AI is fundamentally changing internal audit by accelerating risk identification, improving report quality, and enabling audit managers to focus their expertise where it matters most. ChatGPT can help draft audit programs, synthesize complex findings into executive-ready narratives, and streamline stakeholder communication across the entire audit lifecycle. These 35 prompts are built for audit managers who want to raise the quality and efficiency of their function without cutting corners on rigor.
1. Audit Planning & Risk Assessment
Create a risk-based audit universe for a mid-size manufacturing company. Organize it into categories (financial reporting, operations, compliance, IT, strategic) and rate each area by likelihood and impact on a 1–5 scale. Include a prioritization summary.
Draft a preliminary risk assessment memo for an upcoming audit of the accounts payable process at a company with $500M in annual spend. Identify the top 5 inherent risks, relevant controls to test, and initial audit objectives.
Generate a comprehensive audit planning checklist for an internal audit of a company's payroll function. Cover: scope definition, data requests, stakeholder interviews, preliminary analytics, materiality considerations, and timing.
Write an opening meeting agenda for a financial controls audit. Include: introductions, audit scope and objectives, timing and resource plan, auditee responsibilities, communication protocols, and Q&A.
Develop an annual internal audit plan for a publicly traded retail company with operations in 12 countries. Include a mix of financial, operational, IT, and compliance audits, prioritized by risk rating. Present it in a table format.
2. Audit Program & Procedure Design
Write a detailed audit program for testing the effectiveness of a company's procurement-to-pay (P2P) controls. For each control, list the audit procedure, sample size rationale, evidence required, and potential exceptions to look for.
Create an audit testing matrix for SOX Section 404 compliance over the revenue recognition cycle. Include control objective, control description, control owner, test approach (inquiry, observation, inspection, re-performance), and frequency.
Design an IT general controls audit program for a company's ERP system. Cover: user access management, change management, backup and recovery, and cybersecurity incident response. Include specific test steps for each domain.
Generate a data analytics audit program for detecting anomalies in expense reimbursements. Include 10 specific queries or analyses (e.g., duplicate submissions, amounts just below approval thresholds, weekend submissions) with the fraud hypothesis each tests.
Write a walk-through procedure template for documenting an end-to-end business process for audit purposes. Include fields for: process owner, key inputs and outputs, system touchpoints, control activities, and risks identified.
3. Fieldwork & Evidence Documentation
Draft a professional interview guide for discussing internal controls with a Controller during fieldwork for a financial close audit. Include 12 open-ended questions covering: process ownership, reconciliation procedures, segregation of duties, and exception handling.
Create a working paper index template for an internal audit engagement covering the accounts receivable cycle. Include sections for planning, risk assessment, audit programs, testing workpapers, exceptions log, and management responses.
Write a sample exception log entry for the following finding: an accounts payable clerk has system access to both create vendors and approve invoices, creating a segregation of duties violation. Include: finding description, risk, root cause, population tested, and exceptions found.
Generate a data request list to send to the finance team at the start of a revenue audit. Include: specific reports, system exports, policy documents, and reconciliations needed, along with the business purpose for each request.
Draft a professional email to an audit client who is two weeks behind in providing requested documentation. The tone should be assertive but collaborative, and it should reference the agreed-upon fieldwork timeline and the impact of delays.
4. Audit Finding & Report Writing
Write a formal audit finding using the COSO framework structure for the following issue: the company lacks a documented policy for reviewing user access on a quarterly basis, resulting in 23 active system accounts belonging to terminated employees. Include: condition, criteria, cause, effect, and recommendation.
Transform the following bullet-point fieldwork notes into a polished executive summary for an internal audit report: [paste notes]. The summary should be 300–400 words, written for a C-suite audience, and lead with the most significant findings.
Rewrite the following draft audit finding to make it more impactful and action-oriented without overstating the risk: [paste draft finding]. Focus on clear cause-and-effect language and a specific, measurable recommendation.
Draft a management response section for an audit report finding related to insufficient documentation of journal entry approvals. The response should acknowledge the finding, explain the corrective action, assign an owner, and provide a realistic remediation date.
Create a rating scale and definitions for audit findings at a mid-size company. Define four severity levels (Critical, High, Medium, Low) with criteria for each based on financial impact, likelihood of recurrence, regulatory implications, and reputational risk.
5. Stakeholder Communication & Presentations
Write an executive presentation script for presenting the results of an internal audit of the company's IT disaster recovery program to the Audit Committee. Include: scope, key findings (3 high-risk, 2 medium-risk), management commitments, and recommended next steps.
Draft a memo to the CFO summarizing the top 5 control deficiencies identified during the annual internal audit cycle, ranked by risk. For each deficiency, include a one-sentence description, the business impact, and the proposed remediation timeline.
Create a status report template for the Chief Audit Executive to share with the Audit Committee quarterly. Include sections for: audits completed, audits in progress, key findings summary, open recommendations tracker, and budget vs. actual.
Write talking points for an audit manager to use when meeting resistance from a business unit leader who disagrees with an audit finding. The approach should be evidence-based, professional, and focused on risk and business impact rather than compliance.
Draft a closing meeting agenda for wrapping up an operational audit of the company's supply chain function. Include: summary of findings, preliminary ratings, auditee response process, report issuance timeline, and next steps for remediation tracking.
6. Compliance & Regulatory Audit
Create an audit program for testing a company's compliance with the General Data Protection Regulation (GDPR). Include key articles to assess, specific test procedures, documentation requirements, and indicators of non-compliance.
Write a gap assessment framework for evaluating a company's compliance with the COSO Internal Control – Integrated Framework (2013). Include the five components, 17 principles, and 3–5 audit questions for each principle.
Generate a list of 10 red flags that would indicate a company's anti-money laundering (AML) controls are inadequate. For each red flag, describe the audit test procedure that would surface it.
Draft an internal audit report section summarizing the results of a Sarbanes-Oxley (SOX) 302/404 readiness assessment for a company preparing for an IPO. Include scope, methodology, key gaps identified, and recommendations.
Create an audit checklist for assessing a company's compliance with OSHA workplace safety regulations in a manufacturing environment. Cover: hazard communication, personal protective equipment, emergency action plans, and recordkeeping.
7. Team Management & Quality Assurance
Write performance review comments for an audit senior who consistently delivers high-quality workpapers on time but struggles with presenting findings to business stakeholders. Include specific strengths, development areas, and suggested actions.
Create a quality assurance review checklist for an audit manager to use when reviewing a staff auditor's completed workpaper. Include criteria for: objective linkage, evidence sufficiency, documentation clarity, exception documentation, and conclusion support.
Draft a training plan for a new internal auditor with two years of public accounting experience transitioning to an internal audit function. Cover their first 90 days: orientation, shadowing, tool training, first independent assignment, and feedback checkpoints.
Generate an agenda for a 60-minute internal audit team retrospective at the end of a large audit engagement. Include structured discussion segments for: what went well, what did not go well, root causes, process improvements, and action owners.
Write a job posting for a Senior Internal Auditor position at a Fortune 500 financial services company. Include: role summary, key responsibilities, required qualifications (CPA or CIA preferred), preferred experience, and a compelling employer value proposition.
Get the Complete Audit Manager AI Toolkit
Get the complete AI Prompt Toolkit for Audit Managers →
Works with Claude, ChatGPT, and DeepSeek. Copy-paste ready.
Top comments (0)