Auditors face a new conundrum. Evidence is almost entirely digital. Bank statements, invoices, purchase orders and shipping records arrive as PDFs, spreadsheets or portal downloads. At the same time, AI tools can fabricate near-perfect fakes: images, logos, stamps, even entire documents.
The profession agrees: auditors must be skeptical. But a sharper question emerges. At what point does skepticism tip into forensics? And let's be clear — auditors are not playing Sherlock Holmes with every document. Nor should they.
A modern audit dilemma
Audit standards require auditors to evaluate the reliability of evidence. That means asking whether documents could have been altered. But does it mean running forensic tests on every PDF? Checking metadata on every vendor invoice? Training staff to spot AI-generated forgeries?
Audit regulators are voicing concerns, and firms are responding with their own worries. If every digital file required deep validation, the audit would risk collapsing under its own weight. That's not skepticism. That's an unsustainable model.
Where the risks cluster
We don't need to look everywhere. We need to look where risk may be highest:
- Cash balances: PDFs of bank statements and Excel-based receipt listings;
- Revenue: shipping documents and purchase orders tied to cutoff;
- Payables: vendor invoices and confirmations routed through management;
- Valuation inputs: broker statements, pricing files, actuarial reports.
These are the choke points. A single falsified document in these areas could distort results far more than a generic expense invoice.
Gut feel still matters
Technology helps, but professional intuition hasn't disappeared. If a document feels off or looks unusual, or if management seems under pressure to deliver certain results, that instinct should not be ignored. In fact, gut feel is often the trigger that directs auditors to probe deeper, and technology can back it up with clear evidence. If you still need that reminder of where AI will not replace auditors, this is it.
Analytics as the auditor's filter
For many, audit analytics still mean fancy dashboards with charts and tables. But the real power goes further. Modern analytics platforms now come with advanced machine learning and AI — giving auditors an extra "spidey sense" that scans entire ledgers in seconds, surfaces hidden patterns, and raises alarms where attention is needed.
They help auditors focus effort without drowning in digital noise:
- Flagging anomalies: rare transactions, duplicate purchase orders or unusual timing of entries;
- Mapping to assertions: showing which documents carry the most weight in high-risk areas;
- Directing escalation: giving auditors a clear list of where document reliability should be questioned.
Instead of treating every document as suspect, analytics narrow the focus to the riskiest 2–5%. That's how skepticism stays sharp while audits stay manageable. A curious point: how many auditors have been exposed to this kind of skepticism supported by technology?
The open boundary
So where does audit responsibility become burdensome? Auditors should challenge reliability when risks, anomalies or instincts point in that direction. But expecting every engagement team to run forensic labs is unrealistic and outside the scope of assurance.
This is a debate the profession must own and one worth opening up more broadly. Skepticism must evolve in an age of image generation and near-perfect replication. But it must evolve in a way that keeps audits practical, risk-based and scalable.
The path ahead
AI will continue to raise the stakes. Fake documents won't get easier to spot. The answer is not more manual checking. It's smarter use of technology to guide judgment, sharpen skepticism and protect the boundary between audit and forensics.
The real question isn't "Can auditors authenticate every file?" It's "Can we design a system that challenges reliability where it matters most and leaves forensics where it belongs?"
