Review Article - (2025) Volume 12, Issue 1
Received: 18-Sep-2024, Manuscript No. IPBJR-25-21574; Editor assigned: 20-Sep-2024, Pre QC No. IPBJR-25-21574 (PQ); Reviewed: 04-Oct-2024, QC No. IPBJR-25-21574; Revised: 09-Jan-2025, Manuscript No. IPBJR-25-21574 (R); Published: 16-Jan-2025, DOI: 10.36648/2394-3718.12.1.138
This systematic literature review examines the evolving relationship between Artificial Intelligence (AI) and internal audit, with a particular focus on the role of auditing frameworks in guiding effective adoption. The review synthesizes findings from academic studies, professional standards, and industry reports to explore how AI-driven tools enhance risk assessment, fraud detection, control testing, and assurance activities. It highlights that while AI offers opportunities for increased efficiency, accuracy, and continuous auditing, its integration presents challenges related to data quality, model transparency, governance, and ethical considerations. Established auditing frameworks such as COSO, COBIT, and ISO-based standards play a critical role in supporting auditors as they navigate these complexities by offering structure for risk management, oversight, and implementation controls. The review concludes that a robust alignment between AI capabilities and auditing frameworks is essential to ensure accountability, reliability, and trust in AI-enabled internal audit functions.
Artificial intelligence; Internal audit; Auditing frameworks; Systematic literature review; Risk management; Automation; Governance
Digitization has had an impact on public sector management processes, resulting in changes in roles, corporate operations, objectives, and corporate requirements. As a result of digitalization, the scope and duties of the public sector have changed and extended, making the organization, storage, and processing of the expanding dimension of data resulting from public services more complex. This has also hastened the use of artificial intelligence in internal audits in the public sector. In the public sector, the vast volume of data connected to people' personal information, public tenders, contracts, and suppliers makes it difficult to regulate and oversee. Therefore, there is a trend in the public sector to deal with Public Sector Internal Audit Artificial Intelligence models and audit analytics.
Business stakeholders want organizational management to make appropriate judgments about risk management, transparency, and information monitoring. To achieve these goals, corporate organizations must have strong governance structures and procedures. Effective governance structures and procedures can help achieve objectives, manage risks, and improve corporate governance.
The Internal Audit Function (IAF) plays a crucial role in the organization's corporate governance structure by providing independent opinions, assisting with issues, and promoting innovation and progress. According to Goertzel, AI contributes to organizational competences through innovations and enhancements.
AI has the potential to significantly improve the IAF's job by allowing them to process large amounts of data quickly. Instead of merely providing assurance on sample data, IAF may conduct audits on the entire population using AI. According to MacRae and Gils, an internal audit function can be defined as an independent and objective assurance activity available within the firm.
IAF's expanded competence will increase stakeholder satisfaction with firm operations and governance. The International Professional Practicing Framework (IPPF) governs the IAF, a mandatory component of the Corporate Governance Code and the Institute of Internal Auditors framework.
Looking back over the last decade, it is clear that the present audit profession has evolved significantly. Internal auditors must be even more adaptable and stay current with the changing technological environment. Kozlowski emphasizes the necessity for considerable improvements in IAF functionality as AI technology becomes more prevalent. Ghanoum and Alaba suggest that IAF should shift from sample-dependent compliance audits to more complex, comprehensive, practical, problem-solving, predictive, and fraud-discovering audits.
As an example, IAF now requires reviewing smart controls and providing advise on how to improve them.
Few studies have examined how AI affects the effectiveness of IAF. As a result, this review may help to fill a gap in the literature on AI's application in IAF. Given the relevance of AI to businesses, the use of AI in IAF is a topical and relevant topic.
The paper examined publications from the Web of Science (WoS) database published between 2019 and 2023. The review discovered that AI and IAF (separately) are wellstudied fields. However, there are limited studies on the use of AI in IAF.
Although the concept and use of AI are widely accepted, they have not yet been implemented in some countries. Studies mostly focus on Australia, China, and Oman. According to Lehner et al., Asia and Europe are the most extensively researched areas.
Artificial Intelligence
Globalization and the Fourth Industrial Revolution are now unavoidable, and information technology is fast evolving. Various types of technology, including Artificial Intelligence (hence referred to as AI), are increasingly being developed to help humans do their jobs. Along with technical advancements that make human job easier, there is concern that technology or AI may entirely take over human employment, resulting in reduced or even eliminated human role as workers.
Academics and practitioners debate the "artificial intelligence vs. human" debate, which covers a wide range of contentious issues such as the prospects for some future jobs, the new skill sets and competencies required how humans and machines can collaborate efficiently and effectively, and so on.
Data mining/data science-powered AI is now widely used in a variety of businesses. Companies that focus on consumer management, retail, finance, communications, and marketing have a high need for "tools" to track transactional data in order to increase company profits by determining prices, customer preferences, product positioning, sales impact, and customer satisfaction. These features eventually drive the demand for sophisticated information technology to ensure firms make timely and relevant decisions. AI is the key to success in the industry rivalry.
For decades, the accounting profession has adopted and used Artificial Intelligence (AI). The growing focus on artificial intelligence appears to be disrupting many human-dominated workplace cultures. The present business and operating environment is competitive in adopting and responding to digital technology developments through the use of computers/ machines. However, while the accounting profession has been present for decades, it is increasing popularity as today's business and operating environment embraces digital technology through the use of computers/machines.
The difficulty now is that these AI advancements have been misunderstood and overstated. There is considerable consensus that significant breakthroughs have been made in recent years, leading to increased usage of deep learning with sophisticated machines that can process considerably faster in greater storage areas. This situation is predicted to partially automate labor intensity. Meanwhile, Sutton et al. stated that accounting and management information system researchers had significant potential in AI.
Because of this advancement, the future job of the auditor will evolve in tandem with the implementation of AI in businesses.
The application of artificial intelligence in accounting jobs is not new. Previously, accountants worked with a wide range of tools to support financial record-keeping in a variety of businesses. Suton et al. noted that, while automation in accounting has progressed slightly during the 1990’s, research in the field of artificial intelligence in accounting has continuously increased over the last 30 years.
Gray et al., examined the research productivity of expert systems and artificial intelligence in accounting. This is one of the first studies in the subject of accounting studies to investigate AI. Gray et al., determined that research and practice in expert systems/artificial intelligence have dropped since the late 1990’s. As a result, accounting research into artificial intelligence is both intriguing and eagerly anticipated. Multidisciplinary research will enrich the resulting data.
Research Questions
This review work makes significant contributions to both theoretical and practical areas. For theory, it identifies unexplored study areas (research gaps), hence influencing future research orientations and theoretical underpinnings. Furthermore, this review contributes to the development of a theoretical framework (CACS), which will help stakeholders comprehend and conceptualize the use of AI in the IAF and can serve as a foundation for future research. In reality, this study assists internal auditors in assessing and understanding the possible benefits and risks of using AI in their organization's IAF.
It also assists internal auditors in identifying the new abilities required to embrace and effectively apply AI in audit activities, as well as highlighting areas for training and development. This assessment is useful for regulators in revising internal auditing legislation in light of the use of modern technology like as AI, as well as ensuring that internal auditing methods are in line with emerging technology. Finally, enterprises can use this analysis to determine whether AI investments in their IAFs are warranted. As a result, the recently introduced CACS framework with four qualities was recommended for incorporating AI into the IAF. Thus, enterprises can use the framework to swiftly deploy and utilize AI in their IAF.
The research design for this paper is based on the technique required to build the SLR, which defines the intellectual area of study on the usage of AI in the IAF. As a result, the research questions in this work are guided by the SLR's requirements as well as the study's analytic sequence. Before generating future research interests, it is necessary to investigate the existing status of study on the application of AI in IAF.
RQ1: What is the current state of research into the usage of AI in IAF?
RQ2. What are the next research directions for AI applications in IAF?
The study questions in this review were established using the methodologies of Lehner. Thus, in response to the First Research Question (RQ1), the review tries to identify which journals publish the most articles and which authors are the most prolific. Furthermore, research on the usage of AI in the IAF were linked to geographical regions and countries to find understudied areas. As a result, it was critical in this evaluation to determine the most commonly utilized research method for the issue as well as historical patterns.
The Second Research Question (RQ2) seeks to provide insight into future study paths on the use of AI in IAF by identifying the places, issues, and research techniques that have received the least attention. Finally, this paper will offer a paradigm for implementing AI in the IAF and discuss its practical consequences.
Technology: Michael Porter's book on competitive advantage, published in the 1980’s, inspired today's competitive advantage in industry and academics. Porter sees the firm in a unique way, as a series of interconnected activities known as the "value chain," with the ultimate goal of creating a competitive edge for the organization. This concept came to be known as "competitive advantage". Porter contends that enterprises can gain a competitive edge by giving greater value to purchasers in the form of lower costs (low costs) than their competitors. Competitive advantage will also be gained by distinctive activities that their competitors do not have, in order to provide added value.
Wernerfelt and Barney created a model that outlines the difficulties associated with identifying the elements that comprise an organization's competitive advantage. This model is commonly referred to as the "Resource-Based View (RBV) of the firm". Using organizational theory and the RBV, created a model to describe the relationship between effective adoption of Artificial Intelligence-based Customer Relationship Management (AI-CRM) at the Business-toBusiness (B2B) level.
This model predicts that organizations can only achieve longterm high performance if they have "superior resources" and "capabilities" that can safeguard them against future changes. According to Barney, in order to achieve a meaningful cost advantage or differentiation, a company must have the resources and capability. Porter defines competitive advantage as a company's capacity to outperform other companies in the same sector or market due to unique traits and resources.
Meanwhile, Hitt et al. clarify that sources. Sustainable competitive advantage consists of capabilities that are valued, scarce, and expensive to imitate.
Cannot be replaced. These four talents will serve as a company's fundamental competence.
Using Porter's criteria, competitive advantage includes: The first is useful, in which resources are exploited through a series of techniques that raise their efficiency or effectiveness. Companies that can capitalize on this precious resource will outperform their competitors and mitigate their competitive shortcomings.
The second is a rarity, which refers to resources that are difficult to obtain, unique, and cannot be obtained by other companies. The third is imperfectly imitable, which means that when the resources owned are extremely difficult to copy, it is feasible in the long run because competitors find it difficult to enter the market without huge investments from limited resources. The last one is non-substitutable, which means that a resource has no true equivalency and is neither scarce nor unique.
High technology (hi-tech) is a valued asset. If hi-tech is created to meet industry needs, the hi-tech adopted by certain enterprises is not only valuable, but also imperfectly imitable and non-substitutable.
AI technology will provide a competitive advantage to any firm that uses it. Hi-tech has facilitated corporate culture since the twenty-first century, causing the sector to work more innovatively and collaboratively, which may subsequently be used to create new market prospects. In addition to offering new market opportunities (marketplace), the deployment of advanced technology can also create barriers to rival entry, allowing the company's products to build their own market. Qualitative and quantitative assessments are conducted to determine how the efforts of firm executives, value creation divisions (such as human resource management), organizational culture, design, and established systems may work together to create a more dynamic and responsive organization.
Artificial intelligence has transformed the function of corporate activities, making them more cost-effective and efficient. Artificial intelligence is rapidly transforming the way things work across many industries. AI has been integrated into audit procedures at the Big 4 audit firms. Investigate the impact of Artificial Intelligence (AI) on accounting operations performance in Southeastern Nigerian enterprises. Using 185 accountants and managers from accounting firms, their study discovered that expert systems and intelligent agents have a considerable impact on the performance of the accounting function in firms in Southeastern Nigeria.
Cooper et al. conducted interviews with RPA leaders from the Big Four to investigate the use of Robotic Process Automation (RPA) technologies in enterprises. RPA software automates data input, processing, and output in order to reduce dull and repetitive operations. Many of Cooper et al.'s findings revealed empirical data that was specific to accounting. Among them is the huge boost in efficiency and effectiveness that RPA implementation has brought.
However, the installation of RPA has no effect on the cost of services supplied by the accounting company, despite fears that clients may seek lower charges as a result of fewer employee service hours (time). Cooper et al. did preliminary study on the benefits, opportunities, and constraints of applying RPA in accounting.
Framework Addresses Critical Factors
The framework addresses six components, all of which are incorporated into the organization's strategy. The framework states that each company will require a distinct AI strategy based on its existing capabilities as well as its approach to risk management and capitalizing on possibilities. Internal audit must address questions like these when reviewing where firms stand with their AI strategy.
• Does the organization have a clear AI strategy?
• Does it invest in AI research and development?
• Is there a plan to identify and address AI threats and opportunities?
According to the framework, AI may offer organizations with a competitive advantage, and internal audit should assist management and the board in realizing the necessity of implementing a well-thought-out AI strategy that is aligned with the organization's objectives. These findings are certainly still true today. Strategic planning for AI is especially unusual due to the technology's rapid and continuous advancement, as well as the breadth and depth of its potential influence.
As a first step, internal auditors should ensure that they completely appreciate the size of AI systems.
AI governance: This component includes the structures, processes, and procedures needed to guide, manage, and oversee the organization's AI efforts aimed at achieving its goals. Again, the right formality and structure of AI governance will differ depending on each company's unique circumstances and qualities. According to the framework, in all cases, AI governance addresses accountability and oversight, as well as whether personnel in charge of AI have the requisite skills and experience to monitor its use and whether its AI operations represent its values. Given advances in AI's influence, it is vital that related activities and decisions are consistent with the organization's ethical, social, and legal obligations.
Data governance is always vital, but dealing with AI requires a somewhat different approach. For example, because generative AI systems are trained on specific information, it is easier to incorporate both errors and bias early in their development if they are not taught on valid data. If older systems are taught that a particular shade of red is actually blue, they will always believe it is blue. AI, on the other hand, will believe that any shade of red is blue.
Once a small bias or inaccuracy is fed into the technology, the system will continue to be trained on that error, potentially expanding its impact exponentially, so the bias must be spotted and removed upfront before it is used in decision making, customer-facing communication, or in any other manner that could damage the organization's finances or reputation.
Data architecture and infrastructure: The framework stated that AI data architecture and infrastructure will most likely mimic those used for big data. These issues include how data is accessed, as well as information privacy and security problems throughout the data's life cycle.
From collection and use to storage and disposal. Other considerations include data ownership and use throughout its lifecycle.
When it comes to artificial intelligence, chief audit executives must prioritize cybersecurity within their teams. As AI use expands, it's important to remember that the information AI and generative AI utilize is only as good as the data they're provided or educated on. Additionally, AI systems' controls may vary. Wilson collaborated with a former employer to create a system that integrated data science, Robotic Process Automation (RPA), and Artificial Intelligence (AI) into intelligent automation.
Data quality: With that in mind, it's evident that, as The IIA's framework stated, the dependability of the data used to build AI algorithms is crucial. Unfortunately, a poll conducted last year by open source data quality platform Great Expectations revealed that 77% of data professionals believed their firms had data quality concerns, with 91% believing they were harming company performance. Only 11% reported no data quality concerns. The company defined the six dimensions of data quality as follows:
• Accuracy
• Completeness
• Uniqueness
• Consistency
• Timeliness
• Validity
Data quality may be compromised because systems do not communicate well with one another or do so via complex add-ons or customizations. "How this data is brought together, synthesized, and validated is crucial," the framework states.
Measuring performance of AI: How well do AI systems perform? What contributions do they make? The framework establishes that, when businesses integrate AI into their activities, they should define acceptable performance measures that link activities to business objectives and clearly demonstrate if AI is assisting in achieving goals. At the same time, management must actively monitor the performance of its AI initiatives.
The human factor: According to the automation paradox, the more efficient an automated system, the more vital human involvement in the process. Humans are occasionally required to detect and correct faults made by other humans. Indeed, 88% of data breach events were caused by human error.
The Black Box factor: The term "black box" refers to a complex electronic equipment whose internal workings are not visible to or understandable by the user. Anticipating generative AI and other sophisticated systems, the framework observes that as businesses adopt new AI technologies, such as computers or platforms that can learn on their own or communicate with one another, the algorithms' workings become less transparent or intelligible. As an organization's AI efforts become more advanced, the black box aspect will become an increasingly significant challenge. Advancements in AI since the framework was first published undoubtedly verify and reinforce that notion, as well as all of the observations concerning the six key components.
AI – The Basics
AI is powered by algorithms, which are fed by big data, so before embarking on AI, an organization should have a solid foundation in big data. And before internal audit considers addressing AI, it needs have a solid foundation in big data. The IIA's "GTAG: Understanding and Auditing Big Data," which is free to IIA members and available to non-members through The IIA Bookstore, provides complete guidance on understanding and auditing large data, including a review of opportunities and hazards and a sample work program.
Big data is more than just massive volumes of data; it refers to data (information) of such volume, variety, velocity, and variability that businesses engage in system designs, tools, and procedures specifically intended to handle it. Much of this data may be generated by the organization itself, while other data may be publicly available or purchased from third parties.
Organizations create algorithms to make the best use of large data. An algorithm is a collection of instructions for a machine to follow. An algorithm is what allows a machine to quickly handle massive volumes of data that humans cannot reasonably process, let alone comprehend. The performance and accuracy of algorithms are quite significant. Humans build algorithms, hence human error and biases (both intentional and inadvertent) will have an impact on the algorithm's performance. Faulty algorithms can cause tiny problems in an organization's operations as well as big catastrophic effects. It is widely acknowledged that poor algorithms, at least partially, drove the 2008 global financial catastrophe.
AI opportunities and risks: The first step in comprehending the organization's AI potential and risks is to fully comprehend the organization's big data opportunities and risks. Again, for extensive guidance on understanding and auditing big data, including a discussion of potential and hazards, and a sample work program, see The IIA's "GTAG: Understanding and Auditing Big Data," available free to IIA members and non-members through The IIA Bookstore.
Examples of AI opportunities and risks include:
Opportunities:
• The ability to shorten the data processing cycle.
• The capacity to eliminate errors by substituting human actions with precisely repeatable machine actions.
• The ability to replace time-consuming operations with time-saving activities (process automation), resulting in reduced labor time and costs.
• Robots or drones can replace humans in potentially risky situations.
• The ability to generate better predictions for everything from product sales in specific markets to epidemics and natural disasters. • Ability to drive revenue and increase market share through AI initiatives.
Risks:
• The possibility that unexplained human prejudices will become embedded in AI technology.
• The risk of human logic flaws being embedded in AI technology.
• The possibility that inadequate AI testing and oversight would produce ethically problematic results.
• The possibility that AI goods and services will cause harm, resulting in financial and/or reputational losses.
• Customers or other stakeholders may not accept or adopt the organization's AI projects.
Internal audit’s role: Internal auditing is skilled at assessing and comprehending the risks and opportunities associated to an organization's capacity to achieve its goals. Internal auditing can help a company examine, comprehend, and convey the extent to which artificial intelligence will have an impact (good or bad) on the business's ability to produce value in the short, medium, and long term. Internal auditing can involve at least five key and separate actions connected to artificial intelligence:
Internal audits in all firms should integrate AI in their risk assessments and consider include it in their risk-based audit plans.
Internal audit should be actively involved in AI projects from the start, giving advice and insight to ensure successful adoption [1,2]. However, in order to avoid the perception of or actual impairments to independence and objectivity, internal audit should not own or be accountable for the implementation of AI processes, policies, or procedures.
For organizations that have implemented some aspect of AI, either within their operations (such as a manufacturer using robotics on a production line) or incorporated into a product or service (such as a retailer customizing product offerings based on purchase history), internal audit should provide assurance on risk management related to the reliability of the underlying algorithms and the data on which the algorithms are based.
Internal audits should ensure that any moral and ethical concerns raised by the organization's usage of AI are addressed.
As with any other big system, suitable governance structures must be implemented, and internal audit can provide assurance in this area [3].
Regardless of the precise actions undertaken, internal auditing is well-suited to play a vital role in an organization's AI-related activities. Internal audit:
• Understands the organization's strategic objectives and the processes used to attain them.
• Is able to determine whether AI efforts are meeting their aims.
• Can give internal assurance about management's risk management operations related to AI risk.
• Is seen as a trustworthy advisor who can favorably promote the implementation of AI to improve company processes or enhance product and service offerings [4].
AI competencies: Filling the understanding gap: According to reports, there is a scarcity of AI-trained IT personnel. Organizations that want to engage in the AI revolution must develop or recruit talent with competences in a variety of areas, such as:
• Natural language processing
• APIs include facial recognition, picture analytics, and text analytics
• algorithms and advanced modeling
• Probability and applied statistics
• Data analytics
• Software engineering
• Programming language
• Machine learning
• Computer vision
• Robotics
While a few companies in the technology, automotive, manufacturing, financial services, and utilities industries appear to be leading the AI revolution, it is difficult to envisage an organization that will be unaffected by AI. Computers, spreadsheets, and distributed processing were initially the focus of specific businesses; nevertheless, all organizations eventually embraced parts of these technology. As AI becomes more widely used, it is difficult to conceive any internal audit activity that will not be required to deliver AIrelated assurance and advising services to its company.
AI Auditing Framework
The Framework consists of six components, all positioned within the context of an organization's AI strategy [5].
Strategy: Each organization's AI strategy will be unique in terms of how it capitalizes on the potential presented by AI. An organization's AI strategy may be a natural extension of its overall digital or big data strategy; firms with a well-developed and implemented digital/big data strategy are one step ahead in AI. According to MGI, firms that "combine strong digital capability, robust AI adoption, and a proactive strategy see outsized financial performance."
Internal audits must first assess an organization's AI strategy. Does the organization have a clear AI strategy? Does it invest in AI research and development? Is there a plan in place to detect and address AI dangers and opportunities? AI can become a competitive advantage for firms, and internal audit should help management and the board comprehend the need of developing a purposeful AI strategy that is aligned with the organization's objectives.
AI governance: AI governance refers to the structures, processes, and procedures used to direct, manage, and oversee an organization's AI efforts in order to achieve its goals. The level of formality and structure for AI governance in a company will vary depending on its specific qualities. Regardless of the specific technique, AI governance establishes responsibility and supervision, assists in ensuring that individuals in charge have the necessary skills and knowledge to successfully oversee AI, and ensures that the organization's values are reflected in its AI activities. This final element should not be neglected or taken lightly. AI efforts must lead to judgments and actions that are consistent with the organization's ethical, social, and legal responsibilities [6].
Data architecture and infrastructure: AI data architecture and infrastructure are likely to be the same as the organization's architecture and infrastructure for managing large data. It contains considerations for: Metadata, taxonomy, unique identifiers, and naming conventions are used to make data accessible.
Data quality: The data used to build AI algorithms must be thorough, accurate, and reliable. Unfortunately, companies frequently have a poorly defined, incoherent data structure. Often, systems do not connect with one another or only through complex add-ons or customizations. How this data is gathered, processed, and validated is critical [7].
Measuring performance of AI: As organizations incorporate AI into their operations, performance metrics should be created to connect AI activities to business objectives and clearly demonstrate whether AI is effectively helping the attainment of those goals. Management needs to actively monitor the performance of its AI operations.
The human factor: Humans develop algorithms. Human error and biases, both deliberate and inadvertent, will have an impact on algorithm performance. The human factor component evaluates whether [8].
The possibility of unintentional human biases in AI design is discovered and mitigated. AI has been thoroughly tested to verify that the results accurately reflect the intended intent. Despite their complexity, AI systems can be transparent.
AI output is utilized legally, ethically, and responsibly. It is well acknowledged that human mistake is the leading source of data privacy and security breaches. Similarly, the human element component addresses the danger that human mistake will compromise the ability of AI to produce the intended results.
The Role of Artificial Intelligence in Auditing
In the financial sector, auditing is similar to a company checkup. It's a strategy to ensure that their financial accounts are correct and reliable. Historically, auditing required a great deal of physical labor, with auditors spending hours verifying documents and records. However, with the advent of Artificial Intelligence (AI), auditing is becoming more efficient and effective [9].
For auditors, AI functions similarly to a smart assistant. It can handle vast amounts of data faster than humans, assisting auditors in detecting errors and potential fraud. One of the most common applications of AI in auditing is data analytics. AI algorithms can instantly scan hundreds of documents and transactions, flagging any that appear suspect. This saves auditors time and allows them to focus on more important tasks.
Another key application of artificial intelligence in auditing is risk assessment. AI may evaluate data to uncover financial hazards, such as fraud or accounting problems. Auditors can assist businesses manage risks and avoid future problems by identifying them early on.
Artificial intelligence is also utilized to increase audit quality. For example, AI systems can examine financial data to detect trends and patterns that may indicate fraudulent conduct. They can also help auditors comprehend a company's financial health by providing information about its financial performance.
One of the primary advantages of AI in auditing is its capacity to manage massive amounts of data. Companies generate more data than ever before as financial records are increasingly digitized. AI can handle this data fast and efficiently, allowing auditors to study more information than they could manually.
AI is also enabling auditors to be more proactive. Instead than waiting for problems to occur, AI can assist auditors in identifying possible concerns before they escalate. For example, AI systems can detect anomalous transactions or trends that may indicate fraudulent activity, allowing auditors to conduct further investigations. Looking ahead, the importance of AI in auditing is only expected to expand.
As AI technology advances, auditors will be able to conduct more comprehensive and efficient audits. AI systems may even be able to foresee future financial patterns and hazards, allowing corporations to make more educated decisions.
Recent trends related to the topic
• Automation and efficiency
• Data analytics
• Natural Language Processing (NLP)
• Blockchain and distributed ledger technology
• Continuous auditing
• Risk assessment and fraud detection
• Regulatory compliance
• Cyber security auditing
Internal auditors must not fall behind in what could be the next digital frontier – artificial intelligence. To prepare, internal auditors must understand the fundamentals of AI, the roles that internal audit may and should play, and the dangers and possibilities that AI presents. To address these problems, internal auditors should use the Framework to provide systematic, disciplined techniques for evaluating and improving the efficacy of AI-related risk management, control, and governance practices.
According to the analysis, the number of publications varies from year to year. It demonstrates that the topic received little attention in 2019 and 2020, but gained prominence in 2021 and 2022, accounting for the majority of publications (12 articles). The small number of papers may spark disagreement over the significance of the scientific interest in applying AI in IAF. This study indicated that 40% of sampled papers offered novel models for using AI in the IAF and explored its adoption and use.
The analysis revealed that the papers help to comprehend AI's ideas, definitions, and functioning in various applications. Nonetheless, in an IAF environment, the review found a scarcity of in-depth studies and fewer attempts to apply current theories to AI implementation and auditing. The discovery suggests that further research is required, though methodological and theoretical hazards are foreseen. Future academics can contribute to the subject by conceptualizing the topic and application of AI in the IAF, as well as researching how to deploy AI in the IAF. Furthermore, they may have insights about how to measure implementation levels from both theoretical and practical perspectives. Research focus in such queries generates insights based on the usage of AI in the IAF subjects and primary arguments: How does AI contribute?
What are the benefits, and how does AI influence IAF and politicians' decision-making processes? Similarly, what impact do auditing principles have on AI?
The analysis revealed that some scholars feel that using AI in the IAF will reduce human errors and increase efficiency. Using AI in organizational processes reduces human errors, improves decision-making, and delivers benefits for the company. AI-assisted assessments in IAF are made from previously acquired information using a specific combination of algorithms, resulting in a significant likelihood of achieving accuracy to a greater degree of precision.
Puthukulam et al. shown extensive use of big data and analytics in the IAF of large corporations. IAF robots and AI could generate actionable predictions that could help internal auditors make the right decisions. AI can help the IAF audit tasks more efficiently and effectively.
Although AI provides researchers with options to utilize it in the IAF and improves IAF efficiency, it is also important to explore the negative aspects of adopting AI. AI technology can lead to data loss or harm due to various factors, including machine impairments and cyber-attacks.
According to Edmondson, another difficulty with AI is its high implementation and maintenance costs. Such viewpoints urge for further exploration into the potential application of AI in the IAF.
Methodologically, academics may do detailed studies on how AI is conceptualized in the IAF, as well as develop new models for measuring and using it. This review reveals that several scholars attempted to examine the problem using novel models. These researchers' efforts prompted other scholars to provide new insights into the field's theoretical frameworks.
Furthermore, it was discovered that monitoring the employment of AI in the IAF was straightforward. The majority of studies in this review used the survey method, indicating that quantitative methodologies are more commonly used. However, the minimal publications generated as conceptual work indicate that AI application in the IAF need more theoretical development and shared perspectives (in definitions).
To capitalize on the benefits presented by AI, a robust system of internal audit activities, regulations, and guidelines is required. AI can help the company's internal audit function by providing significant strategic oversight, reducing analysis reliant on human procedures, and providing additional comprehensive audits. Because of technological advancements and quick changes in the method of operations, the way of doing business is becoming more complex than ever before; as a result, businesses must deploy AI and constantly update themselves.
The current research on the employment of AI in the IAF is in its early stages. This review discovered that several studies attempted to examine the subject by introducing novel models.
These researchers' efforts prompted other scholars to provide new insights into the field's theoretical frameworks. However, there are few comprehensive frameworks for the employment of AI in the IAF. Furthermore, it was discovered that monitoring the employment of AI in the IAF was straightforward. The majority of studies in this review used the survey method, indicating that quantitative methodologies are more commonly used. However, the limited publications generated as conceptual work reveal that AI usage in the IAF need further theoretical development and shared perspectives (in definition). Furthermore, the evaluation discovered that no study was conducted using two nation examples (comparative analysis). Furthermore, it was discovered that most studies on the subject are conducted in industrialized countries.
Future scholars can assist by doing comparative analyses and covering other areas, particularly developing regions (such as Africa) and countries. We did not find data concerning Greek Internal Audit implementation through Artificial Intelligence Tools.
The findings of this paper make important theoretical and practical contributions to a variety of stakeholders, including internal auditors, regulators, organizations, scholars, and the entire business community. In terms of theory, this study provides a complete overview of current research, helping to formulate and organize knowledge on the deeper understanding of how AI affects the IAF. Furthermore, it identifies study areas that require further exploration (research gaps), which will guide future research orientations and theoretical foundations. Furthermore, this review contributes to the development of a theoretical framework (CACS), which will help stakeholders comprehend and conceptualize the use of AI in the IAF and serve as a foundation for future research.
In reality, this study assists internal auditors in assessing and understanding the possible benefits and risks of using AI in their organization's IAF. It also assists internal auditors in identifying the new abilities required to embrace and effectively apply AI in audit activities, as well as highlighting areas for training and development. Furthermore, this assessment will assist regulators in revising internal auditing legislation in light of the use of modern technology such as AI, ensuring that internal auditing methods are in line with emerging technology.
Finally, enterprises can use this analysis to determine whether AI investments in their IAFs are warranted. Given the importance of incorporating AI into an organization's IAF, businesses must use AI and make it operate effectively. As a result, the recently introduced CACS framework with four qualities was recommended for incorporating AI into the IAF. Thus, enterprises can use the framework to swiftly deploy and utilize AI in their IAF.
This review has some limitations, such as the data set used in the database (Web of Science), which is restricted to the specified keywords and only covers research articles and conference papers.
Although the researcher was aware of this limitation, it was assumed that the Web of Science allows for more reproducible inquiries (an essential component of a systematic literature review). Furthermore, the outcomes are restricted by the amount and depth of data analyzed. Nonetheless, the systematic literature review approach ensures the dependability of the findings, but interpretations of the results are dependent on the researcher's beliefs and understanding.
Citation: Zygoulis F (2025) Artificial Intelligence and Internal Audit the Role of Auditing Framework. Br J Res. 12:138.
Copyright: © 2025 Zygoulis F. This is an open-access article distributed under the terms of the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original author and source are credited.
