THE ROLE OF INTERNAL AUDITING IN AI RISK MANAGEMENT FOR DEEPFAKE EVALUATION: A STUDY OF COSO AND AIRMF FRAMEWORKS

Authors

  • Tiba Abdul Karem Mohamed Jafar
  • Ibithaj Ismail Yaqoob
  • Zahra Hasan Oleiwi Al-Mustansiriyah University — College of Administration and Economics — Department of Accounting
  • Jaafar Abdulhussein Hiloalkiabi Ibn Sina University for Medical and Pharmaceutical Sciences, Iraq.
  • Athmar Abdulrahman Sharhan Department of Financial and Banking Sciences Al-Bayan University

Abstract

This study investigates the factors influencing deepfake risk evaluation in Iraqi banking sectors through the Artificial Intelligence Risk Management Framework (AIRMF), Artificial Intelligence Risk Management (AIRM) practices, Committee of Sponsor in Organizations framework (COSO) framework for Internal Auditing (INA). Data from 313 respondents of multiple banking institutions and assessed it using the Smart Partial Least Squares (SmartPLS) two-stage analytical procedure. The empirical results revealed that AIRM and AIRMF generally had statistically significant positive effects on the deepfake risk assessment, whereas INA had a weaker but still positive effect. On the other hand, CFR was not found to be statistically significantly associated with deepfake risk assessment. Based on these findings, the study recommends that Iraqi banking institutions strengthen risk governance mechanisms in favour of artificial intelligence (AI) to provide greater identification and prevention of AI-driven threats such as risks attributable to deepfakes alongside mitigation efforts. The results also show the importance of improving INA procedures to provide effective monitoring, strengthen internal control systems, and ensure compliance with regulations. Further, the incorporation of AI-oriented risk dimensions into any modernisation and adaptation of CFR is envisaged as a key means through which to respond to the changing technological threat landscape. It also highlights the significant potential of sector-wide collaboration, especially in areas such as sharing knowledge, building shared capacity and promoting effective new ways of working to address AI-related risks within sectors. When implemented in tandem, these measures should improve the institutional resilience of establishments against AI-related security threats and enhance the deepfake risk assessment and mitigation mechanisms for the banking industry as a whole.

 

Downloads

Published

2026-06-16

Issue

Vol. 18 No. 2 (2026): International Journal of Economics and Financial Studies

Section

Original Article