ChatGPT prompts for audit management

The accounting and audit industry is abuzz with talk about AI and its impact on the professions. We have discussed this topic on the Circit blog previously, in our article on AI in auditing and how firms can leverage AI to streamline processes.  

AI technology is rapidly maturing and being integrated into various professional domains, including accountancy and audit. Sometimes, it can be hard to see the forest for the trees: there is a lot of talk about what AI could be and could do for audit management, but few concrete and specific examples of prompts or ideas that can be used right away.  

In this article, I want to provide clear prompts and ideas for prompts to bridge the gap between what we think we know about AI and what it can do for us.  

The prompt

The answers you get from ChatGPT are only as good as the prompt you used to get them. Prompt-crafting is an art and an iterative process: your prompt will likely need to be tweaked a few times before it’s usable and you should add as much detail and background as possible.  

For the audit management prompt I used for this article, I added the following details:  

• role within the audit firm

• size of the audit firm

• location of the audit firm  

• accounting standard to use, in this case IFRS

I then specified the challenges I wanted to address with my prompts and gave details on the desired style, tone and expertise level to ensure that the responses are tailored and relevant to my specific needs. I then honed in even more on two elements that are particularly important to me: client interactions and mentoring junior staff.  

Here is the prompt I used:

I am an Audit Manager at a mid-sized audit firm in the United Kingdom and I aim to decrease manual tasks, assess and highlight areas of risk, develop effective substantive testing procedures, enhance audit documentation, automate data entry, detect anomalies, and add value for clients by offering tailored advice and solutions.

Answers to prompts should reflect extensive experience in the audit field, and be useful for audit management, utilising correct methodology and terminology, with a specific focus on UK regulatory compliance.

The tone should be consultative, ensuring that client interactions are handled with care, improving and managing client expectations, and providing clear, actionable insights. The answers should also address maintaining client confidentiality, managing sensitive information, and include considerations for training and mentoring junior staff.

The responses should be concise, objective, and professional. Please start by aligning my challenges with the phases of audit engagement: pre-engagement, planning, fieldwork and close-out / reporting.

With this prompt in place, I can ask specific questions to help me with the different phases of the next audit. Just paste the questions below at the end of the prompt.  

Pre-engagement

Client Onboarding and Risk Assessment:

• "Help me draft an engagement letter that includes specific terms around confidentiality, data protection, and AML/KYC compliance for a new UK client."

• "Provide a summary of the key regulatory changes in the UK audit industry that may impact risk assessment for a client in [specific industry]."

• “Prepare an agenda for the initial client meeting, including discussion points on audit objectives, timelines, and key areas of focus."

• "Identify potential areas of compliance risk in the provided company policies and procedures."

‍Client Communication and Expectation Management:

• "Create a checklist for a kickoff meeting with a new audit client, focusing on scope, timelines, deliverables, and managing client expectations."

• "Draft a confidentiality agreement tailored to a UK-based audit client, emphasizing GDPR compliance and the management of sensitive information."

• "Create templates for common client communications, such as information requests, follow-up emails, and status updates."

‍Team alignment:

• "Create a task tracking template for the audit team, outlining key milestones, deadlines, and responsible team members."

Audit planning  

Risk Assessment and Materiality:

• "Generate a risk assessment matrix template that highlights high-risk areas based on public historical data and industry-specific risks for a UK client."

• "Outline the factors to consider when determining materiality thresholds in an audit, with a focus on both quantitative and qualitative aspects.”

Audit Strategy and Resource Allocation:

• "Provide suggestions for integrating data analytics into the audit strategy to automate data entry and detect anomalies."

• "List best practices for assigning tasks to junior auditors that align with their experience and provide opportunities for growth."

Audit fieldwork

Substantive Testing and Evidence Gathering:

• "Recommend automated substantive testing procedures for routine tasks like reconciliations and explain how to document these in the audit workpapers."

• "Create a template for documenting walkthroughs of internal controls, ensuring it aligns with UK regulatory requirements."

• "Draft substantive testing procedures for revenue recognition, focusing on completeness and accuracy. Customise the procedures to align with the specific client's industry, [insert industry], and relevant accounting standards.”  

Client Interaction and Anomaly Detection:

• "Suggest ways to communicate audit progress and findings to a client, especially when anomalies or risk areas are detected, while maintaining confidentiality."

Close-out and Reporting

Drafting and Reviewing the Audit Report:

• "Help me draft a clear and concise audit report outline, emphasising key findings [insert key findings] and suggest some recommendations that align with the client’s objectives of [client objectives]."

• "Give me a checklist for reviewing an audit report to ensure it is evidence-backed, compliant with UK standards, and appropriately communicated."

• "Generate an audit report summary, including key findings, recommendations, and compliance with relevant auditing standards. Ensure that the summary is comprehensive and aligns with the International Standards on Auditing (ISAs) and the documentation policies.”

Client Debrief and Continuous Improvement:

• "Create an agenda for a client debrief meeting post-audit, focusing on discussing findings, providing tailored advice, and gathering client feedback."

• "List questions to ask the client during the debrief to gain feedback on the audit process and how we can improve future engagements."

Cross-phase considerations

Training and Development of Junior Staff:

• "Suggest topics for a training session for junior auditors on using data analytics tools in the audit process."

• "Provide a mentoring checklist to help junior auditors improve their client communication and confidentiality management skills."

Regulatory Compliance and Best Practices:

• "Summarise the recent updates in UK auditing standards that I should incorporate into our audit processes."

• "Draft a continuous improvement plan for audit processes, focusing on aligning with best practices and enhancing efficiency."

Caveats of using ChatGPT for audit management

Confidential data

Introducing confidential data into ChatGPT conflicts with the recommended usage guidelines and could violate client confidentiality and GDPR regulations. This includes financial statements, client names, or any proprietary information. Instead, consider using synthetic or obfuscated data. Even with synthetic data, be cautious of inadvertently revealing patterns that could be de-anonymised.

Prompts such as:

• "Extract key financial ratios from the following financial statements and prepare a comparative analysis."

• "Convert the following client-provided financial data into a structured Excel format suitable for audit analysis."

• "Compare the provided financial statements with last year's statements and highlight any significant changes."

can be used and experimented with using synthetic or obfuscated data. For this article, I wanted to focus on prompts that don’t rely on confidential data. When using data in ChatGPT, care must always be taken this data is publicly available and non-confidential.  

Wrong answers

ChatGPT’s outputs can be wrong. It is meant as an assistant to work alongside humans and as such, all outputs by ChatGPT need to be checked and a healthy dose of professional scepticism should always be applied.  

Regulatory guidelines

Auditors using ChatGPT should also ensure this usage adheres to their firm’s policies and the wider regulatory framework, though the latter isn’t entirely clear yet. For now, regulators have acknowledged the capabilities of AI and the massive impact it can have, but the regulatory framework around AI is still maturing. The UK government is actively developing new regulations.

Conclusion

Using and benefitting from ChatGPT for audit management will take an experimental mindset and an iterative approach, combined with a strong sense of ethics and data protection.  

A well thought out prompt with as many details as possible is the key to generating answers that add value. The answers generated will need to be vetted thoroughly.

If you have access to ChatGPT Pro, you can also create your own GPT, which will take an initial prompt to which you can add refinements. You can read more about using a custom GPT to create a Technical Director in our recent blog.  

Ultimately, the best instance of ChatGPT will be one crafted and honed by the individual user. By asking follow-up questions and giving feedback on the quality of the answers, they will keep getting better.  

I hope this article has been helpful to craft prompts and in providing some prompts you can use right now and experiment with.

‍