Impact of AI Code Assistants on Audit Tool Development
Keywords:
AI Code Assistants Audit Analytics Automation Software Security Vulnerabilities, SOX Compliance Validation, Verification Debt, ICFR TestingAbstract
AI-assisted code development tools are increasingly being integrated into audit analytics and controls testing environments, where custom scripts in Python, SQL, R, and JavaScript support high-volume compliance testing, data transformations, and regulatory reporting. Such tools accelerate audit script synthesis by generating data extraction queries, automating standard audit procedures including Benford’s Law testing and aging analyses, and producing documentation scaffolding. Nevertheless, the introduction of AI-generated code into SOX and ICFR testing processes creates material risks including SQL injection vulnerabilities, hard-coded credentials, compromised code security arising from uncritical developer acceptance of AI suggestions, and escalating verification debt caused by the mismatch between developer mental models and actual AI tool behavior. Effective mitigation demands mandatory peer review, automated security scanning using tools such as Bandit, SonarQube, and CodeQL, governance of prompt construction through version-controlled template libraries, and continuous integration pipelines enforcing quality standards via platforms such as Jenkins or GitLab CI. A hybrid development model combining AI-driven acceleration with rigorous human oversight, test-driven development practices, and comprehensive multi-dimensional software quality evaluation provides the most defensible path for maintaining compliance integrity in regulated audit environments.
Downloads
References
J. Becker et al., “Measuring the Impact of Early-2025 AI on Experienced Open-Source Developer Productivity,” arXiv, Jul. 2025. [Online]. Available: https://arxiv.org/pdf/2507.09089
S. Srikanth et al., “AI-Driven Developer Ecosystem,” IJRSI, Jul. 2025. [Online]. Available: https://rsisinternational.org/journals/ijrsi/articles/ai-driven-developer-ecosystem/
A. Arivoli, “The Impact of AI-Generated Code on Software Quality and Developer Productivity,” IOSR-JCE, 2025. [Online]. Available: https://www.iosrjournals.org/iosr-jce/papers/Vol27-issue1/Ser-1/L2701017682.pdf
V. Stray et al., “Developer Productivity With and Without GitHub Copilot: A Longitudinal Mixed-Methods Case,” arXiv, Jan. 2026. [Online]. Available: https://arxiv.org/pdf/2509.20353
G. Giray et al., “An Empirical Study of Generative AI Adoption in Software Engineering,” arXiv, Dec. 2025. [Online]. Available: https://arxiv.org/pdf/2512.23327
L. N. Hyseni and A. Deraku, “Comparative Analysis of GitHub Copilot and ChatGPT in Web Application Development: An Experimental Study,” IJCESEN, Apr. 2025. [Online]. Available: https://www.ijcesen.com/index.php/ijcesen/article/view/1846/791
H. Pearce et al., “Asleep at the Keyboard? Assessing the Security of GitHub Copilot’s Code Contributions,” IEEE S&P, 2022. [Online]. Available: https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=9833571
N. Perry et al., “Do Users Write More Insecure Code with AI Assistants?” arXiv, 2023. [Online]. Available: https://arxiv.org/html/2211.03622v3
G. Desolda et al., “Understanding User Mental Models in AI-Driven Code Completion Tools: Insights from an Elicitation Study,” ScienceDirect, Nov. 2025. [Online]. Available: https://www.sciencedirect.com/science/article/pii/S1071581925002058
K. Kiashemshaki et al., “Secure Coding for Web Applications: Frameworks, Challenges, and the Role of LLMs,” arXiv, Aug. 2025. [Online]. Available: https://arxiv.org/html/2507.22223v2
M. L. Siddiq et al., “Large Language Models for Software Engineering: A Reproducibility Crisis,” arXiv, Nov. 2025. [Online]. Available: https://arxiv.org/pdf/2512.00651
L. Beurer-Kellner et al., “Prompting Is Programming: A Query Language for Large Language Models,” arXiv, 2023. [Online]. Available: https://arxiv.org/pdf/2212.06094
M. Chen et al., “Evaluating Large Language Models Trained on Code,” arXiv, 2021. [Online]. Available: https://arxiv.org/pdf/2107.03374
H. Chauhan et al., “A Review of Software Quality Models for the Evaluation of Software Products,” IJCSE, 2016. [Online]. Available: https://ijcseonline.org/index.php/j/article/view/1125/1118
Y. Sedelmaier and D. Landes, “SWEBOS—The Software Engineering Body of Skills,” I-JEP. [Online]. Available: https://online-journals.org/index.php/i-jep/article/view/4047/3386
GitHub, “GitHub Copilot: Your AI Pair Programmer,” GitHub, Inc., San Francisco, CA, USA, 2023. [Online]. Available: https://github.com/features/copilot
E. Özgül et al., “A Systematic Review of Studies on the Use of Generative Artificial Intelligence Tools in Programming Education,” IEEE Access, vol. 12, pp. 58701–58725, 2024. https://doi.org/10.1109/ACCESS.2024.3390829
PCAOB, “Auditing Standard No. 5: An Audit of Internal Control Over Financial Reporting That Is Integrated with An Audit of Financial Statements,” PCAOB, Washington, DC, USA, 2007. [Online]. Available: https://pcaobus.org/Standards/Auditing/Pages/Auditing_Standard_5.aspx
S. Cantor, “A Guide to Data Analytics in Internal Audit,” Internal Auditor, Feb. 5, 2026. [Online]. Available: https://www.becker.com/blog/cia/a-guide-to-data-analytics-in-internal-audit
OWASP, “OWASP Top Ten Web Application Security Risks,” Open Web Application Security Project, 2021. [Online]. Available: https://owasp.org/www-project-top-ten/
HashiCorp, “Vault: Secrets Management and Data Protection,” HashiCorp, Inc., San Francisco, CA, USA, 2023. [Online]. Available: https://www.vaultproject.io/
SonarSource, “SonarQube: Continuous Code Quality and Security,” SonarSource SA, Geneva, Switzerland, 2023. [Online]. Available: https://www.sonarqube.org/
T. Winters, T. Manshreck, and H. Wright, Software Engineering at Google: Lessons Learned from Programming Over Time. Sebastopol, CA, USA: O’Reilly Media, 2020.
J. Humble and D. Farley, Continuous Delivery: Reliable Software Releases through Build, Test, and Deployment Automation. Upper Saddle River, NJ, USA: Addison-Wesley, 2010.
T. Zhang et al., “A Survey of Controllable Text Generation Using Transformer-Based Pre-Trained Language Models,” ACM Computing Surveys, vol. 56, no. 4, pp. 1–38, 2024. https://doi.org/10.1145/3617680
ISO/IEC, “ISO/IEC 25010:2011 Systems and Software Engineering—Systems and Software Quality Requirements and Evaluation (SQuaRE)—System and Software Quality Models,” ISO, Geneva, Switzerland, 2011. https://www.iso.org/standard/35733.html
K. Beck, Test Driven Development: By Example. Boston, MA, USA: Addison-Wesley, 2002.
D. Poccia, “AI-Assisted Software Development Lifecycle,” Sep. 25, 2024. [Online]. Available: https://dev.to/aws/ai-assisted-software-development-lifecycle-289k
AICPA, “Statement on Auditing Standards No. 145: Understanding the Entity and Its Environment and Assessing the Risks of Material Misstatement,” AICPA, New York, NY, USA, 2021. [Online]. Available: https://us.aicpa.org/research/standards/auditattest/sas
PCAOB, “AS 2301: The Auditor’s Responses to the Risks of Material Misstatement,” PCAOB, Washington, DC, USA, 2010. [Online]. Available: https://pcaobus.org/Standards/Auditing/Pages/AS2301.aspx
Downloads
Published
How to Cite
Issue
Section
License
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
All papers should be submitted electronically. All submitted manuscripts must be original work that is not under submission at another journal or under consideration for publication in another form, such as a monograph or chapter of a book. Authors of submitted papers are obligated not to submit their paper for publication elsewhere until an editorial decision is rendered on their submission. Further, authors of accepted papers are prohibited from publishing the results in other publications that appear before the paper is published in the Journal unless they receive approval for doing so from the Editor-In-Chief.
IJISAE open access articles are licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. This license lets the audience to give appropriate credit, provide a link to the license, and indicate if changes were made and if they remix, transform, or build upon the material, they must distribute contributions under the same license as the original.
