Introduction

Auditing practices have evolved in response to growing public demand for credible and transparent information regarding the finances and performance of organizations and companies. As a result, auditors are expected to assume greater responsibility not only for assessing corporate governance but also for addressing the presence or absence of irregularities, including fraud. In other words, auditors can no longer hide behind the sampling approach. These expectations, coupled with changes in the global business landscape, have driven a shift from traditional audit methods to risk-based auditing. A risk-based approach has been used to determine the level of reliability of selected audit areas and objectives.

However, in this digital era, audit strategy and methodology as well as auditor abilities must be adjusted to digital transformation as well. Indeed, traditional paper-based approaches and manual random testing will increasingly be replaced by integrated systems that incorporate automation and data analytics techniques, including Artificial Intelligence (AI) assisted processes. These approaches enable auditors to perform in-depth data analysis to identify anomalies, risk patterns, and potential fraud indicators.

This article aims to demonstrate how an integrated data analytics framework supported by artificial intelligence can enhance risk-based auditing in complex state-owned enterprise ecosystems, through evidence from Supreme Audit Institution (SAI) of Indonesia audit practice.

One of the main mandates of Audit Board of the Republic of Indonesia (BPK) is to examine the management and responsibility of state finances, which include state assets separated into State-Owned Enterprise (SOE)s. SOE is an entity formed by the government to engage in commercial activities, owned either fully or partially by the government. SOEs business fields consist of various sectors, namely energy, oil and gas, electricity, infra.structure and construction, banking and financial services sector, telecommunications and media, transportation and logistics, mining and strategic industry, and food and plantation/others. SOEs function as state-owned commercial entities that serve as development agents in delivering public and merit goods. The current number of SOEs, subsidiaries, and related parties is more than 1,000 companies and is planned to be slimmed down to around 200 companies. Among them, there are 62 SOEs which have total assets of IDR 12.5 quadrillion.

Considering the complexity and uniqueness of business processes in each SOE, the number of SOEs and their affiliated entities, and the high frequency of transactions, audits carried out on SOEs certainly have a different approach to audits carried out by SAI on routine government spending or procurement activities. In addition, there are cross-sectoral issues between SOEs, as well as SOEs and the government, both through the relevant technical ministries and the SOE Regulatory Body. On the other hand, audits are challenged to produce useful output despite limited resources.

According to INTOSAI-P 12, SAI strengthens public sector accountability by conducting high-quality audits and issuing recommendations that contribute to improved governance and public value. As well as strategic recommendations that have impact on improving governance and business strategy, a quality and beneficial audit also depends on the audit strategy, methodology, and auditor's abilities.

Digitalization has impact on almost all aspects of organizations and businesses, producing large amounts of data and demanding speed and accuracy in processing information (Wessel et al., 2025). This transformation occurs simultaneously within SOEs as the audited entities and within the audit agencies themselves. According to Bani et al. (2025), this systemic shift fundamentally enhances audit quality by driving improvements in effectiveness, efficiency, transparency, accuracy, and timeliness.

The auditing profession can no longer rely on traditional paradigms; it must transition toward digital auditing (Manita et al., 2020) to maintain relevance and precision. The transition from a paper-based to a digital-first environment has not eliminated audit sampling but has significantly expanded auditors’ ability to analyze full-population data, thereby strengthening risk-based audit strategies. In line with this transformation, the emergence of AI accelerates the evolution of auditing practices. At a more advanced level, AI enables automated statistical modeling and improves the ability to analyze data. In particular, AI can be used for identifying anomalies in large datasets, which may serve as basic further forensic investigation (Kokina & Davenport, 2017).

AIDA, Artificial Intelligence for Data Analytics

BPK's strategic plan is carried out based on data and technology which is packaged in the term Data-Based Organization. The Data Driven Organization then became the inspiration for the strategic goals in the ICT Master Plan. One of the visions of the ICT Masterplan is realized in BPK Big Data Analytics (BIDICS) as a pillar of digital transformation.

Artificial Intelligence for Data Analytics (AIDA) is an analytical instrument developed as part of BPK’s digital transformation ecosystem , particularly under the BIDICS . As Data Analytics & Data Management platform , AIDA aims to strengthen data-driven auditing capabilities and enhance the effectiveness and quality of audit processes.

Over the past two years, BPK has progressively enhanced its audit strategy and methodology by implementing an

integrated audit approach that leverages big data and advanced data analytics. This development is aligned with the restructuring of annual audit planning, where audit activities are designed to be more structured, interconnected, and responsive to evolving technological developments.

Through this integrated approach, AIDA supports more in-depth large-scale data analysis to detect anomalies and risks in SOE management. Data processed in AIDA comes from various sources, including internal auditee records, publicly available data, and cross-sector data sharing among audit units within the BPK.

AIDA process stages include Data Collecting, Data Processing, Data Understanding and Analytical, as well as AI-Model Development. Audit teams collect data and determine the required analytical models based on a substantive understanding of transactions and business processes at the audited entity, then data governance teams process data and develop AIDA dashboards based on the needs of each audit team.

Audits carried out on SOEs and related entities by BPK utilized AIDA, for example in detecting unusual patterns of ticket returns and cancellations (transportation), analysis of recurring credit restructuring and detecting distribution anomalies of People's Business Credit (banking), detecting operational cost anomalies between generating units (energy), and detecting trend anomalies in Cost per Barrel Oil Equivalent (oil and gas). AIDA is not a tool for generating findings, but rather for identifying risks and early indications. In this case, it indeed strengthens the decision-making process but does not replace the auditor's judgment.

The following sections will discuss about two examples of the use of analytical data to support audits in 2025 in two entities, which are audit on fuel subsidy management in oil and gas SOEs and other related agencies, and audit on distribution of home ownership loans in one particular bank.

Audit on Fuel Subsidy Management

In the first audit example, which is Audit on Fuel Subsidy Management, analytical data was carried out during audit planning. Auditors assigned to audit oil and gas SOEs collected data from the SOEs’ internal data and data from external sources. These data consist of a very large number of records, for example comprising approximately 1,231,923,104 subsidized Liquefied Petroleum Gas (LPG) transaction records. The data were then processed by the data governance team through pipeline tools that produce data analysis. Based on the data analysis, the auditors developed analytical models from the data, and the data governance team developed AIDA dashboards based on the auditor's needs, including an overview of subsidies, subsidy analysis, anomalies and tentative audit findings.

Tentative audit findings resulting from data analysis procedures include problems in managing fuel subsidy distribution data. The fuel subsidy distribution data are incomplete, and contain data errors. In addition, the data analysis identified distribution of subsidized LPG that was not on target, as well as consumption anomalies exceeding normal usage thresholds. These represent analytical projections derived from population-level transaction datasets and are subject to further field verification.

Based on this anomaly data, the next audit procedures will focus on areas that have the highest transaction anomalies to carry out tests on agents and “pangkalan”. All procedures to be carried out in the field audit have been outlined in the audit program. Following analytical procedures, auditors carried out other audit procedures, including reviewing documents (contracts, regulations, management reports, studies, documents from other related agencies), interviewing/requesting information from management; suppliers and other external parties, as well as asking confirmation from related parties.

It is also necessary to examine whether the distribution to consumer segments is in accordance with the Integrated Social Welfare Data. The data, compiled and managed by the Ministry of Social Affairs, is master data which contains data on the need for social welfare services.

Audit on Distribution of Home Ownership Loans

The second audit example is about distribution of home ownership loans in one particular bank comprising approximately 4,105,801 records. Inthedataanalysisprocess, datafromthe Bank'sinternaldataanddatafromexternal sources such as Population and Civil Registration Service, Employment Social Security Agency, and State Electricity Companyareusedtomapriskgroups. Thesedataconsistofaverylargenumberofrecords, forexamplecustomerdata from the State Electricity Company contains 86,769,971 records. In this case, the audit is very dependent on the availability and reliability of data both internal and external, the readiness of the institutions involved, also the competence of the auditor in processing and analysing data.

By using AIDA, auditors identify portfolio risks of debtor profiles based on collectability, occupation and developer company. Risky debtors would be an audit priority characterized by high outstanding credit values and high Non-PerformingLoan(NPL)percentagesexceedingtheunhealthythreshold(>12%),andplacesofworkthatwereatrisk, as well as fast credit application processes.

Theresultsoffurtherexaminations(documentreview, interviews, confirmationandphysicalexamination) carriedout by the auditor showed that there were problems, including discrepancies in the debtor's employment data when applying for credit with the actual conditions (not registered with Employment Social Security Agency, registered for another job, unemployed and student status). The registration used someone else's name and identity, and credit instalments were paid by the developer company or a third party, thus obscuring the true credit risk.

Inaddition, theresultsofthephysicalinspectionmightfindseveralhouseswerenotoccupied/abandonedeventhough the consumer had submitted the credit application for a long time. Those conditions and the fact that the credits are categorized as non-performing loans, might indicate that the debtors/home buyers are fictitious.

These problems will be examined and proven in audit findings based on the evidence found during the audit. Auditee responses/comments regarding findings are important to maintain objectivity. It is, then, BPK task to provide several recommendations in the form of proposed improvements to overcome problems, prevent future errors, and improve performance, which requires follow-up.

Benefits and Next Development

TheuseofAIDAenhancesauditprocessmoreefficientbecauselargescaledatacanbeprocessedwithinashortertime,it also improves the effectiveness and quality of the audit process through identifying risks, pinpointing anomalies and fraud patterns that may be missed by traditional methods; and reducing competency gaps between audit teams.

AIDA is currently under continuous developed. In the future, AI is expected to be able to 'orchestrate' all data in AIDA, including helping analyze whether follow-up documents are aligned with audit recommendations.

Conclusion

To sum up, an increasingly complex and dynamic business environment is triggering digital transformation both in auditees and audit agencies. Audits can no longer rely on conventional methods, and are expected to update methodological approaches, work tools, and auditor abilities.

Whilerisk-basedsamplingremainsrelevant, thedigitalerarequiresashifttowardautomateddataanalyticssupported by integrated systems and AI. This enables auditors to analyze full datasets, identify anomalies, and detect fraud more effectively than traditional approaches.

The implementation of AIDA by BPK demonstrates how digital integration shifts the audit focus from retrospective verification to proactive risk detection. Nevertheless, institutional readiness, data governance maturity, and auditor competency remain the critical determinants of long-term sustainability.

References :

INTOSAI(2019). INTOSAIP-12. The Valueand Benefitsof Supreme Audit Institutions– makingadifferencetothelivesof citizens.

Bani, P., Siregar, N., Subiyanto, B., & Awaludin, D.T. (2025). Digital Transformation in the Audit Process: A Systematic Review of Innovation, Challenges, and its Impact on Audit Quality. Journal Research of Social Science, Economics and Management. 5(3), 3454-3471.

Manita, R., Elommal, N., Baudier, P.,& Hikkerova, L.(2020). Thedigitaltransformationofexternalauditanditsimpacton corporate governance. Technological Forecasting and Social Change, 150, 119751.

Kokina,J.,&Davenport,T.H.(2017).Theemergenceofartificialintelligence:Howautomationischangingauditing.Journal of Emerging Technologies in Accounting.

Wessel, L., Mosconi, E., Indulska, M., & Baiyere, A. (2025). Digital Transformation: Quo Vadit? Information Systems Journal.