Search for content, post, videos

Management System Auditing in an AI-Driven Environment

Auditing is one of the oldest professions. It was preceded by accounting which was born out of the need to keep records beyond the capacity of human memory. The need to keep records necessitated verification, which gave rise to the auditing profession.

Management system (MS) auditing officially began with the publication of the International Organization for Standardization’s (ISO) first ISO 9000 series in 1987. The series has gone through several iterations, and the accepted definition of an audit, according to ISO 9000:2015, is a “systematic, independent, and documented process for obtaining objective evidence and evaluating it objectively to determine the extent to which the audit criteria are fulfilled.”

MS auditing is a systematic evidence-based process geared at evaluating the effectiveness, adequacy, and continuing suitability of a management system. It assesses the inputs, activities, outputs, and controls related to the processes that constitute the management system with the intent of identifying strengths, weaknesses, and opportunities for improvement. The audit can be focused on a segment of the management system or the entirety of interconnected processes that comprise it.

Sampling is a fundamental approach in MS auditing; however, it introduces the element of risk. The program should mitigate against obtaining inadequate information or misinterpreting audit findings, which could lead to unintended consequences. A key factor in the overall audit program is the selection of auditors possessing the required competence and commitment to adhere to established guidelines and audit principles that ensure audit plausibility and integrity.

MS auditing is principles-based. Adherence to these principles is intended to enable audits to be an effective and dependable means of supporting management policies and controls by providing reliable information for driving actions that will result in improvement of performance in organizations. Auditors are expected to adopt and abide by these principles as the basis for providing relevant and sufficient audit conclusions that enable auditors working independently from one another but in similar circumstances to arrive at comparable results (ISO 19011:2018).

These principles are:

  • Integrity – The foundation of professionalism, requiring auditors to act ethically, honestly, and competently.
  • Fair Presentation – The obligation to report audit findings, conclusions, and activities truthfully and accurately.
  • Due Professional Care – The application of diligence, judgment, and responsibility in auditing tasks.
  • Confidentiality – The secure handling and protection of information obtained during the audit process.
  • Independence – The basis for impartiality, ensuring auditors are free from bias and conflict of interest.
  • Evidence-Based Approach – The use of rational, verifiable evidence to ensure reliable and reproducible conclusions.
  • Risk-Based Approach – Focusing the audit on matters significant to the client and audit goals.

The effectiveness of audits also depends on the possession and exercise of certain behavioral traits that regulate personal conduct. They include the following:

  • Being ethical, open-minded, and diplomatic: Fair, receptive, and tactful.
  • Being observant, perceptive, and versatile: Aware of surroundings and adaptable to situations.
  • Tenacious and decisive: Persistent in pursuing objectives and capable of reaching logical, timely conclusions.
  • Self-reliant and possessing fortitude: Working independently while acting responsibly, even in challenging circumstances.
  • Improvement-oriented, culturally sensitive, and collaborative: Committed to learning, respectful of diverse cultures, and effective in team interactions.

Shifting Paradigm in MS Auditing

The principles and practice of auditing described rely heavily on human beings. There is, however, a shift in mythology that has been developing over many years, which has accelerated with the transition from the traditional sampling-based methods to data-intensive, real-time, or continuous auditing. Like many areas of business and organizational life, auditing is being significantly impacted by Artificial Intelligence (AI).

Artificial Intelligence (AI), Machine Learning (ML), and Robotic Process Automation (RPA) have formed a continuum of technologies that move businesses from basic task execution to advanced cognitive decision-making. The sphere of auditing has been no exception. The role of the auditor is evolving from “asking people questions” to “asking data questions,” and the use of technology is increasingly having a major impact on the way audits are conducted and the analysis of data.

Business challenges in the 21st century corporate climate necessitate maximizing the use of technology-based decision support systems. AI can make predictions, suggestions, or judgments that influence actual or virtual environments in the process of achieving certain human-specified objectives, OECD 2021. Advanced data analytics made possible by the use of AI technologies in auditing creates distinct advantages. These include tools to analyze voluminous data, increasing audit efficiency, the allocation of more time to audit analysis by the auditor through the reduction of time needed to do technical tests, minimizing of costs, and the provision of greater transparency. Overall, AI technology supports the improvement of accuracy and efficiency of the auditing process.

The Impact of Digital Transformation

Digital transformation is fundamentally shifting MS auditing from a periodic, sample-based activity to a continuous, data-driven function. This evolution is driven by the integration of AI, which enables auditors to move beyond human limitations to achieve higher levels of assurance and strategic insight.

Human auditors are restricted to the use of sampling in analyzing datasets, thereby reinforcing the inherent risk associated with auditing.  The advent of AI tools allows pivoting from sampling to full population testing, increasing the level of certainty with the attendant reduction of risks.

Another key transition that AI enables is continuous monitoring through real-time process audits using computer-assisted auditing techniques (CAATs). The traditional retrospective approach employed in auditing is giving way to a proactive and predictive risk-based approach.

Robotic Process Automation (RPA) and Natural Language Processing (NLP) automate repetitive tasks such as data extraction, three-way matching, and document reviews, enabling corroboration and greater certainty in conclusions. The auditor can therefore refocus efforts on areas requiring professional judgment and strategic analysis.

The use of AI brings to the fore an entirely new perspective in the management of audit risks. AI reduces risks by shifting the process from manual, sample-based testing to continuous, data-driven assurance. Through the leveraging of machine learning and automation, it addresses inherent, control, and detection risks.

MS standards are largely risk-based and, therefore, auditing based on risk is best practice. The use of AI enables audit planning to become smarter through “AI-guided flows” that suggest the most critical areas for investigation based on data patterns. This satisfies the need to be guided by the concept of materiality in auditing.

Downside Risks

The use of AI technology in MS auditing presents certain challenges, chief among which are data security and quality control. Critical factors include reliability, completeness, and accuracy. Biases originating from flawed training data, algorithmic design, or human subjectivity have the potential to undermine the basis of audit quality by altering how evidence is collected, analyzed, and interpreted. 

Sources of downside risks include:

  • Sampling Gaps: If training data over represents certain processes or demographics, the AI may ignore rare but critical anomalies in underrepresented areas.
  • Narrowed Scope: Automated anomaly detection often focuses on predefined categories. Bias in these definitions can cause the system to overlook risks not captured by those specific features, leading to an incomplete risk profile.
  • Exclusion of Variables: Developers may inadvertently omit important data points due to their own cognitive biases, resulting in a model that fails to account for the full operational context.

The Future of MS Auditing in an AI-Driven Environment

The trajectory of the MS auditing profession is doubtlessly being impacted by digital transformation. What should be expected?

  • Continuous Auditing: Shifting from periodic check-ins to ongoing, real-time monitoring.
  • Human-AI Collaboration: Emphasizing that AI augments, rather than replaces, professional skepticism and auditor judgment.

The Use of AI is in vogue, and this trend will continue. Does that mean that human auditors will be redundant? This is not likely.  However, roles will change. The automation of tasks that are data-intensive will enable more focus on strategic matters and enhance the quality and outcomes of audits. This will only drive continual improvement, which is the quest of management system auditing.

Leave a Reply

Your email address will not be published. Required fields are marked *