01 / The Quote

"The reality is, the firms are ahead of us."

Jim Logothetis, PCAOB Chair. At the PCAOB Investor Advisory Group, on the gap between audit firms and their regulator on AI adoption. May 2026.

Source: "How AI is reshaping the audit" — CFO Brew

02 / Person to Follow

Allison Shapira — Harvard Kennedy School Adjunct Lecturer. Founder and CEO of Global Public Speaking. Author of the new book "AI for the Authentic Leader" (October 2025).

She delivered "AI for the Authentic Auditor" as a General Session at IIA Houston, making the case that authentic communication becomes more valuable as AI shapes how leaders speak. Worth following for her ongoing work on AI, executive communication, and authentic leadership.

03 / Article Worth Your Time

Audit committee chairs are turning to their auditors for answers on AI risk.

The PCAOB released its "2025 Conversations With Audit Committee Chairs" report on April 27, 2026, gathering input from more than 250 audit committee chairs on how they are approaching AI. Chairs recognize the efficiency and quality potential of AI. They are increasingly leaning on their auditors to understand its implications for financial reporting and controls, and the discussions with audit firms now cover the auditor's use of data analytics, proprietary audit platforms, and AI tools.

For finance, internal audit, and compliance teams, the practical takeaway is direct: expect more AI questions from your audit committee this cycle. The team that arrives with a clear inventory of where AI touches financial reporting and controls, and what governance is applied to those touchpoints, will lead the conversation rather than react to it.

Read: Audit committee chairs check in on AI

04 / Event to Attend

Agentic AI: How Internal Audit Should Be Preparing

The IIA hosts a live webinar on agentic AI's emerging role in internal audit, including how it differs from generative AI, where it introduces new risks, and what use cases are worth tracking. June 10, 2026, 12:00 PM to 1:00 PM ET. One NASBA CPE for participants logged in for the full session.

Register for the webinar

05 / Course to Take

Achieving Effective Internal Control Over Generative AI

The IIA's on-demand webinar walks through COSO's recently published guidance on internal control for generative AI, including where traditional control approaches fall short and how to align governance practices with the COSO Internal Control Integrated Framework. IIA members can claim CPE credit.

Watch the on-demand webinar

07 / Prompt to Try

10 questions to bring to your next audit committee meeting on AI. A workflow-ready prompt for finance, audit, and compliance leaders preparing for an audit committee conversation about AI risk. Paste it into your preferred AI assistant and fill in the bracketed context.

You are a financial reporting and audit risk advisor preparing an audit committee chair for an upcoming meeting with the external auditor. Generate 10 questions the chair should be ready to ask about the audit firm's use of AI on this engagement.

Organize the questions into four categories:
(1) AI tool inventory and use cases on this audit;
(2) Data quality and reliability of the inputs being fed to those tools;
(3) Governance, controls, and human review over the AI outputs;
(4) Reporting and documentation of AI-assisted procedures.

For each question, briefly note what a strong answer would look like and what a weak or evasive answer would look like.

CONTEXT TO PROVIDE:
[Industry, company size, fiscal year-end, name of audit firm, any AI capabilities the audit firm has already disclosed]

About AXIA Partners. AXIA Partners has worked inside some of the most complex SOX and ICFR environments in the Houston market and beyond for over 20 years. We help public companies and pre-IPO organizations build and sustain internal control environments that hold up under pressure.

Too often, conference participation gets siloed by role. Sales works the booth, marketing handles the follow-up emails, and the practitioners attend the sessions and scope out the inter-session snacks. Everyone does their job, but the conversations across roles never get connected into a single thread of event intelligence.

I've joined AXIA Partners as their marketing advisor, and this year we took a different approach to IIA Houston, the annual conference of the Houston chapter of the Institute of Internal Auditors. AXIA was Platinum Plus sponsor alongside Toppan Merrill. We aligned our participation to company goals: the revenue we expect to hit, the new products we are launching, and how we continue to exceed client expectations.

Before the event, we researched every speaker, connected with most of them on LinkedIn, and mapped the agenda together. Six of us went to NRG Center on April 13. AI ran through nearly every session, in fraud cases, in cyber defense, in audit workflow, and in the assurance frameworks behind them. Below are our team members' learnings in their own voices.

Audit AI like any other employee with too much access

By Tatiana Whatley, IT Manager

"Janine Koch's session on the unseen employee inside the ERP stuck with me hardest. AI service accounts run with create, approve, and post permissions, embedded in SAP, Oracle, and Workday, often with no business owner. She showed sample accounts with names like AP_BOT_PROD_01 sitting there with combined create-and-approve permissions, the kind of risk you only see when you go looking for it. Pull every non-human ERP account, treat combined create-and-approve as automatic SoD findings, and anchor the broader work to the IIA's AI Auditing Framework released September 2024."

Human discipline is the control, and technology is the wrapper around it

By Elizabeth Epler-Jones, Partner, Leader of Compliance Practice

"Patricio Munoz of KPMG on fraud and Kevin Ricci of Citrin Cooperman on cybersecurity made the same case from different angles. Munoz walked through interesting fraud cases, including an executive impersonation that used AI-generated voice and WhatsApp to siphon roughly $60 million across six weeks, and a vendor kickback that ran more than five years before a whistleblower flagged it. The pattern was pressure, rationalization, opportunity, with communication as what prevents the next one. Ricci closed the cyber argument with the unglamorous defenses that still carry the load: passwords, continuous monitoring, penetration tests, backups, and training that never stops.

Human judgment, communication, and discipline are the controls, and technology is the wrapper around them."

When AI does the drafting, the auditor still owns the conclusion

By Jose Torres, Senior Consultant

"Gurpreet Singh of ArcelorMittal framed it as the Human in the Loop pattern. AI drafts, auditor reviews, auditor challenges, auditor approves, with the conclusion always belonging to the person. Where AI helps is concrete: spotting anomalies that deviate from pattern, surfacing correlations across complex datasets, and making 100 percent population testing realistic instead of sampling. The shift from sample-based testing to full-population coverage does not require any imagination about the future, because the methodology is already here."

The prompt library, not the model, is the audit asset to build

By Mailynn Nguyen, Senior Financial Consultant

"Three things from the AI track stayed with me, but the cleanest is this. Prompt quality is the work, and quality in produces brilliance out. The reusable prompts that turn raw inputs into risk themes, themes into objectives, and scope into rationale are the asset, more than any individual model. The model gets the attention, but the prompt architecture decides whether the work product is usable."

From audit tool to audit mentor

By Jordane Navarrete, Financial Consultant

"Sarah Kuhn of ConocoPhillips reported from inside an active Fortune 500 audit function, and three of her points are anchoring my thinking for the rest of the year. AI is transforming audit execution, but governance is the control point. The real value of AI depends on how auditors use it, with prompt design and structured inputs determining whether the output is workpaper-ready. Most importantly, AI is evolving from a tool into an embedded audit enabler, and the Audit Mentor concept Kuhn described positions AI as a real-time advisor that supports auditor development, guides methodology, and embeds best practices into day-to-day execution."

Internal audit illuminates risk, and management owns the rest

By Alisha M. Jackson, Senior Director

"Two sessions defined how I am thinking about the audit-management boundary. Elizabeth Sullivan boiled internal audit's job down to two words: illuminate risk. Read it twice, because that distinction is the whole job: internal audit advises on the ERM framework, evaluates culture and appetite, and reports independently, while management runs the risk register. James Shiveley of Baker Tilly closed the data argument with the IIA's 2026 Three-Lines Research, which puts coordinated programs at 28 percent improved risk coverage and 26 percent reduced duplication. Where an audit function is asked to own remediation, the boundary is already broken."

Conclusion

The six threads form a working agenda for internal audit in 2026. AI is operating inside enterprise systems and the toolkit to assess it exists today. Prompt design has become audit IP that teams need to build deliberately. The auditor's judgment still owns the conclusion of every audit cycle. The audit-management boundary still matters, and coordination across the lines is the new default audit committees expect.

What we are taking forward at AXIA

AXIA Partners is a Houston-based SOX and ICFR advisory firm. We support finance and internal audit teams with program execution, IPO readiness, IT controls, and surge capacity when their workload exceeds their bench. These threads are on our work plan for the rest of the year.

AXIA is proud to be a Platinum Plus Sponsor of the 2026 IIA Houston Annual Conference. For us, this event is not just about visibility. It is about strengthening long-standing relationships, staying current on technical developments, and identifying where technology, particularly AI, is creating real advantage inside audit and compliance functions.

Nick Bednorz, CEO and Managing Partner, AXIA Partners, focuses on three things when attending IIA each year: reconnecting with past relationships, staying close to current developments in our technical field, and looking for a meaningful technology edge, ideally one that is AI-enabled.

That combination reflects how we approach the conference. The value is not just in the sessions themselves. It is in the conversations, the calibration with peers, and the clarity around where the profession is heading.

Sessions & Speakers We're Watching

1. Allison Shapira — AI for the Authentic Auditor. AI is everywhere in audit conversations. The real differentiator is not adoption, it is judgment. This session explores how audit leaders can integrate AI while strengthening credibility and communication.
2. Linda Miller — Fraud & AI Keynote. Fraud risk evolves alongside technology. As AI tools scale, so do new exposure vectors. Audit leaders must understand both.
3. Craig Stanland — Breakout Speaker. Breakout discussions grounded in lived experience often deliver the most practical takeaways for audit and finance teams.

Best Practices for Maximizing IIA Houston

01. Decide What You Want to Leave With

Before you walk into NRG Center, define your objective. Are you attending to expand your peer network, deepen technical expertise, build referral relationships, or capture insight for a strong LinkedIn recap? Your objective should determine your session selection, networking approach, and note-taking discipline.

02. Plan Your Networking Intentionally

Block time between sessions to introduce yourself to at least five new professionals. Exchange perspectives, not just business cards. If reconnecting is your priority, map out the specific people you want to find before you arrive.

03. Stay Close to Technical Developments

IIA conferences are one of the fastest ways to catch up on current developments in internal controls, fraud risk, and audit methodology. Listen for patterns across sessions. Repeated themes often signal where boards and regulators are focusing attention.

04. Look for the Tech Edge

Not every "AI" conversation represents meaningful progress. Focus on sessions and conversations that discuss workflow redesign, automation within testing, and measurable efficiency gains. The advantage comes from applied technology, not buzzwords.

05. Write Your Follow-Up Before You Forget

Outline your LinkedIn recap before the day ends. Capture three sharp insights and one unexpected observation. Strong follow-up posts reinforce expertise and extend the life of the event beyond a single day.

Why This Matters

Internal audit and finance leaders are navigating tighter scrutiny, rising technology expectations, and increasing board pressure. Conferences like IIA Houston offer signal, but only if approached with intention.

Done well, one day can shape the next quarter of your audit roadmap.

In the Market

AuditBoard is now Optro. What it means for your technology decisions.

AuditBoard rebranded as Optro on March 9, announced at the IIA's Great Audit Minds conference in Las Vegas. The name change reflects the company's expansion beyond internal audit into a broader GRC platform covering audit, risk, infosec, and compliance in a single environment.

For teams currently evaluating or mid-implementation on any compliance technology, this is worth paying attention to. Vendor roadmaps, pricing structures, and integration priorities are all in motion. Understanding what you are actually buying and how it fits your control environment is worth building into any evaluation you are running right now.

Read: AuditBoard is now Optro

What We Are Seeing

Technology is changing the audit before the controls catch up.

Across our engagements in Houston and beyond, we keep running into the same situation. A new ERP module goes live. A third-party integration gets added. An AI-assisted workflow gets adopted by the finance team. The SOX control environment inherits the risk before anyone formally assesses it.

This is a sequencing problem, and a solvable one when it gets caught before the auditors do. Elizabeth Epler-Jones, Partner at AXIA, is writing a new LinkedIn series on this topic layer by layer: Technology Through the ICFR Framework. First installment coming shortly.

AXIA at IIA Houston

April 13 · NRG Center · Platinum Plus Sponsor. AXIA Partners is a Platinum Plus sponsor of IIA Houston 2026. If you are attending, we would value 20 minutes to compare notes on what you are seeing in the market.

We also put together a short piece on how to make the most of your time at the conference: Making the most of IIA Houston 2026.

Join Us — The Debrief: AI and Audit

Invitation Only · April 14, 2026 · 6 to 9 PM CT · Houston, TX. The evening after IIA Houston, AXIA is hosting an invitation-only happy hour for senior finance, accounting, and audit leaders across the Houston market. No presentations. No formal program. Just a candid conversation about what AI means for SOX programs, internal controls, and the audit function in 2026. Space is limited and the guest list is curated.

We Are Hiring

AXIA is growing. We are looking for experienced practitioners who want to work on the kinds of engagements that most firms refer out. Current openings:

• IT Manager — Lead IT audit engagements, mentor staff, and design methodologies aligned with COSO, COBIT, and NIST frameworks.
• Financial Manager — Manage financial audit and SOX compliance engagements, coordinate with external auditors, and guide technical accounting decisions.
• Staff IT Auditor — Execute IT audit engagements, perform general controls testing, and evaluate IT infrastructure risk across client environments.
• Staff Financial Auditor — Support SOX compliance activities, develop audit programs and work papers, and assist with year-end external audit coordination.

About AXIA Partners. AXIA Partners has worked inside some of the most complex SOX and ICFR environments in the Houston market and beyond for over 20 years. We help public companies and pre-IPO organizations build and sustain internal control environments that hold up under pressure.