AI in audit work: the opportunities
ICAEW’s Audit Registration Committee is aware of growing interest within non-PIE audit firms in the use of AI as part of their audit work. It is recognised that with appropriate safeguards including ‘human-in-the-loop’ requirements, AI has the potential to enhance audit quality by enabling auditors to concentrate more effort on important challenges and judgements as opposed to ‘lower-level’ tasks.
AI in audit work: the risks
Experience from monitoring reviews conducted by the Quality Assurance Department suggests that current use of AI in audit work is very limited. However, it recognises an evident risk that in the absence of clear policies and controls, members of audit teams who use AI routinely in their personal life may adopt AI in their professional work without authorisation or the necessary oversight and control by their firm. These AI risks are not only to audit quality but could quickly expand to data protection breaches and inadvertent release of client confidential information, leaving the firm open to very serious financial, reputational and regulatory consequences.
What action must firms take now?
The committee expects all audit firms to establish appropriate policies and procedures covering the use of AI and to communicate these clearly to all staff, with appropriate training. Policies, procedures and training should explicitly emphasise individual and audit team responsibility when using AI in audit.
All of those involved in the review of audit work must be alert to the risk of unauthorised use of AI. The committee suggests that firms should be transparent with their clients about the use of AI in their audit work and discuss their assessment of data protection risks and relevant safeguards.
Regulatory compliance
Ensuring the appropriate and controlled use of AI will be part of any effective system of quality management in compliance with ISQM1. Audit firms are also reminded of the following.
Audit Regulation 3.17, requires a firm to make arrangements so that all principals and employees doing audit work are, and continue to be, competent to carry out the audits for which they are responsible or employed. This includes competence in the use of tools and technologies such as AI.
Audit Regulations 3.18 and 3.19, require a firm to implement appropriate procedures for the conduct of audit work and to make sure that procedures are followed by all principals and staff involved in audit work, respectively.