Audit is a profession born out of skepticism. Challenge the number. Validate its source. Don’t take any number at face value. This instinct has not changed. Virtually everything else, however, has.
The tools are different. The volumes of data have grown beyond comprehension. Risks are increasingly fast-paced. Clientsâboards, CFOs, regulatorsârequire more than an opinion. They need insight. They demand agility. They seek an opinion that keeps up with business.
The future of audit represents a dramatic paradigm shift.
What sample-based audits miss
Audit has functioned under certain constraints throughout the decades. In the absence of technology to analyze entire transaction populations, auditors had to rely on examining only a subset of transactions. They sampled the population using statistical techniques that offered confidence within limits. It was meticulous. It was defensible.
If sampling covers 5% of transactions, the remaining 95% are not directly tested but evaluated through statistical inference. For a company that processes hundreds of thousands of transactions quarterly, this is a significant volume. As a result, any potential fraud, error, or other anomaly may go undetected. Not because of auditor negligence, but simply because there wasn’t a choice.
The advent of AI technology changes all of this.
Full population testing becomes possible due to machine learning algorithms that are increasingly used across various applications, provided they have good data. The journal entries, payments to all vendors, and reconciliations can identify abnormalities by spotting certain patterns.
The shift from sample-based audits to full population testing goes beyond an alteration; it fundamentally changes the nature of an audit. While it improves coverage, it does not change the nature of being a risk-based process.
In the 2023 AICPA audit technology survey, nearly 88% of finance leaders say AI will transform the profession within two years, but only 8% feel âvery well-preparedâ to adopt AI.
Continuous monitoring is now a must-have tool.
An annual audit cycle made sense in a pre-digital age. Auditors came in, examined the previous year’s transactions, and delivered an opinion months later. Markets, however, don’t operate in a vacuum. Neither do risks.
Firms in sectors such as finance, healthcare, IT, and energy are constantly evolving. Deals are finalized. Regulations are updated. Companies extend their operations into different locations, creating new threats. If there is a problem during a typical audit process, the damage is often done by then.
Real-time monitoring is increasingly becoming a competitive advantage.
Automated controls testing and dashboards can detect anomalies in real time. Exception reporting that is instantly available to the auditor and to the client. This is not hypothetical; some forward-looking CPA firms already utilize such solutions. CPAs who learn how to leverage them will shape the future of audit as we know it.
Confirmation is the audit procedure that broke first
No single audit procedure better exposes the limitations of the traditional audit process than confirmation.
Historically, confirming balances meant sending letters via the postal service, receiving responses in the same manner, and, if necessary, following up by phone. The confirmation packets were physically stored, creating potential security risks, including interception, forgery, or loss. The massive Parmalat fraud in 2002 involved fabricated bank confirmations, among many other things.
Digital confirmations changed all of that.
It automated third-party letter generation and response collection while still requiring controls to ensure independence and reliability of responses. Audit trails and confirmed responses that can be quickly accessed and traced. The process became faster and easier to audit. Yet this is only the start.
Integrating AI into confirmation workflows
Introducing artificial intelligence into a traditional audit confirmation workflow changes everything. An AI model can automatically reconcile the response against a company’s general ledger balance, detect abnormalities in confirmed balances, or analyze free-form text within confirmations.
The confirmation process becomes much more effective. An auditor who would typically spend countless hours reconciling confirmation packets manually can save valuable time.
All that remains is judgment, exactly where the audit’s true value lies.
Smarter and more effective risk assessments
Traditionally, risk assessment in audit involved auditor expertise and judgment, combined with analytical procedures based on summarized financial data.
AI-based solutions offer a dramatic improvement on both counts.
First, integrating external data sources into the risk assessment process provides an additional layer of information. Imagine a scenario in which an auditor assessing inventory in a retail operation cross-references commodity prices, industry-wide supply chain risks, macroeconomic indicators, and other factors.
Secondly, a machine learning model can predict, for each client, the account areas with the highest likelihood of material misstatements, based on their particular characteristics and risks.
In summary, data analytics can significantly enhance any risk assessment, regardless of an auditor’s background or experience.
How document analysis is changing fieldwork
From leases and contracts to loan covenants, board minutes, and third-party relationships, auditing often involves examining extensive documentation to extract specific details.
With large language models, the entire approach can be transformed.
Imagine a CPA running an audit test that involves analyzing a portfolio of lease agreements. Within minutes, an AI system generates a report with lease commencement dates, renewal periods, variable lease payments, and related-party disclosures. The auditor verifies the results, analyzes anomalies, and takes appropriate action.
The benefits for the CPA firm are obvious. Instead of spending countless hours extracting details from documents, a CPA can focus on interpreting and analyzing data.
In addition, this creates a significant development opportunity for CPAs, allowing them to focus on exception reviews rather than mundane tasks.
The talent question the CPA firms are avoiding
There is an uncomfortable conversation taking place within the audit firms.
As more and more tasks, traditionally performed by junior CPAs, such as document extraction or vouching, are being automated through AI applications, what should the role of entry-level audit professionals look like?
It is not a trivial question. Historically, the audit career trajectory followed a certain pattern. Associate-level staff handled transactional matters; seniors reviewed associates’ work; managers evaluated transactions and resolved issues; and partners made judgments regarding the engagements as a whole.
When AI automation handles transactional matters, the audit firm needs to redesign the learning model. Junior CPAs should start learning about analytical procedures, risk assessments, and client management much earlier, ideally from day one.
The CPA firm that will find a solution to this challenge will attract and retain superior talent. Those who fail to address this issue will lose their early-career staff members.
Regulatory issues with the AI-based audit
Standard setters are beginning to adapt.
The PCAOB has begun exploring the implications of AI in auditing through guidance and research initiatives. The AICPA is revising its standards to accommodate automated tools, AI procedures, and data analytics. Internationally, the IAASB is considering similar questions.
However, the issue isn’t about the permission to use AI. The problem relates to the adequacy of the audit trail.
When an AI model produces results for a sample or population test, the auditor is responsible for explaining why they believe the model is valid. What did the model do? How were the exception criteria established? Was the model tested using relevant data? Why was a certain output generated?
Another aspect contributing to the complexity is that of independence and ethical concerns. If the auditor relies on external AI software applications in performing audits, the firm will have to determine whether the use of such software would pose any threat to independence, as prescribed by AICPA and SEC standards. The analysis of client data using third-party software raises data privacy issues, especially when audits are conducted against GDPR, CCPA, or other applicable regulatory requirements.
CPAs who can answer these questions competently will have a significant professional advantage. After all, auditing technology is only half the story.
The limitations auditors must not ignore.
The case for AI in audit is strong. But a one-sided case is not credible.
Indeed, there are very strong arguments supporting the use of AI in audit engagements. Yet, a one-sided discussion cannot be considered credible. Every Certified Public Accountant working with such solutions should know about their limitations â and what they mean.
Dependence on data quality: Any machine learning model relies on the quality of its input data for its effectiveness. If there is incorrect data, missing data, and coding inconsistencies in the client companyâs ERP system, the output of the analysis using AI technology will be correct but not relevant to the situation at hand.
Risk of model bias: All machine learning algorithms reflect biases inherent in their training data. Thus, an AI solution built using transactional data collected throughout economically stable periods will perform worse when confronted with anomalies that haven’t been detected before.
Issues with black box: The commercially viable machine learning models tend to be opaque about their reasoning process. If the auditor is unable to explain how an anomaly arose, the impartiality of the audit process will be in doubt.
Risk of over-reliance: The biggest threat to the use of AI in auditing is over-reliance on algorithmic output. In fact, an auditor remains responsible for all decisions made in relation to the financial statements being analyzed.
The future of auditing with AI will also require rigorous human oversight.
What will the best audit teams of 2030 look like?
Predictions are difficult. However, certain developments seem fairly obvious.
By 2030, the best audit teams will be testing the entire population rather than samples. They will be monitoring controls continuously. They will provide insight along with opinions. They will integrate external data into risk assessments and analyze it. Their working papers will document the logic behind the machine learning models used.
The leading audit teams of 2030 will also hire CPAs with a completely different skill set. Not CPAs with less accounting knowledge, but more. CPAs can design monitoring programs rather than perform the task, and those with a knack for evaluating AI-generated output.
The future of audit is now. The profession will not be the same again.
AuditConfirm and the future of audit
AuditConfirm was built to transform the audit process. It provides the necessary audit evidence while addressing one of the most fundamental vulnerabilities in the traditional audit process. Digital confirmation that is instantaneous, verified, traceable, and secure.
In addition to a superior confirmation platform, however, AuditConfirm offers CPAs a glimpse of the future of audit itself.
Designed to integrate into a technology-enabled audit process seamlessly, AuditConfirm represents the future of auditing.
FAQs
Audit in the future will be driven by data, continuous, and technology-enabled. The traditional auditing methods of CPAs will evolve from being detail-oriented and manual to becoming more focused on risk judgment and validation of AI outputs.
No. In the future of auditing, elements such as professional skepticism, client knowledge, and regulatory compliance will always remain with CPAs, as these require human skills. What AI will replace are auditors’ repetitive, high-volume, low-value-add activities.
It has already shifted from being paper-based to being digital. The next steps in the evolution of the confirmation process in the future of audit will include reconciliation, anomaly detection, and automated follow-up of confirmed balances.
Yes, but slowly. Regulators such as the PCAOB, AICPA, and IAASB have started issuing guidance on the new procedures involving AI and data analytics. CPAs who document well any new technology-enabled procedures they undertake will be better off once all standards are updated.
They should begin with the most manual and error-prone procedures, including confirmations, document extraction, and controls testing. Once these areas are modernized, CPA firms will be able to develop expertise in reviewing AI outputs.