 |
This is the first in a three-part series breaking down the Committee of Sponsoring Organizations of the Treadway Commission's (COSO) newly released report, Achieving Effective Internal Control Over Generative AI. Each post covers five key takeaways from the document. Part 1 lays the foundation: the risks, the capability types, and the control principles organizations need to understand before anything else. The full report is available free of charge at coso.org and is worth reading in full. What follows is a guided tour of the highlights.
Generative AI is not waiting for your governance team. It is already inside your organization, running inside productivity tools, shaping analyses, and generating content, regardless of whether your policies have caught up. The question is no longer whether your employees are using it. The question is whether you know how, where, and with what data.
The COSO report opens with that precise tension. It acknowledges the productivity gains and the analytical possibilities that GenAI introduces across finance, compliance, and operations. It also makes clear that those same qualities, speed, accessibility, and adaptability, are exactly what make GenAI a governance problem if left unmanaged. Hallucinations, prompt injection, model drift, opaque reasoning, and rapid configuration changes can all threaten the reliability of operations and reporting if no one is watching.
That framing sets the stakes. And if your organization has not begun building the internal controls to match, the gap between where you are and where you need to be is already widening.
Takeaway 1: Shadow AI Is the New BYOD
History does not repeat itself, but it certainly rhymes. In the early 2010s, the rise of the iPhone and Android forced IT departments to grapple with the Bring Your Own Device (BYOD) movement. Workers wanted their personal devices connected to corporate systems, and IT had to build frameworks to accommodate that demand without compromising security. BYOD ultimately displaced BlackBerry's enterprise dominance because the pressure from the workforce was impossible to contain.
The same dynamic is playing out now with AI, and the COSO report names it directly. On page five, the document defines Shadow AI as unauthorized or ungoverned AI implementations operating outside formal IT oversight.
The parallel to BYOD is instructive, but Shadow AI carries a higher risk profile. Getting corporate data onto a personal device in the BYOD era required some degree of technical sophistication. With Shadow AI, the barrier is copy and paste. An employee can move sensitive client data, unreleased financial projections, or regulated personal information into a consumer AI tool in seconds, without any technical skill and without any visible footprint in your systems.
What makes this particularly hard to contain is that the motivation is legitimate. GenAI tools offer genuine productivity advantages, competitive edge in knowledge work, and time savings that employees feel immediately. That is not bad behavior. It is rational behavior in the absence of a governed alternative. The COSO report is right to surface this in the introduction, because until organizations provide a sanctioned path, employees will build their own.
Takeaway 2: Seven GenAI-Specific Risks
Before the document maps controls to any framework, it lists the risks that make GenAI governance categorically different from traditional IT risk management. These are not generic technology risks. They are specific to how GenAI systems work and how they fail.
The report identifies seven:
- Data quality, source, and completeness
- Reliability and consistency
- Explainability and transparency
- Security and privacy
- Bias and fairness
- Third-party and vendor risk
- Governance and accountability
Each of these deserves its own treatment, and later posts in this series will go deeper. For now, the important point is the list itself. These risks are not hypothetical. They are active in any organization where GenAI is being used, whether governed or not. Shadow AI, by definition, means these risks exist without the controls designed to manage them.
Takeaway 3: Eight Capability Types That Map How GenAI Works
One of the most practically useful contributions in the COSO report is its capability-first taxonomy. Rather than organizing GenAI by vendor or product name, which would be outdated before the ink dried, the report organizes it by what the system actually does. This is the right approach. It gives practitioners a durable lens for risk assessment and control design that does not depend on which tools are in the market this quarter.
The report identifies eight capability types following a data-to-decision sequence (Emett et al., 2026, p. 7):
- Data extraction and ingestion
- Data transformation and integration
- Automated transaction processing and reconciliation
- Workflow orchestration and autonomous task execution
- Judgment, forecasting, and insight generation
- AI-powered monitoring and continuous review
- Knowledge retrieval and summarization
- Human-AI collaboration
A few of these are worth highlighting from a practical standpoint. Data transformation and integration is one of the most powerful and underappreciated capabilities. The ability to take unstructured information and convert it into structured outputs, or take raw data and convert it into a readable memo, is something GenAI does unusually well. This is not simple summarization. It is a genuine transformation of information across formats and registers that previously required significant human effort. I refer to this as "Data to Documentation" within my GenAI workshops.
Knowledge retrieval and summarization is another that has real-world traction right now. Tools like NotebookLM are already being used to synthesize large document sets into accessible summaries, a task that once took days. The capability is real, and the productivity gain is real, which is exactly why the governance question cannot wait.
Judgment, forecasting, and insight generation is the most nuanced of the eight. It sits at the intersection of classic machine learning and generative AI, and the report acknowledges that complexity. This capability will receive more attention in Parts 2 and 3 of this series, particularly around how the COSO framework addresses the risk of over-reliance and how human review requirements scale with the materiality of the decision.
Takeaway 4: Five Foundational Characteristics That Impact Control Design
Before mapping any of the 17 COSO principles to GenAI, the report establishes five foundational characteristics of the technology itself. These are not risk categories. They are architectural realities that should inform how controls are built. The report's treatment of each is worth reading in full; the short version is below (Emett et al., 2026, p. 8):
- Probabilistic, not deterministic: GenAI can be confidently wrong; outputs require validation
- Dynamic: models, prompts, and data change frequently, sometimes without notice
- Easily scalable: automation scales errors just as readily as it scales quality
- Low barrier to entry: accessibility is what enables Shadow AI to flourish
- GenAI can help govern GenAI: its pattern-recognition capabilities can strengthen monitoring and validation
Takeaway 5: The 17 COSO Principles as They Apply to GenAI
The COSO Internal Control Integrated Framework organizes its guidance around five components and 17 principles. The report applies all 17 to the GenAI context. Here is how they break out across the five components (Emett et al., 2026, pp. 5, 9–17):
Control Environment
- Principle 1: Demonstrate commitment to integrity and ethical values
- Principle 2: Exercise oversight responsibility
- Principle 3: Establish structure, authority, and responsibility
- Principle 4: Demonstrate commitment to competence
- Principle 5: Enforce accountability
Risk Assessment
- Principle 6: Specify suitable objectives
- Principle 7: Identify and analyze risk
- Principle 8: Assess fraud risk
- Principle 9: Identify and analyze significant change
Control Activities
- Principle 10: Select and develop control activities
- Principle 11: Select and develop general controls over technology
- Principle 12: Deploy through policies and procedures
Information and Communication
- Principle 13: Use relevant information
- Principle 14: Communicate internally
- Principle 15: Communicate externally
Monitoring Activities
- Principle 16: Conduct ongoing and/or separate evaluations
- Principle 17: Evaluate and communicate deficiencies
What the report does that previous frameworks have not is apply each of these principles specifically to the GenAI context, with examples, minimum control expectations, and metrics. A principle like "identify and analyze significant change" reads differently when the change in question is a vendor releasing a model update that silently alters how your automated reconciliation system classifies transactions. The familiar framework is still sound. The terrain it has to cover has changed.
The next two posts in this series continue the conversation, surfacing the report's most relevant guidance for practitioners navigating the governance challenges that GenAI presents.
Reference
Emett, S., Eulerich, M., Guthrie, J., Pikoos, J., & Wood, D. A. (2026). Achieving effective internal control over generative AI (GenAI). Committee of Sponsoring Organizations of the Treadway Commission. https://www.coso.org/generative-ai
