Leveraging Technology and AI Tools in Internal Audit: Enhancing Efficiency and Effectiveness

December 4, 2023


As colleges and universities continue to experience a changing operating environment and the world experiences political and economic challenges, higher education institutions are looking for ways to gain efficiencies within their processes and procedures. At the same time, in the past year, the world has been introduced to astounding technological advancements with the public launch of ChatGPT and availability and improvement of similar Generative Pre-Trained (GPT) Transformers.

As institutions are identifying ways to leverage technology in many areas of operations, Internal Audit also has the opportunity to enhance the efficiency and effectiveness of its work. The use of technology and data analytics have transformed the internal audit function by enabling data-driven insights into new and emerging risks, productivity gains with the automation of labor-intensive audit tasks, increased risk coverage, and repeatable processes for continuous risk monitoring.

The Evolution of Internal Audit
Internal audit functions play a crucial role in ensuring the integrity, compliance, and effectiveness of an organization's operations. However, Internal Audit is no longer tasked with simply performing evaluations and assessing the effectiveness of risk management, control, and governance processes. Internal auditors are now being tasked with playing a more active role in guiding executive decision-making, leveraging data to identify anomalies and vulnerabilities as well as identifying opportunities to optimize operations across the organization. Further, the nature of risks or activities in which internal audit engagements have become more dynamic and complex.

With the rapid advancements in technology and the rise of artificial intelligence (AI), internal auditors now have powerful tools at their disposal to enhance their work. Today’s technology and digital tools can be utilized throughout the internal audit lifecycle: from information gathering and goal setting, development of risk assessments and audit plans, assessments of plans, performing audits, and reporting results. Automated workflows and data visualizations have improved the process to be more cost-effective and collaborative to allow for more informed decisions.

Leveraging Technology for Internal Audit Effectiveness and Efficiency
When fully integrated, technology tools can be embedded into all elements of the audit lifecycle providing valuable efficiencies and risk insights in the areas below:

Planning & Scoping
Auditors can use technology tools to provide a deeper view of risk when conducting annual audit planning or in scoping each individual audit:
 
  • Enterprise Risk Assessment and Audit Plan Creation: AI and GPT tools can be used to brainstorm risk areas or industry challenges or assist in creating questions to ask in risk assessment surveys or interviews. Data analytics can be leveraged to help institutions quickly gain insights into enterprise risks and controls, and to prioritize management’s actions by analyzing historical risk factors or identifying areas of lesser controls or ineffectiveness. Technology tools can also be leveraged to provide data visualization of key performance indicators (KPIs) that more readily identify outliers or target areas of greater performance challenges.
  • Audit Planning: Like the items noted above, technology tools can be leveraged for planning specific audits as well. Providing deeper insight into transactional information to better understand key operational activities and risks involved in the audit area allows auditors to prioritize and focus efforts. Further, GPT-style tools can help auditors to develop draft audit plans and identify work steps.

Fieldwork
Technology tools can deeply enhance and streamline fieldwork activities, primarily through leveraging data analysis. Examples below highlight how analytics can be used across a number of common audit areas to provide greater coverage and visibility, with the potential to leverage such actions either for building continuous monitoring programs or for completing distinct audits within the plan.
 
  • General Ledger Close and Financial Reporting: Analysis of journal entry data can assist institutions in quickly identifying unusual and unauthorized journal entries, automate completeness tests, and prioritize reviews based on risks.
  • Payroll: Payroll data can be visualized to obtain a high-level overview of payroll activity by employee, level, and location including deductions, pay rates, and overtime payments. Testing can be automated to identify payments made before hire date or after termination, excessive overtime per pay period and off-cycle payments.
  • Travel and Entertainment Expense Process: Analytics on travel and expense data can help institutions perform a more targeted and automated review of employee expenses by reviewing data by employee, period, and expense type. Search functions and drill down capabilities can help identify excessive spending, inaccurate or duplicate submissions, and non-compliance with company policy. Results can also be used to select a more targeted sample for detailed testing.
  • Vendor Master Management: An analytic of vendor master data can provide insights into top vendors, inactive vendors, and vendor data integrity. Predetermined tests can identify vendors with missing, inaccurate, or duplicate data which may lead to an inefficient business process or potential fraudulent business activity. 
  • Accounts Payable Process: Data analytics enables institutions to quickly identify inaccurate or duplicate payments, invoice processing delays, segregation of duties conflicts, and distribution of invoices processed and paid for a scope period. These results allow management the ability to drill down to root cause and perform timely resolution of risk areas.
  • Research Expenditures: Expenses charged to sponsored research activities can be reviewed to identify cost allowability concerns or provide opportunities for stronger risk identification. Tools can be deployed to evaluate against common standards (such as the Uniform Guidance or institutional policies) as well as built to leverage system data to check against items like an award’s specific budget.
  • System Access: Data analytics can be leveraged to ensure user access to enterprise systems is accurate and adherence to corporate policy is managed correctly during employee terminations and transfers.
  • Fraud Detection: Machine learning algorithms can learn from historical data to detect new and emerging fraud patterns, enabling auditors to stay ahead of fraudsters. By leveraging AI for fraud detection, internal auditors can enhance their ability to identify and investigate potential fraud, ultimately safeguarding the organization's assets and reputation. 

Reporting
 
  • Drafting Reports: GPT technology can be used to write first drafts of audit reports or details for specific findings and recommendations.
  • Action & Issues Tracking: Analytics can be leveraged to continuously monitor audit issues and action plans to drive behavioral change with how issues are remediated.
  • Executive Reporting: The use of technology can optimize Board and Audit Committee reporting on the status of the overall internal audit program to guide executive decision making.

The integration of technology and AI tools in Internal Audit has the potential to revolutionize the profession. Advancements in digital technology can empower institutions to conduct detailed self-audits at regular intervals and continuously monitor risk in a timely, cost-effective, and collaborative manner.

However, internal audit functions must carefully consider how and where they deploy technology tools, especially GPT-type assistance. After attending the recent AuditCon in Miami and hearing the Tuesday morning keynote session from Paul Roetzer, it is clear that with great power comes great responsibility. Users of AI and other technology aided audit processes must ensure there is proper governance in place to support the use of such tools. Internal audit functions must consider any risks associated with the use of tools or other policies or restrictions implemented for their organization, and always remember that GPT-style tools are merely another tool in an auditor’s toolkit and not a fully vetted answer. Challenges include relevancy of data (most tools were last trained on comprehensive data sets from 2021) and accuracy and verifiability of the results provided. Additionally, many data analytics technologies or machine learning models require specialized skillsets and knowledge to appropriately design and deploy.

While the rapidly evolving enhancements to technology capabilities present a bevy of opportunities to increase audit efficiency and effectiveness, it must be done in a thoughtful and intentional manner to best elevate your specific audit function.

About the Authors

David Clark, CIA, CFE, CRMA

David Clark, CIA, CFE, CRMA is a Managing Director and leader of BDO’s higher education advisory practice with nearly two decades of experience supporting colleges and universities. He specializes in supporting institutions in all manner of...
Read Full Author Bio

David Clark, CIA, CFE, CRMA

David Clark, CIA, CFE, CRMA is a Managing Director and leader of BDO’s higher education advisory practice with nearly two decades of experience supporting colleges and universities. He specializes in supporting institutions in all manner of areas related to strategy, governance, risk, and compliance. Prior to joining BDO, he served as a Director in the Risk, Internal Audit, and Cybersecurity consulting practice of another international accounting firm as well as a Senior Internal Audit Manager at one of the country’s leading financial institutions. He can be reached at dclark@bdo.com.
 

Articles
Best Practices for Building a University Audit Plan
Engaging Internal Audit in Initiatives for Diversity, Equity, and Inclusion
Leveraging Technology and AI Tools in Internal Audit: Enhancing Efficiency and Effectiveness

Savvas Georgopoulos

Savvas Georgopoulos is a Managing Director in BDO’s Risk Advisory Services leading the Innovation and Analytics practice. Savvas has more than 18 years of strategy and implementation experience supporting Fortune 500 clients with...
Read Full Author Bio

Savvas Georgopoulos

Savvas Georgopoulos is a Managing Director in BDO’s Risk Advisory Services leading the Innovation and Analytics practice. Savvas has more than 18 years of strategy and implementation experience supporting Fortune 500 clients with large digital strategy and solution implementation initiatives. His responsibilities range from developing strategies for optimizing internal audit functions, leading the implementations of technology solutions to automate audit and control procedures, and enabling data driven risk management and continuous monitoring with the use of analytics.

Articles
Leveraging Technology and AI Tools in Internal Audit: Enhancing Efficiency and Effectiveness