Start Here

Zac Explains Audits: Volume 012

GenAI Prompt Engineering for Auditors – How we can accept new technology and use it to our advantage

Artificial Intelligence (AI) is no longer some futuristic concept reserved for sci-fi movies. It’s here, it’s real, and it’s making waves in almost every industry—including auditing. If you’ve ever wondered how AI, specifically Generative AI (GenAI), can help auditors work smarter, not harder, you’re in the right place.

Zac Explains Audits is a reader-supported publication. To receive new posts and support my work, consider becoming a free or paid subscriber.

What is GenAI in Simple Terms?

Imagine you have a super-efficient intern who never sleeps, never forgets, and can instantly summarize a 100-page document into bullet points. That’s GenAI. It’s an AI system that can generate text, analyze patterns, and even assist in decision-making—all based on how well you communicate with it.

But GenAI isn’t just an intern—it’s an intern with an encyclopedic knowledge of past audit reports, industry best practices, and financial regulations. It can draft memos, generate risk matrices, or even flag anomalies in datasets within seconds. Unlike a human, it doesn’t get tired or overlook details due to fatigue. However, it also doesn’t think critically or exercise professional judgment the way an auditor does. Instead, it acts as an accelerator, processing vast amounts of information quickly and structuring data in a way that makes your job easier.

Think of it like asking a genie for a wish. If you give vague instructions, you’ll get a vague response. But if you’re precise, you get exactly what you need. That’s where prompt engineering comes in.

What is Prompt Engineering?

Prompt engineering is simply the art of asking the AI the right questions in the right way. Just like you wouldn’t ask a junior auditor to “find fraud” without giving them guidelines, you can’t expect GenAI to provide useful insights without clear direction.

By improving how we structure our questions (or prompts), we can get AI to:

  • Summarize audit reports efficiently
  • Identify anomalies in financial data
  • Generate risk assessment templates
  • Suggest controls for common weaknesses
  • Assist in drafting audit documentation

But not all prompts are created equal. Let’s go through a real-world example of different levels of prompt effectiveness in an audit scenario.

Prompting GenAI for an Audit Risk Summary

Bad Prompt:

“Tell me about audit risks.”

Why it’s bad: Way too vague. GenAI doesn’t know what kind of audit risks you mean—financial, IT, compliance? The response will be generic and not as useful as if we specified what we were looking for.

OK Prompt:

“List some audit risks for a company.”

Why it’s just OK: It’s slightly better, but still broad. A tech startup and a manufacturing plant have very different risks.

Good Prompt:

“List five common financial audit risks for a mid-sized manufacturing company and briefly explain each.”

Why it’s good: Now we’re getting somewhere. It specifies the type of audit (financial), the industry (manufacturing), and the level of detail (five risks with explanations). The response will be much more relevant.

Great Prompt:

“You are an expert financial auditor reviewing a mid-sized manufacturing company. Identify the top five financial audit risks this company may face. For each risk, provide a brief description, an example, and a recommended control measure.”

Why it’s great: This prompt does everything the “good” one does, but adds context (you’re an expert auditor), expects specific outputs (description, example, and control measure), and guides the AI toward a structured, useful response.

Context is important in this instance because you can think of it in terms of search parameters in a search engine like Google. When we specify expert auditor, we are removing all those “search results” that are from non-expert sources (how accurate this actually is, is up to your discretion as the GenAI is also the one figuring out who is an “expert”).

How Auditors Can Use This Skill to Their Advantage

Now, you might be thinking, “This is cool, but how does it actually help me?” Well… Being good at prompting GenAI can save you hours of work. Imagine:

  • Quickly generating audit report summaries
  • Automating control recommendations for different industries
  • Enhancing risk analysis by identifying overlooked patterns
  • Refining workpapers with AI-assisted documentation

Instead of fearing AI, auditors should embrace it as a productivity tool. The key is learning how to communicate with it effectively. The better your prompts, the better your results.

It is important to understand privacy here though, companies do not like private data getting shared with other companies. As an internal auditor, make sure you are checking your companies policies on using Generative AI. Hopefully, your company has an internal GenAI set up that is not sharing information outside of your environment, so you can be free to use it to your heart’s content. If not, make sure you are filtering out any details or information that could be considered private, privileged, or secret.

Final Thought:

GenAI is not here to replace auditors—it’s here to make us better at what we do. Mastering prompt engineering is like having a superpower that makes your job easier. The more precise and structured you are, the more valuable AI becomes. So, let’s stop resisting and start using it to our advantage.

,
,

Did you find this tool helpful? Share it!