From the abacus to AI: My journey in internal audit technology

I started in internal audit in September 1975, making this month my official 50-year anniversary in the profession. I’ve welcomed the opportunity to look back on my journey and reflect on the most significant lessons I’ve learned. In 2025, however, I’m increasingly focused on internal audit’s imperative to embrace technology to continually reimagine how our work gets done.

Of course, I didn’t always understand how technology would revolutionize internal audit. My personal technology journey is representative of the profession’s struggle to understand and keep up with technology’s transformative potential.

1970s: The age of the well-organized workpaper

Of course, there is hyperbole in the title of this article. We were not actually using an abacus in my first internal audit assignment. But by today’s standards, internal audit in the 1970s was the technological dark ages. In the decade when modern computing (e.g., microprocessors, floppy disks, primitive personal computers) was born, technology largely hadn’t found its way into internal audit offices.

I’d had some exposure to technology in college, using punched cards to understand rudimentary computer programming. Joining the workplace, however, was a jolt back to reality: The most sophisticated technology in our office was a 10-key calculator. All of our processes were manual. We took great pride in our workpaper skills and ability to use 16-column spreadsheets. Technology use remained aspirational — and anyway, we were at the bottom of the ‘food chain’ when it came to technology budgets.

1980s: Enter technology — and internal audit’s resistance to it

Not much changed until the early ‘80s, when I began seeing early-generation desktop computers in other departments. During audits, a few people showed me some early spreadsheet solutions, including Lotus 1-2-3, a forerunner to Microsoft Excel. I remember feeling envious of, and curious about, these technologies. But my team didn’t yet grasp how technology would transform our work. We were slow to appreciate its potential, slow to push for it, and slow to receive it.

Our office’s first technological innovation was a Lexitron word processor. It provided revolutionary automation of our writing and editing process by allowing onscreen text correction before printing. Our secretary, who loved her Selectric typewriter, was quite resistant, so my boss had me run a study to prove the change would be cost-effective. With that documentation, our secretary grudgingly began using the word processor. We also got our first desktop computers in the late ‘80s. But we were most comfortable using tried-and-true manual methods. Frankly, we were intimidated. So we didn’t push for progress, and in many ways resisted it.

1990s: Internal audit’s first big transformation

My technology use took an enormous leap forward when I started at the Pentagon. There was much more technology available to us, and I’ll always remember how excited I was to receive my first laptop in 1993. It let me work anytime and anywhere, and I protected it as if it were made of solid gold.

The ‘90s were transformational for workplace communication. Sending and receiving my first emails was thrilling. Previously, getting a message to my CEO and receiving his response could take days or weeks via intraoffice communication channels. Now, I could use our local area network (LAN) to send him a note and get an answer immediately. After I became CAE at the Pentagon, access to the broader intranet enabled fast access to the nearly 300 offices under my purview. I could communicate in real time with everyone on my global team — pivotal in helping us forge a strategy to transform the U.S. Army’s internal audit function. By decade’s end, most of us had personal communication devices hanging from our belts: Pagers, enabling unprecedented responsiveness.

Several technologies that continue transforming internal audit emerged in the ‘90s. I first saw the power of data analytics while working for the U.S. Postal Service. When a senator wanted to determine whether certain postal money orders were being used illegally, my team was able to use powerful data analytics tools to examine thousands of transactions and deliver results in days. Continuous auditing and early-generation audit management systems (AMS) were also introduced. It felt like internal audit was racing — and often struggling — to keep up. However, we were finally appreciating and starting to capitalize on technology’s transformational power.

2000s: Technology’s promise and peril, in our pockets

The early aughts saw the widespread adoption of two-way mobile communication, with a Blackberry in most auditors’ pockets. My boss and I could now sit in an audit committee meeting and silently exchange responses in real time. Later, after the iPhone’s 2007 debut, everyone started acquiring a smartphone. Either way, you were no longer tethered to your laptop, and emailing someone was as simple as reaching into your pocket.

The 2000s also opened internal auditors’ eyes to technology’s fast-expanding risks. During an audit at the Tennessee Valley Authority in 2000, a team demonstrated how they were automating hydroelectric dams for remote opening and closing. I remember asking, “What’s to keep someone from hacking into our system and flooding an entire city downriver?” Until now, cybersecurity had been an afterthought for most organizations. A surge of cyberattacks was changing the game, and my question was indicative of our growing understanding of how cyber threats put organizational value at risk. As cloud computing grew in popularity, however, internal auditors were once again slow to appreciate and audit the attendant risks to data security.

2010s: Appreciating technology’s benefits and risks

I see the 2010s as the decade internal auditors finally got comfortable using the technology we’d had for years. We learned to make the most of our laptops, smartphones, and cloud computing capabilities, enhancing collaboration and client service. We leaned into data analytics, continuous auditing, and AMS platforms to improve audit effectiveness and efficiency. We started integrating AI technologies like machine learning and robotic process automation into our workflows. And somewhere along the way, we began gaining a clearer view on the countless risks technology use creates in organizations.

Indeed, this deepening risk awareness ultimately became a central concern of the 2010s, but we didn’t get there right away. As CEO of The Institute of Internal Auditors from 2009–2021, I was very concerned at the profession’s reluctance to prioritize and aggressively address cyber risks. Fortunately, the tide shifted toward the decade’s end.

Another key trend began to emerge at the turn of the decade: Internal auditors began to appreciate the need for greater collaboration and the power that cross-functional cloud-based GRC platforms offered. That trend has only accelerated.

2020s: Internal audit’s second big transformation

Enter AI’s golden age, which is transforming the world’s workplaces. Internal auditors are struggling to keep up at a time when organizations urgently need help in understanding and responding to AI’s risks and establishing effective AI governance. Remote work also exploded in the 2020s, ushering in even more data security risks.

In many ways, the transformation internal audit kicked off in the ‘90s feels analogous to what’s happening in the 2020s, with the advent of generative AI, LLMs, and AI agents. Internal auditors are again racing — and often failing — to keep pace with technology. We’re eager to realize its potential, but still far from comfortable with our knowledge of AI uses and risks. In other words, we seem to be relearning many of the same lessons we thought we’d learned in recent decades.

Mine is a cautionary tale. I have always aimed to be the best auditor possible by making the most of the tools at my disposal. But I see how I could have done better in embracing technology, and I’m committed to sharing my lessons to benefit the profession as a whole. While we can’t know what the next 50 years will bring, transformation through technology is inevitable. I remain hopeful that internal auditors can someday shake their reputation as technology laggards, because the future relevance of our profession truly may depend on it.

About the authors

Richard Chambers, CIA, CRMA, CFE, CGAP, is the CEO of Richard F. Chambers & Associates, a global advisory firm for internal audit professionals, and also serves as Senior Advisor, Risk and Audit at AuditBoard. Previously, he served for over a decade as the president and CEO of The Institute of Internal Auditors (IIA). Connect with Richard on LinkedIn.