AI in audit has moved from conference discussion to a practical evaluation decision for CPA firms. This guide explains where AI tools currently operate across the external audit workflow, what they improve in practice, and where the major gaps remain — particularly in audit planning.

Written for sole practitioners, audit partners, managers, and small-to-mid-tier CPA firms, the paper provides a practical framework for assessing AI audit tools across planning, fieldwork, engagement management, privacy, and governance.

Inside this guide:

• Where AI is currently being used across the external audit lifecycle

• How tools such as evidence matching, anomaly detection, and workpaper automation are changing fieldwork

• Why audit planning remains comparatively underserved despite its importance to engagement quality

• Practical criteria for evaluating AI audit tools across planning, execution, and engagement management

What the guide covers on privacy, governance, and data protection:

• How client data is handled, encrypted, retained, and deleted

• Whether vendors use customer data to train or fine-tune AI models

• Whether AI-generated outputs can be traced back to underlying sources

• Why practitioner review remains essential before any output enters the audit file

• Why frameworks such as SOC 2 and NIST AI RMF matter when evaluating audit software vendors