I have been in the audit profession for 43 years now. I was blessed to be with a ‘big eight’ firm when I started, at a time when there were no formal auditing standards to speak of, but I was trained in risk-based auditing. I became involved in a small audit division where one would be involved in the accounting and tax of a client, as well, and sometimes, producing monthly management reports, with discussions of business performance and issues with clients. The intricate knowledge of the business and the affairs of its stakeholders made the audit an experience of discussion, questioning, and regular communication, in order to present a completed audit and financial statements which truly reflected the state of affairs.

Since then, standards slowly came into play and, at some magical moment, it was considered to be the sum total of what is required to perform a proper audit. Especially with the advent of audit methodology programs, which took the standards as the starting point of audit procedures. Auditors were scrambling for proper templates and checklists to perform their procedures, which served their purpose in the beginning. Checklists only ensured that procedures performed were complete – not the audit procedures themselves.

These days, templates and checklists are part and parcel of audit procedures, with very little thought given to the true starting point of the audit: understanding the entity’s business, knowing historical events and systems, and enquiring about changes and future prospects to sensibly evaluate information from the client, and the appropriateness of evidence. It has become a mechanical process of executing programs and agreeing entries to evidence. The frustration felt by the regulator and investing public towards audit failures is addressed by means of more intense compliance with standards, while the human element of enquiry, understanding, and questioning is left by the wayside. An auditor cannot assess risk, or detect fraud where the business and intentions of management are not understood. Recent generations of young auditors have also not proven themselves to be good communicators, which has caused problems to date.

‘What does all this have to do with AI?’ you may ask. It hit me recently that AI cannot purely be seen as a quick lookup tool and means of writing eloquent statements, when needed. Mechanical processes are always the first to be automated, and when audit procedures are automated, there will be very little left in the standards that is not automated. Even the value of electronic evidence will be diminished, as a 10–year-old can manipulate a pdf document.

While the standards speak of enquiry, understanding, questioning and skepticism, the procedures are executed through documented confirmations that these procedures were performed, where they were not performed to the depth required by the assignment. The regulator’s mantra, ‘If it is not documented, it is not done’, has a reverse negative effect, in that all that is documented has not necessarily been done.

Therefore, the loss of the human element in audits, which we have experienced recently, to date, will escalate exponentially when AI is applied to audits. The audit process will have to change, and audit standards will have to be rewritten and the way auditors are regulated reinvented, as the value of documentation on an audit file will have lost its value.

The key takeaway from these observations is that the basic principles of auditing need to be kept in place, i.e. understanding the client, the incentives of their management, and their industry; and determining the appropriate and efficient way to gather appropriate evidence to support the audit opinion.