Forty-one percent of chief audit executives (CAEs) are using, or plan to use, generative AI (GenAI) this year, according to a survey by Gartner.

In a survey of 112 CAEs, conducted from July to August 2023, 12% of respondents said their department was already using GenAI models (such as OpenAI GPT and Google Bard). Another 29% of CAEs had not implemented the technology yet, but intended to do so over the next year, and a further 20% had plans to adopt it in more than a year.

Audit departments are primarily using GenAI to streamline audit writing and support idea generation during the scoping of audit engagements and after the engagements conclude.

Common GenAI use cases include finding themes or patterns in large volumes of text, detecting anomalies or instances of noncompliance, drafting audit programs, summarizing documents, and writing audit reports.

“GenAI is quickly transforming business and is on the path toward having a similar profound effect on audit. Although CAEs are optimistic about GenAI’s potential to accelerate audit productivity, they’re also moving carefully and first exploring how to incorporate it safely and effectively,” says Leslee McKnight, vice-president with the Gartner for Legal, Risk & Compliance Leaders practice.

“To determine the best-fit use cases for the department, CAEs should first use pilots to evaluate select GenAI use cases of interest and allow the department to evaluate, refine, and build upon successful pilots over time.”

Audit departments using less secure models (such as public online offerings) can still benefit by using the tool to support nonproprietary audit activities, such as streamlining emails or summarising nonproprietary audit notes.

Those with access to more secure third-party models or in-house options have a broader range of viable GenAI audit use-case options, including audit report writing or summarizing large volumes of audit text that may contain more sensitive information.

Functions that use the tool for audit writing support can improve auditor productivity by redirecting their time and attention toward high value thought work and analysis while streamlining the writing process.

While the departments using the technology to support audit activities involving more confidential information (such as detecting anomalies or instances of noncompliance or drafting audit reports) should first determine how audit will protect information privacy. That includes selecting the safest and most feasible GenAI model for their intended use cases.

“Relying on secure cloud-based models helps minimise the potential risk of publicly releasing proprietary business data that could be used to inform other GenAI outputs,” adds McKnight.