Internal Audit is responsible for providing the 3rd line of defense assurance over the effectiveness of controls in mitigating enterprise risks. We are primarily a judgment-based operation, relying on “humanness” to ascertain if risks are sufficiently being mitigated. This sort of environment makes it difficult to employ machine learning, given the ambiguity of decisions and the need for interpretability to back up decisions that were made. However, these limitations give us the ability to become more imaginative, finding unique ways to employ machine learning. In this talk, Andrew will provide two examples of prototypes being used in audit, an unsupervised machine learning exploratory “clustering” environment to provide insight into looking at data in new ways; and a supervised NLP model that classifies audit reports into different classes for use in reporting.