AI Is Already Entering Audit Workflows — But Mostly in Unofficial Ways
Auditors are already starting to explore artificial intelligence in their day-to-day work. In many firms, this is happening quietly and informally, often before official AI policies or approved tools are fully in place.
Shadow AI is the informal use of AI tools — like ChatGPT, Claude, Copilot, or Gemini — without formal approval from the firm. In audit, it usually means using these tools to draft, summarise, review text, or explore data before official policies or approved, audit-specific tools are in place.
This is sometimes called Shadow AI. While the term can sound negative, the behaviour behind it is very understandable: audit teams are looking for practical ways to save time, reduce repetitive work, and focus more on judgement-heavy areas of the audit.
What is Shadow AI in auditing?
Shadow AI refers to the informal use of AI tools without formal approval from the firm. In audit, this may include experimenting with tools such as ChatGPT, Claude, Copilot, or Gemini to support tasks like drafting, summarising, reviewing text, or exploring data.
For many auditors, this is not about replacing professional judgement. It is about finding faster ways to handle work that is repetitive, administrative, or time-consuming. The opportunity is real — but so is the need for the right controls around accuracy, confidentiality, and compliance.
Take the survey and join the AI auditors community
Auditors are already experimenting with AI. Add your perspective to our AI-in-Audit research — it takes just a few minutes, and we’ll send you the results when the study closes.
Take the surveyHow are auditors using AI unofficially?
Many auditors are using AI to help with the kind of work that takes time but does not always require deep professional judgement from the first minute. This can include summarising client information, improving wording in documentation, preparing first drafts, or getting support with initial analysis.
Large Language Models can be helpful in these areas because they are good at processing text, identifying patterns, and producing structured summaries. The IFAC has also highlighted the growing role of AI in handling large data sets and supporting the profession as it evolves.
This informal experimentation shows something important: auditors are not resisting innovation. Many are already trying to understand where AI can genuinely help.
Benefits and risks of Shadow AI
The main benefit is clear: AI can help reduce turnaround time and free auditors from some of the repetitive work that slows down engagements.
But when AI is used informally, firms may not always have full visibility over what data is being used, how outputs are reviewed, or whether the tool is suitable for audit work. This can create questions around accuracy, bias, audit quality, and compliance.
The issue is not that auditors are using AI. The issue is that many audit teams may be using general-purpose tools outside a controlled audit workflow. Guidance from ISACA points to the importance of governance, oversight, and responsible use.
Why security and confidentiality matter
Audit work involves sensitive client information. This may include financial records, payroll data, bank details, supplier information, management explanations, or commercially sensitive transactions.
That is why confidentiality matters. If auditors use AI tools that have not been approved or reviewed by the firm, it may be unclear how client data is stored, processed, or protected.
For audit firms, the goal should not be to discourage useful AI experimentation. The goal should be to make sure AI is used in a secure, GDPR-aware, and professionally responsible way. This protects the client, the audit firm, and the auditor using the tool.
How to integrate AI safely and effectively
A practical next step is for firms to move from informal AI use toward approved and controlled AI workflows.
This does not need to start with a large transformation project. Firms can begin by understanding how AI is already being used, what tasks auditors find most useful, and where the main risks sit.
From there, audit firms can create simple guidance around what is allowed, what is not allowed, what data should never be entered into public tools, and how AI-generated work should be reviewed. Training is also important, not only on what AI can do, but also on its limits.
Reports such as the CPA AI in Accounting Report can help firms think about governance, responsible adoption, and the practical steps needed to use AI with confidence.
Conclusion: preparing for an AI-integrated future
AI is already entering audit work. In many cases, it is starting with small experiments by auditors who are simply trying to work more efficiently.
That is not something to ignore. It is something to understand and guide.
The future of AI in audit should not be uncontrolled copy-paste into general tools. It should be secure, reviewable, audit-specific workflows where client data is protected, outputs are traceable, and auditors remain in control of the final judgement.
The question for audit firms is not only whether AI will be used. It is how it can be used safely, responsibly, and in a way that genuinely improves audit work.
Sources
- ISACA — The Rise of Shadow AI
- CPA — AI in Accounting Report
- IFAC — Artificial Intelligence and Technology
See Fi371 on your own engagements
An AI-native audit platform for solo, small, and mid-sized firms — from client onboarding to final opinion, faster.