How is auditing today different from a few decades ago?

April 10, 2026

Ask an auditor who qualified in the 1990s to describe an audit engagement, and he will speak about pencils, lever-arch files, bundles of ledger folios, ticking documents with red or green ink pens, adding columns of data with a calculator. Ask one who qualified today, and he will talk about laptops, data extracts, dashboards, audit software, cloud storage and digital files. What actually changed?

From samples to whole populations

Three decades ago, an auditor could not test everything because the volume of data and the costs of executing an audit were prohibitive. Auditors relied on sampling — examining a representative subset of data and inferring a conclusion about the whole. Today, data analytics and Computer-Assisted Audit Techniques (CAATs) let auditors interrogate 100% of the general ledger data in minutes. Instead of pulling 45 invoices from a box to perform a triangular (purchase order-invoice-goods received note) test, auditors today perform that same test across a year and flag only the exceptions. And while data analytics and CAATs have radically changed how auditors work, AI is revolutionizing not just how they work, but what they can examine and how fast.

From “tick everything” to risk-based

The old approach was largely substantive: test balances exhaustively and hope errors surfaced. Modern auditing is risk-based: the auditor first understands the entity, its environment, and its IT systems, then directs effort where material misstatements are most likely to occur. In essence, effort follows risks, not habit.

An explosion of standards

Perhaps the single biggest change is the sheer weight of the rulebook. In the 1990s, guidance on auditing was thin and often national. Today the International Auditing and Assurance Standards Board (IAASB) issues a dense, interlocking suite of International Standards on Auditing (ISAs) plus International Standards on Quality Management (1 and 2) mandating firm-wide quality management and engagement quality reviews. Three decades ago, a typical auditing manual was slim; today, it is hundreds of pages of authoritative literature, each revision adding documentation and procedure. The increasing size of a manual is reflective of the growing complexity of business, the demands for greater assurance by capital markets and regulators, the digital revolution, and the increasingly interconnected global market.

Hardened ethics

Post-Enron, WorldCom, and the collapse of Arthur Andersen (a former Big 5 global accounting firm), the ethical framework that governed the conduct of auditors tightened dramatically. The International Ethics Standards Board for Accountants (IESBA) Code of Ethics now codifies independence (freedom from relationships that compromise objectivity), non-audit-service restrictions, and professional skepticism — a questioning mind that does not assume management is honest. What was once a matter of personal integrity is now a documented, enforceable obligation backed by law and regulation.

From paper to electronic everything

Audit Working Papers that once filled a storeroom now live in software or are stored in the cloud, and since COVID-2020, remote auditing over video and shared drives has become routine. Cloud storage has considerably raised the data-security and confidentiality stakes, exposing firms to greater legal liability and higher operating costs.

The cost consequence

An economist would say “there’s no such thing as a free lunch”; today’s auditor would not disagree. More standards mean more procedures; more ethics safeguards mean more independence checks, consultations, and review layers; more technology means investment in software, data specialists, and training. Audit hours have risen, partner and engagement quality reviews are heavier and more time-consuming. Auditing firms recover those costs through fees. Clients now pay not just for an opinion, but for a regulated, technology-enabled, heavily documented assurance process. The results: audit fees have climbed steadily decade after decade.

The constant through it all is purpose: an audit still exists to give users reasonable assurance that financial statements are free from material misstatement. However, what changed was the toolkit, the rulebook, the expectations of users of audited financial statements (increasingly expecting audits to detect fraud, which they are not primarily designed to do), and of course, the audit bill. The destination remains the same; the road is faster, better lit, and more expensive to travel.