The integration of large language models into audit workflows is no longer experimental. In 2026, several Big 4 and mid-tier registered firms have begun deploying LLM-assisted tools across the ITGC testing lifecycle — from risk assessment through workpaper finalization.
AI tools can draft initial test procedure narratives, populate risk and control matrices, and generate tickmark legends — reducing time spent on documentation by an estimated 30–40% in pilot engagements.
LLMs are being used to analyze exported access lists and flag anomalies — accounts with excessive privileges, terminated users, or roles that conflict with defined SOD rules — faster and more consistently than manual review.
Vision-capable AI models can analyze screenshots of system configurations, approval timestamps, and access logs to confirm whether evidence supports the stated control objective — without requiring the auditor to manually verify each item.
PCAOB Release 2026-002 (Staff Guidance on Auditor Use of AI Tools) makes clear that AI is a tool, not a professional. Auditors remain fully responsible for evaluating AI outputs and exercising professional skepticism. Inspectors will assess whether auditors reviewed AI-generated content or simply accepted it.