With the advent of technological innovations such as data analytics, artificial intelligence (AI) and robotic process automation (RPA), the scope of audits has expanded beyond accounting and financial tasks. They now encompass all activities, professions and functions of an organization (e.g., R&D, purchasing, sales, production, manufacturing, supply chain, IT) as well as the associated processes, outsourced functions and associated risk issues.
“In general, companies not only want to increase their profits, but also to develop a lasting competitive advantage. The current challenge is ensuring long-term benefits since competitive advantages are increasingly temporary,” says Nabyla Daidj, research professor in strategy and management information systems at Institut Mines-Télécom Business School and head of the Information Systems Audit and Consulting (ACSI) major. Internal audits now play a strategic role. When it comes to audits, the goal is to create new high-quality services that make a company stand out from its competitors. Technology has the potential to facilitate the work of all audit stakeholders.
What is an audit?
According to ISO (International Organization for Standardization), “an audit is a systematic, independent and documented process for obtaining audit evidence and evaluating it objectively to determine the extent to which the audit criteria (the policies, procedures and requirements used as a reference for determining compliance) are fulfilled.” An audit therefore refers to the set of processes aimed at examining a company’s operations. It can be carried out internally, or externally by an independent entity.
Nabyla Daidj worked in collaboration with professionals (Big Four, key accounts) as part of the ACSI Master 2 program she leads to publish two white papers in 2021 and 2023 to help her students understand how auditing works. “This is how the augmented internal audit came to my attention. It is not only a conventional accounting and financial audit, but also an audit of the information systems,” the researcher says. This type of audit can be used to assess all the activities of a company.
Internal audits examine the operating conditions for a given activity, identify risks and establish control mechanisms. “What is at stake is the evolving auditor profession,” the researcher says. Technology is redefining the limits and skills of the profession which are now associated with tools like AI (artificial intelligence).
Challenges of the evolving auditor profession due to the increased use of technology
The increased use of technology in audits pertains to two separate areas. The first is audits based on new technology. New technology is used in audits for the main purposes of improving the audit procedures (quality), automating those procedures, ensuring the reliability of the data collected and assisting decision-making. At a general level, it all contributes to more or less indirect value creation (continuous improvement of decision-making processes due to better data processing and analysis) and/or cost reduction (productivity gains, saving time) and risk reduction (including organizational risks).
All the changes introduced in terms of automation, the redeployment of employees to tasks with higher added value, improvements in quality, new services and support can help organizations increase their productivity. Yet this requires prior training all auditors as well as consideration of possible resistance to introducing new tools and practices into daily routines.
The second issue concerns the audit of new technological applications and solutions. While there is no doubt that new technology facilitates the tasks involved in internal audits, particularly IT audits, how will auditors go about auditing automation, robotization and artificial intelligence solutions? This also raises the question of the auditability of automation solutions. How can we develop new skills in this area? Will all auditors be interested in performing these new audits?
Automation tools in the augmented internal audit process
Certain tasks, especially in financial auditing, have been automated for decades. Tools like Excel were already used to select samples, run tests and document audit procedures. Certain independent software programs were also used to import datasets and select an audit task to run from the user interface, for example. But other tools emerged (RPA, AI) in the early 2010s and have continued to expand. Most major audit firms have developed their own RPA software. Auditors can now view and analyze more relevant information in addition to the more conventional documents, such as accounting records. The information comes from both audited entities and external sources.
AI and RPA detect misstatements, exceptions and outliers in financial statements. Exceptions refer to data that does not meet the auditor’s expectations. Outliers are identified by automation tools that detect unusual characteristics.
Yet AI will do this even better than RPA and will offer projections of what is likely to happen. In addition, “AI facilitates continuous audits, meaning that it will eliminate sudden and periodic interruptions. This is a gamechanger and is characteristic of the agile augmented internal audit,” Nabyla Daidj says. This agility is therefore associated with the continuity of the audit process.
However, automation tools support the work of auditors. They have not fully replaced them. There are currently few studies that offer a medium-term outlook for the changes in auditors’ assignments with the increasing use of these tools.
Rules should in principle be introduced to establish ethical limits to ensure trustworthy AI, which includes data processing, identification, analysis, alert management and risk assessment. The difference will lie in the assessment provided by the auditor who will maintain their independence. Tools like AI will be there to help the auditor process information in the most factual and “objective” way possible.
