Skip to content
Tax Practice Development

AI in audit: The gap between knowing and doing

Nadya Britton  Senior Manager of Enterprise Content for Tax & Accounting, Trade at Thomson Reuters Institute

· 6 minute read

Nadya Britton  Senior Manager of Enterprise Content for Tax & Accounting, Trade at Thomson Reuters Institute

· 6 minute read

While there’s no question that AI is reshaping the audit process, what's less clear is whether tax firms are engaging with the kind of change that actually matters, or whether they're just managing the appearance of it

Key takeaways:

      • Deploying AI and governing it are two different things — Most tax, audit & accounting firms are further along on deployment of AI than they are with setting up how it will be governed.

      • AI literacy and understanding will be key attributes — The skill that will define the next generation of auditors isn’t knowing how to use AI; rather, it’s knowing when to distrust it.

      • Risk assessment needs to be re-thought — The risk assessment gap is a structural problem, not a technology maturity problem. And no better model is going to fix it.

There is a version of AI adoption that looks like progress, but isn’t. It involves a pilot program that runs well, gains a positive internal review and a mention in the firm’s next thought leadership piece — and then nothing changes throughout the firm. The workflow that got automated stays automated, and everything else stays the same.

This pattern is more common than many tax, audit & accounting firms want to admit. The organizational work that scaling AI actually requires — such as deciding who owns the outputs, redesigning quality review, working out what happens when a model gets something wrong — doesn’t surface in a pilot. Instead, it surfaces in production. And those firms that have been running the same pilot for more than a year aren’t being cautious, they’re simply avoiding those decisions.

A recent survey by tech market research group International Data Corp. (IDC) of 1,005 audit and accounting professionals globally captures the gap precisely. The study showed that two-thirds of firms have AI embedded in strategy or underway in pilots, but only 7% describe themselves as extremely prepared. That distance between deployment and readiness is where most of the real work is hiding.

The audit profession is underinvesting in a key skill

Ask most audit firm leaders what skills their people need for an AI-driven practice, and the answers come back quickly: data analysis, AI literacy, and technology proficiency. Those aren’t wrong answers, but they’re incomplete in a way that matters.

The skill that will actually define audit quality in an AI-enabled environment isn’t the ability to use the tools; rather, it’s the ability to pressure-test what those tools produce. To read an AI-generated summary and identify what it might have missed, or to recognize when a flagged pattern in a data set is just noise rather than a red flag, or even to override a confident-sounding output when professional judgment says something doesn’t add up.

That’s closer to editing than accounting — and it’s a fundamentally different capability than simply being familiar with AI systems. Yet most re-skilling programs are building that familiarity, while it’s the understanding and judgment that separates auditors who use AI well from auditors who use it credulously.

Indeed, excessive trust in AI outputs is the specific failure mode the profession needs to train against — and that’s not getting enough attention.

The risk assessment problem is permanent

There’s a version of the AI-in-audit story in which every limitation is temporary — the AI models will improve, the training data will get better, the accuracy will increase. For most audit applications, that’s probably true, but for risk assessment, it isn’t.

Risk assessment requires professional skepticism: the trained disposition to question, probe, and not accept appearances at face value. AI models are trained to find patterns and produce coherent, confident output. Those two orientations are in direct tension. A model that identifies a pattern and presents it with confidence is doing exactly what it was designed to do. However, the problem is that professional skepticism sometimes requires distrusting precisely that kind of coherent, confident output — and then asking what the pattern is missing, who might be motivated to produce it, and whether the data behind it can be trusted.

That gap isn’t a technology maturity problem. It’s a structural problem. Nearly 80% of audit leaders in the IDC survey say they recognize the risk of algorithmic bias in functions like risk assessment and fraud detection — and that recognition points at something real. The right response isn’t to avoid AI in risk assessment entirely, of course, but it is to be clear-eyed about where AI’s role ends and where the auditor’s begins. Summarizing, flagging, and organizing are appropriate uses of AI, but the judgment about what the output means belongs with someone else.

Governance that actually means something

Most tax, audit & accounting firms have an AI policy; however, far fewer have built the infrastructure that makes it operational.

The two requirements that matter most are traceability and explainability. Traceability means that every AI output cites its source — if it can’t show its work, the firm shouldn’t rely on it. Explainability means the auditor who is reviewing the output can follow the reasoning and form an independent view of whether it holds together. Both of these concepts should be requirements, not preferences. The audit partner signing the report needs to be able to stand behind every conclusion in it, and that requires being able to read the chain from input to output.

Naturally, the more difficult governance question is what “human in the loop” actually means when the processes are operational. As a principle, everyone agrees that the “human in the loop” is critically important. However, as a set of design decisions — determining at which specific points in a workflow human judgment required, how does the interface prompt it, and who is accountable when it doesn’t happen — most firms haven’t worked that out. That kind of imprecision is where audit risk can accumulate quietly.

Where AI is genuinely earning its place

None of this is an argument against AI in audit, of course. Document extraction, first-draft writing, data summarization are all areas in which AI is delivering real value, and the gains aren’t marginal. Contracts that once took days to review can be turned around in hours. Workpaper summaries and client communications that traditionally consumed senior staff time are now being handled in the first-draft stage by tools that do it well. Those hours are going back to partners and managers, and their work is better for it.

The honest picture of AI in audit is not the hype version — transformational overnight, replacing roles, reshaping everything at once. Instead, it’s more incremental than that, more uneven, and more dependent on organizational decisions than technology ones. The audit firms making the most of it aren’t the ones that moved fastest; rather, they’re the ones that were clearest about what they were trying to solve, built governance structures that could handle the friction, and invested in the human judgment that AI can support but cannot replace.

That clarity — about what AI is good for, what it isn’t, and what it requires of the people using it — is where the real work is.

You can find more about the challenges facing audit service professionals here

← Back to blog

Solutions

2026 AI in Professional Service Report

Discover where GenAI and agentic AI are gaining traction in the professional services sector, how expectations and business models are shifting, and where leaders need to prepare as AI becomes an essential pillar of professional work.

Featured event

Related posts

More insights