top of page
The Future Now-White.png

Staying true to the facts: Ensuring document authenticity in the age of AI

  • Writer: Delia Mc Lean
    Delia Mc Lean
  • Jan 4
  • 3 min read

In today’s fast-changing digital world, technology has transformed how we communicate, store, and share information. Artificial intelligence (AI) now enables us to generate, edit, and replicate documents and images with incredible ease and realism. While these innovations offer many benefits, they also introduce new challenges for auditors and clients alike, particularly in verifying the authenticity of documents used as audit evidence.


Why authenticity matters more than ever


Audit quality depends on trustworthy evidence. As set out in International Standard on Auditing (ISA) 500 – Audit Evidence, auditors must obtain sufficient and appropriate audit evidence to support their conclusions. The reliability of that evidence depends greatly on its source; evidence obtained directly from independent third parties is far more reliable than information provided or forwarded by the client.


In the past, receiving a scanned document or a forwarded email might have seemed sufficient. But in an AI-driven environment, where altered documents can look indistinguishable from genuine ones, this is no longer enough. Even a minor change, such as adjusting a figure, date, or letterhead, can completely alter what a document represents.


Direct confirmations: back to the basics


One of the most effective ways to ensure the authenticity of audit evidence is the direct confirmation process, as outlined in ISA 505 – External Confirmations. This standard emphasises that auditors should request and receive confirmation responses directly from the third party, without going through the client.


For example:

  • Bank confirmations should always come directly from the bank, ideally through secure, verified electronic confirmation platforms or official banking channels.

  • Investment certificates and IT3(b) statements should be retrieved by the client, in the auditor’s presence, directly from the institution’s website to ensure the information originates from an authentic source.

  • Supplier or customer confirmations, or other external correspondence, should be emailed directly to the auditor rather than forwarded by the client. Even forwarded emails can be manipulated, spoofed, or intercepted.


The cost of assurance, and the cost of getting it wrong


Some may hesitate to request bank confirmations or other third-party verifications due to the associated costs. However, these costs should be viewed as an investment in assurance and peace of mind. The small fee a bank charges for issuing a confirmation is minimal compared with the potential consequences of relying on manipulated or falsified information.


If balances are misstated and financial statements are relied upon by investors, lenders, or regulators, the economic and reputational damage can be significant. In this sense, the cost of obtaining independent confirmation is far less than the cost of discovering inaccuracies later. Ensuring the authenticity of key financial information protects not only the auditor’s opinion but also the business's credibility and stability.


Professional scepticism in a digital world


The concept of professional scepticism, as outlined in ISA 200 – Overall Objectives of the Independent Auditor, has never been more critical. In practical terms, this means maintaining a questioning mindset, being alert to conditions that may indicate possible misstatement, and critically evaluating the evidence obtained.

In the current environment, professional scepticism involves:


  • Take extra care when evaluating electronic documents or screenshots.

  • Questioning the origin of documents that appear unusual or inconsistent.

  • Confirming directly with third parties when doubt exists.

  • Using secure, trusted communication and confirmation systems.


By taking these steps, auditors can continue to uphold the credibility and reliability of their opinions, values that lie at the heart of the profession.


A word to the clients


We understand that these additional procedures, such as obtaining direct confirmations or requesting documents to be downloaded in the auditor’s presence, can sometimes feel time-consuming or inconvenient. However, we ask clients to work with their auditors and be patient throughout this process. These steps are not about creating extra work; they are about protecting you and your organisation in an increasingly complex and AI-influenced world.


By ensuring evidence comes directly from reliable third-party sources, auditors help safeguard your financial statements against manipulation or misinterpretation. This strengthens the credibility of your financial reporting and reinforces trust with shareholders, banks, regulators, and other stakeholders. In the bigger picture, these safeguards benefit both the auditor and the client, preserving confidence in your organisation’s integrity and financial transparency.


Building trust in an AI-impacted era


As technology evolves, so must our audit practices. AI tools have made it easier than ever to manipulate information, but they also underscore the importance of the auditor’s judgment, independence, and professional scepticism. Ensuring that evidence comes directly from reliable third parties is not just a regulatory requirement; it is essential to preserving trust in financial reporting.


Ultimately, authenticity matters. By staying vigilant, applying the ISAs diligently, and adapting to technological realities, auditors can continue to deliver assurance that both clients and stakeholders can rely on.

 
 
bottom of page