Purpose

This study examines the potential of Generative Artificial Intelligence (GenAI) to enhance Quality Assurance (QA) in standardised auditing contexts. As organisations increasingly utilise AI to fulfil compliance obligations, the research explores how GenAI can aid ISO-based auditing processes.

Design/methodology/approach

A qualitative exploratory design was adopted, using semi-structured interviews with ten auditors and QA professionals across multiple industries. Guided by the Technology Acceptance Model (TAM) and Sociotechnical Systems (STS) theory, thematic analysis identified functional and non-functional requirements, stakeholder expectations, and organisational challenges influencing GenAI adoption.

Findings

GenAI holds significant promise for automating audit tasks such as document review, risk detection, and reporting, thus enhancing efficiency and reducing manual effort. However, constraints exist, including the need for explainability, trust, and human oversight. Organisational readiness, regulatory compliance, and integration with existing systems were recognised as critical hurdles to implementation.

Research limitations/implications

Interviews were limited to professionals with ISO-based auditing experience, and perspectives from clients, regulators, and other regimes such as GDPR or HIPAA were not represented. Broader, mixed-method, multi-stakeholder cases are needed to generalise the findings and assess GenAI's impact across diverse compliance settings.

Originality/value

This paper advances Quality 4.0 by developing a human–AI co-auditing framework for clause-level ISO assurance grounded in practitioner insights. It moves beyond adoption-focused research to articulate design principles that improve traceability, audit efficiency, and clause coverage reliability, while preserving professional accountability through human-in-the-loop governance.

In today's dynamic business environment, organisations face growing pressure to meet exceptional standards of quality, reliability, and security across operations. A key strategy for meeting these expectations is the adoption of internationally recognised standards. These include ISO 9001 (Quality Management), ISO/IEC 27001 (Information Security), ISO 14001 (Environmental Management), and ISO 45001 (Occupational Health and Safety). These frameworks ensure systematic quality assurance, and accountability, while signalling commitment to governance, compliance, and continual improvement (Al Hadad and Maulana, 2023; Sulistyowati et al., 2020).

Compliance with such standards depends on structured, evidence-based auditing practices. In regulated environments, ISO/IEC 27001 audits involve systematic documentation review, checklist verification, and identification of nonconformities and risks to demonstrate conformity and maintain certification (International Organisation for Standardization, 2022; Muthmainnah et al., 2022). While essential, these processes are resource-intensive and challenging to sustain under evolving regulatory requirements and growing documentation demands (Zelmati et al., 2023).

In this context, GenAI is emerging as a potential enabler of more efficient and traceable auditing practices, extending beyond conventional automation to support clause-level analysis, evidence classification, and audit-ready documentation (Zhao and Wang, 2024). These capabilities support compliance assessment across extensive repositories of unstructured audit data. Moreover, it supports the generation of structured findings, nonconformity reports, and evidence traceability to specific standard requirements.

Despite growing interest in AI-enabled auditing, current studies remain focused on task-specific automation, analytics, or traditional machine learning within financial auditing contexts (Seethamraju and Hecimovic, 2023; Kokina et al., 2025). Research on GenAI remains limited and exploratory, concentrating on isolated use cases such as document processing or report drafting rather than addressing clause-level quality assurance in regulated environments (Bhaskar et al., 2024; Berger et al., 2023). Prior research rarely integrates individual adoption factors with organisational and sociotechnical considerations. As a result, there is limited understanding of how GenAI can be integrated within ISO-based auditing systems, while maintaining trust, transparency, and professional accountability.

This study addresses this gap by examining the potential of GenAI to enhance QA in ISO-based auditing. It synthesizes insights from practitioners on GenAI's anticipated advantages, technical and organisational challenges, trust dynamics, and implementation strategy in regulated QA environments. TAM and STS theory are utilised to investigate adoption drivers, organisational conditions, and system-level requirements necessary for responsible implementation in regulated auditing contexts.

Based on this purpose, the study is guided by the following research questions:

RQ1.

What are the functional and non-functional requirements for designing and integrating a GenAI-driven QA framework to ensure continuous compliance with standards?

RQ2.

How can a GenAI-based QA system effectively meet stakeholder expectations while acting as a co-auditor without compromising trust, transparency, or accountability?

RQ3.

What are the organisational impacts of implementing a GenAI-driven QA framework, and what metrics can be used to evaluate its success?

RQ4.

How can a GenAI-based QA framework be adapted to comply with multiple standards and evolving regulatory requirements, ensuring scalability and long-term sustainability?

To address these questions, Section 2 reviews relevant literature and develops the theoretical foundation and conceptual framework. Section 3 defines the qualitative methodology. Section 4 presents thematic findings, followed by theoretical and practical implications in Section 5. Section 6 concludes the paper by summarising key contributions and outlining limitations and future research directions.

Quality Assurance (QA), grounded in the Total Quality Management (TQM) framework (TQM) framework, ensures systematic conformance to internationally recognized standards such as ISO 9001 and ISO/IEC 27001 (Papaioannou et al., 2024; Sashkin and Kiser, 1993). Within QA, auditing verifies compliance and identifies improvement opportunities (Ilori et al., 2022). Digitalisation has advanced auditing practices by enabling automated monitoring and adaptive platforms that improve efficiency and reduce auditor workload (Indriyanto, 2023; Zelmati et al., 2023). Recent studies demonstrate that AI technologies, particularly Machine Learning (ML), Deep Learning (DL), and Natural Language Processing (NLP) – support anomaly detection, predictive risk analysis, and document processing (Kokina et al., 2025; Seethamraju and Hecimovic, 2023). ML detects irregular patterns and refines risk estimates, DL enables hierarchical classification for fraud assessment (Johnson et al., 2020; Sun and Vasarhelyi, 2018), and NLP extracts insights from large volumes of unstructured text (Kang et al., 2020; Odoh et al., 2018; Zhang et al., 2020).

Despite these advances, AI adoption remains limited by system compatibility, data quality limitations, regulatory uncertainty, organisational readiness, and explainability concerns (Qatawneh, 2025; Seethamraju and Hecimovic, 2023; van Tilburg, 2025). These constraints have generated growing interest in GenAI, which extends beyond task-specific automation to enable contextual reasoning and synthesis of unstructured audit data.

Building upon traditional AI, GenAI leverages large language models (LLMs) to provide contextual understanding and narrative synthesis for auditors (Anica-Popa et al., 2024; Wang et al., 2019). Empirical and conceptual studies show that GenAI supports risk identification, evidence interpretation, translation, and report generation (Bhaskar et al., 2024; Bouziane, 2025; Gan, 2024). Framework and case-based research illustrate these applications. Anica-Popa et al. (2024) present a “Knowledge Consolidator” to automate compliance tasks and support decision-making. Landesbank Baden-Württemberg deployed GFT Enterprise GPT for real-time compliance checks and policy interpretation, with traceable results (Zöller et al., 2025).

Wang et al. (2025) propose an explainable clause-mapping framework that reduced audit completion times. Berger et al. (2023) and Lubos et al. (2024) evaluated LLMs against IFRS, HGB, and ISO 29148 standards, reporting promising results while emphasising the need for domain-specific tuning and human validation.

While promising, GenAI deployment in regulated auditing remains limited by hallucinations, bias, reproducibility concerns, accountability gaps, and prompt manipulation (Alam et al., 2025; Barde and Kulkarni, 2023; Berger et al., 2023). Accordingly, current evidence positions GenAI as an assistive technology rather than an autonomous auditing system.

Although AI integration in auditing is expanding, its organisational adoption remains incremental. Current applications focus on anomaly detection, document analysis, and risk flagging, without progressing toward autonomous QA or clause-level interpretation.

Empirical studies identify adoption drivers and barriers. Yang et al. (2021) underline organisational readiness, technological capability, and external pressures as enablers within a Big Four firm, while regulatory ambiguity and cultural resistance continue as constraints. Ayoub et al. (2025) similarly found that AI, RPA, and analytics for risk anticipation and anomaly detection, remain supplementary tools rather than embedded governance systems. Industry evidence reinforces this caution: although 81% of legal, risk, and compliance professionals recognise GenAI's potential, only 54% support implementation due to reliability and ethical concerns (Thomson Reuters Institute, 2024). In line with this, Markova-Karpuzova et al. (2024) stress that integration depends on aligning AI with organisational values and building trust. Thus, adoption requires cultural alignment, ethical safeguards, and regulatory clarity.

2.4.1 Theoretical foundation

This study is grounded in the Technology Acceptance Model (TAM) and Sociotechnical Systems (STS) theory to examine GenAI integration into quality assurance and auditing. These theories provide complementary perspectives on individual adoption and system-level integration in regulated auditing environments.

TAM explains technology adoption through perceived usefulness and perceived ease of use (Davis, 1989). These constructs are relevant in auditing contexts. Auditors' willingness to rely on GenAI depends on whether it improves audit efficiency, accuracy, and decision support. It must do so without increasing cognitive or procedural burden. Prior technology acceptance research highlights the importance of perceived usefulness, trust, and usability in shaping acceptance of AI-enabled tools (Davis, 1989; Venkatesh et al., 2003).

Nonetheless, TAM alone does not capture the organisational and regulatory embeddedness of ISO-based auditing. In such settings, compliance is embedded within organisational structures, regulatory expectations, and professional accountability. To address these dimensions, this study also adopts STS theory, which emphasises the joint optimisation of social and technical elements in complex work systems (Eason, 2014; Trist and Bamforth, 1951). From an STS perspective, GenAI is not merely a technical artefact but part of a broader auditing system involving auditors, organisational processes, governance mechanisms, and institutional constraints.

2.4.2 Integrating TAM and STS in Gen AI-enabled auditing

TAM and STS are integrated in this study to provide a multi-level theoretical lens for analysing GenAI adoption. TAM guides the analysis of individual perceptions, explaining how auditors perceive, accept, and interact with GenAI systems based on perceived usefulness, ease of use, and trust. STS complements this perspective at the organisational and system level, accounting for human–AI collaboration, culture, governance mechanisms, infrastructure, and regulatory alignment.

This integration allows examination of both adoption intent and the sociotechnical conditions required to sustain use in regulated auditing environments. In particular, the framework captures key tensions in ISO-based auditing, including automation versus professional judgment, efficiency versus accountability, and standardisation versus contextual flexibility.

2.4.3 Conceptual framework development

Guided by TAM and STS, the conceptual framework examines GenAI integration in quality assurance processes. Individual-level concerns derived from TAM include perceived usefulness, ease of use, and trust. These factors influence auditors' willingness to interact with GenAI systems. System-level factors informed by STS include human–AI collaboration, organisational culture, governance structures, technical infrastructure, and regulatory alignment.

These factors were identified through a synthesis of prior literature on AI in auditing (Bhaskar et al., 2024; Kokina et al., 2025) and aligned with practitioner insights. The framework further specifies expected outcomes of GenAI integration. These include compliance readiness, audit efficiency, organisational performance, and scalability across standards. The outcomes reflect both adoption-related benefits and system-level performance improvements. Figure 1 represents the conceptual framework derived from this theoretical positioning.

Figure 1

Conceptual framework illustrating key factors influencing GenAI integration in QA processes and its expected outcomes. Source: Authors’ own work

Figure 1

Conceptual framework illustrating key factors influencing GenAI integration in QA processes and its expected outcomes. Source: Authors’ own work

Close modal

While issues of trust, transparency, and oversight are acknowledged in the literature, their interaction with organisational readiness and regulatory governance remains underdeveloped. There is insufficient understanding of how GenAI can be systematically integrated into ISO-based auditing while preserving accountability and sociotechnical balance. Accordingly, this study investigates GenAI integration in ISO-based QA using a qualitative approach grounded in TAM and STS to illuminate both individual acceptance factors and system-level integration requirements.

This study employs an exploratory qualitative design grounded in the interpretivist paradigm to examine how GenAI may enhance QA within ISO-based auditing contexts (Creswell and Creswell, 2018; Saunders et al., 2009). Semi-structured interviews were selected to capture auditors' experiences, expectations, and concerns while allowing exploration of context-specific practices.

The interview protocol was developed as a theory-driven guide (Creswell and Creswell, 2018; Saunders et al., 2009). The TAM and STS were used as sensitising frameworks to ensure coverage of individual-level adoption factors and system-level organisational and regulatory conditions. Interview questions were mapped to TAM constructs (perceived usefulness, ease of use, trust) and STS elements (human–AI collaboration, governance structures, regulatory alignment, and technical infrastructure). Questions were designed to explore current QA practices, desired system functionalities, non-functional requirements like explainability and data security, and human–AI collaboration. This structure ensured theoretical coherence while preserving flexibility to probe emergent insights. The protocol was pilot tested with an experienced auditor and refined for clarity prior to data collection. A sample of interview questions is presented in Table 1, with the full protocol available in the  Appendix. Participant demographics and ISO expertise are summarised in Table 2.

Table 1

Sample interview questions categorised by TAM and STS constructs

Thematic focusInterview questionTheoretical construct
A. Understanding current QA practices and pain points1. Could you walk me through how you are currently handling quality assurance and auditing, particularly for standards like ISO 27001?STS – Organisational Context
2. How do you find managing all those moving parts? Are there particular areas where you think technology could ease the workload?TAM – Perceived Usefulness
3. Are there any specific standards or requirements that are particularly difficult to comply with?STS – Regulatory Pressure
B. Desired functionalities of a GenAI framework4. What features or capabilities would you expect from an AI system to make it a valuable tool in auditing?TAM – Perceived Usefulness
5. Would you consider integrating Generative AI to enhance your current automation? Why or why not?TAM – Adoption Decision
6. Do you think a single AI-based QA tool could be flexible enough to manage different standards like ISO 9001, 27001, and others? Why or why not?STS – Scalability and Adaptability
C. Non-functional requirements7. When it comes to data security, how important are attributes like data privacy, explainability, and cybersecurity in an AI-driven QA system?STS – Non-Functional Requirements
8. How crucial is it for you to understand the reasoning behind it to ensure compliance and trust?TAM and STS – Explainability and Trust
9. Do you foresee any resource constraints that might limit implementation?STS – Resource Constraints
D. Human-AI collaboration and sociotechnical considerations10. What concerns might you have about integrating AI into auditing processes?STS – Human-AI Interaction
Source(s): Authors’ own work
Table 2

Summary of participants' information

ParticipantRoleExperienceStandards
P1Lead Auditor1 yearISO 27001
P2QA Manager25+ yearsISO 9001,45001,14001
P3Quality and Systems Coordinator12+ yearsISO 9001,45001
P4Managing Director and Lead Auditor25+ yearsISO 9001,45001,14001
27,001, 50,001
P5Chief Executive Officer30+ yearsISO 27001
P6Chief Executive Officer and Business Developer30+yearsISO 45001,14001
P7Consultant18 yearsISO 20000
P8Director of ISO10+yearsISO 22000
P9Chief Information Security Officer30+ YearsISO 27001
P10Senior Leadership25+ yearsISO 27001
Source(s): Authors’ own work

The study was conducted in Australia and involved professionals with ISO-based QA and auditing experience across information security, manufacturing, food safety, and business automation sectors. Using purposive sampling with a snowball technique, ten auditors and QA professionals were interviewed via semi-structured interviews lasting 30–60 min each, conducted between January and May 2025. Data saturation was reached at the eighth interview with two additional interviews conducted to confirm thematic stability. Ethical approval was obtained from Victoria University's Human Research Ethics Committee (HRE24-180).

Thematic analysis following Creswell and Creswell (2018) six-step framework was conducted (Figure 2) using NVivo software. Initial coding yielded 78 unique codes, refined into 7 main themes with 25 sub-themes. Inter-rater reliability achieved Cohen's Kappa of 0.88, confirming coding consistency.

Figure 2

Customized qualitative data analysis framework (adapted from Creswell and Creswell, 2018). Source: Authors’ own work

Figure 2

Customized qualitative data analysis framework (adapted from Creswell and Creswell, 2018). Source: Authors’ own work

Close modal

The study ensures trustworthiness by addressing the four established criteria credibility, transferability, dependability, and confirmability (Cypress, 2017; Dodgson, 2019). Credibility was reinforced through member checking, allowing participants to review and confirm the summarised findings (Birt et al., 2016). To promote transferability, the study offered detailed narratives of context and participants' experiences (Ahmed, 2024; Haq et al., 2023). Dependability was strengthened through rigorous documentation of data collection and analysis procedures, providing replicability (Amin et al., 2020). Confirmability was achieved through reflexive practice, where the researchers acknowledged their positionality and theoretical lens during thematic interpretation, thus reducing bias and enhancing neutrality (Braun and Clarke, 2006; Olmos-Vega et al., 2023).

Thematic analysis of the interviews produced seven themes and 25 sub-themes, which structure the presentation of results on system requirements, trust, readiness, impact, and adaptability.

Participants agreed on three key functional requirements: automation and process management, decision support and traceability, and document and evidence management. Figure 3 illustrates these with supporting quotes.

Figure 3

Visual map of Theme 1: functional requirements for GenAI-driven QA, showing sub-themes and representative participant quotes. Source: Authors’ own work

Figure 3

Visual map of Theme 1: functional requirements for GenAI-driven QA, showing sub-themes and representative participant quotes. Source: Authors’ own work

Close modal

Reducing manual effort emerged as paramount. GenAI was expected to streamline repetitive and time-consuming tasks, particularly in the early stages of audits. Participants highlighted inefficiencies in reviewing large volumes of documentation. P1 explained, “We go to the documentation, we audit the processes, and we have to do it manually. So, it all depends on the auditor going to the documents … It's a challenge for the auditor.”

Participants also emphasised the importance of decision support tools with traceability. They expected GenAI systems to assist in flagging risks and provide explainable audit trails to support accountability and verification. P2 stressed, “I need to be able to have that audit trail to say, here is an outcome, and this is how you flagged that.” Standardisation also emerged as a requirement. P10 emphasised the value of establishing prompt libraries to ensure consistency and quality in AI outputs, “The safest approach is for organisations to quantify the tasks and standardise the questions being asked to GenAI … there would be a clearly defined set of prompts linked to specific tasks.”

Participants reported challenges in managing documentation and evidence, including difficulties in version control, proof of compliance, and adapting templates to local contexts. GenAI was seen as valuable for maintaining consistency while supporting contextual flexibility. P4 raised concerns about data access, noting, “Employees try not to show you the documents or provide you a different one … So [we need] a black-and-white answer from AI.”

The use of document templates was seen as helpful but not sufficient. P3 explained, “Even when using pre-generated templates, we still need to spend another hour or two customising it for the company itself.”

Participants also highlighted several non-functional requirements shaping the viability and effectiveness of GenAI-driven QA systems. These were grouped into five sub-themes: complexity and accessibility, integration and resource management, organisational and cultural challenges, security and compliance, and usability and transparency. Figure 4 illustrates these with representative quotes.

Figure 4

Visual map of Theme 2: non-functional requirements for GenAI-driven QA, highlighting five sub-themes and associated participant insights. Source: Authors’ own work

Figure 4

Visual map of Theme 2: non-functional requirements for GenAI-driven QA, highlighting five sub-themes and associated participant insights. Source: Authors’ own work

Close modal

Participants questioned whether GenAI could manage complex, undocumented, or industry-specific contexts, noting that the absence of structured knowledge and limited data access were major constraints. P4 noted, “Audit is not about checking and doing it through a checklist … AI for inspection is fine, but not for auditing,” highlighting concerns about judgment-based tasks. Integration challenges were common, including platform compatibility, staff expertise, and resource limitations. P2 asked, “Do we have to change our practices to suit the software … or is the software allowed to be adjusted to suit our practices?”

Compliance processes were described as time- and resource-intensive, particularly formal certification, which can take years due to the depth of investigation required. P10 stated: “It can take anywhere from one to three years. This is largely because the process requires deep investigation into every aspect of the organisation.” Organisational culture shaped adoption, with leadership hesitation, generational differences, and the need for ongoing training frequently cited. P8 remarked, “Some directors … don't usually want to use technology; they always try to do manual things.”

Security and compliance risks emerged as concerns. P6 advised, “You don't know what platforms are going to do with the data.” Yet, GenAI was also seen as a tool for helping organisations stay current with regulations. Usability and explainability proved pivotal, as poor AI communication caused stress and confusion among auditees. P3 remarked, “The general manager called me … saying these guys are scared,” underscoring the need for transparent logic and field-adaptable outputs.

Participants viewed trust, human oversight, and collaboration as essential components for integration, forming a human-AI model of confidence, accountability, and mutual support. Trust evolved as a requirement for adoption. P2 explained, “I would actually need to be able to trust it because they need to trust it as well. Trust is going to be the biggest one.” P6 linked this to broader concerns, remarking, “it's the same security and privacy concerns that you have with the human as you do with AI. Training quality was also viewed as key to shaping trust. P4 cautioned, “AI is trained … based on what is given to them,” implying potential limitations in judgment reliability.

Human oversight was considered indispensable, with P4 stressing that “ultimate decisions need to be taken by the auditors,” and P7 added, “but a human still has to sign off,” reflecting the view that AI cannot replace professional accountability or contextual interpretation. Despite such concerns, participants were optimistic about collaboration. P1 envisioned “GenAI and humans … form[ing] a collaborative synergy,” while P4 described its value in “creating a structure for the audit … reviewing documentation beforehand.” This hybrid vision positioned GenAI as a co-auditor that enhances efficiency while leaving judgment and accountability with human professionals.

While most participants favoured human-in-the-loop approaches, P10 proposed alternative validation approaches that rely exclusively on AI, where “the validation part could be done by another AI model … one GenAI model could generate output, and two or three other models could cross-validate it to confirm whether the result is accurate and reliable.” This approach, described as “triangulation,” was seen as a way to enhance reliability without direct human involvement. Figure 5 summarises these with supporting participant quotes.

Figure 5

Visual map of Theme 3 and subthemes with supporting participant insights. Source: Authors’ own work

Figure 5

Visual map of Theme 3 and subthemes with supporting participant insights. Source: Authors’ own work

Close modal

Participants emphasised that explainability in GenAI is not only a technical issue but also an organisational concern. The “black-box” nature of AI was a core concern. P1 noted, “We never know what's happening under the hood,” highlighting the lack of visibility into how outputs are produced. P4 added that GenAI cannot replicate the lived experience auditors rely on when navigating complex or ambiguous situations. While some expressed openness to scenario-based AI logic, they emphasised that it must support, not replace, auditor judgment. P4 explained, “If AI would run various scenarios, then I would say it's an interesting one to have a look at.”

Output validity was a recurring issue, particularly the risk of hallucinated content and lack of contextual awareness. P2 shared, “I had situations where it made up answers,” while P3 observed that “I put my thoughts into the report … AI wouldn't know what I was thinking.” P9 warned of inconsistent outcomes across similar cases, stating, “If you're running an audit against two customers and they're providing almost similar answers, you don't want two different outcomes for each of them, and with GenAI, it is possible …” Participants questioned GenAI's ability to evaluate fairness across cases, where employee history, culture, or informal practices influence audit outcomes.

Accountability and governance were tightly linked to these concerns, with repeated calls for audit trails, traceability, and clarity on decision processes. P2 stressed, “I need to have that audit trail to say: here is an outcome, and this is how you made that.” P5 raised issues of data ownership and security in handling sensitive information. The key participant insights are summarised in Figure 6.

Figure 6

Visual map of Theme 4: explainability, validity and accountability in GenAI-driven QA, highlighting participants' insight. Source: Authors’ own work

Figure 6

Visual map of Theme 4: explainability, validity and accountability in GenAI-driven QA, highlighting participants' insight. Source: Authors’ own work

Close modal

Participants emphasised that GenAI adoption depends not only on technological capability but also on organisational context, stakeholder awareness, and the pace of change management. A recurring tension concerned whether workflows should adapt to GenAI or vice versa. P2 questioned, “Do we have to change our practices to suit the software … or is the software allowed to be adjusted to suit our practices?” Stakeholder confidence was seen as a critical enabler. P3 explained, “The main challenges would be the auditees themselves … it's just the auditees' understanding of what's going on.”

Interestingly, the same participant reflected that GenAI might ease communication stress in cross-cultural settings, noting, “If those Filipino guys had a chat with [the] team on Teams within AI, they may have answered the questions nicely.” Such AI-mediated communication could help standardise formats and reduce misunderstandings in multinational audits. However, this benefit must be balanced against the risk of losing cultural nuance and relationship-building central to effective human auditing.

Participants linked organisational maturity to technology readiness. P4 remarked, “A lot of big companies already have adapted … they like to use AI on a limited basis,” while P7 suggested openness to GenAI for routine tasks like drafting. Others stressed gradual change. P5 stated, “Any change will be resisted at first … but it's about making the change slowly, educating the staff … and giving it the time that it needs.”

Internal trust and workforce capability were flagged as barriers. P3 cautioned, “Employees not being very well educated … managers may not trust them enough to invest in the technology.” To build confidence, participants suggested assessing measurable business, privacy, and security impacts through tools like BIA, PIA, and SIA. P10 stated, “If these assessments show positive impact, that becomes the foundation for trust.” These dynamics are summarised in Figure 7.

Figure 7

Visual map of Theme 5: organisational and stakeholder readiness for GenAI-driven QA, highlighting participants' insight. Source: Authors’ own work

Figure 7

Visual map of Theme 5: organisational and stakeholder readiness for GenAI-driven QA, highlighting participants' insight. Source: Authors’ own work

Close modal

Participants reflected on GenAI's effects on organisational performance, stakeholder engagement, and strategic direction. Four sub-themes emerged: efficiency and process optimisation, organisational uptake and role-level challenges, strategic and competitive value, and contextual limitations.

Efficiency and process optimisation were the most frequently cited benefit. GenAI was seen as improving speed, accuracy, and reducing workload, particularly in early-stage audits. P1 noted, “There might be some potential—faster auditing times and improved auditing capabilities—so organisations might adopt it,” while P3 stated, “Probably AI would work well during the first-stage audit or document review …. P5 emphasised that GenAI can “take over and govern the whole process from end to end … moving it to a one-to-many basis rather than a manual one-to-one” offering consistency and scalability.

Despite these advantages, adoption was seen as uneven. P6 expected “confusion” across organisational levels, while P4 warned of external pushback: “You're going to get blocked by some companies using AI.” Role-level acceptance also varied. P3 stated, “Shop floor employees will be happy to adopt because it just makes life easy for them,” whereas P2 noted, “They want the right drawings … but they don't want to have to worry about how it works.”

Views on strategic and competitive value were mixed. For some, GenAI signalled modernisation. P1 remarked “It sheds light on that organisation—that it is on par with current technology,” suggesting reputational benefits for early adopters. Others saw educational potential. P2 argued it could “teach workers and the managers reasons why we have systems,” reinforcing awareness. P6 stressed, “Having the ability to make informed decisions based on data is a no-brainer,” while P9 described existing use of AI for behaviour-based training, targeting risks like repeated phishing email clicks. However, scepticism remained, with P3 doubting, “I don't think we'll make it a competitive advantage.”

Limitations were highlighted, particularly in field settings where AI may lack contextual understanding. P4 said, “It has a wealth of knowledge in it, but it doesn't bring value for companies … they expect value-added and improvement processes by interaction with the auditors. Figure 8 summarises these insights.

Figure 8

Visual map of Theme 6: organisational impact and strategic value of GenAI in QA, highlighting participants' insight. Source: Authors’ own work

Figure 8

Visual map of Theme 6: organisational impact and strategic value of GenAI in QA, highlighting participants' insight. Source: Authors’ own work

Close modal

Participants identified four dimensions shaping the adaptability of GenAI-based QA systems: standards compliance, regulatory alignment, cross-industry flexibility, and infrastructure readiness. These highlight the need for scalable tools that respond to regulatory changes and varied operational contexts (Figure 9).

Figure 9

Visual map of Theme 7: adaptability and scalability of a GenAI-driven QA framework, highlighting participants' insight. Source: Authors’ own work

Figure 9

Visual map of Theme 7: adaptability and scalability of a GenAI-driven QA framework, highlighting participants' insight. Source: Authors’ own work

Close modal

Compliance with evolving standards was seen as essential but complex. P2 noted, “They all look at risk and how you manage risk, but they specify different things,” while P4 stated that “ISO standards are not difficult because they are always kept generic.” Regulatory uncertainty was also a concern, with P5 cautioning, “AI is changing rapidly … moving at a faster pace than legislation can keep up with.” Leadership support was seen as a key enabler. P4 stated, “Governance is important because the way that leadership sees if AI helps them or not.”

Participants saw potential for GenAI to work across sectors, with P2 explaining, “The structure of 9001, 45,001, and 14,001 are very similar.” However, P6 warned that difficulty varies by industry, and P8 stressed, “Requirements will vary by industry type … further categorisation of vendors [is needed].” Infrastructure gaps were seen as a major barrier, with P5 remarking on the absence of, “off-the-shelf solutions,” and P1 underlined the data-intensive nature of such systems: “They are … like a knowledge repository.”

The findings offer a multi-dimensional perspective on integrating GenAI into QA across ISO contexts. The discussion interprets participant insights within existing literature and through TAM and STS, drawing implications for practice, system design, and governance.

The results indicate that the primary value of GenAI in ISO-based auditing lies in automating document-intensive and repetitive tasks like document verification and gap analysis, which participants described as inefficient under current practices. These insights reflect wider concerns about ineffectiveness in manual approaches aligning with calls for digitalisation to reduce auditor workload (Ilori et al., 2022; Indriyanto, 2023; Zelmati et al., 2023). Literature reinforces this potential, with Bhaskar et al. (2024) and Gan (2024), who report, who report that GenAI can accelerate auditing through intelligent document processing, while Kokina et al. (2025), and Qatawneh (2025) note the capabilities of ML, DL, and NLP in anomaly detection, risk prediction, and analysis of unstructured data.

At the same time, the findings underscore that automation alone is insufficient in regulated auditing environments. Explainability and traceability emerged as critical non-functional requirements, reflecting the need for audit trails that justify how compliance assessments are produced. These concerns mirror van Tilburg (2025) emphasis on transparency in compliance contexts and resonate with Seethamraju and Hecimovic (2023) on trust issues and integration barriers. Sun and Vasarhelyi (2018) similarly caution that DL, while powerful, risks undermining interpretability due to its opacity.

From a TAM perspective, participants valued GenAI's ability to streamline tasks, but their willingness to adopt it depended on trust in the system's logic and its ease of use. Gaps in digital skills among some participants might reduce perceived ease of use and slow adoption. Through the lens of STS theory, participants stressed the importance of human oversight, accountability, and adaptability, claiming that GenAI should complement organisational workflows rather than dominate them. Overall, these insights suggest that successful integration requires balancing automation with transparency to build trust and ensure compliance.

Most participants viewed GenAI as best suited to act as a co-auditor during structured and document-intensive stages of auditing. These insights frame GenAI as a tool to augment rather than replace human expertise, consistent with Bhaskar et al. (2024), who emphasise GenAI's role in enhancing analytical capacity without displacing professional judgment. Explainability and trust emerged as central to adoption, reflecting the need for stakeholders to understand and justify AI-supported audit outcomes.

Risks identified by participants spanned three domains. Technical risks include hallucinated outputs, output inconsistency, and integration failures. Organisational risks involve workforce resistance, insufficient digital capabilities, and cultural misalignment. Regulatory risks encompass data privacy concerns, compliance failures, and accountability gaps.

Participants and literature alike proposed mitigation strategies. Human oversight, validation protocols, and explainable frameworks were viewed as essential technical safeguards (Alam et al., 2025; Wang et al., 2025). Training and change management were seen as critical organisational measures, while transparent audit trails and governance frameworks addressed regulatory concerns. This is consistent with van Tilburg (2025), who stresses that black-box systems are ill-suited to high-accountability domains like auditing. Berger et al. (2023) and Lubos et al. (2024) show that while GenAI can deliver reasoning and traceable outputs, variability and precision challenges demand human validation.

Through the TAM lens, participants' trust in GenAI relied on its transparency and human oversight, aligning with perceived trustworthiness and control. From the STS perspective, this is reinforced by the sociotechnical requirement for GenAI to operate within human-governed systems, supporting accountability structures rather than replacing them. Together, these findings indicate that stakeholder acceptance of GenAI in QA depends on hybrid cooperation, clear logic, and ethical protections.

Participants reported that GenAI could improve audit efficiency, reduce manual burden, and centralise QA efforts. They expected gains in audit speed, consistency, and operational effectiveness. Long-term improvements in efficiency and accuracy were also emphasised. These views resonate with Kokina et al. (2025), who identify efficiency through real-time anomaly detection. Gan (2024) similarly highlights GenAI's ability to decrease errors in compliance validation and report generation. Zöller et al. (2025) demonstrate that real-time deployment enables instant compliance checks and policy interpretation, while Anica-Popa et al. (2024) emphasise GenAI's role in consolidating knowledge for sustained audit improvement.

Economic considerations were significant. Participants acknowledged trade-offs between short-term implementation costs and long-term operational benefits. They referred to total cost of ownership. Costs include licensing, integration, training, change management, and customisation. Participants also noted hidden transition costs. Expected benefits included reduced labour effort, faster audit cycles, and improved accuracy. However, participants stressed the need for a multi-year perspective. Resistance emerged as another barrier. Participants reported internal adoption challenges and possible external stakeholder scepticism. This reflects Seethamraju and Hecimovic (2023), who identified resistance, role ambiguity, and skill gaps as persistent AI adoption barriers.

TAM helps interpret these findings by connecting perceived usefulness to anticipated performance improvements and user confidence. STS complements this by emphasising alignment with organisational roles, governance structures, and culture. Therefore, evaluation metrics should capture efficiency, adaptability, accountability, and trust.

Participants agreed that scalability requires flexible technical infrastructure and alignment with governance, sectoral needs, and digital maturity. Many noted the opportunity to leverage structural similarities across standards, suggesting potential efficiencies in designing GenAI systems that support multiple frameworks. However, tailoring was seen as essential. Sector and industry-specific requirements were highlighted as constraints. Participants stressed the difficulty of building systems that are flexible yet maintain standardisation.

Industry diversity highlighted further complexities. Participants from manufacturing and construction (P2, P3), saw potential benefits in structured automation due to standardised processes and clearer documentation trails. In contrast, those in food safety and automotive (P4, P8) described more complex compliance landscapes shaped by cultural factors and supply chain variability. These insights suggest that implementation strategies must account for industry-specific regulatory intensity, documentation practices, and stakeholder expectations. For highly regulated industries, robust explainability features may be prioritised, while in manufacturing, efficiency gains in routine checks may take precedence.

These findings resonate with van Tilburg (2025), who highlights variation in explainability and legal compliance requirements. Qatawneh (2025) shows NLP's potential for analysing unstructured data but notes limited validation across multiple frameworks. Wang et al. (2025) introduced an explainable GenAI system linking outputs to regulatory clauses, while Berger et al. (2023), Lubos et al. (2024) addressed multilingual adaptability, prompt design, and human oversight. From an organisational perspective, Anica-Popa et al. (2024), Zöller et al. (2025) emphasised modular, policy-aware, and continuously learning systems as essential for cross-domain scalability.

From a TAM perspective, perceived usefulness may decrease if GenAI systems cannot adapt to sectoral norms, while STS underscores the need for alignment with governance and institutional capacity. Together, these findings indicate that scalable GenAI frameworks require modular, cross-standard design that is sensitive to organisational contexts.

This study expands both TAM and STS theory by applying them to GenAI-driven QA in standards like ISO/IEC 27001 audits. Although TAM traditionally focuses on perceived usefulness and ease of use (Davis, 1989), the findings highlight the critical role of perceived trustworthiness, especially in compliance-sensitive domains. Across multiple themes—particularly those related to explainability, validity, and collaboration—participants emphasised the need for transparency, audit trail visibility, and system explainability as prerequisites for trust. Trust was not limited to individual perception but emerged as an institutional requirement influencing both internal stakeholder confidence and cross-functional adoption. This reinforces and expands TAM by positioning transparency, traceability, and governance visibility as central determinants of GenAI acceptance in regulated auditing environments.

Furthermore, STS theory underscores that the integration of GenAI is fundamentally a sociotechnical endeavour, involving not only technological capability but also human supervision, process redesign, and cultural alignment. Results show that participants perceived GenAI less as an independent tool and more as a collaborative co-auditor that must operate under human accountability frameworks. This reinforces the STS principle of joint optimisation, emphasising that effective integration of GenAI depends on systems being modular, adaptable to multiple standards (e.g., ISO 9001, ISO 45001), and responsive to sector-specific workflows and audit roles. Themes such as stakeholder readiness, role-level variation, and organisational impact indicate that GenAI depends on its alignment with social systems, regulatory requirements, and evolving professional norms. In this way, the study advances STS theory by underscoring the need for contextual adaptability and sustained human-in-the-loop governance in AI-driven auditing systems (Eason, 2014; Trist and Bamforth, 1951).

This study provides insights into integrating GenAI within standardised auditing environments, particularly for internal and early-stage external audits. Participants highlighted GenAI's ability to automate document reviews, compliance checks, and structured report generation, including nonconformity drafts, while acting as a co-auditor that reduces manual workload and supports professional judgement. These functions remain underexplored in the literature, which tends to focus on broader efficiencies or financial audits, indicating the need to examine GenAI's role in ISO/IEC 27001.

For QA managers and audit leaders, results highlight that GenAI's value lies in supporting collaboration rather than replacing professional judgment. By automating repetitive tasks, GenAI can reduce manual effort and time demands, freeing staff to focus on higher-level decision-making and strategic planning. Auditors should view GenAI as a co-auditor that improves judgement, efficiency, and accuracy, while retaining responsibility for oversight and contextual interpretation.

A second implication concerns transparency and explainability. Providers must ensure that GenAI systems produce outputs that are both traceable and auditable, while also enabling users to clearly understand the reasoning behind the results. Lack of transparency in black-box models undermines stakeholder trust, especially in regulated industries. Vendors should therefore support secure deployment models that protect data privacy, including on-premises or internally managed options to meet compliance standards. Moreover, one-size-fits-all deployments are not advisable; instead, GenAI systems must be flexible, modular, and tailored to sector-specific standards and maturity levels.

Based on participant insights, a phased adoption strategy is the most practical path. Initial integration should focus on low-risk, high-value activities such as document review and template generation, where immediate efficiency gains can be achieved with minimal risk to accuracy. Stage two involves decision support tools with clear audit trails, addressing concerns about traceable logic while building user confidence. Advanced applications, such as automated compliance flagging and cross-standard analysis should be reserved for final implementation phases, after organisational trust and technical competency have been established.

Stakeholders can enable a successful integration by avoiding common errors, including the assumption of effortless user acceptance, overlooking governance constraints, or employing GenAI autonomously. Thus, it is important to incorporate auditors and QA professionals during the design phase, prioritise user-centred design principles, and align system capabilities with established QA procedures.

GenAI adoption necessitates significant evolution in professional development requirements for auditing and QA professionals. Traditional auditing skills remain essential, but practitioners must develop new competencies in AI system oversight, prompt engineering, and interpretation of AI-generated outputs. Technical literacy, including understanding AI limitations, potential biases, and governance principles, will be vital to maintaining credibility in AI-supported auditing. Soft skills are necessary for communicating AI-assisted findings to stakeholders with limited technical knowledge. Professional certification programs and continuing education frameworks must evolve to include AI governance, ethics, and practical application modules, to prepare auditors for hybrid human–AI collaboration.

This study investigated the potential of GenAI to enhance QA within ISO-based audit settings, revealing that successful integration depends on addressing both functional and non-functional requirements. While GenAI offers clear benefits such as document automation, audit trail generation, and improved efficiency, it must also be explainable, trustworthy, and usable to gain stakeholder acceptance. Participants positioned GenAI as a co-auditor that augments rather than replaces human judgment. However, concerns around resistance to change, digital readiness, and contextual limitations persist, especially when scaling GenAI across diverse industries.

Theoretically, the study extends the TAM by emphasising trust and transparency as key adoption drivers, and reinforces STS theory by stressing the need for joint optimisation between technology and human oversight. Despite its contributions, the study is limited by its focus on ISO contexts and a small profession-specific sample. Future research should examine GenAI in broader regulatory domains (e.g., GDPR, HIPAA), include perspectives from regulators and vendors, and employ mixed-method or longitudinal designs. Cross-industry comparisons are needed to assess adoption across different sectors, while empirical studies on audit trails, fairness, and explainability are needed to understand GenAI's ethical and practical integration into auditing.3

 

Table A1

Interview questions

Thematic focusInterview questionTheoretical construct
A. Understanding current QA practices and pain points in existing audit and compliance workflows1. Could you walk me through how you are currently handling quality assurance and auditing, particularly for standards like ISO 27001?STS – organisational context
2. How do you find managing all those moving parts? Are there particular areas where you think technology could ease the workload?TAM – perceived usefulness
3. Are there any specific standards or requirements that are particularly difficult to comply with?STS – regulatory pressure
4. How much time or resources would you estimate are currently being spent to address bottlenecks?STS – workflow complexity
5. Could you tell me about the tools or methods you currently use for audits and compliance checks? If so, how have they impacted your efficiency or accuracy?TAM – perceived ease of use
6. How open are you to using new technologies, such as AI, to assist in your auditing tasks?TAM – openness to technology
7. What integration challenges do you foresee when implementing a GenAI system alongside your current tools and workflows?STS – integration challenges
B. Desired functionalities of a GenAI framework1. What features or capabilities would you expect from an AI system to make it a valuable tool in auditing?TAM – perceived usefulness
2. If participants are using AI or automation, how well do these tools integrate with your existing IT systems and processes? Are there any issues with usability or training?TAM and STS – usability and system integration
3. Would you consider integrating generative AI to enhance your current automation? Why or why not?TAM – adoption decision
4. What would be the key factors influencing your decision to adopt newer AI-driven solutions in the future?TAM – intention to use
5. Do you think a single AI-based QA tool could be flexible enough to manage different standards like iso 9001, 27,001, and others? Why or why not?STS – scalability and adaptability
C. Non-functional requirements1. When it comes to data security, how important are attributes like data privacy, explainability, and cybersecurity in an AI-driven QA system?STS – non-functional requirements
2. How crucial is it for you to understand the reasoning behind it to ensure compliance and trust?TAM and STS – explainability and trust
3. Do you foresee any resource constraints that might limit implementation?STS – resource constraints
4. What kind of training or support would you need to feel comfortable using AI in your daily tasks?STS – training needs
D. Human-AI collaboration and sociotechnical considerations1. What concerns might you have about integrating AI into auditing processes?STS – human-AI interaction
2. Are there specific areas where you think human oversight will always be necessary?STS – oversight and control
3. Which parts of the QA process do you feel must always involve human judgment?STS – human judgment
4. Could you describe any concerns about job roles, trust, or workforce acceptance that might emerge?STS – role transformation and acceptance
5. How does trust in technology currently influence decision-making in your organisation?TAM – trust in technology
6. How do perceptions of AI fairness and reliability impact your colleagues' willingness to rely on it?STS – perceived fairness
7. Can you describe any cultural barriers or supports that have emerged in response to adopting GenAI?STS – cultural considerations
Ahmed
,
S.K.
(
2024
), “
The pillars of trustworthiness in qualitative research
”,
Journal of Medicine, Surger and Public Health
, Vol. 
2
, 100051, doi: .
Alam
,
F.
,
Alnazzawi
,
T.S.M.
,
Mehmood
,
R.
and
Al-maghthawi
,
A.
(
2025
), “
A review of the applications, benefits, and challenges of generative AI for sustainable toxicology
”,
Current Research in Toxicology
, Vol. 
8
, 100232, doi: .
Al Hadad
,
R.S.
and
Maulana
,
H.
(
2023
), “
A comprehensive review of COBIT and ISO 27001: approaches to auditing credit bureau automation system (CBAS) at PT XYZ
”,
2023 9th International Conference on Signal Processing and Intelligent Systems (ICSPIS)
.
Amin
,
M.E.K.
,
Nørgaard
,
L.S.
,
Cavaco
,
A.M.
,
Witry
,
M.J.
,
Hillman
,
L.
,
Cernasev
,
A.
and
Desselle
,
S.P.
(
2020
), “
Establishing trustworthiness and authenticity in qualitative pharmacy research
”,
Research in Social and Administrative Pharmacy
, Vol. 
16
No. 
10
, pp. 
1472
-
1482
, doi: .
Anica-Popa
,
I.-F.
,
Vrîncianu
,
M.
,
Anica-Popa
,
L.-E.
,
Cişmaşu
,
I.-D.
and
Tudor
,
C.-G.
(
2024
), “
Framework for integrating generative AI in developing competencies for accounting and audit professionals
”,
Electronics
, Vol. 
13
No. 
13
, p.
2621
, doi: .
Ayoub
,
E.
,
Charef
,
F.
and
Bourjila
,
M.
(
2025
), “
The impact of digital transformation on the internal audit function: a literature review
”,
International Journal of Accounting Finance Auditing Management and Economics
, Vol. 
6
No. 
7
, pp. 
354
-
366
.
Barde
,
K.
and
Kulkarni
,
P.A.
(
2023
), “
Applications of generative AI in fintech
”,
Proceedings of the Third International Conference on AI-ML Systems
.
Berger
,
A.
,
Hillebrand
,
L.
,
Leonhard
,
D.
,
Deuser
,
T.
,
De Oliveira
,
T.B.F.
,
Dilmaghani
,
T.
,
Khaled
,
M.
,
Kliem
,
B.
,
Loitz
,
R.
,
Bauckhage
,
C.
and
Sifa
,
R.
(
2023
), “
Towards automated regulatory compliance verification in financial auditing with large language models
”,
Proceedings - 2023 IEEE International Conference on Big Data, BigData 2023
.
Bhaskar
,
L.S.
,
Jones
,
A.K.
and
Kadous
,
K.
(
2024
), “
An investigation into how generative AI can improve auditors’ decisions
”,
SSRN, 1 December
, doi: .
Birt
,
L.
,
Scott
,
S.
,
Cavers
,
D.
,
Campbell
,
C.
and
Walter
,
F.
(
2016
), “
Member checking: a tool to enhance trustworthiness or merely a nod to validation?
”,
Qualitative Health Research
, Vol. 
26
No. 
13
, pp. 
1802
-
1811
, doi: .
Bouziane
,
A.
(
2025
), “
The impact of using ChatGPT on internal audit quality: a case study of a subsidiary of an oil group in Morocco
”,
EDPACS
, Vol. 
70
No. 
3
, pp. 
42
-
54
, doi: .
Braun
,
V.
and
Clarke
,
V.
(
2006
), “
Using thematic analysis in psychology
”,
Qualitative Research in Psychology
, Vol. 
3
No. 
2
, pp. 
77
-
101
, doi: .
Creswell
,
J.W.
and
Creswell
,
J.D.
(
2018
), “Qualitative, quantitative, and mixed methods approaches”, in
Research Design
, (5th ed.) ,
Sage Publications
.
Cypress
,
B.S.
(
2017
), “
Rigor or reliability and validity in qualitative research: perspectives, strategies, reconceptualization, and recommendations
”,
Dimensions of Critical Care Nursing
, Vol. 
36
No. 
4
, pp. 
253
-
263
, doi: .
Davis
,
F.D.
(
1989
), “
Perceived usefulness, perceived ease of use, and user acceptance of information technology
”,
MIS Quarterly
, Vol. 
13
No. 
3
, pp. 
319
-
340
, doi: .
Dodgson
,
J.E.
(
2019
), “
Reflexivity in qualitative research
”,
Journal of Human Lactation
, Vol. 
35
No. 
2
, pp. 
220
-
222
, doi: .
Eason
,
K.
(
2014
), “
Afterword: the past, present and future of sociotechnical systems theory
”,
Applied Ergonomics
, Vol. 
45
No. 
2
, pp. 
213
-
220
, doi: .
Gan
,
Z.
(
2024
), “
Large language models empowering compliance checks and report generation in auditing
”,
World Journal of Information Technology
, Vol. 
2
 
No. 2
, pp.
35
-
39
, doi: .
Haq
,
Z.U.
,
Rasheed
,
R.
,
Rashid
,
A.
and
Akhter
,
S.
(
2023
), “
Criteria for assessing and ensuring the trustworthiness in qualitative research
”,
International Journal of Business Reflections
, Vol. 
4
No. 
2
, pp.
150
-
173
, doi: .
Ilori
,
O.
,
Lawal
,
C.I.
,
Friday
,
S.C.
,
Isibor
,
N.J.
and
Chukwuma-Eke
,
E.C.
(
2022
), “
Cybersecurity auditing in the digital age: a review of methodologies and regulatory implications
”,
Journal of Frontiers in Multidisciplinary Research
, Vol. 
3
No. 
1
, pp. 
174
-
187
, doi: .
Indriyanto
,
E.
(
2023
), “
The role of information technology in increasing audit process efficiency
”,
Jurnal Ekonomi
, Vol. 
12
No. 
04
, pp. 
1441
-
1446
.
International Organisation for Standardization
(
2022
),
Information Security, Cybersecurity and Privacy Protection — Information Security Management Systems — Requirements
,
ISO/IEC 27001:2022
,
International Organisation for Standardization, Geneva
.
Johnson
,
C.
,
Khadka
,
B.
,
Basnet
,
R.B.
and
Doleck
,
T.
(
2020
), “
Towards detecting and classifying malicious URLs using deep learning
”,
Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications
, Vol. 
11
No. 
4
, pp. 
31
-
48
.
Kang
,
Y.
,
Cai
,
Z.
,
Tan
,
C.-W.
,
Huang
,
Q.
and
Liu
,
H.
(
2020
), “
Natural language processing (NLP) in management research: a literature review
”,
Journal of Management Analytics
, Vol. 
7
No. 
2
, pp. 
139
-
172
, doi: .
Kokina
,
J.
,
Blanchette
,
S.
,
Davenport
,
T.H.
and
Pachamanova
,
D.
(
2025
), “
Challenges and opportunities for artificial intelligence in auditing: evidence from the field
”,
International Journal of Accounting Information Systems
, Vol. 
56
, 100734, doi: .
Lubos
,
S.
,
Felfernig
,
A.
,
Tran
,
T.N.T.
,
Garber
,
D.
,
El Mansi
,
M.
,
Erdeniz
,
S.P.
and
Le
,
V.-M.
(
2024
), “
Leveraging llms for the quality assurance of software requirements
”,
2024 IEEE 32nd International Requirements Engineering Conference (RE)
.
Markova-Karpuzova
,
M.
,
Marinov
,
E.
and
Kotzev
,
N.
(
2024
), “
Sustainable solutions: advancing in tech-based ESG reporting platforms
”,
Environment Technology Resources. Proceedings of the International Scientific and Practical Conference
.
Muthmainnah
,
M.
,
Yulisda
,
D.
and
Ilhadi
,
V.
(
2022
), “
Academic information system audit using Cobit 5 domain APO framework
”,
International Journal of Engineering, Science and Information Technology
, Vol. 
2
No. 
1
, pp. 
123
-
130
, doi: .
Odoh
,
L.C.
,
Echefu
,
S.C.
,
Ugwuanyi
,
U.B.
and
Chukwuani
,
N.V.
(
2018
), “
Effect of artificial intelligence on the performance of accounting operations among accounting firms in South East Nigeria
”,
Asian Journal of Economics, Business and Accounting
, Vol. 
7
No. 
2
, pp. 
1
-
11
.
Olmos-Vega
,
F.M.
,
Stalmeijer
,
R.E.
,
Varpio
,
L.
and
Kahlke
,
R.
(
2023
), “
A practical guide to reflexivity in qualitative research: AMEE Guide No. 149
”,
Medical Teacher
, Vol. 
45
No. 
3
, pp. 
241
-
251
, doi: .
Papaioannou
,
A.
,
Koronios
,
K.
,
Ntasis
,
L.
,
Yfantidou
,
G.
,
Balaska
,
P.
and
Spyridopoulou
,
E.
(
2024
), “
Total quality management in sport tourism and the hospitality industry: the case of Greek luxury resorts with sport and recreation facilities and services
”,
Sustainability
, Vol. 
16
No. 
5
, 1894, doi: .
Qatawneh
,
A.M.
(
2025
), “
The role of artificial intelligence in auditing and fraud detection in accounting information systems: moderating role of natural language processing
”,
International Journal of Organizational Analysis
, Vol. 
33
 
No. 6
, pp.
1391
-
1409
, doi: .
Sashkin
,
M.
and
Kiser
,
K.J.
(
1993
),
Putting Total Quality Management to Work: What TQM Means, How to Use it, and How to Sustain it over the Long Run
,
Berrett-Koehler Publishers
,
San Francisco, CA
.
Saunders
,
M.
,
Lewis
,
P.
and
Thornhill
,
A.
(
2009
),
Research Methods for Business Students
, (5th) ed.,
Pearson Education
,
Harlow
.
Seethamraju
,
R.
and
Hecimovic
,
A.
(
2023
), “
Adoption of artificial intelligence in auditing: an exploratory study
”,
Australian Journal of Management
, Vol. 
48
No. 
4
, pp. 
780
-
800
, doi: .
Sulistyowati
,
D.
,
Handayani
,
F.
and
Suryanto
,
Y.
(
2020
), “
Comparative analysis and design of cybersecurity maturity assessment methodology using nist csf, cobit, ISO/IES 27002 and pci dss
”,
JOIV: International Journal on Informatics Visualization
, Vol. 
4
No. 
4
, pp. 
225
-
230
, doi: .
Sun
,
T.
and
Vasarhelyi
,
M.A.
(
2018
), “
Embracing textual data analytics in auditing with deep learning
”,
The International Journal of Digital Accounting Research
, Vol. 
18
, pp.
49
-
67
, doi: .
Thomson Reuters Institute
(
2024
),
Generative AI 2024 Special Report for Legal and Risk Professionals
,
Thomson Reuters
,
available at:
 https://www.thomsonreuters.com/content/dam/ewpm/documents/thomsonreuters/en/pdf/reports/tr4322226_rgb.pdf
Trist
,
E.L.
and
Bamforth
,
K.W.
(
1951
), “
Some social and psychological consequences of the longwall method of coal-getting: an examination of the psychological situation and defences of a work group in relation to the social structure and technological content of the work system
”,
Human Relations
, Vol. 
4
No. 
1
, pp. 
3
-
38
, doi: .
van Tilburg
,
D.H.C.
(
2025
), “
Audit automation: leveraging NLP and machine learning to enhance MD&A compliance verification
”,
Doctoral dissertation, Tilburg University, Tilburg
.
Venkatesh
,
V.
,
Morris
,
M.G.
,
Davis
,
G.B.
and
Davis
,
F.D.
(
2003
), “
User acceptance of information technology: toward a unified view1
”,
MIS Quarterly
, Vol. 
27
No. 
3
, pp. 
425
-
478
, doi: .
Wang
,
A.
,
Pruksachatkun
,
Y.
,
Nangia
,
N.
,
Singh
,
A.
,
Michael
,
J.
,
Hill
,
F.
,
Levy
,
O.
and
Bowman
,
S.
(
2019
), “
SuperGLUE: a stickier benchmark for general-purpose language understanding systems
”, in
Proceedings of the 33rd International Conference on Neural Information Processing Systems
, Vol. 
32
,
294
, pp.
3266
-
3280
, doi: .
Wang
,
J.
,
Yuan
,
J.
,
Liu
,
J.
and
Evans
,
L.
(
2025
), “
Simple legal compliance: automating regulatory audits with explainable LLMs
”, in
2025 International Joint Conference on Neural Networks (IJCNN)
,
IEEE, Rome
, pp.
1
-
8
, doi: .
Yang
,
J.
,
Blount
,
Y.
and
Amrollahi
,
A.
(
2021
), “
Adoption of AI in the auditing practice: a case study of a Big Four accounting firm
”, in
Australasian Conference on Information Systems 2021: Information Systems for a Sustainable Future, Connectedness, and Social Good
,
Macquarie University
,
available at
: http://acis2021.org/
Zelmati
,
M.
,
Oulqaid
,
Z.
and
Elouadi
,
A.
(
2023
), “
Real-time tracking of auditing process progress with a customizable application for cybersecurity standards compliance: a case study on ISO 27001 and TISAX
”,
2023 10th International Conference on Wireless Networks and Mobile Communications (WINCOM)
.
Zhang
,
Y.
,
Xiong
,
F.
,
Xie
,
Y.
,
Fan
,
X.
and
Gu
,
H.
(
2020
), “
The impact of artificial intelligence and blockchain on the accounting profession
”,
IEEE Access
, Vol. 
8
, pp. 
110461
-
110477
, doi: .
Zhao
,
J.
and
Wang
,
X.
(
2024
), “
Unleashing efficiency and insights: exploring the potential applications and challenges of ChatGPT in accounting
”,
Journal of Corporate Accounting and Finance
, Vol. 
35
No. 
1
, pp. 
269
-
276
, doi: .
Zöller
,
M.-A.
,
Iurshina
,
A.
and
Röder
,
I.
(
2025
), “
Trustworthy generative AI for financial services (practitioner track)
”,
Symposium on Scaling AI Assessments (SAIA 2024)
.
Published by Emerald Publishing Limited. This article is published under the Creative Commons Attribution (CC BY 4.0) licence. Anyone may reproduce, distribute, translate and create derivative works of this article (for both commercial and non-commercial purposes), subject to full attribution to the original publication and authors. The full terms of this licence may be seen at Link to the terms of the CC BY 4.0 licence.

or Create an Account

Close Modal
Close Modal