteration of the COSO ERM Framework, adopted in 2017, highlights the importance of embedding it throughout an organization in five critical components:

  • Governance and culture
  • Strategy and objective-setting
  • Performance
  • Review and revision
  • Information, communication, and reporting


COSO Enterprise Risk Management – Integrating with Strategy and Performance Framework

By leveraging the COSO ERM Framework, organizations can identify and manage AI-specific risks and establish practices to optimize the results while managing exposure to risks like unintended bias and lack of transparency. Implementation can help to improve confidence among stakeholders within and outside the organization and proactively address emerging risks related to AI.

Back to top

The Deloitte Trustworthy AI Framework

AI and the models that make it work also have to be closely monitored across an organization. In designing and implementing AI, six key dimensions may help safeguard ethics and build a trustworthy AI strategy for the company that people can embrace. While currently there is no authoritative framework for AI ethics, Deloitte’s Trustworthy AI Framework can serve as a means to understand and assess risks and ethical considerations that are specific to AI and can be a valuable lens to complement the COSO ERM Framework, especially as it relates to governance and performance. Organizations can use it to help determine and monitor ongoing risks.

Let's chat how can AI help you?

Managing the risks to realize the potential of AI at scale

The agile design of Deloitte COINIA also means it can be used today not only for crypto assets but also for a broader base of digital assets, and beyond, as they are supported by the business community in the future. These can include supply chain tracking, digital rights management, real estate title transfer, and other forms of real-world asset digitalization. Deloitte COINIA is an extension of Deloitte’s award-winning Cortex platform, a cloud-based data platform that harnesses the power of data by securely and seamlessly integrating data acquisition with data preparation and analytics. It combines advanced technology with business processes to generate meaningful and valuable insights in a repeatable and consistent fashion.

Importantly, while technologies provide unparalleled benefits in the audit process, they do not stand alone in the transformation of the audit. Without the benefit of skilled audit professionals to provide deep thinking and sound judgments and to make sense of findings―and without an innovative methodology that evolves while being grounded in common standards, regulations, and guidelines―technology by itself loses its context and purpose. When audit technologies are at their most powerful, they work together as part of an effective audit methodology that incorporates the judgment and experience of auditors, all of which come together to provide very high-quality audits and generate insights that inform larger business risks and opportunities. The promise of this powerful combination is not just a game changer for the audit world, but also a benefit for organizations and a boost to investor confidence overall.

Deloitte celebrates its 175th anniversary in 2020, and audit has undergone multiple sea changes in those years. At each inflection point, it has re-established its vital role in building trust and confidence in the capital markets and in the investing public. Today, we are racing toward yet another inflection point that holds tremendous promise and potential for the future of audit.

Back to top

Contact us

  Yes         No

The services described herein are illustrative in nature and are intended to demonstrate our experience and capabilities in these areas; however, due to independence restrictions that may apply to audit clients (including affiliates) of Deloitte & Touche LLP, we may be unable to provide certain services based on individual facts and circumstances.

Fullwidth SCC. Do not delete! This box/component contains JavaScript that is needed on this page. This message will not be visible when page is activated.

Insert Custom CSS fragment. Do not delete! This box/component contains code needed on this page. This message will not be visible when page is activated.