AI如何重塑审计领域格局及应对策略

HOW AI IS REDEFINING THE AUDIT LANDSCAPEAND HOW YOU CAN BE PREPARED Artificial intelligence (AI) is no longer a distant frontier. It is apresent-day force reshaping how organizations operate, makedecisions and manage risk. For IT auditors, this transformationpresents both a challenge and an opportunity. As AI technologiesbecome more embedded in enterprise systems, the role of theauditor must evolve to ensure that assurance, governance andcompliance keep pace with innovation. auditors can leverage AI tools to move from reactive to proactivemonitoring. And you’ll gain insight into the evolving skillsetsrequired to audit AI systems themselves—systems that are oftenopaque, dynamic and deeply integrated into business operations. Whether you’re an experienced IT auditor or just beginning toexplore the implications of AI in your work, this resource will helpyou understand the shifting landscape and equip you with theknowledge to lead confidently into the future. This guide brings together thought leadership from seasonedprofessionals who are navigating the intersection of AI and ITaudit. From the practical applications of AI in risk analysis, toevidence collection and continuous assurance, to the strategicimplications of AI governance and the emergence of newcertifications like ISACA’s Advanced in AI Audit (AAIA), theseperspectives offer a comprehensive look at how auditors can—and must—adapt. The audit profession is being redefined. Thisis your guide to staying ahead of the curve. In these pages, you will explore how generative AI can enhanceaudit efficiency while raising new questions about professionaljudgment and data privacy. You’ll learn how machine learningand predictive analytics are redefining risk assessment, and how Five Ways That IT Auditors Can Put AI to Good Use By Abdul Jaleel, Advisor & Leader - Cyber Security, Technology Auditing & IR4.0. Artificial intelligence (AI) has quickly become an indispensable tool fororganizations looking to optimize operations, identify hidden risks andgain actionable insights from vast amounts of data. For IT auditors,and for auditors in general, AI (and related technologies such as LargeLanguage Models, Natural Language Processing and AI Agents) offerstremendous value. This includes areas such as automation of auditprocesses, risk identification, controls testing, continuous auditing,and more. Below are five practical ways in which AI can fit into the IT auditlandscape, supported by real-world examples and aligned to establishedaudit standards. 1. RISK ANALYSIS AND PREDICTIVE ANALYTICS Traditional risk assessments often involve manual review of businessprocesses and controls. With AI-basedpredictive analyticsandprocessmining, auditors can systematically analyze vast quantities of operationaland financial data to identify latent risks and trends. By creating models thatrecognize past patterns of fraud, system failures, or control breakdowns,auditors can better forecast potential vulnerabilities. Many large institutions,such as those in financial, insurance and telecom industries, already employAI-driven tools to predict system outages, potential credit defaults or fraud,allowing internal audit teams to focus on these high-risk areas ahead of theaudit cycle. As the technology matures, it has become progressively easier for auditorsto leverage AI responsibly and effectively. ISACA recently put forward theISACA Advanced in AI Audit (AAIA)credential to allow auditors to layerAI expertise into their auditing skill sets. Both ISACA and The Instituteof Internal Auditors (IIA) emphasize the importance of innovation andcontinuous improvement in auditing. ISACA’s frameworks (such asCOBIT)and the IIA’s International Professional Practices Framework (IPPF) remindauditors to stay current with emerging technologies. enables a more comprehensive approach. By analyzing entire data sets innear real-time, AI can flag unusual transactions or configurations that mayindicate control failures. By leveraging AI, the scope and depth of risk analysis can increase exponentially.IT auditors can integrate such analytics into their planning phase, enablingthem to prioritize the areas of highest risk and allocate resources effectively. AI-powered controls testing can provide deeper assurance than samplingalone. With AI, audits can extend beyond the manual checks to continuousmonitoring and testing (further discussed below). This approach not onlyboosts the thoroughness of an audit but also empowers auditors to deliverinsights on control effectiveness more proactively. 2. AUTOMATED EVIDENCE COLLECTION Collecting audit evidence is a fundamental audit procedure but can be time-consuming and still not free from human errors. AI tools can streamlinethis by intelligently extracting relevant data and documentation frommultiple sources (e.g., system logs, transactional records, emails, and policydocuments). AI-powered control testing can go further by analyzing entire workflowsof process