If you have ever been through an audit, you know the drill. The auditors arrive, request a list of transactions, select a sample, and test that sample for accuracy and compliance. If the sample looks clean, they extrapolate: the rest of the population is probably fine too.
This approach was never ideal. It was a practical compromise, born from the reality that human auditors cannot manually review every transaction in a large dataset. But it means that material misstatements can hide in the untested majority.
AI is changing this equation. When a machine can analyse every single transaction, sampling becomes a choice rather than a constraint. And that shift has profound implications for how audit works.
Why Sampling Exists
Audit sampling is not a feature. It is a workaround.
International Standards on Auditing (ISAs) explicitly acknowledge that auditors cannot test everything. ISA 530 provides a framework for statistical and non-statistical sampling that allows auditors to draw reasonable conclusions from a subset of data. The key word is "reasonable." Not "certain."
A typical audit might test 50 transactions out of 50,000. That is a 0.1% coverage rate. The auditor uses professional judgement to select a sample that is representative, perhaps stratified by value, with high-value items tested individually. But by definition, 99.9% of transactions go unexamined.
This is not because auditors are lazy. It is because testing each transaction manually, checking the supporting documentation, verifying the counterparty, confirming the accounting treatment, takes time. Human time. And there are not enough hours in an engagement to check everything.
AI Changes the Economics
AI-powered audit analytics can process the entire dataset. Every transaction. Every journal entry. Every invoice. The computational cost of analysing 50,000 transactions is not meaningfully different from analysing 50.
This does not eliminate the need for human auditors. But it fundamentally changes what they spend their time on. Instead of selecting and testing samples, they review the anomalies and exceptions that the AI has flagged.
The Analytical Toolkit
Several analytical techniques become practical at scale with AI:
Benford's Law Analysis
Benford's Law predicts the distribution of leading digits in naturally occurring datasets. In a set of financial transactions, about 30% should start with the digit 1, about 17.6% with 2, and so on down to about 4.6% starting with 9. Significant deviations from this distribution can indicate fabricated data.
This analysis is trivial for a machine to perform across an entire general ledger. A human auditor might run it once as a high-level test. An AI system can run it by account, by period, by department, by vendor, continuously.
Journal Entry Testing
Unusual journal entries are a classic audit red flag. Entries posted outside business hours, entries with round numbers, entries just below authorisation thresholds, entries to seldom-used accounts, and entries posted and immediately reversed.
An ML model trained on normal journal entry patterns can flag every entry that deviates from expected behaviour. Not just a sample. Every single one.
Duplicate Detection
Duplicate payments are one of the most common sources of financial loss. An AI system can compare every payment against every other payment across multiple dimensions: amount, vendor, date, invoice number, and purchase order reference. Exact matches are easy to find. Near-duplicates (same vendor, same amount, different dates) require more sophisticated matching, but this is a well-solved problem in machine learning.
Related Party Detection
Identifying transactions with related parties requires connecting data across multiple sources: shareholder registers, director lists, family relationships, and beneficial ownership records. AI can map these networks and flag transactions that flow between connected entities, even when the connections are indirect.
What the Big Four Are Doing
The major audit firms have invested heavily in AI-powered audit tools:
EY Canvas is EY's global audit platform, which includes data analytics capabilities for risk assessment and transaction testing.
Deloitte's Argus uses AI to analyse the full population of journal entries, identify anomalies, and help auditors focus on high-risk areas.
PwC's Halo is a suite of data auditing tools that provides audit teams with transaction-level analysis, including Benford's analysis, duplicate detection, and trend analysis across full datasets.
KPMG's Clara integrates data analytics into the audit workflow, enabling teams to test entire populations rather than samples.
These are not experimental tools. They are in production, used on thousands of audits globally. The technology works. The question is no longer whether AI can improve audit quality, but how quickly the entire profession adopts it.
Continuous Assurance vs. Point-in-Time Audit
Traditional audits are retrospective. An auditor reviews the financial statements for the year ended 31 December, and delivers their opinion sometime in March or April. By then, the data is months old.
Continuous assurance flips this model. If the accounting system is connected to real-time data feeds and AI monitoring runs continuously, anomalies surface as they occur, not months later.
This does not mean a formal audit opinion is issued continuously. The legal and regulatory framework for audit is still based on annual cycles. But it means that the underlying monitoring, the detection of errors, irregularities, and control weaknesses, happens in real time.
For businesses, the practical benefit is being audit-ready at any moment. If your accounting system captures every transaction correctly, categorises it properly, and maintains a complete audit trail, then the annual audit becomes a confirmation exercise rather than a discovery exercise.
What This Means for Small Businesses
You might think continuous assurance is only relevant for large corporates. But the underlying principle applies to businesses of every size.
If your accounting records are complete, accurate, and maintained in real time, then:
- You are always ready for a tax audit.
- VAT returns are a formality, not a scramble.
- Year-end financial statements require minimal adjustments.
- Your accountant spends time on advisory work instead of error correction.
The technology that enables this, real-time bank feeds, automated categorisation, continuous reconciliation, is already available. The firms that embed these capabilities into their service offering are delivering a form of continuous assurance to their clients, even if they do not call it that.
The Human Element Remains
AI does not replace the auditor's judgement. It replaces the auditor's data processing.
Determining whether a related-party transaction is properly disclosed requires understanding the commercial context, the regulatory requirements, and the client's specific circumstances. Assessing whether a going concern risk is material requires judgement that goes beyond the numbers.
What AI does is ensure that the auditor's judgement is applied to the right issues, armed with complete information, rather than being diluted across thousands of routine checks.
The audit of the future is not auditor-free. It is an audit where the auditor's expertise is focused precisely where it matters most.
Michael Cutajar, CPA — Founder of Accora.