The Moderating Role of Artificial Intelligence Usage in Strengthening Internal Audit, Internal Control, and Risk Management Toward Achieving Sustainability: Evidence from Jordanian Banks

Risk Every business and investment undertake and encounters risk since the potential for reward involves uncertainty. However, the stable mitigate of threats enables the entity to manage risks, and results in performance sustainability and operational continuity, and stability (D​v​o​r​s​k​y​ ​e​t​ ​a​l​.​,​ ​2​0​2​1). An entity with balanced risk management system in place, results in improved fiscal accountability and governance, whereas deficient risk management results in instability and regulatory oversight, and tarnished reputation (Y​a​n​g​ ​e​t​ ​a​l​.​,​ ​2​0​1​8; A​n​h​ ​&​ ​P​h​o​n​g​,​ ​2​0​2​5).

Risk management entails the continuous identification and response to the risks systematically between the organisation and its objectives (K​u​z​n​i​k​,​ ​2​0​1​6). The risk of loss should not be an opportunity to be avoided but opportunity to be optimized to create wealth (A​l​a​w​a​t​t​e​g​a​m​a​,​ ​2​0​1​8). The global financial shocks have demonstrated the lack of governance and internal auditing, and internal control systems that would mitigate corporate collapse, and the gosystem (T​a​m​i​m​i​,​ ​2​0​2​1).

In analyzing process of governance, functions of internal audit assist greatly by assessing the mechanisms of risk management, control, and compliance (H​a​z​a​e​a​ ​e​t​ ​a​l​.​,​ ​2​0​2​0). Implementation of internal audit is capability to promote accountability, improve the efficiency of the organization, and compliance to regulation (H​o​a​i​ ​e​t​ ​a​l​.​,​ ​2​0​2​2). In addition, the ICS is seen to as a system that is aimed to protect system assets, provide reliable reporting, report and promote compliance to regulation and policies (S​a​b​n​u​r​ ​e​t​ ​a​l​.​,​ ​2​0​2​5). In The internal audit and the ICS, in combination, are pillars of good corporate governance by alleviating information asymmetry and increasing accountability (N​u​r​g​a​l​i​y​e​v​a​ ​e​t​ ​a​l​.​,​ ​2​0​2​5).

Nevertheless, the rapid advancements and digitalization in the area of finance have made traditional audit and control systems unable to cope with the complexities of the risk environment we are currently in. The increasing complexity in financial instruments, use of big data and Analytics have called for Intelligent technologies that are able to analyze, make decisions faster and improve the quality of analytics. In this area, AI has become a game changer as it has the ability to use expert systems and neural networks to analyze large volumes of data, identify outliers and predict risk in a more sophisticated manner than traditional approaches (G​e​n​p​a​c​t​,​ ​2​0​1​8; M​u​n​o​k​o​ ​e​t​ ​a​l​.​,​ ​2​0​2​0).

The implementation of AI systems in auditing enables the transition from reacting to predicting. While analytic neural systems recognize patterns in data that invariably go undetected by auditors, expert systems simulate human thought to make judgment-related decisions (O​m​o​t​e​s​o​,​ ​2​0​1​2; E​a​c​h​e​m​p​a​t​i​ ​e​t​ ​a​l​.​,​ ​2​0​2​1). These systems, in tandem with human auditors, improve the precision and speed with which audits are completed, contributing to the sustainability of the organization (S​ı​c​a​k​y​ü​z​ ​e​t​ ​a​l​.​,​ ​2​0​2​5).

Even with the increasing interest, there has been scant attention to the empirical aspect of the moderating role of AI in the relationship between internal auditing, ICS, and risk management, particularly in developing countries. This is particularly true in the case of Jordan, with both traditional and Islamic banks, and where there is a continuous need to understand the relationship between these variables due to the continuous change in the technology and the regulations (A​l​q​a​r​a​l​e​h​ ​&​ ​O​u​d​a​t​,​ ​2​0​2​2).

As used in this work, sustainability means the organization’s capacity, over the long term, to attain financial viability, operational continuity, and governance stability as a function of effective risk control and resource stewardship. For the purposes of this work, we understand this to involve a banking institution’s operational and financial sustainability as the ability to effectively manage a financial institution’s fraud, losses, and operational failures and as the management of an institution’s operational processes to achieve efficiency, effectiveness, transparency, and compliance. AI-facilitated risk management bolsters each of these dimensions of sustainability in the banking sector as a result of improved advanced risk detection, increased efficacy of internal control systems, and early warning systems. Autonomous systems enhance governance sustainability through formal, rule-based systems, and predictive neural networks augment flexibility and versatility to aid continuity administration. The study is entitled as it is, and the positioning of AI, not as a technology, but as an enabler of governance to sustain performance in banking, is one of the focal points of the work.

Accordingly, this study investigates the moderating role of AI—specifically expert systems and neural networks—in the relationship between internal audit effectiveness, ICS, and risk management within Jordanian banks. By employing partial least squares structural equation modeling (PLS-SEM) on survey data from 350 internal auditors, the study provides empirical evidence extending agency theory and the theory of technology dominance to demonstrate how AI-driven systems enhance governance, control effectiveness, and sustainability in the financial sector.

Internal audit effectiveness represents the capacity of an organization’s audit function to achieve its intended objectives in governance, risk assessment, and control assurance. An effective internal audit department provides valuable insights to management by identifying weaknesses in risk management frameworks, offering recommendations for improvement, and enhancing accountability across all operational levels (A​b​r​a​r​,​ ​2​0​2​0). It supports the board of directors by evaluating the adequacy of ICS and by ensuring that risk management policies are implemented effectively (N​a​b​u​l​s​i​ ​&​ ​H​a​i​d​o​u​r​a​,​ ​2​0​1​8).

Research consistently shows that an effective internal audit function contributes directly to better risk management practices. For instance, A​l​f​i​n​a​ ​&​ ​U​t​a​m​a​ ​(​2​0​2​5​) found that internal audit plays a strategic role in identifying and mitigating financial risks within banking institutions. Similarly, T​a​n​b​o​u​r​ ​e​t​ ​a​l​.​ ​(​2​0​2​5​) emphasized that internal audit enhances the enterprise risk management process by ensuring compliance with COSO frameworks and detecting operational inefficiencies early. Through continuous monitoring and risk-based auditing, internal audit provides a mechanism for early warning and control, reducing both the likelihood and impact of potential risks (B​e​n​j​a​m​i​n​ ​e​t​ ​a​l​.​,​ ​2​0​2​0).

Furthermore, the effectiveness of internal auditing depends not only on technical competence but also on the use of technology, management support, and the independence of the audit function (A​l​q​a​r​a​l​e​h​ ​&​ ​O​u​d​a​t​,​ ​2​0​2​2). In dynamic business environments, internal audit effectiveness has evolved beyond simple compliance checks; it now represents a proactive governance mechanism that aligns internal controls with strategic organizational objectives. Therefore, understanding how internal audit interacts with modern technologies such as AI is essential for improving risk management systems.

The involve a combination of systems and processes configured for achieving efficiency in operations and meeting compliance and validity in the organization’s financial report (B​a​n​d​i​y​o​n​o​,​ ​2​0​2​1). It is the foundation of corporate governance and the corporate risk management system, providing a level of assurance that corporate resources are spent and allocations to risks are made and mitigated responsibly (A​v​l​o​k​u​l​o​v​ ​e​t​ ​a​l​.​,​ ​2​0​2​1).

There is a fair amount of empirical evidence that shows the relationship between internal control systems and risk management. In the case of the Nigerian banking system, for instance, T​e​m​i​l​e​ ​e​t​ ​a​l​.​ ​(​2​0​1​9​) stated that ICS was effective in the control of credit and operational risks. Z​a​n​d​i​ ​&​ ​H​u​i​ ​(​2​0​1​8​) also showed that sound internal controls have a significant impact on a bank’s capacity to control and predict risk, especially in the rapidly changing economy. In addition to internal controls to protect the organization’s assets, transparency and accountability are key to building trust among stakeholders.

B​a​k​a​r​ ​e​t​ ​a​l​.​ ​(​2​0​2​0​) also argue that internal controls produce a bedrock of risk management by instilling risk sensitivity in the organization. This guarantees all employees take collective ownership of risk detection and risk management. In developing economies such as Jordan, where banking systems and technologies undergo continual change in regulatory compliance, strong ICS are vital. As a result, the ability of mechanisms of internal control is frequently and justifiably regarded as the principal shaper of effective risk management systems (A​h​m​a​d​ ​e​t​ ​a​l​.​,​ ​2​0​2​3).

Among all other fields of AI, auditing and risk management is the one that benefits the most, as no other model can detect and analyze patterns this effectively and efficiently (D​h​a​m​i​j​a​ ​&​ ​B​a​g​,​ ​2​0​2​0). In addition, the ability to replicate human intuitive decisions, and automate monotonous auditing tasks while increasing risk prediction accuracy, makes model of AI preferred over other models (O​m​o​t​e​s​o​,​ ​2​0​1​2). In the field of auditing, AI has introduced other tools of auditing that enhance tools such as expert systems and neural networks the ability to analyze and provide suggestions for decision making of risk to an unprecedented level (D​h​a​m​i​j​a​ ​&​ ​B​a​g​,​ ​2​0​2​0).

Expert systems are capable of emulating human reasoning and decision making in specific fields by merging rule-based systems and vast knowledge bases (H​a​m​d​i​ ​e​t​ ​a​l​.​,​ ​2​0​1​8). In the context of audit assisted systems, expert systems have been found to provide audit evidence and perform diagnostic reasoning, thereby assisting auditors in completing sophisticated auditing tasks. In the banking sector, expert systems have been valuable in achieving audit efficiency and consistency by providing insights into the objective evaluation of risk factors.

Neural networks' predictive abilities and anomalous behavior detection functionalities have been examined thoroughly (E​a​c​h​e​m​p​a​t​i​ ​e​t​ ​a​l​.​,​ ​2​0​2​1). In connection with auditing, H​e​ß​ ​&​ ​D​a​m​á​s​i​o​ ​(​2​0​2​5​) stated that neural networks can analyze vast quantities of data and financial transactions, detect various forms of fraud and improve the quality of audit reviews. Moreover, it is claimed that financial organizations can use this technology in services that need real time monitoring and dissemination of risk, which is essential in addressing the demands of dynamic financial market and credit risk.

There is a theoretical basis for and appropriateness of this research's choosing of expert systems and neural networks as the study's focal AI sub-dimensions in the context of a banking audit environment. Expert systems became incorporated because they are one of the first and most popular auditing AI tools, albeit one designed with a clear and transparent logic of rules and reasoning that is akin to that of a human expert. For internal control assessments, compliance tests, and other audit tasks that are rule-driven, reside in documents and require consistency and judgment from a human, the systems are most useful. Relatively, the other, neural networks, were incorporated because of their unparalleled abilities in the recognition of patterns and in predictive anomaly detection and prediction which are, in these times, crucial for the identification of fraud, unusual transactions and the identification of new risks. The systems are technologically different. They are also contextually different, as expert systems are designed to support routine, judgment-based auditing, while for complex, data-rich environments that require the system to monitor without stopping, the choice is neural networks. The inclusive range of AI systems that are available to banks in Jordan is best captured by the choice of these two systems due to the presence of rule-based systems and the predictive systems.

While embracing AI in audit activities has been increasing, several entities, especially in developing nations, still struggle to incorporate it in their operations. Deficient technical skills, inadequate infrastructure, and gray AI regulations remain the most critical factors that inhibit AI adoption (R​a​h​m​a​n​ ​e​t​ ​a​l​.​,​ ​2​0​2​0). However, several recent studies (M​u​n​o​k​o​ ​e​t​ ​a​l​.​,​ ​2​0​2​0) have shown that the combination of human judgment with AI features leads to better audit outcomes attributed to improved risk management.

All technological changes positively affect auditing and control functions. Hence, AI influence on auditing and controls and, consequently, on governance and risk management has also positively shifted. Auditors can now move from a focus on post-event detection and analysis to a more proactive, predictive, and risk-managed approach (G​h​a​d​g​e​ ​e​t​ ​a​l​.​,​ ​2​0​1​9). AI aids in making auditing and control systems more efficient by enhancing the speed and accuracy of the data decisions.

More specifically, internal control environments can be augmented by expert systems through automated decision support, enabling a systematic, evidentiary audit reporting. On the other hand, neural networks enhance transaction monitoring which minimizes the human factor-bias and improves the system's reaction to the occurrence of a risk event. Collaboration of such systems with conventional auditing principles result in more than accuracy; it also leads to more strategic attention on the opportunities i.e., emerging risks.

The absorption of digital innovations within the Jordanian banks vis-a-vis the role of AI in Risk Management is of vital importance. ICS, Internal Audit Functions, and AI deployments can construct a framework that is indeed risk adaptive and can ensure the sustainability of the organization. This is the primary focus of the present study, which aims to analyze the role of AI (in the form of expert systems and neural networks) on the relationship between effectiveness of Internal Audits, ICS, and risk management, within the context of Jordanian banks.

This study utilizes the Agency theory and Technology Dominance theory (TTD), which provide a comprehensive and underlying explanation of the relationship between governance, intelligent technologies and control of the organisation and risk management.

Agency theory was first developed by J​e​n​s​e​n​ ​&​ ​M​e​c​k​l​i​n​g​ ​(​1​9​7​6​) and pertains to the relationship between principals (the owners) and agents (the manager and/or auditor) of an organization considering and reflecting on the problems created by different goals and asymmetrical information. Internal audits and internal control systems are governance tools that resolve agency problems by fostering transparency, accountability, and compliance (A​d​a​m​s​,​ ​1​9​9​4). Internal audits are a means of addressing agency costs through the provision of independent assurance on the effectiveness of management, and the existence of internal controls that are capable of containing the costs of managerial discretion by safeguarding the actions of managers within the scope of the interests of the shareholders, and limiting the possibility of fraud or loss through positive actions (K​a​s​o​g​a​,​ ​2​0​2​0; O​n​g​o​n​g​e​ ​&​ ​O​k​i​r​o​,​ ​2​0​2​4). Within the agency theory, efficient risk management is a product of adequate control systems that curb opportunistic action and facilitate the making of balanced decisions (O​l​a​m​i​d​e​ ​e​t​ ​a​l​.​,​ ​2​0​1​5).

Within this structure, the application of AI advances this theory of agency by alleviating the problems of asymmetrical information through controlling advanced technologies of data processing and monitoring in real time. AI-based systems, for example, expert systems and neural networks, improve audit independence and governance accountability through the provision of objective, data-supported decisions (B​r​y​n​j​o​l​f​s​s​o​n​ ​&​ ​M​c​A​f​e​e​,​ ​2​0​1​4). Therefore, AI improves monitoring, thereby enhancing outcomes of risk management.

The TTD attempts to understand how human judgment and professional expertise can be enhanced by intelligent decision aids (A​r​n​o​l​d​ ​e​t​ ​a​l​.​,​ ​2​0​0​4; S​u​t​t​o​n​ ​e​t​ ​a​l​.​,​ ​2​0​1​6). Technology, as the theory describes, is capable of either overtaking or augmenting mental capabilities depending on the technology’s ability to be designed and the way in which it is utilized. When well implemented, intelligent systems add to one’s ability to think critically and can even help in the mitigation of cognitive bias that one would otherwise have, all while maintaining their control of the process.

In auditing, expert systems simulate auditors’ thought while integrated neural networks perform reasoning tasks that the various networks of the system are capable of, but which are beyond the human’s ability (O​m​o​t​e​s​o​,​ ​2​0​1​2). Consequently, AI systems are able to assist auditors in exercising more precise and informed judgments, especially in complex areas of the banking system. In total, agency theory and TTD theory provides understanding for the useful combination of human expertise and intelligent systems in enhancing the effectiveness of internal auditing and improving the internal control systems and risk management in banks in Jordan.

To elaborate theoretically, this study combines agency theory with TTD in order to analyze the impact of AI systems on the banks’ monitoring, information, and decisions. According to agency theory, internal audit and ICS control information asymmetry through enhanced monitoring, minimization of opportunistic actions, and accountable reporting. Although, there are traditional monitoring techniques, such which are adequate when the risks are not overly complex, and the data environment is static. This is where TTD augments the explanation, in that it describes how advanced analytical human audit augmentation through expert systems and neural networks. AI systems further mitigate the residual information asymmetry through the large datasets, determine audit evidence credibility, real-time identification of anomalies, and evidence fortified audits. Therefore, TTD augments agency theory where AI is described as effective in governance mechanism augmentation in the absence of human auditors. Rather, agency theory defines the paradigm shift in audits to a weighted human-machine system that equally human judgment to enhance the system in the overall locus of agency theory. The theory supports the study’s hypotheses the AI strengthens the moderating effect among internal audit effectiveness and risk management, and ICS because of the mechanisms strengthened in the relationship as the framework of Theory of Integration describes information asymmetry reduction. Theoretical integration posits the AI’s moderating role for hypothesizing the internal audit effectiveness, risk management, and ICS strengthens the waves of information asymmetry reduced in the integrating framework.

Grounded in agency theory and TTD, this study proposes that internal audit effectiveness and ICS represent fundamental governance mechanisms that strengthen risk management in banking institutions. Moreover, AI conceptualized through expert systems and neural networks is expected to enhance these relationships by improving analytical precision, monitoring efficiency, and decision-making capability. Accordingly, the following hypotheses were formulated:

H1: AI (expert systems) has a significant positive effect on risk management.

H2: AI (neural networks) has a significant positive effect on risk management.

H3: Internal audit effectiveness has a significant positive effect on risk management.

H4: ICS have a significant positive effect on risk management.

H5: AI (expert systems) positively moderates the relationship between ICS and risk management.

H6: AI (neural networks) positively moderates the relationship between internal audit effectiveness and risk management.

H7: AI (expert systems) positively moderates the relationship between internal audit effectiveness and risk management.

H8: AI (neural networks) positively moderates the relationship between ICS and risk management.

The purpose of this study is to determine how AI, specifically expert systems and neural networks, affect the relationship between the effectiveness of internal audit, ICS, and risk management in Jordanian banks. A quantitative research design was chosen. Quantitative research allows for systematic measurement, hypothesis testing, and generalization across larger populations (H​a​i​r​,​ ​2​0​1​3). this research design. The research design focuses on empirical evidence to explain causal relationships in the study variables.

The integration of the two theories (agency and theory of technological dominance) is aimed at explaining the interplay between governance mechanisms and technological innovations on the organizational risk management. The proposed framework focuses on explaining the direct and moderation impacts. This approach enables a complete explanation of the relationship between traditional auditing and AI.

The study population included internal auditors of Islamic and Conventional banks operating in Jordan. Internal auditors were chosen for this study because of their role in assessing the ICS, conducting audit management, and controlling organizational risk.

According to previous research that recommends sample sizes of at least 98 for models with multiple predictors and medium effect sizes (G​e​f​e​n​ ​e​t​ ​a​l​.​,​ ​2​0​1​1), 350 questionnaires were circulated. Such a sample size gives enough statistical power for structural equation modeling. Respondents were selected by purposive sampling, focusing on auditors with relevant professional experience and duties in internal audit and risk management. This was a fitting approach in that it enabled the researcher to collect information from people with considerable understanding of the study variables.

Based on additional criteria for purposive sampling, respondents were required to have some exposure to AI-enabled audit settings. Specifically, the auditors were required to have: (1) at least two years of working experience as an internal auditor, (2) practical involvement or engagement of AI tools, viz: an expert system or automated risk analysis, (3) employment in a diverse set of banks in terms of size and tech sophistication, large commercial banks and small Islamic banks for variety and (4) major contribution to the assessment of internal controls or risk oversight. This criterion helps to enhance sample validity to the extent that respondents possess working knowledge of internal audit, and ICS and basic banking audit technologies, which boosts the validity of the results.

Strengthening the criteria of purposive sampling, respondents were required to have exposure to AI-enabled audit environments. Specifically, the auditors were supposed to have a) two years auditing experience as an internal auditor, b) practical assessment of AI tools or engagement in automated risk analysis, c) workforce diversity across banks of various sizes and levels of tech sophistication. For instance, large commercial banks and small Islamic banks to gain a range of diversity, and d) principal participation in the assessment of internal controls and/or risk assessment. Such criteria ensure sample reliability by making respondents have some level of working experience in internal audit and ICS and in some rudimentary technology in banking audit, thus more reliability in the results.

The study utilized a simple self-administered instrument comprising of 37 items organized in 5 sections regarding internal audit effectiveness, ICS, expert systems, and neural networks in risk management. Responses to the questions were based on a 5-point Likert scale from 1 “strongly disagree” to 5 “strongly agree”.

The measurement items to compute effectiveness of internal audit service were adapted from A​b​r​a​r​ ​(​2​0​2​0​) whereas the measurement items to compute internal control were adapted from Z​a​n​d​i​ ​&​ ​H​u​i​ ​(​2​0​1​8​). AI-related measurement items were adapted from R​a​h​m​a​n​ ​e​t​ ​a​l​.​ ​(​2​0​2​0​). Risk measurement items were derived from E​n​d​e​s​h​a​w​ ​(​2​0​2​1​). Prior to data collection, the questionnaire was reviewed by academic experts and practitioners to verify clarity, relevance, and conceptual alignment.

Added to the survey’s self-reported questionnaire to limit and balance the possible bias of the self-reported survey. Supporting additional objective information acquired from the participating banks was used. When possible, internal audit reports were used, and risk assessments made from documents were summarized. AI tools were used to automate audits and kept logs that were reviewed to determine discrepancy validation and alignment. These sources enhanced triangulation and discrepancy validation to enhance the findings working towards the hypothesis, and improved assurance that participants’ perceptions were consistent with the audits performed, and AI deployed in the banks.

The data were examined with the help of SmartPLS software using the PLS-SEM technique. This technique works well with predictive models concerning latent variables and other complex patterns. Following H​a​i​r​ ​(​2​0​1​3​), this work was done by performing two analyses. The first was evaluating measurement models (to see how reliable and valid models are) and then evaluating the relationships within the models in the structural part (to confirm whether the relationships and moderating effects postulated are supported or not).

The measurement model was evaluated by verifying whether the manifest variables represented their latent variables by using factor loadings and Cronbach's alpha. After confirming the measurement properties, the structural model was evaluated using path coefficients, t-values, and p-values. These were used to verify whether the proposed relationships were valid, and to what extent were they valid. The R² and adjusted R² values were also computed to assess the model’s explanatory power, indicating that 76.3% of the variance in risk management was explained by the predictors.

To test moderation effects, interaction terms were created for AI technologies (expert systems and neural networks) with internal audit effectiveness and ICS. Bootstrapping procedures with 5,000 resamples were used to estimate the significance of the direct and moderating relationships, ensuring robust and reliable inference. Figure 1 shows the measurement model.

The survey was preceded by a pilot test with 30 internal auditors to determine if the items were clear, accurately worded, and represented the constructs they were intended to measure. Item analysis for the pilot test indicated that all items achieved the necessary cut-off for item-total correlations and thus, no items were considered for deletion or major revision. Pilot tests revealed a preliminary reliability of the scales which is indicated by Cronbach’s alpha measures for the five constructs which were all below the acceptable cut-off of 0.70 as proposed by the literature and is considered as acceptable by the literature. In addition, the construct measurement items were articulated with recommendations from literature to conform to the other scales used.

Table 1 presents reliability and validity standards of the constructs. The reliability and validity of the tool was achieved through expert appraisal and pilot test, which also checked the items for clarity, and for representativeness of the constructs. Reliability for the constructs was assessed using Cronbach’s alpha coefficients; all alpha values were above the acceptability levels of 0.70, indicating adequate reliability and measurement consistency (H​a​i​r​,​ ​2​0​1​3). The values were: internal audit effectiveness (α = 0.90), ICS (α = 0.88), expert systems (α = 0.78), neural networks (α = 0.76), and risk management (α = 0.81).

Construct validity was further examined using composite reliability (CR) and average variance extracted (AVE). All CR values ranged from 0.889 to 0.904, and AVE values exceeded 0.50, indicating satisfactory convergent validity. Discriminant validity was established using the Fornell-Larcker criterion, confirming that each construct was empirically distinct from the others.

The indicators of discriminant validity, as displayed in Table 2, demonstrate that the items genuinely evaluate their respective construct rather than a different one. To ensure that the constructs account for unique aspects of the study and do not overlap with other constructs, it is crucial to uphold discriminant validity. The values along the diagonal of Table 2 indicate the square root of a construct’s AVE. In contrast, the off-diagonal values indicate the overlap of one construct with another. The diagonal values need to be greater than the off-diagonal values. In other words, the construct must explain a larger share of its variance than another construct does (H​a​i​r​,​ ​2​0​1​4). With a value of 0.768, the risk management measure accounts for 76.8% of its variance. Since the off-diagonal values were less than this figure, discriminant validity was confirmed.

Subsequently, the structural model underwent evaluation. The outcomes are shown in Figure 2, which also depicts the connections between the research constructs.

Table 3 presents the results of the hypothesis testing. The significance of the relationships was assessed using t-value and p-values. The results demonstrated that expert systems positively influenced risk management, t = 7.25, p < 0.05, corroborating hypothesis 1. Hypothesis 2 was also supported, with neural networks showing a positive impact on risk management (t = 2.631, p < 0.05). It was also established that the efficacy of internal audit has a positive and direct impact on risk management, with t = 4.699 and p < 0.05, thus confirming hypothesis 3. The ICS had a beneficial effect on risk management, with t = 3.801 and p < 0.05, supporting hypothesis 4.

The moderation analysis showed that expert systems significantly influence the connection between ICS and risk management, with p < 0.05. However, neural networks and expert systems did not act as intermediaries linking the effectiveness of internal audits with risk management. Ultimately, the neural network functioned as a mediator between the ICS and risk management, t = 3.607, p < 0.05. This suggests that hypothesis 5 is rejected (significant, but negative moderation effect). While hypothesis 8 were accepted (significant and positive moderation effect). In the other side, hypotheses 6 and 7 were rejected.

The difference in moderation effects between hypotheses H5 and H8 indicates the different ways in which expert systems and neural networks operationalize and interact with the internal control processes. The expert systems moderation effect in H5 is an indication of potential system process misalignments or design constraints. On the other hand, the moderation effects in neural networks indicates in H8 that the ICS have likely benefit, which would derive from the ICS being paired with an adaptive, data oriented, and predictive AI tool. There are several contextual and technical rationales to reject H6 and H7. First, the adoption of AI is still at a nascent stage in the internal audit function within Jordanian banks, as most of the AI use is in the field of risk management and transaction monitoring as opposed to audit planning and judgment tasks. Second, the activities of the internal audit function involve a considerable degree of professional judgment, experience, and regulatory compliance, which may not be in tune with the AI systems. Third, the lack of alignment between the task and the technology may also explain the weak moderating impact; neural networks are designed for efficient pattern recognition and anomaly detection, whereas the effectiveness of the internal audit involves a great deal of strategic assurance, advisory and contextual evaluations.

The R-square and adjusted R-square, which evaluate the model's effectiveness in accounting for variance in the endogenous variable, are shown in Table 4. The difference is that the latter takes into account model complexity as determined by the number of predictors. Table 4 illustrates that the R-square value was 0.763, which means that 76.3% of the variance in risk management was explained by the independent variables. The adjusted R-square value of 0.755 indicated that the model explained 75.5% of the variance in the dependent variable. At the same time, these two measures indicate that the model could explain changes in risk management practices.

In this section, researchers assessed the role of AI technologies like Expert Systems and Neural Networks. Using this insight, the researcher was able to understand the relationships between the effectiveness of Internal Auditing, Internal Control Systems, and Risk Management in Jordanian Banks. From this we were able to understand the effectiveness of Internal Auditing and Internal Control Systems, and the Control Systems positively influence Risk Management. The role Internal Audits and Control Systems positively mitigate the organizational Risk and enhance the formation of the organizational Governance. This is consistent with the previous studies of the role of Internal Auditing and Control Systems (H​a​z​a​e​a​ ​e​t​ ​a​l​.​,​ ​2​0​2​0; Z​a​n​d​i​ ​&​ ​H​u​i​,​ ​2​0​1​8).

Regarding Risk Management and Governance Building, the effectiveness of Internal Audit is vital and crucial. The Jordanian Banking Sector for Internal Audit Research is characterized by a well-developed and Advanced regulatory arrangements and frameworks; where internal auditing is performed effectively the auditing serves as oversight and as a governance formation. The auditors with the identification of the gaps, compliance to the regulations, and the accountable active participation of the auditors enable the establishment of low-risk governance culture. This perspective is clearly in line with the Agency Theory, where the importance of control Mechanisms is emphasized for reduction of the information asymmetry between the Management, and the Stakeholders (J​e​n​s​e​n​ ​&​ ​M​e​c​k​l​i​n​g​,​ ​1​9​7​6). The internal audit function goes beyond regulatory compliance to serve as a lever of an organizational strategy aligned with decision-making and sustainable performance. This change still goes further than reporting assurance functions toward auditing as a performance risk, as noted by N​a​b​u​l​s​i​ ​&​ ​H​a​i​d​o​u​r​a​ ​(​2​0​1​8​), internal auditing facilitates managerial strategy and adaptive capacity of the organization. Thus, internal auditing is effective not because of checking for compliance but rather checking how policy recommendations can be integrated into an organizational structure.

Without Weak risk management is the result of weak ICS. They lay the groundwork to identify, quantify, and evaluate risk in an orderly way that ensures stability of compliance-controlled environment. Control systems must effectively maintain and sustain equilibrium in governing dual systems of Jordan’s banking. Islamic and conventional banks.

Internal controls are no longer compliance artifacts, rather, they are characterized as governance systems. Adaptable to changes in technology and regulation. In parallel with the findings of B​a​k​a​r​ ​e​t​ ​a​l​.​ ​(​2​0​2​0​), effective ICS foster a risk culture in the organization, enhancing control and clarity. The internal control system quality provides a strong indicator of adaptive response to external risks, changes in market conditions and ethical environment.

There is a dimension of AI that changes the landscape of technology as it relates to auditing and risk management. Certain expert systems assist with the internal control systems by offering rule-based decisions that are more analytical and help with gaining consistency across the board (O​m​o​t​e​s​o​,​ ​2​0​1​2). Being able to master these tasks would enhance the ability of the auditors to spot anomalies and refine the balance of financial information which results in a better management of risk.

The functionality of neural networks is, unfortunately, bound by the limitations of developing countries’ systems data, such as Jordan, especially with regards to the infrastructure and technical know-how (R​a​h​m​a​n​ ​e​t​ ​a​l​.​,​ ​2​0​2​0). Thus, within the domain of auditing, expert systems provide more than enough compatibility, offering positive evolution, as a rule, without disrupting systems in place.

The available technologies where AI is involved gives credence to TTD, which in this case posits that systems are meant to assist and not take the place of human (A​r​n​o​l​d​ ​e​t​ ​a​l​.​,​ ​2​0​0​4. S​u​t​t​o​n​ ​e​t​ ​a​l​.​,​ ​2​0​1​6). In this setting, AI enriches the profession through rational automation of the tasks that are data rich, allowing the auditors to shift focus towards reasoning and decision making. The amalgamation of human and machine intelligence in risk management is so far the most advanced as it provides technology to enhance, rather than automate, the human effort in the profession.

The results of the structural model (R² = 0.763) show the other variables in the model are internal audit effectiveness, AI, and the ICS, all of which together account for a substantial portion of the variance for the management of risks. Compared to previous studies, the model achieved a higher level of explanatory power than the studies of T​a​m​i​m​i​ ​(​2​0​2​1​) and Z​a​n​d​i​ ​&​ ​H​u​i​ ​(​2​0​1​8​) which also reported lower R² findings in the range of 0.52 to 0.65 for the models which examined risk management without AI. This comparison shows the value of including AI in the governance models.

The relationships between internal audit effectiveness, risk management, and ICS in Jordanian banks were examined concerning the moderation of AI, in particular, expert systems and neural networks. Employing an agency theory and TTD theory, the research argues for the first time that intelligent technologies act as complements to governance mechanisms in the arena of enhancing the resilience of organization and the fortification of risk governance frameworks.

As for the results, they show internal audit effectiveness and ICS have a significant and positive impact on risk management. These results consolidate the significance of internal audit and control as one of the enabling components of corporate governance, operational effectiveness, accountability, and compliance with laws and regulations. Efficient auditing turns the imbalance of information into a situation where monitoring is also balanced. Efficient internal control systems reduce the probability of regulatory capture and ensure the internal coherence of the organization. Together, they constitute a banking foundation for efficient risk management. However, neural networks do have weaker predicting ability, perhaps due to issues of data preparedness, systems integration, and insubstantial levels of advanced technology within the financial system of the given country.

Theoretically, the examination relies on the agency theory where it posits that the presence of AI would reduce the degree of information asymmetry and thus enhance the monitoring which would, in turn, strengthen the accountability of governance. Also, it relies on the TTD by demonstrating the ability of AI to serve as an addition instead of a replacement to the efforts of auditors as a tool in promoting a hybrid governance structure that is a combination of cognitive and artificial intelligence.

From my perspective, banks ought to embed intelligent AI systems into their audits and management control systems to enhance their analytical skill and provide assurance of compliance. It is similarly important to AI to enhance their control and responsible, compliant use of these technologies. Furthermore, to unlock the full potential of AI, interoperable, standardized, secure, and seamless data ecosystems must be in place. The use of AI in auditing and risk management will also require regulators to provide tailored ethical and operational frameworks.

In the final analysis, the potential of artificial intelligence to improve auditing and internal control will be to enhance the design to integrate further with systems of internal control and risk management to strengthen governance. It is suggested that the use of AI in auditing internal controls be examined in depth, particularly in its more sophisticated design such as predictive modeling and machine learning, to appreciate the impact of digital technologies on internal auditing and corporate governance.