AUDIT-AI: A Novel Framework for AI-Powered Information Systems Auditing in Banking Compliance, Fraud Prevention, and Risk Management
Keywords:
Information Systems Auditing; Banking Compliance; SOX; FFIEC; Fraud Detection; Continuous Auditing; Cybersecurity; GRC; Anti-Money Laundering; Artificial IntelligenceAbstract
The banking sector faces unprecedented challenges in regulatory compliance, fraud prevention, and cybersecurity risk management. The Sarbanes-Oxley Act (SOX), Federal Financial Institutions Examination Council (FFIEC) standards, and evolving anti-money laundering
(AML) regulations impose complex compliance requirements, while sophisticated financial
fraud schemes increasingly evade traditional detection methods. Information systems auditors
play a critical role in ensuring compliance, detecting fraud, and maintaining financial integrity,
yet existing audit frameworks remain predominantly manual, reactive, and fragmented across
regulatory domains. This paper presents AUDIT-AI, a comprehensive AI-powered framework
for information systems auditing that integrates regulatory compliance monitoring, continuous
fraud detection, cybersecurity risk assessment, and governance, risk, and compliance (GRC)
optimization. Drawing on the foundational work of Ahmad (2014, 2015, 2016, 2017, 2018,
2019, 2020a, 2020b, 2021, 2022, 2024, 2025), Aziz et al. (2025), Hanif et al. (2025), Khan
et al. (2025), and Shakeel et al. (2025), we develop a unified framework addressing five critical dimensions: (1) automated compliance monitoring across SOX and FFIEC standards using
natural language processing of regulatory texts; (2) continuous auditing and real-time fraud detection through machine learning analysis of transaction patterns; (3) cloud-based information
systems auditing with automated access control verification and audit trail analysis; (4) integrated GRC framework combining COBIT and COSO principles for fraud-resistant banking
systems; and (5) whistleblowing system effectiveness evaluation through predictive analytics.
We validate our framework through retrospective analysis of 127 financial fraud cases and
prospective deployment across three regional banks, demonstrating 94.6% accuracy in compliance violation detection, 87.3% reduction in fraud detection latency (from 142 days to 18
days), and 76.8% improvement in audit efficiency. Our findings establish that AI-augmented
information systems auditing can substantially enhance regulatory compliance, fraud prevention, and risk management while reducing the burden on human auditors. We conclude with
implications for banking practice, regulatory policy, and future research directions.
