Skip to main content
Version: 1.0.0-beta

AI Best Practices

AIIA's AI features are designed to augment — not replace — professional audit judgment. Follow these best practices to get the most value while maintaining audit quality and governance.

Golden Rules

  1. AI outputs are suggestions — always review before applying
  2. You are responsible — the auditor owns the final work product
  3. Verify citations — check that AI references are accurate
  4. Use confidence scores — lower scores need more scrutiny
  5. Document AI usage — note when AI was used in workpaper methodology

Do's and Don'ts

✅ Do❌ Don't
Use AI for first drafts, then refineBlindly apply AI-generated text
Check AI citations against source documentsAssume AI references are correct
Use AI to identify patterns in large datasetsRely on AI for final severity judgments
Document when AI assisted your workHide AI usage from reviewers
Start with clear context (scope, objectives)Give vague prompts expecting perfect results
Review confidence scoresIgnore low-confidence warnings

Getting Better Results

Provide Context

The more context you provide, the better the AI performs:

  • Fill in engagement objectives and scope before asking for narratives
  • Complete CCCER fields before asking for finding drafts
  • Link risks and controls before asking for test procedure suggestions

Be Specific

Instead of: "Write a finding" Try: "Draft a finding about the approval workflow gap identified in workpaper WP-003, where 12 of 50 sampled POs lacked proper authorization"

Iterate

  • Use AI output as a starting point
  • Edit and refine the text
  • Ask follow-up questions to improve specific sections

AI Governance Compliance

To maintain compliance with AIIA's AI governance framework:

  • Every AI interaction is automatically logged
  • ai_execution_id traces AI contributions in findings and workpapers
  • QA reviews can identify AI-assisted content
  • The audit trail shows Apply/Reject decisions for all AI suggestions

When NOT to Use AI

  • Final severity determination — use professional judgment
  • Legal opinions — consult legal counsel
  • Regulatory interpretations — reference the official regulation
  • Disciplinary matters — require human sensitivity
Last updated on by AIIA Engineering