Traditionally, the 4‑eyes model assumes that every transaction requires human validation:

First line (maker) → First line (checker)

With AI, the model evolves:

First line (maker) → AI review (100%) → Human focus on exceptions

It is a shift from universal review to risk-based control design.

Instead of reviewing everything, the organization focuses attention where it matters most.

---

Potential Benefits

This approach has clear advantages when implemented properly.

1. Reduced burden on the first line

Operational teams spend less time performing routine approvals and more time on value-adding activities. The control remains in place, but the manual workload is significantly reduced.

2. Consistent and scalable reviews

Unlike humans, AI:

• does not suffer from fatigue
• applies the same logic consistently
• can process large volumes in real time

This can lead to more reliable coverage across 100% of transactions.

3. Stronger second line oversight

The second line of defence shifts from:

• sampling low-risk transactions

to:

• focusing on high-risk, flagged cases

This allows for deeper, more meaningful review, rather than broad but shallow oversight.

4. Enhanced traceability

Each transaction can be:

• scored
• documented
• explained

This creates a clear audit trail and supports transparency in decision-making.

---

A Shift in Control Philosophy

Despite its advantages, this model represents more than a technical improvement. It challenges a fundamental assumption embedded in many control frameworks.

The traditional 4‑eyes principle is based on full coverage where every transaction is reviewed.

The AI-driven model introduces selectivity:

• some transactions are reviewed by humans
• others are implicitly accepted by the model

This raises important questions:

• What level of undetected risk is acceptable?
• How do we validate and monitor the AI model?
• Who is accountable for decisions made by the system?
• How do we ensure independence and objectivity in a non-human reviewer?

These are governance questions that needs to be adopted in line with the business risk appetite.

---

Where This Model Fits (and Where It Doesn’t)

AI-based review is particularly well suited for:

• High-volume, standardized processes
• Rule-based decision environments
• Transactions with strong historical patterns

However, it is less suitable for:

• Highly judgmental decisions
• Complex or one-off transactions
• Areas with significant regulatory or ethical implications

In these cases, human review remains essential.

---

Repositioning the 4‑Eyes Principle

The key insight is that AI does not eliminate the four‑eyes principle—it transforms it.

Instead of applying independent review at the transaction level, organizations may start applying it at a higher level:

• reviewing the model’s performance
• challenging flagged outcomes
• governing thresholds and escalation criteria

In other words:

The “second pair of eyes” does not disappear – it moves up the control stack.

---

Final Thoughts

The idea of replacing manual 4‑eyes reviews with AI is not about removing controls. It is about redesigning them to better align with today’s operational reality.

If implemented carefully, this approach can:

• reduce operational burden
• increase consistency
• enhance risk focus

But it also requires organizations to rethink:

• accountability
• model governance
• and the very definition of effective control

For internal audit, risk, and compliance professionals, this is an opportunity—and a challenge.

The question is no longer whether AI can support control execution.

The real question is:

Are we ready to redesign our control frameworks around it?