Edinburgh Old Town Blue Hour
← GRC

AI in Internal Audit: What Still Counts as Evidence

Internal audit functions are adopting AI faster than they are writing the rules for their own use of it. The IIA's 2024 Standards never mention artificial intelligence, yet every evidence, documentation and objectivity requirement still applies to AI-assisted audit work.

·Last reviewed: 3 June 2026·monthly

GRC content. Written for compliance, risk, and audit professionals in Australian financial services. General information. Not legal or compliance advice.

Internal auditors are adopting AI. The Standards never mention it.

Both halves are true, and the space between them is where Australian audit functions now operate. A Wolters Kluwer TeamMate poll of 4,214 internal audit professionals attending an April 2025 webinar found 39 per cent already using AI, with a further 41 per cent intending to adopt within 12 months. Weigh that as an enthusiast sample. The more rigorous base, the Internal Audit Foundation and Wolters Kluwer study of 924 internal audit leaders surveyed in May 2024, found around 26 per cent already using AI in audit activities, with intended generative AI uses clustering where audit hours go: planning (78 per cent), reporting (75 per cent) and fieldwork (72 per cent). Protiviti and the IIA's September 2024 technology risk survey found 23 per cent of IT audit functions using AI and machine learning tools, almost double the prior year.

Two numbers sharpen the picture: only 17 per cent of organisations in the Foundation study had an organisation-wide generative AI policy, and 76 per cent of audit leaders in the webinar poll rated their own generative AI skills novice or beginner. The function that assures everyone else's controls is adopting the technology faster than it is building the competence and rulebook to govern its own use.

The Standards never say "artificial intelligence"

The Institute of Internal Auditors (IIA) published the Global Internal Audit Standards (GIAS) on 9 January 2024, mandatory from 9 January 2025: one consolidated document of five domains, 15 principles and 52 standards, replacing the mandatory elements of the 2017 framework. A full-text search of the document returns no mention of artificial intelligence. That is not an oversight. The Standards are technology-neutral by design, so AI-assisted work answers to the same evidence, documentation, objectivity and due-care requirements as work performed with a spreadsheet and a highlighter.

There is no AI Topical Requirement either. The IIA's Topical Requirements so far cover cybersecurity (February 2025) and third parties (September 2025). The closest the IIA comes to AI-specific guidance is its Artificial Intelligence Auditing Framework, updated September 2024, and it is guidance, not a Standard. It maps AI governance to the Three Lines Model, positions internal audit as advisor on AI risk and assurance provider over AI controls, recommends an organisation-wide AI inventory, and concedes that because the technology evolves so rapidly, internal audit "likely will be able to provide only limited assurance" over AI systems themselves.

Australian prudential expectations follow the same pattern. CPS 220 Risk Management requires the risk management framework to be reviewed for compliance and effectiveness at least annually by internal or external audit, and comprehensively at least every three years by operationally independent persons, with CPG 220 describing the rotational annual-review approach. CPS 230 Operational Risk Management, effective 1 July 2025, hands internal audit two jobs: assure the board that the business continuity plan is credible and adequately tested (paragraph 46), and review any proposed material outsourcing of a critical operation (paragraph 60). Neither standard mentions AI, and APRA imposes nothing AI-specific on internal audit. ASIC Report 798, which reviewed 624 AI use cases across 23 licensees in October 2024, examined the business's AI rather than audit's. Its central finding, adoption running ahead of governance, is the exact gap audit functions risk reproducing inside their own walls.

The practical position is clean. Nothing in the framework prevents an internal audit function from using AI, and nothing in it excuses AI-assisted work from a single existing requirement.

Where AI earns its keep in the engagement lifecycle

Protiviti's July 2025 whitepaper describes functions transcribing walkthrough and risk-assessment meetings, then generating process flows, risks, controls, test plans and evidence requests from the transcripts; summarising prior audits and assurance reports during planning; and drafting report sections from collected artefacts, where it estimates the supporting technology "can save days of effort per report section". Its strongest case study is agentic: AI agents reviewing more than 1,000 vendor contracts against new compliance requirements, with human oversight retained. The same paper names hallucination as the challenge unique to AI and insists that "AI-enabled auditing is not AI-only auditing; human-in-the-loop remains critical".

Mapped against the Standards, every task lands inside an existing requirement:

Lifecycle stageAI task in live useWhere the Standards bite
PlanningSummarising prior audits and assurance reportsStandard 9.4 Internal Audit Plan
Engagement risk assessmentDrafting risk and control matrices from walkthrough transcriptsStandard 13.2 Engagement Risk Assessment
Fieldwork preparationGenerating test plans and evidence requestsStandard 13.6 Work Program
TestingAgentic contract review across full populationsStandard 14.1 Gathering Information for Analyses and Evaluation
Findings and reportingDrafting findings and report sectionsStandards 14.2 and 14.6

The pattern across all five rows: AI compresses the production of audit artefacts. It does not, on its own, produce audit evidence. That distinction carries the rest of this article.

Full-population testing is the older story

The loudest efficiency claim in this space, testing every record instead of a sample, does not come from generative AI at all. The Chartered IIA's November 2022 data analytics report said it bluntly, before the generative wave: "Sample testing is no longer going to cut it." Full-population testing is classic deterministic analytics, queries and matching logic that return the same answer every run. A language model generating plausible prose is a different instrument, and conflating the two is a common error.

Standard 13.6 requires that when sampling is used, the work program documents the sampling methodology, population, sample size and whether results can be projected to the population. Testing the full population removes the projection question. It does not remove the data question: Standard 14.1 still requires the auditor to evaluate whether the underlying information is reliable, which means evidencing population completeness and extraction integrity before claiming 100 per cent coverage. Generative AI helps around the analytics: drafting query logic, profiling exceptions, writing up threshold rationale. The deterministic test remains the evidence engine.

The test AI output must survive

Standard 14.1 sets the three-part test that decides whether anything, AI-generated or otherwise, can support a finding. Information must be relevant, meaning consistent with the engagement's objectives and scope. It must be reliable, meaning "factual and current", with reliability strengthened when information is "obtained directly by an internal auditor or from an independent source", corroborated, or "gathered from a system with effective governance, risk management, and control processes". And it must be sufficient, enabling "a prudent, informed, and competent person to repeat the engagement work program and reach the same conclusions".

GIAS Standard 14.1 evidence gates of relevant, reliable and sufficient applied to AI-generated audit output
Three gates between an AI output and the audit file

Run a generative AI summary through those gates. Relevance is usually fine. Reliability is where it strains: a model's output is not obtained directly by the auditor, is not an independent source, and is produced by a system whose governance the audit function may neither control nor fully see. Sufficiency strains further, because a non-deterministic system cannot promise that a prudent, informed and competent person re-running the work will receive the same output.

The defensible position sits between two extremes. AI output is not banned from the audit file, and it does not walk in unescorted. The source records remain the evidence. An AI summary is a work aid until a human has corroborated it against those records, and the corroboration, not the generation, earns it a place in the file. Standard 14.1's scepticism requirement closes the loop: where information is "incomplete, inconsistent, false, or misleading", auditors perform additional analyses, validated through supervisory review of workpapers. The Standards never needed an AI clause to deal with hallucination. "False or misleading" already covers it.

Australia has already produced the cautionary tale, in assurance-adjacent work rather than internal audit. Deloitte Australia partially refunded its fee on a A$440,000 engagement, repaying the final instalment, after its July 2025 independent assurance review of a welfare compliance IT system was found to contain AI-generated fabrications, including academic references that do not exist and a fabricated quote from a Federal Court judgment. The revised report disclosed the use of Azure OpenAI GPT-4o. That was a consulting engagement, not an internal audit, so treat it as an analogy, not a precedent. The analogy is exact, though. Confident AI-drafted assertions reached a deliverable carrying the word assurance, and nobody caught them before the client did.

Workpapers must show the machine's homework

Standard 14.6 requires engagement documentation containing "relevant, reliable, and sufficient information" that enables "a prudent, informed, and competent person, such as another internal auditor or an external auditor, to reach the same conclusions". When a finding's path runs through a model, that path must be retraceable. The workpaper needs five things recorded:

  • the tool and version, and whether it is an enterprise or public instance
  • the prompt given, where the output informed analysis or a finding
  • the output as received, before human editing
  • the corroboration performed against source records, by whom, and what it found
  • the corrections made, because corrections are themselves evidence the control operated

Keep it proportionate. A writing assistant tightening sentence structure in a report draft does not need a prompt log. An AI-generated risk and control matrix that shaped the engagement scope does. The dividing line is whether the output influenced an audit judgement; supervisory review under Standard 14.6 enforces it.

Independence when audit uses the business's tools

Now the question almost nobody is documenting. Most organisations are converging on a single enterprise AI platform. The first line uses it to run processes, the second line uses it to monitor them, and internal audit wants the same licence to do its own work. The result is a function providing assurance over AI governance while relying on the very platform that governance covers.

A translucent wall separating internal audit from the business while both draw on one shared AI system
Same tool, separate duties: the dependency belongs on paper

This is not automatic impairment. Audit functions already share the corporate ERP and the email platform with the people they audit, and nobody calls that a conflict. But Standard 2.1 Individual Objectivity and Standard 2.2 Safeguarding Objectivity require threats to objectivity to be recognised and managed, and a shared AI platform poses a sharper version of the shared-infrastructure question. If audit's contract-review agent runs on the same model, configuration and guardrails the function audited last quarter, a finding that those guardrails are weak implicates audit's own work product. The risk is not that auditors become biased. It is that the dependency never gets written down.

Standard 10.3 Technological Resources gives the Chief Audit Executive (CAE) the hook and the duty: strive to ensure the function has technology to support the audit process, evaluate it regularly, implement training when adopting it, collaborate with IT and information security, and report technology limitations to the board and senior management. A CAE who reports the business's AI constraints to the audit committee but stays silent on the audit function's dependence on the same platform has done half the job. Safeguards exist short of buying a separate stack: a dedicated audit workspace with audit-controlled access, independent validation data the business cannot modify, and an explicit statement in the engagement workpapers wherever audit's tooling shares the platform under review. Name the dependency. Then manage it like any other.

Practical implications

Five moves close most of the gap for Australian audit functions:

  1. Register the audit function's own AI use. The IIA's AI framework recommends an organisation-wide AI inventory. Apply the same medicine internally: every tool, use case and data pathway the function itself relies on.
  2. Amend the audit methodology before the next engagement, not after the next incident. State where AI may be used, what must be verified before output informs a judgement, and what can never stand as evidence without corroboration.
  3. Add an AI block to the workpaper template. Tool, prompt, raw output, corroboration step, corrections. Five fields, enforced through supervisory review under Standard 14.6.
  4. Hold the analytics discipline while adopting the language models. Full-population testing earns its credibility through Standard 14.1 data-reliability work, population completeness and extraction integrity, not through coverage claims alone.
  5. Put the function's AI dependence on the audit committee agenda. Standard 10.3 requires technology limitations to be reported upward. Shared-platform dependence is a limitation. Report it.

The bottom line

Internal audit has spent two years telling boards that the business adopted AI faster than it governed it. The adoption surveys suggest the third line is now repeating that pattern on itself, with better intentions and the same gap. The Standards did not change for AI, and that is precisely the point. Evidence that survives Standard 14.1, documentation that survives Standard 14.6 and objectivity that survives scrutiny attach to AI-assisted audit work today, not when a Topical Requirement eventually lands. The functions that keep their credibility will apply to their own tooling the rigour they demand of their auditees. Verify the output first. Then sign the workpaper.

References

  1. The IIA, Global Internal Audit Standards (9 January 2024)
  2. The IIA, 2024 Global Internal Audit Standards overview
  3. The IIA, Artificial Intelligence Auditing Framework (September 2024 update)
  4. The IIA, Topical Requirements for internal auditing
  5. APRA, Prudential Standard CPS 220 Risk Management
  6. APRA, Prudential Practice Guide CPG 220 Risk Management (April 2018)
  7. APRA, Prudential Standard CPS 230 Operational Risk Management (July 2023)
  8. ASIC, REP 798 Beware the gap: Governance arrangements in the face of AI innovation (29 October 2024)
  9. Wolters Kluwer, internal auditors plan to double AI adoption by 2026 (May 2025)
  10. Wolters Kluwer and Internal Audit Foundation, Harnessing Generative AI for Internal Audit Activities (November 2024)
  11. Protiviti, The next phase: AI and human collaboration powering internal audit transformation (July 2025)
  12. Protiviti and The IIA, Top Technology Risks Survey press release (September 2024)
  13. Chartered IIA, Embracing data analytics (November 2022)
  14. Accounting Times, Deloitte to refund government after using AI in $440k report (October 2025)
  15. Fortune, Deloitte caught using AI in Australian government report (7 October 2025)
Content disclaimer: This article is for general educational and informational purposes only. It does not constitute legal advice, regulatory guidance, or a substitute for professional compliance judgement. Regulatory obligations vary by entity type, licence, and circumstance. Always refer to primary source guidance from APRA, ASIC, or the relevant regulatory authority.

TheAICommand. Intelligence, At Your Command.

Context

The Global Internal Audit Standards replaced the 2017 mandatory elements of the International Professional Practices Framework with one consolidated, technology-neutral document. The IIA has since issued Topical Requirements for cybersecurity and third-party management, but none for AI. Until one arrives, internal audit's use of AI rides entirely on standards written without the technology in mind, which is less a gap than a test of how well the existing requirements are understood.

AI angle

Internal audit is both assurance provider over AI and adopter of it. When the third line drafts findings, prepares walkthroughs and tests full populations with the same generative tools the business uses, the evidence, documentation and objectivity requirements of the Standards attach to the auditors themselves.

Primary sources

internal auditIIA Standardsaudit evidenceAI assuranceGRC
← Back to GRC

Read next

Geneva Lake Jet Deau Dusk

Build an AI Use Case Register That Boards Can Actually Use

Practical guidance for GRC teams to create AI use case registers that deliver clear, decision-ready evidence for boards and risk committees.

Read more
Chicago Riverwalk Financial Blue Hour

AI Cyber Risk Is Now a Board Governance Issue

ASIC's May 2026 cyber uplift warning highlights that AI-driven cyber risk demands active board and risk committee oversight, not just IT fixes. This article outlines a practical governance operating model for GRC teams.

Read more
Brisbane Cbd Night

From Voluntary AI Guardrails to Audit Evidence

Australia's voluntary AI guardrails only become useful when GRC teams translate them into control objectives, artefacts and assurance tests.

Read more

Content disclaimer: This article is for general educational and informational purposes only. It does not constitute legal advice, regulatory guidance, or a substitute for professional compliance judgement. Regulatory obligations vary by entity type, licence, and circumstance. Always refer to primary source guidance from APRA, ASIC, or the relevant regulatory authority.