Thank You!

You are attempting to access subscriber-restricted content.

Are You Ready to Experience Everything Internal Auditor (Ia) Has to Offer?

​The Artificially Intelligent Audit Function

With planning and processes, AI can revolutionize internal audit’s work and value.

Comments Views

Rather than poring over hand-written work logs one at a time, imagine if internal auditors could have thousands of scribbled notes automatically converted into text, analyzed, and reconciled with electronic time sheets. This is an example of how auditors can use natural language processing (NLP) and text analytics to verify the validity of reimbursements.

Artificial intelligence (AI) techniques such as these are dramatically changing the business landscape. AI refers to systems for managing and analyzing information in ways that mimic human intelligence. For example, smart maps use AI to identify routes that minimize delivery cost and time. AI also powers new kinds of businesses such as social media and ride-sharing services.

Now it’s internal audit’s turn to take advantage of AI to transform audit work. By leveraging AI, internal auditors can capture and digest higher volumes of information, and analyze a broader range of data formats. Moreover, they can perform those tasks faster than ever. In turn, auditors can deliver more insights to clients and increase stakeholders’ return on investment in audit services.

Audit Applications

While audit functions vary in size, scope, organizational goals, and regulatory requirements, they all contribute to improving their organization’s governance, risk management, and control processes. In their work, internal auditors analyze and evaluate information from numerous sources to draw conclusions and make recommendations. Recent progress in AI is partly fueled by advances in capturing and processing high volumes of data, which internal audit can harness in several ways.

Computer Vision Internal auditors can use computer vision technology to review the accuracy and reliability of financial and operating information by interpreting and analyzing digital images. Auditors often verify assets as part of their testing, which is time-consuming and done through sampling. Computer vision can improve the quality and efficiency of this process, as well as provide access to previously unavailable information. An example is using drones to measure entire populations of assets such as the number of trucks in a vehicle manufacturing plant or the level of coal stockpiles at a power plant.

NLP Internal auditors can use NLP to analyze text documents more efficiently. By combining NLP with machine learning techniques, auditors can scan vast amounts of text, such as email, contracts, and social media posts, with unprecedented speed to identify discrepancies and extract salient details. As a result, auditors can perform more comprehensive reviews such as scanning bank documents for legal compliance.

Machine Learning This technology extracts insights from data using algorithms that allow machines to automatically learn and improve on their own. Machine learning is used in areas such as recommending books to online shoppers and identifying whether an email is spam.

How New York Uses AI For Vendor Risk

As outsourcing of services and projects increases, internal auditors often must assess the risks that arise from working with vendors. In the past, auditors have relied on labor-intensive analysis of historic risk factors based on previous experience and knowledge gleaned from the work of others to help assess vendor risk. This work often includes ratio analysis — comparing the share of total payments within a certain category — assessing trends over time, and reviewing prior audit results.

To address vendor risk, internal auditors for the state of New York developed a predictive model using machine learning techniques. The model ranks providers based on risks and pinpoints those transactions that auditors should focus on during an audit. As part of this process, the state used AI and machine learning to automate previous manual processes for examining individual risk factors, such as late or missed payment information.

In addition, auditors built models to better understand how individual factors contribute to the risk of making improper payments and to account for complex interactions between individual risk factors. Furthermore, these models can include quantitative and qualitative factors. As a result, a single model can consider results from a ratio analysis, as well as information from the notes of audited financial statements that might indicate a red flag such as numerous related-party transactions.

The models provide a single score for the risk of improper payments for each vendor, which gives internal auditors a quantifiable, easy-to-understand way to evaluate risk. Auditors can group high-risk vendors into peer groups and statistically analyze these providers’ expenses to identify unusual practices. This application enables audit work to be more targeted, which has significantly increased return on investment and decreased audit time for the state’s auditors.

One way internal auditors can use machine learning is to detect anomalies and identify emerging risks. For example, auditors have used the technology to uncover irregular financial transactions and patterns of management fraud (see “How New York Uses AI for Vendor Risk” at right). 

Internal auditors also can use machine learning to review all transactions and observations, rather than only a subset of data. During the risk assessment and planning stage, auditors determine high-risk areas based on reviewing a wide range and high volume of information such as organization-specific events, changing legal requirements, and industry trends. As part of this process, auditors must balance resource availability with the comprehensiveness of each audit. With large-scale machine learning — which focuses on designing algorithms to work with large data sets — auditors can cover more information faster while capturing greater detail.

AI @ Work

Rebuilding a traditional audit function to harness AI requires having the right skills, infrastructure, process, and culture. Although there is no one best design, there are components that are important to successfully incorporate AI into the audit function.

An AI Strategy That Aligns With Business Priorities and Links to Measurable Performance Incorporating AI into the audit function is only a good business decision when it helps the organization overall achieve its mission and goals. Hence, the design of the AI strategy must align with the organization’s strategic priorities. The strategy should at least seek to add value in one of the organization’s core mission areas and assist in identifying new and emerging risks.

While audit functions share similar business objectives, each department may have different immediate priorities. For example, they may have different starting dates for a fiscal year or seasonal variations in their organizations’ businesses. Internal audit should align its AI strategy with how business priorities are expected to evolve over the short, medium, and long terms to best allocate resources to implement the strategy.

Internal audit should quantify the expected benefits associated with the AI strategy whenever possible. Some common measures include cost savings, revenue enhancement, and increased labor efficiency. Audit leaders should specify intangible benefits such as building goodwill with stakeholders through improved insights, as well. It also is essential to account for the time and resource costs needed to realize benefits.

Scalable AI Infrastructure Because analytics capabilities will evolve progressively over time, it is important to build an AI infrastructure with a strong foundation that can efficiently scale up in capacity and complexity. In choosing the infrastructure of hardware and software to incorporate AI in the audit process, internal audit should consider business needs and how well the technologies will integrate with the organization’s existing systems.

A significant part of the audit process involves recording, sharing, and reporting information. Therefore, a comprehensive infrastructure should cover data management and analytics tools, spanning from traditional record keeping, file sharing, and reporting to automation and cloud computing. Some issues to consider in selecting these tools include:

  • Whether the system architecture uses a modular approach that can be easily adjusted and reintegrated as necessary.
  • The level of support available from service providers.
  • The training requirements for staff members with different technical backgrounds.
  • The total costs, including up-front costs and ongoing expenses for system maintenance and upgrades.

Clear and Formal Governance Processes An AI strategy becomes more impactful and efficient with processes to govern its development and implementation. Typically, internal auditors with specialized skills and knowledge apply AI across the different stages of the audit life cycle and different business needs of the audit function. Establishing a structure to coordinate and align this work is crucial for high-value outcomes. Some recommendations to consider in building an effective AI initiative process include:

  • Develop data management and analytics protocols for each stage of the audit process.
  • Establish job rotations or other processes to encourage collaboration across teams.
  • Standardize and document analytics procedures whenever possible. This can enhance the transparency, consistency of quality, and reproducibility of the analysis.
  • Include a change-management plan in the initiative.

Commitment to Fostering AI Competence Internal audit needs people with relevant skills to drive high-value outcomes with AI. Therefore, it must be able to attract, develop, manage, and retain talent. The team structure should complement the audit function’s existing structure and culture. Each team member should have distinct roles and responsibilities.

Training and incentives may be needed to develop AI skills and mindsets. Academic courses and job rotation training can build data analytics skills. Moreover, because AI may be a new concept for some staff members, internal audit should create a learning environment where auditors can ask questions and work through challenges.

Communications Plan to Engage Stakeholders and Build Support Collaboration with different departments within the organization is crucial to ensuring AI strategy aligns with business needs. Communications at all business levels can build support for embedding AI into the audit function. Moreover, a well-formulated communications plan can help ensure alignment with business needs and demonstrate success, which in turn can build buy-in.

At a high level, the communications plan should identify stakeholders, select channels, and develop customized messages for different groups, according to authors Sara LaBelle and Jennifer Waldeck in Strategic Communication for Organizations. It also should include provisions to monitor and evaluate the plan’s effectiveness. Some recommendations for building a communications plan include:

  • Communicate the reason for implementing the AI initiative to encourage participation.
  • Use personalized, succinct, clear, and consistent communications to build trust.
  • Use key performance indicators to measure effectiveness and help ensure the AI strategy aligns with business priorities.

Optimizing AI

Taking advantage of the power of AI can help internal auditors provide stakeholders with confidence in their organizations’ operations and deliver higher return on investment in audit services. Accomplishing these goals requires an audit department that nurtures the development of data, infrastructure, people, and processes. Above all, it entails good planning.

Internal audit leaders must understand the current state of data management and analytics capabilities, and refine these capabilities to optimize the value AI can generate. It is a big responsibility, but incorporating AI in audit processes can enable auditors to provide critical advice and assurance in a digitally transformed age.

Kitty Kay Chan
Tina Kim
Internal Auditor is pleased to provide you an opportunity to share your thoughts about the articles posted on this site. Some comments may be reprinted elsewhere, online or offline. We encourage lively, open discussion and only ask that you refrain from personal comments and remarks that are off topic. Internal Auditor reserves the right to remove comments.

About the Authors



Kitty Kay ChanKitty Kay Chan<p>​Kitty Kay Chan, PHD, is professor of professional practice in Applied Analytics and academic director of the Master of Science in Applied Analytics at Columbia University in New York.<br></p>



Tina KimTina Kim<p>Tina Kim, CIA, CRMA, CISA, CPA, is deputy comptroller for State Government Accountability, New York State Office of the State Comptroller, in Albany. <br></p>


Comment on this article

comments powered by Disqus
  • AuditBoard-July-2021-Premium-1
  • SCCE-July-2021-Premium-2
  • CIALS-July-2021-Premium-3