‘ChatGPT is the elephant in the room,’ says BDO internal audit partner Cherry Cromarty. ‘We need to know what it means for internal audit and a broader assurance perspective.’
Cromarty is talking about OpenAI’s chatbot, which is driven by artificial intelligence (AI). Since ChatGPT’s release in November 2022 concerns have been raised about the widespread use of such tools, which are capable of generating detailed and articulate answers and reports across many subject areas, including auditing and financial reporting (see the AB article ‘AI helps create financial statements’).
AI is progressing in areas such as sentiment analysis, but professional judgment is much harder to develop
The concerns range from the accuracy of the generated reports to fears that the deployment of AI, and its underlying use of data and predictive analytics, could effectively put auditors out of a job.
‘We need to find a balance between machine and human,’ says Cromarty. ‘I believe there will always be the need for human intervention when it comes to the investigation of true outliers.’
While AI is often described as ‘an evolving technology’ equipping IT systems with something akin to human intelligence, an ACCA report on audit and technology says that it is better seen as an umbrella term for a group of technologies that can be combined in different ways, whether for driving your car, controlling your central heating or managing your investment portfolio.
‘It is also the subject of a large amount of hype, with “humanlike intelligence” predicted to appear in 2029 (or whatever the current date is plus 10 years) and either drastically reducing the workforce or destroying us all,’ the report says.
‘It is clear that some tasks will no longer be done by the auditors,’ says Michal Štěpán, assurance director of Deloitte Czech Republic. ‘In the long term, it is likely that the profession will see a shift in its focus, with more emotional intelligence expected from auditors rather than focusing on data testing.’
‘You can create some smart reports but it all comes back to how good the data is in the first place’
‘We have all this information, but what do we do with it to turn it into insight and benchmark it?’ asks Cromarty. ‘For instance, wouldn’t it be amazing to ask an app like ChatGPT to tell me, for example, how many controls on average does a retailer have over its payroll?’
However, as Cromarty observes, the information the generative app is looking for is already there, and it just captures it more quickly and efficiently than humans can.
‘If you can use all of the information within an organisation and outside it, you can create some smart reports. It does all come back to how good the data is in the first place, but internally you should be able to get your data into a good place.’
The human remains
Cromarty adds that financial controls is ‘absolutely the right use for this technology’. However, she can also see a growing use for it in non-financial areas, such as environmental, social and governance (ESG) reporting, where she believes there will be a need for human intervention longer than in other areas. ‘The human element will evolve. We are in a technology evolution, moving at pace, though the reality is that it is still embryonic.’
The Chartered Institute of Internal Auditors (IIA) recently published a report urging internal auditors to fully embrace data analytics, particularly in an age of ‘systemic risk’. The aftermath of the pandemic, the war in Ukraine and now a recession have all magnified and exacerbated a multitude of business-critical risks. According to the IIA, these major risk events are having compounding downstream effects on supply chains, inflation, growth, costs, forex rates, cybersecurity and workplace mental health.
Data analytics can enable internal auditors to deliver faster insights into fast-moving risks
The report, Embracing data analytics: Ensuring internal audit’s relevance in a data-led world, argues that harnessing and embracing the power of data analytics can enable internal auditors to deliver faster and more incisive insights into fast-moving risks so that their boards can then act swiftly.
‘The internal auditor of the future will be fully data-enabled,’ concludes the report. ‘AI and machine learning are being used to detect risks and automate process outcomes testing, strengthening the third line. But computers cannot give a nuanced control design opinion. Internal audit will always require a human touch.’