Artificial intelligence in auditing: Enhancing the audit lifecycle

AI and auditing: Planning and scoping

Applying artificial intelligence to risk assessments and scoping can lead to a more comprehensive plan focusing on the most critical risks. Using AI allows auditors to factor in different metrics more efficiently.

Audit risk assessments

In the past, audit risk assessment relied heavily on subjective data gathered during extensive, time-consuming in-person interviews. Over the years, internal auditors have adapted the interviews into self-assessments to reach more stakeholders and collect data more efficiently while incorporating concrete metrics like financial and operational data. With artificial intelligence audit planning, auditors have two popular options. First, auditors can prompt natural language processing (NLP) tools to provide a list of risks to expect in an area. Many will leverage this option when approaching a process for the first time. Next, auditors can use AI to analyze large datasets to identify patterns, trends, and anomalies that may indicate potential risks to help prioritize their focus areas. By setting up a continuous data ingestion model along with thresholds set based on key risk indicators, the audit team moves from periodic to continuous risk assessment. Then, by incorporating machine learning (ML), the system can learn which threats to elevate and which are false positives.

Audit planning and scheduling

Building an audit plan that accurately reflects the results of all the data collected during the risk assessment stage of planning can be a challenging exercise, especially in large, complex organizations. Artificial intelligence in auditing can include the ability of AI to produce a first draft of an audit plan based on all available data. As many audit teams embrace an agile way of working, the option to have AI gather current data, parse commentary provided during a risk self-assessment, and suggest a prioritized audit plan more frequently can mean the difference between success and failure. Taken even further, by incorporating audit team member skills and availability and a potential audit plan, artificial intelligence could produce a potential audit schedule, taking the workload off the audit leadership team.

AI and auditing: Audit fieldwork

During the fieldwork phase, artificial intelligence in auditing can improve efficiency, improve risk identification, and provide deeper insights into an organization's control environment.

Increased efficiency and automation

The use of artificial intelligence in auditing is most often associated with data analytics, and for good reason. The ability to leverage AI to perform repetitive tasks allows auditors to focus on the interpretation of data instead of tedious tasks. AI-powered tools can handle data extraction, document review, and other time-consuming yet crucial tasks, freeing up auditors for more strategic analysis and judgment. AI can quickly scan large datasets, identify trends and anomalies, and flag potential areas of concern, saving auditors valuable time sifting through information. By offloading these routine tasks to AI, auditors improve their efficiency while auditing full data sets and better spend their time reviewing, instead of pulling, data.

Enhanced risk identification and detection

Taken one step further, using emerging technology like artificial intelligence for data analysis can evolve into continuous monitoring. AI tools can monitor transactions and controls in real-time and produce exception reporting, enabling auditors to react and address potential issues as they arise. Many artificial intelligence tools also involve machine learning. AI algorithms can learn from historical data and identify patterns that might indicate fraud, errors, or control weaknesses. By incorporating risk tolerances or key risk indicators, artificial intelligence in auditing can be pushed back down to the process owners as a monitoring control. Using machine learning allows auditors to focus on high-risk areas and allocate resources more effectively while providing control monitoring tools for the first and second lines of defense.

Improved audit quality and insights

Over time, auditors will mature beyond common data analytical procedures in favor of deeper data analysis. AI can go beyond basic calculations and explore complex relationships within data, providing auditors with a more comprehensive understanding of the organization's control environment. For example, many internal auditors will start by using simple AI to perform a user access review, ensuring a system's users are all current employees with permissions matching their roles. With artificial intelligence in auditing, the next step could be to perform real-time monitoring instead of point-in-time testing, such as monitoring terminations and job movement to alert the control owner when an individual’s system access should be reviewed. Even further, with machine learning, AI can perform a deeper analysis to compare an individual's access across all organization systems for fraud detection, potential conflict of interest, or separation of duties violations.

AI and auditing: Insight reporting

Toward the end of the audit lifecycle, auditors communicate the results of the work they completed. At the audit level, most auditors create an audit report explaining the fieldwork testing results to the various stakeholders. As a first step in using artificial intelligence in auditing, natural language processing tools can suggest language and grammar improvements to the report to alleviate the burden of editing from the audit team. As AI matures, the tools can assist in generating draft reports by summarizing findings and suggesting recommendations based on the data analysis but presented in a common language.

Auditors can use AI to produce data-driven insights and visualizations for audit committee and board reporting. AI can generate reports and visualizations that present complex information, allowing auditors to communicate findings and recommendations more effectively to stakeholders. A future state for audit committee reporting could use AI to develop predictive models that estimate the likelihood of future risks based on current results, facilitating deeper discussions between audit leaders and the audit committee.

Performing an artificial intelligence audit

AI and auditing will have a strong relationship for the foreseeable future. Auditors will benefit from the technology, and the business needs auditors to test the technology's controls. While internal auditors can reap many benefits from artificial intelligence, they are also responsible for understanding the risks and incorporating an artificial intelligence audit into the plan. Internal auditors implementing artificial intelligence in auditing are in the perfect position to use their journey as a pilot for an artificial intelligence audit.

An artificial intelligence audit needs to start with comprehensive scoping. Your organization likely uses AI in multiple areas in different capacities. Understanding where the business uses AI, what data is involved, and if AI owners established any controls will help you understand the possible risk exposure.

While this is certainly not an exhaustive list, the most basic AI risks include:

• Accuracy and reliability of the data model
• Transparency and explainability of any algorithms in use
• Security in place to protect the AI from alteration
• Protection of the data in line with privacy regulations and expectations

As you build an artificial intelligence audit for the first time, consult the AI risk frameworks produced by the experts.

Conclusion

Artificial intelligence is rapidly becoming more accessible to end users. Organizations employ the capabilities daily to work more efficiently and effectively, and internal auditors can do the same. Auditors can embrace this emerging technology to keep up with the demands and evolving risks, dig deeper into processes, and produce more meaningful insights for their organizations.