AI Trends and Emerging Risks in Utilities

Artificial intelligence is no longer a cool pilot living in a corner of the innovation lab, waiting for someone to remember it exists. It has moved straight into mission-critical operations across the utility sector. Predictive maintenance, outage forecasting, billing analytics, and energy-market optimization now influence public safety, grid reliability, customer outcomes, and yes, regulated revenue that auditors and CFOs lose sleep over. 

That dual reality; serious operational upside paired with serious audit and regulatory exposure, means Internal Audit (IA) must evolve from periodic assurance into continuous, multidisciplinary oversight. IA now needs to map AI risks to established frameworks (NIST AI Risk Management Framework (AI RMF 1.0), ISO/IEC 42001:2023, ISA/IEC 62443), validate model and data controls, test vendor arrangements and accounting treatments, and produce regulator-ready evidence. 

This article breaks down the AI use cases reshaping utilities, the audit challenges they introduce, and a practical IA playbook (controls, KPIs, evidence requests) to help organizations innovate safely without learning the hard way that “the model said everything was fine” is not an acceptable explanation during a commission review. 

AI Use Cases Reshaping Utilities 

Predictive Maintenance and Asset Health Monitoring

Machine-learning models ingest SCADA telemetry, IoT sensor streams, vibration analysis, and historical failure logs to predict transformer, breaker, and generator failures. When implemented with strong data lineage and validation, predictive maintenance reduces unplanned outages, lowers crew costs, and improves capital planning accuracy. 

• Siemens Energy + Nvidia Siemens Energy is leveraging NVIDIA Omniverse and Modulus to build digital twins for HRSG (heat recovery system generator) predictive maintenance, with potential savings of $1.7 billion per year This is a vendor‑reported outcome; results should be independently validated. (Source: NVIDIA Siemens Energy HRSG Digital Twin Simulation). 
• EPRI  EPRI case studies show AI can detect wind‑turbine gearbox degradation early, cutting repair costs from US$350,000 to US$15,000–70,000. Results are dataset‑dependent and not universally transferable. This is a vendor‑reported outcome; results should be independently validated.  (Source: EPRI Develops AI Model to Reduce Wind Turbine Operations Costs - Utility Analytics Institute).

Grid Reliability, Load Forecasting, and Outage Prediction

AI models combine weather forecasts, vegetation growth models, asset geospatial registries, and historical fault data to forecast outage likelihood and impact windows. These forecasts enable utilities to pre-position crews, prioritize critical customers, and improve public safety. 

• IBM’s Outage Prediction, powered by its Environmental Intelligence Suite, forecasts weather-induced outages up to 72 hours ahead. Pilots report faster restoration during severe storms. This is a vendor‑reported outcome; results should be independently validated. (Source: Outage Prediction - IBM Mediacenter) 
• Avista Utilities leveraged AiDASH CRIS to forecast storm-related incidents, enabling proactive vegetation trimming and optimized resource deployment. During a major windstorm in January 2024, AiDASH correctly predicted 163 of 177 actual incidents, achieving 92% accuracy. Reported benefits included reduced restoration times, more efficient staff deployment, and improved customer communication and satisfaction. This is a vendor‑reported outcome; results should be independently validated.(Source: Avista improves the customer experience with AI-powered weather and incident forecasting - AiDASH) 

Customer Engagement and Billing Accuracy

AI supports usage forecasting, anomaly detection in meter reads, automated dispute triage, and contact-center automation. These capabilities reduce billing errors and operational costs, but they also raise fairness and explainability questions whenever automated decisions affect customers. 

• AES deployed H2O.ai models to detect smart‑meter tampering, cutting ~3,000 unnecessary truck rolls and saving an estimated $1.0M annually. The deployment reportedly improved CAIDI (Customer Average Interruption Duration Index).by 10%. This is a vendor‑reported outcome; results should be independently validated.(Source: AES Transforms its Energy Business with AI and H2O.ai).

Fuel Optimization and Energy Market Operations 

For utilities with fuel-dependent generation or active trading desks, AI models forecast fuel needs, optimize consumption, and support trading strategies. These benefits introduce compliance considerations around market-risk management and appropriate model governance. 

• Shell integrates AI across upstream and downstream operations to optimize refineries, forecast demand, reduce waste, and support its transition to low-carbon energy. (source: Shell’s AI Strategy for Optimization and Innovation in Energy).

A Quick Comparison Table 

A CFO-friendly snapshot of how AI supports operations; and where IA needs to keep both eyes open. 

AI Use Case	Primary Benefit	Key Audit Risks	What IA Should Prioritize
Predictive Maintenance	Fewer outages, better asset reliability	Bad sensor data, undocumented assumptions, biased predictions	Lineage testing, validation, explainability thresholds, drift monitoring
Outage Prediction & Grid Reliability	Faster restoration, better crew placement	Model opacity, weather-feed issues, vegetation-data errors	Forecast-model validation, third-party SLAs, human-in-loop controls
Billing Accuracy & Customer Analytics	Fewer disputes, better anomaly detection	Algorithmic bias, unfair rate logic, data errors	Billing logic review, exception handling, explainability, privacy controls
Fuel Optimization & Market Ops	Lower fuel costs, improved trading strategy	Market-risk exposure, insider-data misuse	Trading-model validation, segregation of duties, vendor oversight
Customer Engagement Automation	Faster dispute triage, lower call volume	Automation overreach, privacy gaps	Override controls, consent checks, encryption and retention reviews
Vegetation & Risk Forecasting	Reduced wildfire and outage risk	Poor satellite feed quality, geospatial drift	Third-party feed validation, lineage audits, scenario testing
Vendor AI Models	Faster deployment, scalable analytics	Black-box logic, unknown training data, unclear updates	Audit rights, provenance review, vendor change controls

Key Challenges and Why IA Must Step In 

Utilities operate in a highly regulated, safety-sensitive environment. AI introduces concentrated failure modes that can affect public safety, reliability, and financial reporting. Across industry guidance and utility pilots, five challenge areas consistently show up on audit radars. 

1. Model Transparency, Explainability, and Governance 

Many AI models are opaque. Operators may not know why a model recommended a maintenance alert or an outage prediction. Without documented assumptions, training-data provenance, and independent validation, outputs are difficult to defend in regulatory reviews or incident investigations. 

IA should: 

• Verify a Model Risk Management Framework. 
• Confirm documented assumptions, data lineage, and validation evidence. 
• Ensure human-in-the-loop controls and override procedures. 
• Review scheduled re-validation and change-management controls. 
• Assess fairness testing and the use of explainability tools like SHAP or LIME.

2. Cybersecurity in OT and SCADA Environments 

Connecting AI to operational technology expands the attack surface. Threats include data poisoning, model manipulation, and malicious command injection. 

IA should: 

• Confirm strict segmentation between IT-hosted AI systems and OT networks. 
• Validate hardened gateways and monitored cross-domain data flows. 
• Align controls with ISA/IEC 62443 and NIST cybersecurity principles. 
• Assess vendor remote-access restrictions and anomalous AI-command monitoring.

3. Data Quality and Governance 

AI is only as good as the data powering it, and utilities run dozens of legacy systems (GIS, AMI, WMS, SCADA, ERP, CRM). Fragmented data creates silent failure modes and biased outputs. 

IA should: 

• Audit the Data Governance Framework using DAMA-DMBOK principles. 
• Validate end-to-end data lineage for model inputs. 
• Review reconciliation routines for meter, geospatial, and sensor data. 
• Test quality controls over third-party feeds.

4. Privacy and Data Protection Risks 

Smart-meter interval data, geolocation details, rooftop solar export patterns, and consumption profiles often qualify as personal information under GDPR, CCPA, PIPEDA, and local utility privacy laws. 

IA should: 

• Confirm lawful basis for processing. 
• Evaluate data-minimization, pseudonymization, and anonymization techniques. 
• Review retention, deletion, encryption, and access controls. 
• Assess cross-border data transfers and vendor contract protections.

5. Vendor Models and Third-Party Risk 

Vendor black-box models may limit auditability and introduce uncertainty around data retention, update cadence, and cyber obligations. 

IA should: 

• Confirm a vendor AI inventory. 
• Verify contractual audit rights and provenance documentation. 
• Test vendor update controls and contingency plans. 
• Assess operational and financial reporting exposure from vendor reliance. 

When an AI Model Gets It Wrong 

“North Valley Utilities; The $8 Million Storm Surprise” 

(Fictional, but realistically painful.) 

North Valley Utilities deployed a new AI outage-prediction model just before peak winter season. The system blended 20 years of weather data, vegetation profiles, and asset condition scores. Accuracy looked great during testing. 

What went wrong 

Three days before a major storm, the model predicted minimal impact across Circuit 14 — despite aging poles and heavy tree load. The model had quietly learned to down-weight vegetation data because historical trimming records were inconsistent. In plain English: it trusted the wrong inputs. 

The fallout 

• 27% of customers in Circuit 14 lost power. 
• Crews were pre-positioned in the wrong region based on model forecasts. 
• $8 million in unplanned overtime, contractor mobilization, and regulatory penalties. 
• Media coverage labeled the incident a “data-blind outage,” which is never what a utility wants trending locally.

IA’s post-incident review 

Internal Audit identified: 

• Missing lineage controls in vegetation-trimming data 
• No independent validation of geospatial layers 
• No documented explainability threshold for operator acceptance 
• Override procedures existed but operators had never been trained to use them 

Lessons learned 

• High-accuracy models can still enable high-impact failures. 
• Data governance failures often masquerade as model failures. 
• Explainability is essential for operator trust and regulatory defensibility. 

Accounting and Financial Reporting Implications 

AI affects far more than operations. It influences capital planning, depreciation schedules, and regulatory filings. 

Capitalization of AI Development 

IFRS (IAS 38) Research costs are always expensed. Development costs may be capitalized only if all six criteria are met: technical feasibility; intention to complete; ability to use or sell; probable future economic benefits; availability of resources; and reliable measurement of costs. Utilities must document feasibility, expected benefits, and useful life to support recognition. 

US GAAP ASC 350 Most internally developed intangibles are expensed. Capitalization is generally limited to software development after technological feasibility is established and costs can be measured reliably; AI model costs not tied to feasible software are typically expensed. 

Useful Life Adjustments 

AI-driven insights about equipment health may justify extending useful lives. Finance teams must obtain engineering evidence and governance approval before adjusting depreciation. 

Regulatory Filings and Rate Cases 

Regulators increasingly expect AI-enabled efficiency gains to be transparent and verifiable. 

IA should review: 

• Benefit calculations 
• Model validation supporting filings 
• Cost-allocation methodologies

Fair Billing and Revenue Assurance 

AI billing models must be accurate and unbiased. IA should evaluate rate logic, meter-data controls, exception handling, and dispute workflows. 

Controls, KPIs, Evidence, and Playbook 

IA should adopt a structured AI assurance program mapped to leading frameworks (NIST AI RMF, ISO/IEC 42001, ISA/IEC 62443, DAMA DMBOK) and Big Four guidance. 

Core Components 

1. AI Inventory and Risk Tiers 
2. Pre-Implementation Reviews 
3. Model Validation and Explainability 
4. Data Governance and Lineage Audits 
5. OT Cyber Controls Testing 
6. Vendor Risk Management 
7. Continuous Monitoring and Automation 

Sample IA Dashboard KPIs 

• % of high-risk models validated within 90 days 
• % of model inputs with full lineage verified 
• Volume of drift alerts and time to re-validate 
• Operator-override rate and investigation time 
• % of AI vendors with audit rights 
• % of AI projects with capitalization evidence and engineering sign-off 

Evidence Checklist for IA Reviews 

Artifact	Purpose	Owner / Source
Model inventory entry with risk tier and owner	Ensures all AI assets are catalogued and risk‑rated	Internal Audit / Risk Management
Model card (purpose, inputs, outputs, limitations)	Documents model scope and constraints for regulator review	Data Science / Model Owner
Training & validation dataset snapshot (hash + storage ID)	Provides reproducibility and lineage evidence	Data Engineering / IT
Independent validation report (date, validator, scope)	Confirms accuracy, error rates, and stress‑testing	External Validator / IA
Explainability report (tool used, key drivers, stability metrics)	Demonstrates transparency and fairness of model outputs	Data Science / IA
Change log & model snapshot (version, timestamp)	Tracks updates and supports investigation of incidents	DevOps / Model Owner
Operator training & override logs	Shows human‑in‑loop controls and operator readiness	Operations / HR
Adversarial / red‑team test report	Validates robustness against manipulation and data poisoning	Cybersecurity / IA
Vendor provenance attestation & contract clause reference	Confirms training data sources and audit rights	Procurement / Vendor
Accounting evidence for capitalization or depreciation changes	Supports IFRS/GAAP compliance on AI project costs	Finance / Accounting

Building IA Capability for the AI Era

Skills and Resourcing 

IA must recruit or upskill staff in data science, OT cybersecurity, engineering, and regulatory accounting. 

Tools and Automation 

Continuous-audit tools should monitor model outputs, lineage, and override patterns while automating evidence gathering. 

Board Engagement 

IA should deliver plain-English reporting explaining where AI is used, what decisions it influences, what could go wrong, and what assurance has been provided. 

Conclusion

AI offers utilities major operational and financial upside, but also new responsibilities around governance, cybersecurity, data quality, and accounting accuracy. IA must shift from periodic assurance to continuous oversight, aligning with NIST, ISO, IEC, and regulatory accounting frameworks. With strong controls, sound validation, and disciplined governance, utilities can innovate confidently while protecting public trust, financial integrity, and system reliability. 

Disclaimer: This document is for informational purposes only and does not constitute legal, regulatory, or accounting advice. Any performance, savings, or operational claims cited are vendor‑reported or pilot results and should be independently validated. Organizations must consult their legal, regulatory, and external audit advisors before relying on these claims in regulatory filings, rate cases, or public disclosures.