As artificial intelligence becomes more visible in audit practice, discussions are naturally broadening. Before turning to audit quality implications, it helps to be precise about what we mean by AI and agentic AI.

Artificial intelligence, in its broadest sense, refers to computational systems designed to perform tasks that have traditionally required human cognition. These include pattern recognition, anomaly detection, classification, prediction, and inference across large volumes of structured and unstructured data. In an audit context, AI is rarely a standalone solution. It functions as an enabling layer, embedded within automated tools and techniques, data analytics platforms, and, increasingly, decision-support systems used by engagement teams.

Agentic AI represents a more advanced evolution. Unlike rule-based automation or static analytics, agentic systems are capable of setting intermediate objectives, planning sequences of actions, interacting across multiple data sources or systems, and adapting their behaviour based on outcomes. At their most advanced, these systems do not simply execute instructions; they determine how tasks should be performed in order to achieve defined goals.

That distinction matters. Traditional audit technology assists the auditor. Agentic AI begins to influence how audit procedures are shaped, sequenced, and prioritised.

From Audit Assistance to Audit Influence

Technology has long been part of the audit toolkit. Sampling software, spreadsheet models, and early forms of data analytics improved efficiency, but they rarely altered the auditor’s fundamental decision-making framework. The current wave of AI adoption is different.

Today, AI-enabled tools are routinely used to analyse entire populations rather than samples, identify transactions considered low risk or anomalous, prioritise areas for substantive testing, support journal entry testing, and assist in risk assessment through pattern recognition. As a result, technology increasingly influences what is tested, how extensively it is tested, and, in practice, what is treated as sufficient audit evidence.

This shift demands a more honest assessment of how audit procedures themselves have changed, and where the limits of delegation to technology must remain firmly in place.

Audit Procedures: What Has Changed and What Has Not

There is no question that certain aspects of audit execution have evolved. Risk indicators may now be generated or prioritised by algorithms drawing on historical and current data. Substantive testing may focus on targeted exceptions identified through population-level analysis. Journal entry testing increasingly relies on pattern recognition rather than rule-based filters.

At the same time, some practices carry new risks. Transactions classified as “low risk” by algorithms may receive little or no substantive attention. Corroborative procedures may narrow, increasing the risk of overreliance on a single tool’s output.

What has not changed is ultimately more important.

The auditor remains responsible for understanding the entity and its environment, assessing risks of material misstatement, determining the sufficiency and appropriateness of audit evidence, exercising professional skepticism, and reaching and supporting audit conclusions. Technology may alter the mechanics of execution, but it does not alter accountability.

A Practical Example: Revenue Testing with AI

Consider revenue testing in a high-volume environment.

An AI-enabled tool ingests the full population of sales transactions and classifies them as low risk or anomalous based on historical patterns, pricing behaviour, customer profiles, and timing indicators. Substantive testing is then concentrated almost entirely on transactions flagged as higher risk.

The efficiency gains are obvious. The risk is more subtle.

If an engagement team cannot clearly explain how risk classifications were determined, why certain transactions were excluded from testing, whether data inputs were complete and accurate, or how the model responds to changes in business conditions, then audit judgment has quietly been replaced with algorithmic confidence.

This concern is not theoretical. Inspection observations globally, including those highlighted by the Canadian Public Accountability Board (CPAB), point to instances where automated tools became the primary source of audit evidence, with limited validation of inputs and insufficient challenge of outputs.

Regulators Are Paying Close Attention

Across jurisdictions, audit regulators are aligned on a simple message: innovation is welcome, but never at the expense of audit quality.

A recent CPAB publication reflects this supervisory stance clearly. While acknowledging that advanced technologies, including agentic AI, can enhance audit quality, CPAB also highlights recurring inspection concerns. These include overreliance on automated tools, limited testing of transactions deemed low risk by algorithms, insufficient transparency around how risk classifications are generated, and a lack of meaningful challenge of technology-driven conclusions.

The guidance is not anti-technology. It is explicitly pro-judgment. Where technology operates more autonomously, CPAB emphasises that supervision, documentation, explainability, and human oversight must be strengthened rather than relaxed.

Tools Do Not Bear Responsibility. Auditors Do.

One of the most important clarifications in CPAB’s commentary is also one of the most easily misunderstood.

• Technology does not exercise professional skepticism.
• Algorithms do not apply ethical reasoning.
• Models do not issue audit opinions.

Many firms describe their audits as “human-led, with a human in the loop.” That principle, however, cannot remain a slogan. Effective adoption requires a behavioural shift, clear articulation of responsibilities at each stage of the audit, and visible evidence that engagement partners and teams actively challenge technology outputs rather than defer to them.

From a regulatory perspective, the position is unequivocal. Tools are tools. Responsibility for audit quality, judgment, and conclusions rests entirely with the human auditor.

KNAV Comments: The Enduring Test of Audit Quality

Artificial intelligence will continue to reshape audit execution. Agentic systems will become more capable, more autonomous, and more deeply embedded in audit workflows. That trajectory is irreversible.

What remains unchanged is the regulator’s lens.

Audit quality will continue to be assessed by asking whether auditors understood the risks, applied professional skepticism where it mattered most, and supported their conclusions with evidence they could clearly explain and defend. The question will not be how advanced the tool was, but whether judgment was exercised or quietly delegated without challenge.

Technology can sharpen audit judgment. It can also dull it. The difference lies not in the sophistication of the tool, but in the discipline of the auditor using it.