The EU AI Act and What It Actually Means for Internal Controls
Read the original article ↗
IIA UK · Institute of Internal Auditors UK · Added November 10, 2025
IIA UK · Institute of Internal Auditors UK · Added November 10, 2025
AIgovernanceregulation
Why I'm reading this:
Most AI governance conversations focus on the technology itself. This piece gets closer to what internal auditors should actually be asking: where does AI touch controls, who owns those controls, and what does adequate oversight look like? The framing around 'AI as a control risk' rather than 'AI as a tool' is useful. I'm thinking about what this means for how audit plans should address AI exposure in regulated businesses—particularly where AI is embedded in processes that are already under supervisory scrutiny.