I keep hearing the same line from finance teams and internal auditors.
“We want to use GenAI. We just don’t want it to blow up our controls.”
That tension is real. Generative AI compresses decision cycles and scales work fast. It also introduces risks that traditional governance models did not plan for. The good news is you do not need to invent a brand new framework from scratch. You can adapt what you already know.
This course walks through COSO’s recent update on achieving effective internal control over Generative AI and shows how to apply COSO’s 5 components and 17 principles to GenAI without reinventing the wheel.
Why GenAI Breaks Traditional Control Thinking
The core issue is simple.
GenAI is probabilistic not deterministic.
If you ask the same question 15 times you can get 15 different answers. They might be “close enough” in spirit. But they are not perfectly repeatable.
That matters for internal control because many controls assume:
- you can reproduce a result
- you can trace a decision path
- a system behaves the same way today as it did last month
GenAI challenges all three.
Four GenAI characteristics COSO calls out
COSO highlights four foundational characteristics that drive the risk profile:
- Probabilistic outputs The model can be confidently wrong. You cannot assume repeatability.
- Highly dynamic behavior Models, prompts, tools, and underlying capabilities change constantly. Risk assessment cannot be a once-a-year exercise.
- Scalable errors Automation scales quality. It also scales bias and mistakes. A small issue can propagate into a big one.
- Low barrier to entry (shadow AI) If you do not provide governed tools employees will often use their own free tools. That pushes activity outside your control environment.
The Practical Shift: Stop Governing Tools and Start Governing Capabilities
Trying to write controls for “ChatGPT” or “Gemini” or “Claude” is a losing game. The vendor landscape changes. Features change. Defaults change. Even model behavior shifts.
COSO’s recommendation is a capability-first approach.
Instead of asking “which AI tool is this,” ask “what capability is the AI performing in the process.”
The 8 GenAI capability types (data-to-decision lifecycle)
You can bucket most GenAI use cases into these categories:
- Data ingestion and extraction
- Data transformation and integration
- Transaction processing and reconciliation
- Workflow orchestration and autonomous task execution
- Judgment forecasting and insight generation
- AI monitoring and continuous review
- Knowledge retrieval and summarization
- Human-AI collaboration
This is a control design shortcut. Once you know the capability you can predict the risk pattern and design targeted controls.
Applying COSO’s 5 Components to GenAI (What Changes in Practice)
COSO’s point is not “throw out COSO.” It is “use COSO with GenAI realities in mind.”
Below is the practical mapping this course covers.
1) Control Environment: Policies Are Not Enough
Most organizations rushed to write an Acceptable Use Policy (AUP). That is necessary. It is not sufficient.
A real control environment for GenAI usually includes:
- A clear AUP including prohibited data types (PII, client confidential, regulated info)
- Clear ownership for:
- models
- prompts
- retrieval datasets
- workflows that use AI outputs
- Training that focuses on limitations not just “how to prompt”
One problem I see a lot: companies have an AUP and still see daily traffic to public GenAI tools without enterprise protections. That is the gap between “policy exists” and “policy works.”
2) Risk Assessment: Your Risk Register Has to Stay Alive
GenAI risk is not static. Models drift. Vendors ship updates. Features appear without anyone asking for them.
A GenAI risk assessment should explicitly cover risks like:
- hallucinations
- prompt injection
- model drift
- opaque reasoning / weak explainability
- unauthorized data exposure
- incorrect reliance on external sources
COSO’s framing pushes you toward a living risk register that updates when:
- model versions change
- prompts change materially
- retrieval sources change
- vendors change defaults or add capabilities
If your risk assessment only happens annually you will miss the actual risk.
3) Control Activities: Treat AI Output Like an Assertion Not a Fact
This is one of the most important mindset shifts.
AI output is not evidence. It is an assertion that needs support.
Practical control activities include:
- Human-in-the-loop review proportional to risk
High impact decisions need stronger review and approval. - Prompt and parameter control like IT configuration Use version control. Document changes. Restrict who can alter system prompts and guardrails.
- Defined thresholds and exception handling Confidence scores, routing rules, escalation paths.
This gets tricky with ad hoc chat. If you lock it down too hard people will move to shadow AI. The control design has to balance governance with usability.
4) Information and Communication: Build Audit Trails That Explain “What Happened”
Because outputs can vary you need traceability.
COSO emphasizes audit trails that capture:
- inputs and prompts
- outputs
- model version
- source references (especially for retrieval-based answers)
- confidence scores where available
- known limitations communicated to users
The goal is not perfect reproducibility. The goal is explainability and accountability.
If an auditor or reviewer asks “how did we get this answer,” you should be able to walk them through it.
5) Monitoring Activities: Continuous Monitoring Is Not Optional
GenAI changes too fast for set-and-forget controls.
Monitoring should include:
- ongoing performance metrics (accuracy, exception rates, hallucination indicators)
- periodic deep dives on higher risk use cases
- alerts tied to vendor updates or model changes
- drift detection where feasible
This is where many programs break down. People implement controls once. Then models change and no one notices until something fails.
A 6-Step Implementation Roadmap You Can Actually Use
COSO lays out a straightforward roadmap. It looks like other automation roadmaps but with GenAI-specific emphasis.
- Establish an AI governance structure (with ownership)
- Inventory GenAI use cases (including shadow AI)
- Assess risks by COSO component
- Design and map controls
- Implement and communicate
- Monitor and adapt
If you do only one thing after this course start with Step 2. Most organizations do not have a real inventory. Without it you cannot govern what you cannot see.
Case Study: The Disappearing Clause (Why Controls Have to Work Together)
COSO includes a simple example that hits the real-world problem.
A global legal team used a GenAI extractor to find termination-for-convenience clauses in supplier contracts.
- It worked great on clean PDFs
- Accuracy dropped sharply on scanned faxes
The control response was multi-layered:
- Add a document type classifier (ingestion control)
- Set confidence thresholds
- Require human confirmation before legal decisions (insight generation control)
- Monitoring detected a vendor OCR update that degraded performance
The team rolled back within 24 hours
That is what “effective internal control” looks like for GenAI. Not one perfect control. A set of controls working together across the lifecycle.
Key Takeaways
- GenAI is probabilistic so traditional deterministic control assumptions break.
- COSO does not require a new framework. You can adapt the existing 5 components and 17 principles.
- A capability-first approach scales better than trying to govern specific tools or vendors.
- Treat AI outputs as assertions that require review and evidence.
- Continuous monitoring matters because models drift and vendors ship changes constantly.
Start with an inventory of use cases including shadow AI or you are governing blind.
Want to earn CPE for this topic?
- Compare Options: See how we stack up against others in our 2025 Flexible CPE Guide
- Understand the Format: Read how Nano-Learning works for CPAs.
- Check Your State: Ensure you are compliant with our State Requirements Guide.
- What is EverydayCPE?
Related Courses:
