How Microsoft Copilot Can Unlock the Power of Internal Audit

Q: Why did the auditor cross the road?
A: Because that’s how they did it last year.

For many internal audit departments. that joke might hit a little too close to home. Between Sarbanes-Oxley (SOX) compliance/reporting requirements and operational audits, there’s not much time left to innovate. And, in our 2025 Top Risks survey, artificial intelligence is among the top 10 near-term risks for chief audit executives (CAEs), along with their ability to attract and retain top talent. Clearly, AI technology will play a key role in developing the future internal audit workforce while driving the ability for IA teams to foster innovation.  

Today, it’s easy to get stuck in the audit lifecycle of risk assessment, planning, fieldwork and reporting. Microsoft’s Copilot for M365 is transforming the way internal audit departments operate. By automating routine tasks, enhancing analyses, and streamlining documentation, Copilot will not only save time across daily work, but it will also help organizations get deeper insights and improved outcomes for audits and enable more real-time monitoring of key performance indicators. Internal auditors will be able to leverage Copilot to surface risks or anomalies that might not have been identified through traditional testing or to analyze historical audit data to perform predictive analytics.  

Examples of how internal auditors could use Copilot for M365 include: 

• Accelerate interview prep with AI-generated guides: Strong communication and interviewing skills are critical for internal auditors to gather insights and assess risk effectively. Given how frequently auditors engage with stakeholders, the time spent preparing for these discussions adds up. Leveraging Copilot in Word or Copilot Chat can help prepare any auditor by generating structured interview guides. Simply ask Copilot in Word or Copilot Chat to draft tailored interview guides for conducting risk assessment interviews with key stakeholders, focusing on specific areas of concern identified through initial analyses. 

• Streamline audit planning with automated document creation: Audit planning lays the foundation for a successful engagement but drafting scoping memos and document request lists manually can be time-consuming and repetitive. Copilot streamlines these tasks by leveraging prior workpapers, ensuring auditors focus on higher value activities. Auditors can use Copilot to draft a comprehensive planning and scoping memorandum in Word, including details about project objectives, scope, relevant systems, personnel, etc., or utilize Copilot Chat to generate a comprehensive document request list that aligns with the identified key controls, ensuring all necessary documentation is collected. 

• Enhance walkthroughs with real-time AI support: Walkthroughs are essential for understanding business processes, yet auditors often face the challenges of capturing real-time documentation and formulating insightful questions. Use Copilot Chat to help develop questions to be used during walkthroughs to help understand processes or controls that could be asked live during a walkthrough. Copilot can also draft detailed walkthrough documents in Word, capturing each step of the business process observed during the walkthrough. This ensures auditors stay engaged in the discussion while maintaining accurate documentation. 

• Supercharge fieldwork testing with AI-powered analysis: Traditional data testing in Excel is often manual and time-intensive, limiting the depth of analysis auditors can achieve. Copilot in Excel changes this by integrating Python scripting, enabling auditors to get deeper analysis and visualizations from data. An auditor can use natural language to execute python scripts in his or her workpapers to create new analyses, visualize data and unlock new insights. This creates a process where risks are more easily identified and helps auditors confidently make data-driven decisions. 

• Deliver reports faster with AI-assisted drafting: Auditors are expected to deliver deeper insights, faster, yet much of the audit process, including reporting, remains time-intensive and manual. Copilot eases the process of summarizing findings, structuring reports and creating compelling visuals. Auditors can leverage Copilot to draft detailed initial audit reports in Word, summarizing findings, implications and recommendations based on the audit results. Copilot can also help with presentations in PowerPoint by creating comprehensive decks for stakeholder meetings, including key findings and recommendations. This allows auditors to focus on delivering insights rather than spending excessive time on formatting and reporting assembly. 

Essential prompts for maximum impact 

To maximize Copilot for M365’s impact, here are 10 essential prompts to integrate into any internal audit workflow:   

Accelerate interview prep with AI-generated guides: 

• (Copilot Chat or Copilot in Word) “Create a tailored risk assessment interview guide for [stakeholder meeting] on the organization’s [relevant processes]. Include questions on compliance, operational risks and system controls.” 
• (Copilot Chat) “Generate a stakeholder-specific interview question bank for the [department], ensuring questions focus on the specific risk in the [business process]. Leverage this [risk and controls matrix (RCM)] to draft specific control related questions.” 

Streamline audit planning with automated document creation: 

• (Copilot Chat or Copilot in Word) “Draft a planning and scoping memo for a [SOX/operational audit], outlining objectives, scope, key controls and timelines included in an audit plan/risk assessment. Ensure the memo aligns with both [regulatory standards] and [company policies] and includes any identified risks within the [RCM].” 
• (Copilot Chat) “Generate a document request list of key controls for the [business process/es], ensuring completeness and accuracy. Include relevant [policies], control documentation included within the [RCM] and supporting evidence for testing.” 

Enhance walkthroughs with real-time AI support: 

• (Copilot in Teams) “Suggest questions for the process owner to assess control design and operational effectiveness.” 
• (Copilot Chat) “Summarize the walkthrough notes from this [walkthrough meeting] into a structured document, including process steps, control points and identified risks.” 

Supercharge fieldwork testing with AI-powered analysis: 

• (Copilot in Excel (Advanced Analysis)) “Select a statistically random sample of transactions from the dataset.” 
• (Copilot in Excel (Advanced Analysis)) “Create a heatmap that highlights the highest-risk transactions in the dataset based on amount, transaction type, frequency or other factors. Use color intensity to indicate risk levels.” 

Deliver reports faster with AI-assisted drafting: 

• (Copilot in Word) “Create a one-page executive summary of audit findings, including top risks, recommendations and overall rating, leveraging the [audit workpapers], [RCM] and [key control testing results].” 
• (Copilot in PowerPoint) “Create a presentation summarizing [key audit findings] and recommendations for the upcoming [audit committee meeting].” 

The value of Copilot is its ability to free up auditor capacity while improving the depth,
efficiency and strategic value of an internal audit department. Adoption of AI in internal audit is no longer optional—it’s a competitive advantage. Those who embrace Copilot and other AI capabilities now will be better positioned to deliver agile, data-driven and more insightful audits that add value to their organizations. 

However, despite Copilot’s promise, AI capabilities come with inherent risks that must be diligently managed. Generative AI can occasionally produce incomplete or inaccurate content, emphasizing the importance of thorough review and validation. Safeguarding sensitive corporate data is also critical, requiring strong access controls and full compliance with privacy regulations. By implementing a well-structured governance framework, assigning clear roles and regularly monitoring performance, internal audit teams can harness Copilot’s benefits without compromising accuracy, security or objectivity. 

Protiviti offers a Copilot for Internal Audit training to help auditors learn real-world internal audit scenarios where Copilot M365 can add value. Most recently, we delivered a four-part hands-on Copilot training series to a non-for-profit organization. As a result, they are now using Copilot throughout their internal audit planning, risk assessment, audit execution and reporting phases. We also offer specialized risk assessment and consulting services to help organizations establish robust AI governance frameworks, strengthen data protection measures, and effectively address the unique challenges posed by Generative AI. 

To learn more about Copilot and our internal audit and Microsoft consulting services, contact us.