Risks, Realities and the Evolving Role of CPAs Auditing Emerging Technologies

By Angel Rafael Otero, Ph.D., CPA, CFE, CISA, CITP, CICA, CRISC

Emerging technologies have fundamentally reshaped the audit environment. While they enhance efficiency and analytical capabilities, they also introduce risks that challenge traditional audit methods, standards and skill sets. Issues such as algorithmic opacity, decentralized governance, data ownership ambiguity, and evolving cybersecurity threats now sit at the center of audit risk, requiring CPAs to adapt how assurance is delivered in increasingly complex, technology-driven environments.

This article highlights how emerging technologies are reshaping audit risk and practice, provides real-world examples of how auditors are responding, summarizes key regulatory and ethical considerations for CPAs, and concludes with practical insights for today s professionals.

Audit in the Age of Emerging Technologies

Digital transformation continues to reshape how organizations operate, generate data and report financial information. Technologies such as artificial intelligence (AI), robotic process automation (RPA), blockchain, cloud computing, the Internet of Things (IoT), quantum computing, and the metaverse are increasingly integrated into core business processes rather than remaining peripheral tools. While these technologies promise efficiency, scalability and innovation, they also introduce new risks that challenge long-standing audit methods and professional judgment (Mpofu & Mpofu, 2025).

Historically, auditing focused on evaluating financial statements, internal controls and regulatory compliance using historical data and well-established control structures. In today s technology-driven environment, auditors are increasingly asked to assess systems that operate in real time, rely on automated decision making and generate large volumes of data across decentralized platforms. Many existing audit tools and frameworks were not designed to address opaque algorithms, third party hosted environments or continuously evolving systems (Kokina, 2025).

Emerging technologies present both opportunity and risk for the profession. AI and RPA can enhance audit efficiency and anomaly detection, yet they also introduce concerns related to bias, transparency and overreliance on automated outputs (Grant Thornton, 2023). Blockchain offers immutable transaction records but creates challenges related to governance, access controls and smart contract assurance (Vitali & Giuliani, 2024). Cloud computing and IoT environments increase scalability and data availability while complicating data ownership, shared responsibility and audit evidence collection (Vitali & Giuliani, 2024). More advanced developments such as quantum computing and metaverse environments further expand cybersecurity, valuation and accountability risks (Reis, S mola, & Pagliusi, 2022).

A growing concern is that technology adoption has outpaced the development of audit standards, regulatory guidance and professional training. Auditors are often required to rely heavily on professional judgment where standardized assurance approaches do not yet exist, raising questions about consistency, defensibility and audit quality (AICPA, 2022; Mpofu & Mpofu, 2025). Ethical considerations also take on greater importance as automated systems influence financial decisions that may affect stakeholders in unintended ways (HBR, 2023; Otero & Agu, 2025).

Expanding Technology-Driven Audit Risks

The integration of emerging technologies has expanded the audit risk landscape beyond traditional concerns such as material misstatement or manual control failure. See Table 1.

Lessons From Real World Audit Applications

Case analyses across industries reveal consistent patterns in how organizations mitigate technology-specific risks and where assurance gaps persist.

In AI implementations, audit effectiveness improves when organizations conduct periodic bias assessments, maintain clear documentation of training data and deploy explainable AI capabilities that enable auditors to understand and evaluate how decisions are generated. Where AI models remained opaque, auditors reported increased audit effort and greater reliance on professional judgment (Kokina, 2025).

Blockchain audits demonstrated that governance structures often mattered more than the technology itself. Environments where validator responsibilities are clearly defined, dispute resolution processes are established and smart contracts are thoroughly tested tend to support stronger accountability and auditability, whereas loosely governed decentralized platforms are associated with higher audit risk.

Cloud computing and IoT cases highlighted the importance of Identity and access management controls, audit log availability and clearly defined service level agreements. Organizations that implemented regular access reviews, maintained detailed API logging and conducted routine disaster recovery testing tended to experience fewer audit evidence gaps and security issues (Vitali & Giuliani, 2024).

Early adopters of quantum readiness focused on inventorying encryption dependencies and monitoring vendor transition plans (Reis et al., 2022). Metaverse-related cases revealed heightened risks related to digital asset valuation, identity verification and governance maturity (Alawadhi & Alrefai, 2024). Across cases, audit outcomes improved when controls were technology specific, governance was clearly defined and ongoing auditing processes enabled continuous monitoring of risks as they emerged.

Regulatory and Ethical Challenges for CPAs

Regulatory and ethical challenges associated with emerging technologies affect both auditees (organizations) and auditors (CPAs), often in interconnected ways. Organizations are responsible for designing and operating systems that comply with evolving regulations, while auditors must evaluate whether those systems meet regulatory and ethical expectations despite limited or developing guidance.

From the auditee perspective, compliance is increasingly complex and technology specific. Evolving data privacy regulations and emerging AI governance frameworks require organizations to establish controls over data usage, ensure transparency in automated decision making and define appropriate risk classifications. These requirements are difficult to operationalize in environments such as AI and blockchain, particularly when systems continuously evolve or rely on third party platforms (Mpofu & Mpofu, 2025).

From the auditor perspective, these conditions create assurance challenges. Auditors must assess compliance where requirements lack clarity and audit evidence may be incomplete or difficult to obtain. Evaluating areas such as AI bias, blockchain governance or digital asset ownership requires expanded procedures and often extends beyond traditional audit approaches (Vitali & Giuliani, 2024).

Ethical considerations apply to both parties. Organizations are expected to implement safeguards such as bias testing and transparency mechanisms, while auditors must evaluate their effectiveness while maintaining independence and professional skepticism. These risks may not always result in financial misstatements but can still have significant stakeholder impact (HBR, 2023).

Overall, these challenges reflect a shared responsibility. Effective outcomes depend on organizations establishing clear governance and auditability, and auditors expanding their procedures and judgment. Greater alignment between both roles is essential for consistent and reliable assurance in technology-driven environments.

Practical Implications for CPAs

Several practical lessons emerge for CPAs working in technology-intensive environments:

• Auditability should be incorporated into system design from the beginning, ensuring that logging, evidence retention and access controls are properly embedded.
• Clearly defined governance structures are essential, as assigning ownership over AI models, smart contracts and data pipelines strengthens accountability.
• Ethical considerations should be operationalized through structured fairness assessments, transparency requirements and well-defined escalation protocols.
• Third party risk management should align with audit needs, particularly in cloud and platform environments.
• Internal audit plays a critical role, as early involvement in technology initiatives strengthens risk identification and control integration.

These implications apply broadly across the profession; however, the application of emerging technologies varies meaningfully across accounting roles, particularly between external auditors, internal auditors and accountants in private industry.

External auditors focus on obtaining sufficient appropriate audit evidence to support financial statement opinions. In technology-driven environments, this includes evaluating algorithm reliability, validating data integrity in automated systems and assessing third party controls in cloud-based platforms. Emphasis remains on independence, professional skepticism and defensible audit documentation.

Internal auditors operate within organizations and are more directly involved in continuous monitoring and risk management. Their role increasingly includes evaluating governance over AI models, reviewing system implementations prior to deployment and assessing the effectiveness of real-time controls embedded in technologies such as RPA, IoT and enterprise systems.

Accountants in private industry, including controllers and management accountants, are responsible for designing, implementing and maintaining these technology-enabled processes. Their focus centers on ensuring data quality, establishing internal controls over automated workflows, and aligning technology use with financial reporting and strategic objectives. In practice, this includes overseeing AI-driven forecasting models, managing cloud-based ERP systems and ensuring proper valuation and reporting of digital assets.

While responsibilities differ, effective outcomes depend on coordination across these roles. External auditors rely on well-designed controls, internal auditors support governance and risk oversight, and private industry accountants ensure operational integrity. This alignment is essential to achieving reliable financial reporting and auditability in technology-driven environments.

Maintaining Independence, Integrity and Trust Amid Technological Change

Emerging technologies continue to redefine how assurance is performed across the profession. Addressing these changes requires stronger governance, continuous monitoring and greater integration of ethical considerations into audit practices. As organizations advance their use of technology, the ability of CPAs to adapt while maintaining independence, integrity and professional judgment will remain essential to sustaining trust in financial reporting.

About the Author: Angel Rafael Otero, Ph.D., CPA, CFE, CISA, CITP, CICA, CRISC, has more than 20 years of professional experience in public accounting and auditing, including financial statement audits, internal control audits and information systems and technology auditing. Prior to joining Florida Institute of Technology, he worked at Deloitte for more than 10 years, where he attained the position of Senior Manager. His research interests include artificial intelligence (AI) in financial and IT audits, robotic process automation (RPA), financial audits and internal controls, information systems auditing and accounting information systems. He has published extensively on the impact of AI on financial statement audits, IT audits and accounting functions, as well as on topics involving RPA, blockchain technology and the assessment of general IT controls over financial and accounting systems. Dr. Otero is also author of a textbook in the area of information systems and technology auditing.

References

AICPA. (2022). Audit Risk and Emerging Technologies. https://www.aicpa-cima.com/home

Alawadhi, A. S., & Alrefai, A. A. (2024). The metaverse and accounting: A paradigm shift in emerging technologies and their implications on accounting research. Journal of Emerging Technologies in Accounting 1 October 2024; 21 (2): 19-34. https://doi.org/10.2308/JETA-2023-031

Grant Thornton. (2023). Internal audit can be fundamental for AI success. https://www.grantthornton.com/insights/articles/advisory/2023/internal-audit-can-be-fundamental-for-ai-success

Harvard Business Review (HBR). (2023). AI won't replace humans - but humans with AI will replace humans without AI. https://hbr.org/2023/08/ai-wont-replace-humans-but-humans-with-ai-will-replace-humans-without-ai

Kokina, J. (2025). Challenges and opportunities for artificial intelligence in auditing: Evidence from the field. International Journal of Accounting Information Systems, 56(10), 100734. https://www.sciencedirect.com/science/article/pii/S1467089525000107

Mpofu, F. Y., & Mpofu, Q. (2025). The application of digital technologies in external auditing: A double edged sword? Business Ecosystem & Strategy, 7(1). DOI: https://doi.org/10.36096/ijbes.v7i1.641

Otero, A. R., & Agu, M. (2025). Benefits and Drawbacks of Incorporating ChatGPT in Financial Audits. Current Issues in Auditing, 19(2), 1-9. DOI: 10.2308/CIIA-2024-016

Reis, L. C. D., S mola, M., & Pagliusi, P. S. (2022). Quantum computing and the role of internal audit. ISACA. https://www.isaca.org/resources/news-and-trends/isaca-now-blog/2022/quantum-computing-and-the-role-of-internal-audit

Vitali, S., & Giuliani, M. (2024). Emerging digital technologies and auditing firms: Opportunities and challenges. International Journal of Accounting Information Systems, 53(1), 100676. https://www.sciencedirect.com/science/article/pii/S1467089524000095

Thanks to the Sponsors of Today's CPA Magazine

This content was made possible by the sponsors of this issue of Today's CPA Magazine:

8amCPACharge

Accounting Biz Brokers

Accounting Practice Sales

Goodman Financial

Paychex

TXCPA Member Insurance