Auditors have been warned not to be over-reliant on artificial intelligence (AI) and to validate any critical information it may produce as the technology can fabricate documents and supporting information, according to regulators.
In an update on its website the ATO flagged the recent release of guidance from the Auditing and Assurance Standards Board (AUASB) about the impact of AI on auditors which defined an AI audit tool as any automated software that extracted information from unstructured sources; identified patterns or anomalies; and/or made ‘recommendations’ based on an analysis of that information.
“The use of AI audit tools can enhance the effectiveness and efficiency of an audit. However, AI audit tools must be used appropriately, or audit quality may be compromised,” the AUASB said.
“Subparagraph 32(f) of ASQM 1 Quality Management for Firms that Perform Audits or Reviews of Financial Reports and Other Financial Information, or Other Assurance or Related Services Engagements requires any AI audit tools obtained or developed for use in performing audits to be appropriate and to be appropriately implemented, maintained, and used.”
The guidance noted AI audit tools may be ‘black-box’ systems that make it difficult to understand how outputs are produced and, as such, “firms also need to consider and manage data privacy and data security risks, as much of the data that auditors use is proprietary data of the audited entity”.
The board recommended auditors maintain a professional scepticism at all times and critically evaluate any information generated for bias or AI hallucination and not become dependent on the technology.
“Auditors should also be alert to the possibility of AI being used to fabricate documents that purport to be from third parties and support information in financial and sustainability reports,” the AUASB added.
“Auditors may need to place greater reliance on independent third-party data sources—such as direct confirmations—to validate evidence authenticity.
“Auditors must consider the risk that technology poses to entities as part of the auditor’s risk assessment process. Auditors should exercise caution not to over rely on the information generated using technology (automation bias),” the standards body concluded.
