AuditFile® AI and Safety

AuditFile® AI

AuditFile® AI brings generative AI into the audit workflow where the work already happens. It helps auditors move faster on research, evidence review, documentation, and financial reporting tasks while keeping client data inside infrastructure built for regulated professional work.

AuditFile® AI is protected by U.S. Patent No. 10,891,294, covering the application of artificial intelligence to financial statement audits.

What AuditFile AI helps auditors do

AuditFile AI helps teams research accounting and auditing standards, summarize evidence, draft workpapers, identify risks, classify trial balances, generate financial statements, roll forward prior-year work, and document conclusions for review.

It is built for real audit files, not generic office productivity. The system works with the standards, documents, and review expectations auditors already live with every day.

Safety first!

CPAs are right to ask where client data goes before trusting any AI tool. Audit files contain bank statements, payroll records, tax details, contracts, legal correspondence, PBC lists, trial balances, and evidence that clients never intended to place in a public chatbot.

A careless AI workflow can leak data without anyone meaning to do the wrong thing. Prompts can be retained in logs, used to train a model, reviewed by a vendor support team, processed in the wrong region, tied back to a named user, or mixed into another customer's experience.

AuditFile AI is designed to prevent those failure modes. Customer prompts, evidence, and outputs are not used for model training, are not retained by model providers, are not used in other customer outputs, and are processed inside enterprise cloud environments governed by AuditFile's security controls.

Augmenting, not replacing, auditor judgement

AI can speed up the work, but it does not sign the report. AuditFile AI supports professional judgment by helping auditors organize evidence, cite sources, and document the reasoning behind a conclusion. The professional remains responsible for the procedures performed, the conclusions reached, and the work they sign off on.

Grounded in audit standards

AuditFile AI is grounded in authoritative professional literature, not broad internet content. Its responses are shaped by the accounting, auditing, attestation, ethics, and independence standards auditors actually work under, including:

• Financial reporting frameworks: U.S. GAAP (the FASB Accounting Standards Codification), IFRS (issued by the IASB), and the governmental frameworks set by GASB (state and local) and FASAB (federal).
• PCAOB standards: PCAOB Auditing Standards (AS) for public-company and issuer audits.
• AICPA and international auditing standards: the AICPA Statements on Auditing Standards (AU-C) for private-company audits and the IAASB's International Standards on Auditing (ISA).
• Government and single audits: Generally Accepted Government Auditing Standards (GAGAS, the GAO "Yellow Book") and the 2 CFR 200 Uniform Guidance.
• Review, compilation, and attestation: the AICPA Statements on Standards for Accounting and Review Services (SSARS / AR-C) and the Statements on Standards for Attestation Engagements (SSAE / AT-C).
• Ethics and independence: the AICPA Code of Professional Conduct.

Safest architecture for sensitive audit work

Audit evidence should not be treated like ordinary chat input. Tools that ask auditors to upload evidence into a separate chatbot, vague AI workspace, or public model API create the exact risk firms are trying to avoid.

If a tool cannot clearly answer where client data goes, who can see it, how long it is retained, whether it trains a model, and whether it can appear in another customer's output, it should not be near an audit file.

AuditFile AI is different. It runs through enterprise cloud AI services inside AuditFile's controlled Azure and AWS environments, with no model training on customer data, zero-retention model calls, encrypted transport, and source-backed outputs that belong in an audit file.

Reviewable outputs

AuditFile AI is designed to leave reviewers with work they can inspect. Responses include citations, source references, and documented rationale so auditors can verify the support, challenge the conclusion, and decide what belongs in the final file.

That matters. A fast answer is not enough for audit work if the team cannot see where it came from, what it relied on, and whether it fits the engagement.

Private and secure by design

Your content and prompts are never used to train or improve AuditFile's AI features or any underlying large language model. They are never used in another customer's output and are not retained by the model providers. Every model call is zero-retention: prompts and responses are processed in memory and discarded by the provider.

That protection applies to the material CPAs worry about most: client financial records, personally identifiable information, audit evidence, internal control narratives, management representations, and workpaper conclusions. AuditFile AI is not a side channel where client data can quietly leave the engagement file.

Data in transit is protected with TLS 1.3, and data at rest is protected with AES-256 encryption. Requests sent to model providers are not associated with individual user identities. Retention of your content and prompts is configured to fit your firm's needs at the account level, and users can delete their content and prompts in the product at any time.

By default, AuditFile hosts data in the U.S. on Amazon Web Services and Microsoft Azure, with AI interactions processed in U.S. regions and backups replicated across separate availability zones. Region-based hosting is available for firms operating in other jurisdictions, including the EU and Canada.

AI compliance and assurance

The cloud AI services AuditFile relies on are independently assessed under AI-specific assurance programs. Azure AI Foundry Models, including Azure OpenAI models, have achieved ISO/IEC 42001:2023 certification for Artificial Intelligence Management Systems. AWS's ISO/IEC 42001:2023 accredited certification for AI services includes Amazon Bedrock.

Azure and Amazon Bedrock also sit within broader cloud assurance programs that matter to regulated firms. Depending on the specific service, deployment region, and audit scope, those programs include SOC 1, SOC 2, SOC 3, ISO/IEC 27001, ISO/IEC 27017, ISO/IEC 27018, ISO/IEC 27701, ISO 22301, ISO 20000, ISO 9001, CSA STAR, HIPAA/HITECH eligibility or BAA support, GDPR, FedRAMP, DoD impact levels, PCI DSS, HITRUST, IRAP, Germany C5, and Singapore MTCS.

AuditFile maps each deployment to the published Microsoft and AWS service and region scope rather than treating these programs as blanket certifications. Microsoft and AWS publish current certificates, audit reports, and scope details through the Microsoft Service Trust Portal and AWS Artifact.

Enterprise AI architecture

AuditFile runs its AI through Microsoft Azure AI Foundry and Amazon Bedrock, where the models operate inside AuditFile's own cloud environment rather than through a public consumer AI account. That distinction matters:

• Your data stays in AuditFile's cloud boundary. The models run inside AuditFile's own Azure and AWS environments, the same infrastructure that already holds your audit files.
• No new vendor to trust. Microsoft and Amazon are bound by enterprise data-processing agreements with no-training and zero-retention guarantees, and they carry AI-specific and cloud-security certifications AuditFile already relies on.
• Network isolation and data residency. Requests can travel over private network connections, and deployments can be pinned to specific regions so firms control where data is processed.
• Consistent governance. Access, logging, encryption, and retention are managed under AuditFile's enterprise controls instead of depending on a consumer AI tool's default settings.

Bring your own model

For firms that want maximum control, AuditFile offers Bring Your Own Token (BYOT). Your firm can supply its own model-provider credentials or run inference on its own stack: Ollama, llama.cpp, vLLM, LM Studio, OpenRouter, or another inference provider you prefer.

With BYOT or self-hosted inference, your prompts and audit data can stay inside infrastructure your firm owns and controls. Whether you standardize on Azure AI Foundry and AWS Bedrock or bring your own model, AuditFile adapts to your firm's security posture instead of forcing every customer onto the same AI vendor.