AI-Powered Audits: Navigating the New Normal

Summary

• AI adoption is accelerating rapidly, with 75% of knowledge workers using generative AI. This trend presents opportunities for increased productivity, governance, and risk management challenges that audit leaders must address.
• The emergence of custom GPTs and local Large Language Models (LLMs) is democratising AI development, allowing organisations to create tailored AI solutions.
• Audit directors and committees face the urgent task of developing comprehensive AI strategies. These strategies must balance innovation with risk management, addressing issues like "Bring Your Own AI" (BYOAI) practices and ensuring robust governance frameworks are in place.

Are we unknowingly opening Pandora's box of risks in the race to harness AI's potential? For audit leaders, their next move could define the future of organisational integrity.

Introduction

The landscape of artificial intelligence is evolving at breakneck speed, reshaping how we work and make decisions. This transformation presents a dual challenge for audit directors and committees: leveraging AI's immense potential while safeguarding against its inherent risks. As we stand at this technological crossroads, understanding the nuances of AI architecture and its implications for audit practices has never been more critical.

AI Benefits and Concepts

Artificial Intelligence (AI) represents a broad field of computer science aimed at creating systems capable of performing tasks that typically require human intelligence. The promise of AI extends far beyond mere automation, offering transformative potential across various industries and functions.

Recent studies by PwC presented in their Jobs Barometer 2024 report show organisations that are deeply engaged with AI achieving up to 4.8 times the increase in productivity. This translates to small teams accomplishing the work of much larger ones, a game-changer for audit efficiency and scope. Moreover, AI's ability to process vast amounts of data and identify patterns invisible to the human eye opens new frontiers in risk assessment and fraud detection.

To fully grasp AI's potential, it's crucial to understand its key subtypes and how they interrelate:

1. Neural Networks (NN): These are computing systems inspired by biological neural networks in animal brains. In audit contexts, NNs can be used for anomaly detection in financial data or for predicting audit risk.
2. Machine Learning (ML): A subset of AI, ML focuses on algorithms that improve automatically through experience. It encompasses various techniques, including supervised learning (learning from labelled data), unsupervised learning (finding patterns in unlabeled data), and reinforcement learning (learning through interaction with an environment). ML can be applied in audits for tasks like classifying transactions or predicting audit outcomes.
3. Natural Language Processing (NLP): NLP enables computers to understand, interpret, and generate human language. This technology is crucial for analysing textual data in audit reports, contracts, or financial statements. NLP can help auditors quickly extract relevant information from vast document repositories or even assist in drafting audit reports.
4. Computer Vision: This field deals with how computers gain high-level understanding from digital images or videos. In audits, computer vision can verify physical inventory or analyse security footage for fraud detection.

These AI subtypes are not mutually exclusive; they often work in concert. For instance, a neural network might form the basis of a machine learning model that performs natural language processing tasks. Similarly, computer vision often relies on neural networks and machine learning algorithms to interpret visual data.

The synergy of these AI components creates powerful tools for auditors. For example, an AI system might use computer vision to scan invoices, NLP to extract relevant information, and machine learning to flag unusual patterns or potential fraud indicators. This holistic approach allows for more comprehensive, efficient, and accurate audit processes.

Furthermore, the advent of generative AI, illustrated by large language models like GPT, represents a significant leap forward. These systems can generate human-like text, analyse complex documents, and even assist in problem-solving and decision-making. For audit professionals, this could mean AI assistants capable of drafting preliminary reports, suggesting audit procedures based on risk assessments, or providing instant answers to complex regulatory questions.

As AI continues to evolve, its potential applications in audit grow exponentially. From enhancing risk assessment models to automating routine tasks, AI promises to increase efficiency and elevate the quality and depth of audit processes.

A Conceptual AI Architecture - Hardware, OS, Apps

Understanding AI's layered architecture is crucial for effective implementation and governance. This architecture can be conceptualised as a pyramid with three main layers, as shown in Figure 1.

Hardware Layer (Bottom)

At the foundation of AI systems lies specialised hardware designed to handle the intense computational demands of AI algorithms.

• General-use processors: Standard CPUs found in most computers can run AI applications, but they're not optimised for AI workloads.
• AI-optimised chips: Graphics Processing Units (GPUs) are designed specifically for AI computations. These chips excel at the parallel processing required for neural networks and deep learning models.
• Edge AI hardware: Specialised chips designed to run AI models on devices like smartphones or IoT sensors, enabling real-time AI processing without relying on cloud connectivity.

Understanding hardware capabilities is crucial for audit teams when planning AI implementations or considering local vs. cloud-based solutions.

AI "Operating System" Layer (Middle)

It comprises the foundational AI models and frameworks that serve as the core intelligence for various applications.

Large Language Models (LLMs): Models like GPT-4, BERT, or Claude serve as the "brains" of many AI systems. They're pre-trained on vast amounts of data and can be fine-tuned for specific tasks.

Audit leaders should be aware of the capabilities and limitations of these "AI OSs" to make informed decisions about AI adoption. Different LLMs excel at different tasks. To see the difference, you can issue the same prompt in ChatGPT, Claude, and a local LLM. The results will be very different.

Apps Layer (Top)

This is where AI is put to practical use through specific applications tailored to business needs. These may include:

• Custom-built AI tools: Applications developed in-house to address specific audit or business challenges.
• AI-powered software: Off-the-shelf software with embedded AI capabilities, such as advanced analytics tools or intelligent process automation solutions.
• AI assistants and chatbots: Interfaces that use natural language processing to interact with users and perform tasks.

For audit teams, this layer is where AI directly impacts daily operations, from risk assessment tools to automated report generation.

As AI continues to evolve, staying informed about developments across all layers of this architecture will be crucial for audit leaders aiming to leverage AI effectively while managing associated risks.

Custom GPTs and Local LLMs

The emergence of custom GPTs (Generative Pre-trained Transformers) and local Large Language Models (LLMs) marks a significant shift in AI accessibility and deployment. These technologies are democratising AI development and addressing key data privacy and security concerns.

Custom GPTs

Custom GPTs represent a breakthrough in making AI more accessible and tailored to specific organisational needs. They allow non-technical users to create specialised AI applications without extensive coding knowledge.

Key features:

• Customisation: Users can fine-tune GPT models for specific tasks or domains, such as audit procedures linked to particular legislation.
• Knowledge Integration: Custom GPTs can be trained on organisation-specific data, policies, and procedures.
• User-Friendly Interface: Many platforms offer intuitive interfaces for creating and managing custom GPTs.

Benefits for Audit:

1. Specialised Audit Assistants: Create AI tools that understand audit terminology, standards, and processes.
2. Rapid Prototyping: Quickly develop and test AI-powered audit tools without extensive IT resources.
3. Knowledge Management: Capture and leverage institutional knowledge in an interactive AI format.

Example Use Case: An audit team creates a custom GPT trained on their organisation's audit manual, relevant accounting standards, and historical audit findings. This GPT could then assist in risk assessment, suggest appropriate audit procedures, or even help draft sections of audit reports.

Local LLMs

Local LLMs are large language models that can run entirely on an organisation's infrastructure without relying on cloud-based services. This includes running local LLMs on individual laptops.

Key features:

• On-Premises Deployment: Run sophisticated AI models within the organisation's IT environment.
• Data Privacy: Sensitive information never leaves the organisation's control.
• Customisation: Like custom GPTs, local LLMs can be fine-tuned for specific use cases.

Benefits for Audit:

1. Enhanced Data Security: Process sensitive financial data without exposing it to external systems.
2. Compliance: Easier adherence to data protection regulations and industry-specific compliance requirements.
3. Offline Capability: Perform AI-assisted audits even in environments with limited internet connectivity.

Example Use Case: An audit firm deploys a local LLM to analyse vast amounts of financial transaction data, contracts, and internal communications for fraud detection or risk assessment, all while ensuring that this sensitive data never leaves their secure environment.

Interplay between Custom GPTs and Local LLMs

While custom GPTs are often associated with cloud-based services like OpenAI's GPT, the concept can also be applied to local LLMs. Organisations can create custom, specialised AI tools that run entirely on their infrastructure.

Considerations for Audit Committees and Leaders

1. Skill Development: While more straightforward than traditional AI development, effectively utilising custom GPTs and local LLMs requires training and new skill sets.
2. Quality Control: Establish processes to ensure the accuracy and reliability of custom AI tools, especially for critical audit functions.
3. Governance: Develop clear policies on creating, using, and monitoring custom AI applications.
4. Ethical Considerations: Ensure custom AI tools adhere to ethical standards and do not inadvertently introduce bias.
5. Resource Allocation: Evaluate the trade-offs between the flexibility of custom solutions and the resources required for their development and maintenance.

The rise of custom GPTs and local LLMs represents a significant opportunity for audit leaders to harness the power of AI while maintaining control over sensitive data and processes. By thoughtfully integrating these technologies, audit teams can enhance their capabilities, improve efficiency, and provide deeper, more insightful audit services.

Conclusion

Audit leaders stand at a critical juncture as AI revolutionises the business landscape. By embracing AI's potential while rigorously addressing its risks, we can transform audit practices, enhancing efficiency and effectiveness. The path forward requires a delicate balance of innovation and caution, continuous learning, and adaptive governance.

As we navigate this AI-driven future, our role as guardians of organisational integrity has never been more vital. The question is not whether to engage with AI but how to do so responsibly and effectively. The future of audit - and indeed, of our organisations - depends on our choices today.

#AIinAudit #CustomGPT #LocalLLM #AuditInnovation #AIGovernance #FutureOfAudit #AICompliance

We have developed our Shaping Success with AI? (SS:ai?) framework to help Boards and senior leadership understand, introduce, and govern AI in their organisations. SS:ai? aims to help Boards move from Learner or User to Trailblazer and lead profoundly impactful organisations.

If you're a Board Director introducing AI into your organisation, don't hesitate to contact me for an exploratory discussion. You can reach me at [email protected] or book a 15-minute confidential session directly at https://bit.ly/ai-15min using the QR code below.

References

1. https://www.microsoft.com/en-us/worklab/work-trend-index/ai-at-work-is-here-now-comes-the-hard-part
2. https://www.pwc.com.au/media/2024/ai-jobs-barometer-findings.html