{"id":"https://openalex.org/W7116105984","doi":"https://doi.org/10.48550/arxiv.2512.14902","title":"How frontier AI companies could implement an internal audit function","display_name":"How frontier AI companies could implement an internal audit function","publication_year":2025,"publication_date":"2025-12-16","ids":{"openalex":"https://openalex.org/W7116105984","doi":"https://doi.org/10.48550/arxiv.2512.14902"},"language":null,"primary_location":{"id":"doi:10.48550/arxiv.2512.14902","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2512.14902","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"article"},"type":"preprint","indexed_in":["datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://doi.org/10.48550/arxiv.2512.14902","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":null,"display_name":"Gomez, Francesca","orcid":null},"institutions":[],"countries":[],"is_corresponding":true,"raw_author_name":"Gomez, Francesca","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":null,"display_name":"Buick, Adam","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Buick, Adam","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":null,"display_name":"Ferentinos, Leah","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Ferentinos, Leah","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":null,"display_name":"Kim, Haelee","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Kim, Haelee","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"last","author":{"id":null,"display_name":"Lee, Elley","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Lee, Elley","raw_affiliation_strings":[],"affiliations":[]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":5,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":null,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":null,"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10883","display_name":"Ethics and Social Impacts of AI","score":0.7520999908447266,"subfield":{"id":"https://openalex.org/subfields/3311","display_name":"Safety Research"},"field":{"id":"https://openalex.org/fields/33","display_name":"Social Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}},"topics":[{"id":"https://openalex.org/T10883","display_name":"Ethics and Social Impacts of AI","score":0.7520999908447266,"subfield":{"id":"https://openalex.org/subfields/3311","display_name":"Safety Research"},"field":{"id":"https://openalex.org/fields/33","display_name":"Social Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.02319999970495701,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.019700000062584877,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/internal-audit","display_name":"Internal audit","score":0.8555999994277954},{"id":"https://openalex.org/keywords/audit","display_name":"Audit","score":0.6344000101089478},{"id":"https://openalex.org/keywords/frontier","display_name":"Frontier","score":0.5633999705314636},{"id":"https://openalex.org/keywords/function","display_name":"Function (biology)","score":0.5339999794960022},{"id":"https://openalex.org/keywords/scope","display_name":"Scope (computer science)","score":0.4867999851703644},{"id":"https://openalex.org/keywords/information-technology-audit","display_name":"Information technology audit","score":0.4442000091075897},{"id":"https://openalex.org/keywords/risk-management","display_name":"Risk management","score":0.4383000135421753},{"id":"https://openalex.org/keywords/corporate-governance","display_name":"Corporate governance","score":0.4189999997615814}],"concepts":[{"id":"https://openalex.org/C170856484","wikidata":"https://www.wikidata.org/wiki/Q6452684","display_name":"Internal audit","level":3,"score":0.8555999994277954},{"id":"https://openalex.org/C199521495","wikidata":"https://www.wikidata.org/wiki/Q181487","display_name":"Audit","level":2,"score":0.6344000101089478},{"id":"https://openalex.org/C2778571376","wikidata":"https://www.wikidata.org/wiki/Q1355821","display_name":"Frontier","level":2,"score":0.5633999705314636},{"id":"https://openalex.org/C144133560","wikidata":"https://www.wikidata.org/wiki/Q4830453","display_name":"Business","level":0,"score":0.5526999831199646},{"id":"https://openalex.org/C14036430","wikidata":"https://www.wikidata.org/wiki/Q3736076","display_name":"Function (biology)","level":2,"score":0.5339999794960022},{"id":"https://openalex.org/C2778012447","wikidata":"https://www.wikidata.org/wiki/Q1034415","display_name":"Scope (computer science)","level":2,"score":0.4867999851703644},{"id":"https://openalex.org/C121955636","wikidata":"https://www.wikidata.org/wiki/Q4116214","display_name":"Accounting","level":1,"score":0.47530001401901245},{"id":"https://openalex.org/C177309310","wikidata":"https://www.wikidata.org/wiki/Q758917","display_name":"Information technology audit","level":5,"score":0.4442000091075897},{"id":"https://openalex.org/C32896092","wikidata":"https://www.wikidata.org/wiki/Q189447","display_name":"Risk management","level":2,"score":0.4383000135421753},{"id":"https://openalex.org/C39389867","wikidata":"https://www.wikidata.org/wiki/Q380767","display_name":"Corporate governance","level":2,"score":0.4189999997615814},{"id":"https://openalex.org/C112930515","wikidata":"https://www.wikidata.org/wiki/Q4389547","display_name":"Risk analysis (engineering)","level":1,"score":0.39570000767707825},{"id":"https://openalex.org/C195094911","wikidata":"https://www.wikidata.org/wiki/Q14167904","display_name":"Process management","level":1,"score":0.38589999079704285},{"id":"https://openalex.org/C2780795517","wikidata":"https://www.wikidata.org/wiki/Q6030997","display_name":"Information assurance","level":3,"score":0.376800000667572},{"id":"https://openalex.org/C147007100","wikidata":"https://www.wikidata.org/wiki/Q3344190","display_name":"External auditor","level":4,"score":0.3492000102996826},{"id":"https://openalex.org/C62190432","wikidata":"https://www.wikidata.org/wiki/Q17004774","display_name":"Audit plan","level":5,"score":0.3483000099658966},{"id":"https://openalex.org/C2909264111","wikidata":"https://www.wikidata.org/wiki/Q740419","display_name":"Financial Audit","level":3,"score":0.3264000117778778},{"id":"https://openalex.org/C199450454","wikidata":"https://www.wikidata.org/wiki/Q1667931","display_name":"Internal control","level":3,"score":0.31690001487731934},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.304500013589859},{"id":"https://openalex.org/C2779948991","wikidata":"https://www.wikidata.org/wiki/Q6047930","display_name":"Internal security","level":3,"score":0.29989999532699585},{"id":"https://openalex.org/C516990006","wikidata":"https://www.wikidata.org/wiki/Q3578710","display_name":"Organizational economics","level":2,"score":0.28690001368522644},{"id":"https://openalex.org/C189922023","wikidata":"https://www.wikidata.org/wiki/Q17056348","display_name":"Information governance","level":4,"score":0.27480000257492065},{"id":"https://openalex.org/C21547014","wikidata":"https://www.wikidata.org/wiki/Q1423657","display_name":"Operations management","level":1,"score":0.266400009393692},{"id":"https://openalex.org/C56739046","wikidata":"https://www.wikidata.org/wiki/Q192060","display_name":"Knowledge management","level":1,"score":0.2619999945163727},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.2578999996185303}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.48550/arxiv.2512.14902","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2512.14902","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"article"}],"best_oa_location":{"id":"doi:10.48550/arxiv.2512.14902","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2512.14902","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"article"},"sustainable_development_goals":[{"display_name":"Partnerships for the goals","id":"https://metadata.un.org/sdg/17","score":0.4622728228569031}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"Frontier":[0],"AI":[1,70,163],"developers":[2],"operate":[3],"at":[4],"the":[5,73,136,161],"intersection":[6],"of":[7,21,48],"rapid":[8],"technical":[9],"progress,":[10],"extreme":[11],"risk":[12,188],"exposure,":[13],"and":[14,24,50,72,89,106,114,119,121,142,144,148,177,180],"growing":[15],"regulatory":[16],"scrutiny.":[17],"While":[18],"a":[19,167],"range":[20],"external":[22,175],"evaluations":[23],"safety":[25,172],"frameworks":[26],"have":[27],"emerged,":[28],"comparatively":[29],"little":[30],"attention":[31],"has":[32],"been":[33],"paid":[34],"to":[35,43,64,124],"how":[36,56],"internal":[37,58,83,155],"organizational":[38,147],"assurance":[39,67,87,185],"should":[40],"be":[41,62],"structured":[42],"provide":[44,65],"sustained,":[45],"evidence-based":[46],"oversight":[47],"catastrophic":[49,187],"systemic":[51],"risks.":[52],"This":[53],"paper":[54],"examines":[55],"an":[57],"audit":[59,101,117],"function":[60],"could":[61],"designed":[63,159],"meaningful":[66],"for":[68,128,160],"frontier":[69,162],"developers,":[71],"practical":[74],"trade-offs":[75],"that":[76,154],"shape":[77],"its":[78],"effectiveness.":[79],"Drawing":[80],"on":[81],"professional":[82],"auditing":[84],"standards,":[85],"risk-based":[86],"theory,":[88],"emerging":[90],"frontier-AI":[91],"governance":[92],"literature,":[93],"we":[94,134],"analyze":[95],"four":[96],"core":[97],"design":[98],"dimensions:":[99],"(i)":[100],"scope":[102],"across":[103],"model-level,":[104],"system-level,":[105],"governance-level":[107],"controls;":[108],"(ii)":[109],"sourcing":[110],"arrangements":[111],"(in-house,":[112],"co-sourced,":[113],"outsourced);":[115],"(iii)":[116],"frequency":[118],"cadence;":[120],"(iv)":[122],"access":[123],"sensitive":[125],"information":[126],"required":[127],"credible":[129],"assurance.":[130],"For":[131],"each":[132],"dimension,":[133],"define":[135],"relevant":[137],"option":[138],"space,":[139],"assess":[140],"benefits":[141],"limitations,":[143],"identify":[145],"key":[146],"security":[149],"trade-offs.":[150],"Our":[151],"findings":[152],"suggest":[153],"audit,":[156],"if":[157],"deliberately":[158],"context,":[164],"can":[165],"play":[166],"central":[168],"role":[169],"in":[170],"strengthening":[171],"governance,":[173],"complementing":[174],"evaluations,":[176],"providing":[178],"boards":[179],"regulators":[181],"with":[182],"higher-confidence,":[183],"system-wide":[184],"over":[186],"controls.":[189]},"counts_by_year":[],"updated_date":"2025-12-19T19:45:34.690201","created_date":"2025-12-19T00:00:00"}