Q&A Recap from “A Practical Application of AI to GRC Processes”

Get the highlights from our webinar discussion with Cential

During our conversation with Cential, Andrew Gunter, partner, and Jason Rohlf, consulting director, shared practical insights and real-world examples as they answered questions from attendees regarding the application of artificial intelligence to governance, risk, and compliance (GRC) processes.

We’ve compiled key takeaways from that Q&A session here. Let’s dive in.

How do I know when I should bring AI into by GRC processes?

You may be wondering, “Are we really ready as an organization to pull the trigger on something like AI?” Before planning for the implementation of any new technology, there are three important questions to ask.

  1. Is the organization truly ready and prepared to proceed with the endeavor? This really means asking more questions: Is the organization’s data structured and accessible? Do you have the necessary resources, like infrastructure, software, storage and IT support? Do you have AI policies, controls and mitigation plans for privacy regulations, intellectual property rights, and ethical guidelines?
  2. Are foundational processes already in place? You really need to have those foundational processes and workflows mapped out and in place, as technology alone cannot fix underlying issues.
  3. Is leadership aligned with your proposed use of AI? Involving key stakeholders, such as the chief privacy officer or information security group, early on can ensure awareness, guidance, and alignment with existing policies.

Considering these points can help set you up for success with a solid foundation for leveraging AI technology effectively and efficiently.

Is ChatGPT available on Onspring right now?

ChatGPT is not natively integrated with Onspring currently. According to Gunter, “I think Onspring’s taken a responsible approach on this. I’ve seen some organizations try to do this integration, and they haven’t thought through the privacy and security concerns.”

Anytime you’re looking at a technology that is claiming ChatGPT enablement, you have to immediately ask: What information does the AI have access to? How is the data provided and what does that channel look like?

If you’re making that step forward, consider the data, privacy, and security. Gunter reiterates, “Since day one, I have been hammering home to our team that if we can’t solve data privacy and security, we can’t do AI integrations. The number one concern I have for any GRC program is that you have a lot of confidential information at your fingertips. We can’t just turn that over to ChatGPT to craft things.”

So, if you are going to integrate with generative AI, make sure you’re working with partners who fully understand how to implement responsibly.


On-Demand Webinar

Want to see how ChatGPT operates in Onspring? Watch the on-demand webinar for a sneak peek.

Are there any unique AI considerations for GRC use in the BFSI sector?

In the context of the financial markets and banking industry, there are specific considerations related to chatbots and generative AI.

Privacy and security become elevated concerns, especially regarding the type of data being processed, as financial information is sensitive and subject to regulatory scrutiny. The evolving regulatory landscape surrounding AI adds an additional layer of complexity.

We advise to take a cautious approach, leveraging generative AI for acceleration while minimizing the risk associated with sensitive data. Given its history of policies and regulations, we predict that oversight and restrictions of AI usage will continue in the financial sector.

How do you manage automated prompts so that they don’t snowball out of control?

To ensure control and prevent prompts from spiraling out of control, we recommend managing and maintaining prompts with guardrails in a GRC solution like Onspring.

Rather than relying on blank-page prompts in ChatGPT or having users copy from templates, you can provide individuals with predefined fields or selection values that protect the integrity of your prompts. The backend of Onspring allows for prompt management and evolution over time. Soon prompt engineering will be available directly within Onspring, granting administrators visibility and control while restricting changes to authorized individuals.

This middleware solution plays a vital role in maintaining prompt integrity and ensuring effective workflow integration.


Unlock the power of AI in GRC

Schedule an all-access tour of Onspring's capabilities and AI use cases.

If you’re using ChatGPT to generate content, how are you citing your sources, if that were a requirement?

When it comes to citing sources, ChatGPT has limitations and does not provide reliable citations. Despite monitoring improvements in newer models like GPT-4, this issue persists.

While GPT-4 offers a broader range of information, its citation accuracy cannot be trusted, often generating false information. Concerns about bias, ethics, due diligence, and proper research apply to AI in general, not just ChatGPT.

Right now, especially, it’s important to approach AI technologies with critical questions and organization-wide discussions involving privacy officers, legal experts, and HR representatives. Be sure to include multiple perspectives so that you can better address the integrated ethical implications and concerns.

What are the security implications of ChatGPT?

Data privacy is a big concern. ChatGPT processes and interacts with user inputs, which may include sensitive information. It’s important to ensure that appropriate measures are in place to protect user data and maintain privacy. This means the inputs you share with ChatGPT are pulled into to ChatGPT’s knowledge inventory.

We’ve developed methods to protect your data in Onspring so that it’s not used back into the AI generation.

How do you stay up-to-date on AI developments, particularly for GRC?

To stay updated on the latest news and developments in AI for GRC programs, several sources are recommended.

  • TLDR AI provides a daily newsletter that offers insights and updates.
  • The Intelligence Age is a subscription service that offers breaking news and analysis on AI.
  • The podcast “Hard Fork” from The New York TImes covers technology topics and attempts to make sense of the latest in the rapidly changing world of tech.

Additionally, articles, newsletters, and podcasts are generally more up-to-date than books for current information on AI.

If you’ve watched the webinar or read our coordinating posts, AI in GRC: Takeover or Gamechanger? and How to Use AI and LLMs in GRC Effectively & Securely, you may be curious to see exactly what Cential could do for your GRC processes with AI in Onspring.

You’re in luck.

Free exploration sessions with Andrew and Jason are available for brainstorming GRC integration possibilities with ChatGPT or other large language models into Onspring. Email us to book before they’re gone!

Actionable insights we think you’ll like