AI Adoption in Audit is On the Rise
October 16, 2025
A new report from audit, risk, and compliance software provider AuditBoard reveals that artificial intelligence adoption in audit functions is growing, up from 8% to 21% in just one year.
At the same time, the number of firms with no AI plans has dropped nearly in half—from 49% to 25%—signaling a decisive shift toward adoption, according to AuditBoard’s 2025 Risk Intelligence Report.
The report also found that early adopters are realizing significant benefits, including up to 8,000 audit hours saved annually, 20% to 40% productivity gains, and $3.7 million in annual savings for large enterprises.
The inaugural report, which combines proprietary platform data that includes more than 50% of the Fortune 500 with survey insights from over 400 global risk leaders, identifies the “middle maturity trap” as the primary barrier preventing organizations from converting high investment activity into sustained resilience and foresight.
“Survey results reflect a market in transition. On the one hand, enterprises are investing aggressively: 35% are adopting new frameworks, 45% are updating existing frameworks, 39% plan to expand AI and machine learning skills, and 40% plan to increase cybersecurity staffing. On the other hand, maturity is lagging. Only a minority report having governance structures robust enough to embed risk intelligence across the enterprise. The disconnect between ambition and execution is stark,” the report says. “This disconnect defines the middle maturity trap: enterprises achieve activity, but not delivery. Consistent delivery.”
More than half of enterprises surveyed are implementing AI tools and investing in skills, yet the report shows that acceptance rates dip sharply when governance is unclear. Decision times are lengthening, confidence in AI outputs is inconsistent, and governance gaps leave many deployments stuck in “pilot mode.” The report says that this volatility makes AI the most visible—and most urgent—test of risk maturity today.
“Today’s risk environment is more complex and dynamic than ever, and enterprises are increasingly turning to AI to navigate this threat landscape,” Happy Wang, chief product and technology officer at AuditBoard, said in a statement. “Our data shows that enterprises are eager to experiment and invest, but the intent is not translating into reliable execution. The key difference between leaders and laggards is not budget, but the discipline to embed governance, ownership, and cadence across all risk dimensions.”
Beyond efficiency gains, AI and automation are redefining the audit function itself, the report says.
“Teams are using generative AI to draft narratives, accelerate control mapping, and analyze evidence at scale, reducing cycle times from weeks to days,” it states. “Automation not only frees auditors from repetitive tasks but also amplifies their strategic role: surfacing anomalies earlier, linking findings to enterprise risks, and strengthening confidence in reporting. Leaders distinguish themselves by treating AI not just as a tool for speed, but as a catalyst for higher-quality assurance and broader organizational impact.”
Key findings from the report include:
AI is the defining test of risk maturity, but trust is fragile
High ambition, fragile execution: 53% of enterprises are implementing AI tools, and 39% are expanding AI/machine learning skills.
Volatility in confidence: The survey found AI acceptance rates declined by roughly 30% in July, following strong initial adoption in May and June, with decision-making times lengthening. This volatility is directly linked to unclear governance, leaving adoption stuck in pilot mode.
The governance gap: Fewer than 30% of leaders feel prepared for upcoming AI governance requirements, indicating a lack of clear ownership that undermines trust.
Emerging risks are driving hiring: 70% of respondents expect to increase risk management staffing over the next two years, and 40% plan to increase cybersecurity staffing.
The “middle maturity trap” hinders resilience
Coordination is lacking: Two-thirds of enterprises remain siloed in structure, systems, or decision-making.
Follow-through is inconsistent: This trap is characterized by bursts of activity (such as spikes in collaboration or risk logging) that aren’t sustained. For instance, collaboration surged in July but quickly faded, preventing continuous progress.
Implementation is incomplete: The report identifies five dimensions of connected risk—AI and automation, control maturity, frameworks and coverage, collaboration, and risks and issues discipline—and shows that consistency across these dimensions is missing for most organizations.
Leaders turn governance into strategic advantage
The report finds that leaders who successfully break free of the middle maturity trap distinguish themselves by turning risk management into a source of foresight and trust:
Institutionalizing cadence: They make risk oversight a standing item at board and executive meetings rather than treating it reactively.
Embedding discipline: They treat control adoption and risk logging as continuous management habits, not periodic compliance events.
Connecting risk: They align audit, risk, compliance, and information security on shared key performance indicators and institutionalize regular cross-functional engagement.
“AI implementation is becoming a defining moment for every enterprise,” said AuditBoard CEO Raul Villar Jr. “Our research shows that the ‘middle maturity trap’ isn’t a budget problem; it’s an execution gap where
inconsistent governance undermines the full promise of AI. To close this gap, businesses must make governance a continuous, shared habit across audit, risk, and compliance teams.”
[CPA Practice Advisor]
