That’s exactly why the Internal Audit Collective’s AI Working Groups volunteered their time and creativity to create our new eBook series, the Gen AI Playbook for Internal Audit. These eBooks include proven, ready-to-deploy prompts and actionable guidance from real practitioners who’ve already been successful in using AI. Auditors can use these prompts to start experimenting today, expediting their progress to developing bona fide AI capabilities. 

The first eBook — focused on deploying AI in all stages of the audit methodology — launched during a November 20 webcast attended by more than 550 people. Panelists did live demos of four prompts from the eBook: Gen AI in AI Working Group Leader Alan Maran was joined by Joe Earl, Alejandro Anievas, and Kaine Kenerly, all of whom were critical in driving the group’s efforts. 

The team did their best to answer questions from the chat. But the takeaway was clear: A lot of folks have the same questions about AI. So, ICYMI the webinar — or in case you have the same questions — here are their answers to the most common questions we’ve gotten about using Gen AI in Internal Audit.  

1. Where can I download the eBook?

Understandably, everyone was eager to get their hands on the prompts. This was the #1 question. 

You can download the eBook here.   

Internal Audit Collective members can also access these and other prompts in our growing Gen AI Prompt Library.

2. Does the prompt construction work regardless of platform?

Kaine Kenerly: “The general principles of effective prompts — such as defining roles, tasks, contexts, output formats, tones, and examples — are universally applicable across platforms. This also applies to prompting techniques. However, some LLMs may excel in certain use cases more than others. Therefore, it’s essential to experiment with various platforms to determine which LLMs are best-suited for specific tasks, whether it be research, analysis, or documentation creation.”

3. Does any LLM work better than others?

Alejandro Anievas: “There’s no single, all-encompassing, best LLM for all scenarios. GPT-5 and Claude Opus 4.5 are good choices right now for reasoning, while others may shine for accuracy, transparency/explainability, or images, like Gemini 3 Pro/Nano Banana.” 

Also, as our panelists shared during the webinar, the best Gen AI tool to use tends to be whichever Gen AI tool(s) your organization is already using (e.g., Gemini for Google shops, CoPilot for Microsoft shops, ChatGPT for OpenAI subscribers). You’ll face fewer hurdles. You’ll get more integrations. And if you need a different tool down the road, you’ll have proofs-of-concept to help you make your case.

Need help building your business case or securely rolling out Gen AI? Sections one and two of the eBook offer tips for overcoming common challenges and setting up robust security and governance. 

4. Do you have to document the use of AI for the sampling method?

Joe Earl: “Yes. My advice is to document it in a similar manner that you would if you were using other information systems/technology, like ACL or IDEA. First, I would update any department or company methodology to include the use of Gen AI for sampling purposes and establish clear expectations. Secondly, I would ensure the tool is identified, as well as the sampling parameters, the validation steps to ensure the output was reasonable, and any professional judgement that was applied. I’d also ensure that a copy of the prompt that was used is retained in the workpapers.”

5. Is a prompt like the one just shown (sampling) acceptable to External Audit for reliance, or are these primarily leveraged for internal testing? In other words, are External Auditors allowing their clients to use these types of Gen AI for SOX compliance purposes?

Alan Maran: “External Auditors are still conservative about relying on Gen AI outputs for SOX. Today these tools are generally viewed as accelerators for internal testing rather than sources of audit evidence. That said, many auditors are becoming comfortable with Gen AI-assisted sampling, as long as management can prove that the full population was considered, the sampling logic is sound, and the underlying evidence is system-generated. You should confirm expectations with your External Auditors, since each firm and engagement team may vary. In most cases — if you can show the complete population, export and retain the SQL used to generate it, and demonstrate that the sample selection followed an approved methodology — then using Gen AI to facilitate the sampling process is likely acceptable.”

This is a pressing question for many teams. That’s why it’s the focus of volume two of the Internal Audit Collective’s Gen AI Playbook for Internal Audit, which will share proven prompts for use in SOX work. Keep an eye out for the eBook webinar and launch in January or February of 2026. 

6. How would you recommend dealing with potential hallucinations?

Alejandro Anievas: “I think it starts with prompt design. The way you ask matters. We need to avoid open-ended prompts where AI can speculate. Prompts should be explicit while giving proper context. Structured outputs like tables, providing examples, or checklists also help reduce ambiguity. Placing guardrails will also help. Have your AI cite sources or flag uncertainty. Using confidence scoring can be useful here.”

Gen AI itself also has good advice. OpenAI’s ChatGPT advised, “Use Gen AI only as a supporting tool. Position Gen AI to augment — not replace — professional judgment. Make sure any output is reviewed and validated by an auditor, just like you would with work from a junior staff member.” To that end:

• Build validation steps into your workflow (e.g., cross-checking AI-generated control descriptions, risk statements, and test scripts; human reviewer confirmation that AI-generated insights match evidence).
• Keep AI away from final conclusions. AI can help draft, summarize, brainstorm, and structure audit steps — but humans should always make final determinations about control design, effectiveness, risk ratings, etc.
• Train staff on how hallucinations happen, increasing awareness about when AI is likely to hallucinate (e.g., lack of data, speculative questions) and how to detect inaccuracies.

7. These prompts are awesome, but is Internal Audit as an industry really using these types of AI prompts?

Kaine Kenerly: “Yes. As evidenced by the webinar polls, many Internal Audit shops are currently leveraging AI and starting with prompt development. Some teams allow their members to create their own prompts, while others are developing prompt libraries or embedding prompts within their GRC tools. Many are using general-purpose LLMs to perform a variety of audit activities through prompts. This initial adoption of AI paves the way for higher levels of maturity, such as developing agents and tailored software solutions.”

We can also point straight back to the eBook. Because it wasn’t just our four panelists building these prompts — it was 20+ professionals working together, representing nearly as many companies. 

Our benchmarking survey of Internal Audit teams with SOX responsibilities also found that the higher a SOX team’s self-assessed maturity, the more likely they are to be using Gen AI: 

• High-maturity teams: 60-65% already experimenting; 20% planning to within the next year
• Low-maturity teams: 35-40% already experimenting; 30% planning to within the next year

8. This is so awesome it’s scary — I see the potential. But I also worry AI could replace me as an auditor. With that in mind, should I be using these prompts?

Joe Earl: “I completely understand that fear. It's natural to worry about job security when a powerful new technology emerges in our field. The auditors most at risk of being left behind are those that refuse to learn Gen AI, not those who embrace it. Your peers who adopt these tools will become more efficient and insightful. Gen AI excels at tedious data work, but it can’t replicate professional skepticism, organizational context, or the judgment to know when something doesn't smell right. My advice is to lean in and master the tool to amplify your expertise rather than fear it will replace what makes you valuable.”

It’s critical that we’re clear-eyed about AI’s impact on our profession. It will be transformational — no question. Sadly, many auditors are still in denial. Only 39% of respondents in AuditBoard’s 2026 Focus on the Future survey expect AI to have a transformative impact on their work by 2030.

9. Hang on… are we asking AI to help us think??? 

Well, this last one was asked as a joke. But the reality is — yeah. We are.

With Internal Audit teams consistently asked to do more work with fewer resources, Gen AI can help us analyze faster, draft smarter, and better engage our stakeholders. 

The trick, however, is that Gen AI retains its status as a tireless assistant, and humans remain the ones firmly holding the reins — on conclusions, decisions, quality, strategy, real-world application, ethics, originality, collaborating across the lines, and everything Gen AI can’t do. That’s how we’ll continue defining and driving Internal Audit’s value in the age of AI.

What are you waiting for? Join the Internal Audit Collective today. Be part of a community that’s actively sharing Gen AI ideas and guidance, elevating the profession while enabling auditors’ ability to make real progress on implementing AI. 

‍

‍