As the widespread adoption of artificial intelligence (AI) continues within the professional services sector, a serious risk is emerging for SMSF auditors due to a lack of clearly defined boundaries and guidelines on how and when it is appropriate for the technology to be applied.
It is now widely accepted AI is embedded and used within many of the day-to-day programs employed in the workplace, assisting to streamline processes, reduce time-consuming data-entry tasks and create efficiencies.
And yet, despite being a highly regulated industry bound by legislated compliance obligations, we’ve failed to have a comprehensive discussion around the use of AI and, more importantly, how much auditors should – or should not – rely on the technology.
Data heavy, highly regulated
It’s an important conversation and one that should have been had years ago as the use of AI was becoming more mainstream, particularly because of the existing regulatory obligations within our industry.
Non-compliance is a serious issue and can result in significant professional and financial penalty, not only for trustees, but for auditors who fail to meet their obligations. The risk is too great to get it wrong.
And yet auditors have largely been left unguided to adopt a technology that is equal parts beneficial and risky.
As a data-heavy industry, AI has the potential to improve the quality of work by comparing and evaluating data quickly and efficiently. Previously laborious or manual comparisons can be completed faster and a broader scope of data examined, providing data-based evidence to affirm an auditor’s conclusions.
However, this is where industry-standard guidelines would be of benefit.
AI cannot replace professional judgment
I would argue AI can only ever be used to support the experienced professional judgment of an auditor and should never be relied upon as a primary tool.
It’s an important standard to uphold to ensure auditors maintain professional integrity and, in turn, protect the integrity of the wider industry.
Current documentation provided by the Auditing and Assurance Standards Board notes AI can assist in improving the effectiveness and efficiency of an audit, but warns it must be used appropriately to ensure audit quality is not compromised.
It also urges auditors to consider the risk of the technology as part of a risk-assessment process and be cautious not to over-rely on information generated by AI.
However, without clearly defined guidelines, what is appropriate or considered an over-reliance is still highly subjective.
Further to this, how and where should AI use be documented by auditors? If we are going to accept AI is being used, there needs to be a clear standard of how the use is communicated to clients and organisations such as the ATO and Australian Securities and Investments Commission (ASIC).
Asset valuation
By way of example, SMSF trustees are obligated to ensure assets are valued correctly using objective and supportable data. Where an independent valuation has been obtained but no comparable data exists, AI may prove beneficial in sourcing corroborating data and supporting the conclusions of the auditor that the valuation is accurate.
It would be inappropriate, however, to simply rely on AI to provide the complete valuation due to the risks and limitations of using this technology as a primary source of information.
Yet currently there’s no industry standard providing clear guidelines on when the line from assistance to primary source of information has been crossed.
Unlisted companies
Another example where AI can be of assistance is around unlisted companies, which often have far less publicly available documentation.
AI can be a valuable tool to support independent valuation analysis, identify anomalies in large data sets and assist in searching for particular details within contracts and clauses.
But again, it should not be used as a primary source of information and auditors must take care to verify answers and employ their professional judgment.
Risk versus opportunity
There are also well-discussed privacy concerns around the input of personal and sensitive information into AI programs and, once again, while auditors likely have their own internal policies around this, the implementation of industry guidelines would assist in setting a benchmark.
ASIC recently appeared at a Parliamentary Joint Committee (PJC) to answer questions around its role in regulating the use of AI in audits and believes existing ‘guardrails’ can be used to control new tools including AI.
But do these guardrails provide clear guidance on AI programs that should or should not be used? Is there guidance on how auditors should update privacy policies to reflect AI use?
These are just some of the vast questions auditors are now facing and should not be left to make up the rules as they go along.
Trustees using AI
There are also no guidelines around the use of AI by SMSF trustees and the implications of auditors relying on that information as part of their processes.
Should trustees be required to declare if AI was used to create any of the supporting documentation and if so, to what extent was it used? Is the onus on a trustee to declare AI use or is it for the auditor to ask?
It’s a timely conversation, with the recent PJC hearing also making reference to concerns that have already been raised around the use of AI in the auditing space. Such conversations reinforce my view an industry-standard response is not only required, but is overdue.
AI into the future
It’s important to point out I am not arguing against the use of AI. In fact, I wholeheartedly believe it can be used effectively to improve audit quality and potentially strengthen evidence provided.
However, industry standards must keep pace with changing technologies and ensure current ‘guardrails’ are fit for purpose and tailored to the technology at hand. Otherwise we may find ourselves in a position in the very near future where we’re trying to play catch-up.
Naz Randeria is managing director of Reliance Auditing Services.