arrow-circle-downarrow-circle-rightarrow-leftarrow-rightcheckchevron-downPathPathclosefilterminuspausepeoplepinplayplusportalsearchsocial-facebooksocial-instagramsocial-linkedinsocial-tiktoksocial-twittersocial-youtube
Article Images 2

Latest Insights

Getting your business structure right from the start

Contact
Back to all insights
Insights
Insights

AI Preparedness – Applying lessons learnt from the pandemic

The rapidly evolving landscape of AI is a topic that continues to dominate our conversations and newsfeeds.

Whilst there are some incredible benefits that can be leveraged, there are also significant risks that need to be understood and effectively managed.

What is AI?

A system that is designed and trained to generate predictive outputs — such as consumable content, decisions, or recommendations — based on human-defined objectives and input data, without requiring explicit programming of each individual rule or outcome.

AI systems are designed to operate with varying levels of automation and are being used either with or without our knowledge when we stream programs, music, use search engines, social media or talk to our various devices.

What do we know?

We know:

  • Whilst we have voluntary standards and a significant amount of work underway, this space is not well or adequately regulated;
  • Many industry experts are still working to fully understand the nature and extent of AI-related risks;
  • Many of the service providers that each of us uses regularly have not been appropriately transparent in how they are sourcing, using and securing our data.

What have we learnt in the last few years?

Many of us in the risk and assurance space remember that only a decade or so ago, ‘global pandemic’ was considered ‘too far out’ to use in our business continuity scenarios for fear of losing our audience.

Similarly, it might feel too early for many to be considering how we’ll manage the risks associated with our colleagues dating/being groomed/physically harmed/or replaced by AI-generated entities or systems.

However, we can and must apply the lessons from our lived experience with the pandemic.

As with COVID, AI will impact all of us and spans across many different risk categories.

It should be kept front of mind in our strategies, decision-making, risk registers and reporting.

As with the pandemic, we’ll see similar behaviours, there’ll be denial and burying heads in the sand, there’ll be anger, fear and reactivity, and there’ll be calm, strategic decision-making that seeks to do the best we can with what we’ve got to prepare, respond and evolve.

Regardless of where we sit on this scale, it is important to acknowledge, global change is once again upon us, with AI here to stay.

Therefore, we need to do the best we can to:

  • Understand and monitor the various systems and their capabilities;
  • Be clear on both our knowns and unknowns; and
  • Support and empower our colleagues, clients and broader community to make smart decisions that move us closer toward our goals, reduce risk and maintain confidence.

Where do I start?

The first step is to look at establishing a team and appropriate governance to help monitor, prepare for and respond to AI-related risks.

This may include:

1. Identify and map out your core team.

Consider:

  • Which team members are excited about, have a sound understanding of, and are actively researching this space?
  • Can you divide and conquer, and avoid duplication of effort? Who’s looking at what, map out coverage across roles and responsibilities. Seek to have eyes and ears across strategy, operations, risk, compliance, privacy and data management, cyber, safety, people, and service delivery/business disruption.
  • If you don’t have adequate capacity or capability within your existing teams, how will you acquire or develop this to ensure you stay informed of, and actively manage related risks?

2. Develop a consolidated view of, and regular reporting on:

  • Existing and emerging AI technology and systems: Potential benefits, vulnerabilities, how data can be utilised and shared, how accessible is the software or system, what are the best sources of reliable information to understand the risks;
  • Utilisation: How are employees using AI currently? Both personal and professional use can pose significant risks to your business if not appropriately managed;
  • Disclosures: AI is being used, how can employees clearly reference where information has been sourced from, how has it been used to inform their decisions or complete tasks, i.e. performance reviews, research, business proposals, policy development or review, risk assessments, stakeholder interactions incl. regulators, customers, employee survey results, etc.;
  • Authenticity: How will you identify the legitimacy of information and/or whether content produced by your organisation or stakeholders is human or system-generated? What is your process to verify the legitimacy of CVs, ideas, complaints, grievances, important documents, evidence?
  • Awareness: Without open and transparent discussion, you will not be able to effectively understand and address existing and emerging vulnerabilities. Do your colleagues have a basic understanding of risks relating to privacy, intellectual property, cyber security, safety, business disruption, bullying, harassment, fraud, or reputation? If they don’t, how will you help ensure these are considered prior to AI use? How can timely and potentially confidential advice and support be accessed?
  • Risk reporting: How do you know if you have adequate visibility of potential and actual issues? Do employees understand what and how to report? Is reporting a positive or negative experience? Do you have the right resources on hand to help both the organisations and individuals impacted? Are risks being reported to multiple different sections of the business i.e. Safety/IT/HR, or are they flowing through a central capture point, for holistic assessment inclusive of root cause analysis and adequate escalation, monitoring and oversight?
  • Third-party risk: How are your service providers using AI? What do you require of them by way of consultation and assurance concerning your data?
  • Compliance obligations: With risks outpacing the legislation, how will you demonstrate consideration and management of foreseeable risks, how are you protecting your customers, employees, integrity and broader public interest?

Whilst AI risk will continue to evolve, assigning dedicated resource(s) to help develop the above will provide a solid foundation that can be matured and refined. Having an accurate and complete view of your capabilities, priorities and opportunities will help you to make smart decisions, that support continued performance and maturity.

Who can help?

The global PKF network is comprised of dynamic, highly skilled professionals who are passionate about helping our clients with tailored, fit-for-purpose solutions to effectively manage AI and other business risks.

We look forward to hearing from you. Please reach out for a discussion on your needs and how we can assist.

Risk – Amy Daley and David Hutchison

Digital – Don McLean

Cyber security – Spiro Koulianos

References: The Senate - November 2024, ‘Select Committee on Adopting Artificial Intelligence (AI)’

4 Sept 2025
Author

Amy Daley

Related insights

View more
Becky Nguyen Pillar Two Compliance 1

Insights

Pillar Two Compliance in Australia: Why Outbound Multinational Groups Must Act Now
Pillar Two Has Arrived: Far More Than Another Reporting RequirementInternational tax reform has accelerated in recent years, but only a small number of initiatives have materially reshaped how multinational groups are governed, structured, and managed. Pillar Two is one of them.Developed in response to concerns around base erosion and profit...
Becky Nguyen 02 WEB
Ryan Lu

2 contributors

Melbourne

SBAS PSI and Part IVA

Insights

Understanding Personal Services Businesses in the context of Part IVA
Understanding Personal Services Income and Part IVA: What it means for your tax structureThe Australian Taxation Office (ATO) has released (PCG 2025/5), which explains how closely it will look at certain business structures where income is mainly earned from an individual’s skills or effort.This guidance is particularly relevant if you...
Nicholas Falzon

Nicholas Falzon

Director

Sydney, Newcastle

Universal considerations in MA 2000 x 1000 R1

Insights

Universal considerations and risks in M&A and capital raising
Whether you're buying a business, selling a business, or raising capital in Australia, each pathway comes with its own technical processes and risks. Our comprehensive guide to mergers & acquisitions and capital raising highlights the critical steps, risks, and tax considerations you need to know.The guide covers: The strategic importance...
Peter Sinclair
Matt Hall

2 contributors

Perth

Subscribe to our newsletter

Subscribe

Propel your career

Learn more

Follow us

Find your closest office

Locations

Risk or quality concerns

Email

About the firm

Transparency reports