Auditing used to be a seasonal ritual: pull samples, test controls, issue an opinion, move on. AI is pushing it toward an always-on discipline where anomalies surface the moment a journal entry posts and control breaks are flagged before the quarter closes. That change sounds hygienic—more coverage, fewer surprises—but it rewrites what counts as evidence, how firms price work, and who carries the blame when a system misses what a skeptical human might have caught.

From sampling to surveillance

Classical audit lives on sampling because transactions are too many and messy. Models trained on historical ledgers, vendor master files, payroll runs, and ERP logs promise 100% “coverage,” at least in the sense of inspecting every row for patterns that look off. That reshapes assurance into risk triage: thousands of low-probability flags, a handful of real issues, and a workflow that looks more like incident response than a binder review.

The upside is obvious—fewer blind spots, earlier detection, richer context from cross-system joins. The trap is equally clear: false positives that desensitize teams, and false negatives that lull managers into thinking a system’s silence equals comfort. Continuous audit systems are smoke detectors, not judges. Firms that win will design triggers narrowly, retrain models with explicit feedback from resolved cases, and draw bright lines between monitoring (automated) and materiality assessments (human and documented).

Evidence in the age of models

Regulators have never cared how an auditor arrives at evidence so long as it is sufficient, appropriate, and traceable. AI doesn’t get an exemption. A large language model summarizing contracts is not evidence unless the underlying contracts, extraction steps, and exception handling are preserved. Likewise, an anomaly detector is not a finding; it is a lead.

An AI‑native audit file needs to show, at minimum:

  • data lineage from system of record to model input, including transformations;
  • model version, parameters, and prompts used;
  • rationale for thresholds and how alerts were dispositioned.

Expect independence and confidentiality questions to intensify. If a firm deploys a shared model trained on multiple clients’ data, can insights leak, even statistically? If the vendor tunes a model on one client’s ledger, does it become a prohibited service for another? The safest path today is strict segregation, conservative use of shared weights, and vendor agreements that make audit teams—not black‑box providers—responsible for explainability.

Who audits the AI—and who pays

Model risk management, long a banking discipline, is migrating into audit methodology: validation before use, monitoring in production, change control as if every prompt were a policy. That raises costs upfront but reduces inspection pain later. It also shifts the business model. The most valuable workpapers will look like code: reusable controls libraries, tested data connectors, evidence pipelines. Billable hours recede; platform margins emerge.

Talent follows. Teams that pair CPAs with data engineers and product managers will move faster than those that bolt tools onto legacy workflows. The engagement partner still signs the opinion, but accountability now extends to the architecture. When the inevitable miss happens, litigation will ask whether the firm understood the model’s failure modes, documented decisions, and kept humans in the loop where judgment—not pattern matching—decides materiality.

Our take

AI will not automate skepticism, but it will automate attention. The firms that treat models as instruments—calibrated, logged, and subordinate to human judgment—will raise assurance and compress surprises. The ones that mistake dashboards for diligence will relearn the oldest lesson in audit: coverage isn’t comfort without proof.