Evaluating the internal control strategy in the AI industry: using the COSO framework

This study explores the application of the COSO Internal Control Integrated Framework (COSO ICIF) within Taiwan's artificial intelligence (AI) industry, addressing challenges such as rapid technological advancements, complex risk landscapes, and dynamic global markets. By employing a hybrid methodology that integrates Decision-Making Trial and Evaluation Laboratory (DEMATEL) with the DEMATEL-based Analytic Network Process (DANP), the research constructs an Influence Network Relation Map (INRM) to analyse interdependencies and prioritize internal control improvements. The findings emphasize the foundational role of the control environment in shaping other internal control components, highlighting the critical importance of monitoring activities and internal communication in mitigating risks and enhancing operational efficiency. The research also identifies emerging challenges, including stricter data privacy regulations, demands for transparent AI algorithms, and heightened global competition, stressing the necessity for adaptive internal controls that ensure compliance while supporting strategic agility. By extending the applicability of COSO ICIF to technology-driven industries, this research contributes valuable insights for both scholars and practitioners. The proposed hybrid model offers a robust framework for addressing the complexities of internal control in the AI industry, providing a systematic approach to enhance organizational resilience and performance in an evolving technological landscape.