June 15, 2026

Audit Analytics: What Partners and Managers Need to Get Right in 2026

Amanda Waldmann

Increasing trust with AI for audit and advisory firms.

Key Insights:

Analytics is shifting from a sampling aid to full-population work, and the reviewer's job shifts with it: less re-performing procedures, more judging which flagged items actually matter.
The PCAOB's amended evidence rules raise the bar on data reliability, especially for outside information a client passes through to the audit. Unverified data is the fastest way to fail inspection.
Full-population testing, journal entry analysis, and anomaly scoring are where analytics earns its keep today, but only when the work documents itself well enough to survive review.

A reviewer opens the analytics workpaper, scrolls a dense exception report, and stops on a line flagged as anomalous. There's no note on why it was selected, no sign the data was tied back to the source system, no conclusion. That workpaper fails inspection, and the analytics that produced it did the firm no favors. The technique was sound; the work around it wasn't reviewable.

That gap, between analytics that runs and analytics that holds up, is the real story for 2026. Firms have plenty of tools that can score anomalies or test a full population. What separates the firms pulling ahead is an operating model where the analytics executes the heavy lifting and the practitioner's judgment goes where it counts: deciding which exceptions matter and standing behind the conclusion. This article covers the analytics techniques delivering value on engagements today, what the new evidence rules actually require, and what makes that work survive review.

Where Analytics Earns Its Keep Today

The firms getting value out of analytics aren't the ones with the most tools. They're the ones running analytics that improves coverage and focus without adding review risk. Three techniques consistently clear that bar.

Full-population testing

Sampling exists because testing everything by hand was impossible. That constraint is largely gone: once the data is in the engagement and validated, analytics can run a procedure across every transaction in the population, so coverage goes up and effort flows to the items that actually warrant a look rather than to whatever landed in the sample.

The practical version of this is anomaly scoring: the team scores transactions across the full population, aggregates the scores by account or transaction class, and lets that shape a sharper set of procedures. The risk assessment gets tighter because it's built on the whole ledger, not a slice of it. What the team can see changes, and so does where it spends its time.

Journal entry analysis

Journal entry testing sits where analytics and fraud risk meet, and it's where full-population work pays off most clearly. The selection criteria are well established: entries with significant financial statement impact, round-dollar amounts that suggest manual entry, unusual account combinations, and entries posted at odd times like weekends or holidays. Benford's Law adds another lens, surfacing number-pattern anomalies that sit below traditional testing thresholds and that conventional sampling misses entirely.

Running these criteria against the entire journal entry population, as the entries post rather than against a sample after the fact, is the difference between catching a pattern and reading about it in next year's restatement.

Predictive and trend analysis

Traditional analytical procedures compare this year's revenue to last year's and investigate the gap. Predictive analytics goes a layer deeper, testing whether the pattern of individual transactions inside that revenue figure is consistent with the business, at a granularity manual comparison can't reach. It surfaces the kind of red flag that never shows up in aggregate numbers, the relationship that looks fine at the account level and wrong at the transaction level.

How Fieldguide runs these on one platform

The catch with most analytics tools is that they live outside the engagement. Data gets exported to a separate application, results get pasted back into a workpaper, and the documentation gets reconstructed by hand. Fieldguide runs the analytics on the same platform as the rest of the engagement, on one source of engagement data, so the technique and its evidence stay together.

AI Actions generate analysis across an entire column of a population in one click, with the inputs and sources captured as the work runs. For the heavier work, the Agent Workforce executes analytics across hundreds of records at once and documents each result, while practitioners review the output and own the conclusions. Full-population scoring, journal entry selection against the criteria above, and the data-reliability checks the new rules expect all happen in the same place the rest of the engagement does, rather than in a side tool the team has to reconcile later.

The Bar on Data Reliability Just Went Up

More firms run analytics every year, pushed by client expectations, capacity pressure, and competitors who already do it. As that adoption spreads, the data underneath it has come under sharper scrutiny. The PCAOB's amended evidence standard took effect for fiscal years beginning on or after December 15, 2025. It doesn't require any firm to use analytics, but it does set a clear expectation for firms that do: when a client passes along electronic information it received from an outside source and the team runs analytics on it, the auditor has to evaluate whether that information is reliable before relying on the results. On the private-company side, the AICPA's quality standards fold the selection and use of analytics tools into the firm's overall quality system.

None of this is new in principle once you see the through-line. Evidence is evidence: analytics output has to clear the same sufficiency and reliability bar as a confirmation or a recalculation. The change is that regulators now expect the firm to show its work on the data going in, not just the conclusion coming out. Analytics built on unverified client data doesn't produce sufficient evidence, however sophisticated the technique. Firms that invest in analytics horsepower without an equal investment in data validation are building the exact failure the new rule was written to catch.

What Makes Analytics Survive Review

Analytics only matters if the work stands up in review. Three things decide whether it does, and none of them are IT problems. They're engagement quality problems.

Data integrity is the gate

Everything downstream depends on the data going in. The amended rule sharpened the obligation for outside information a client passes through, but the older requirement still stands for information the company produces itself: the team has to test it for accuracy and completeness and confirm it's precise enough for the audit's purpose, a point the PCAOB makes plainly in its data spotlight. It's the first thing a reviewer should check and the first thing an inspector will.

The workpaper has to explain itself

An experienced auditor with no prior connection to the engagement should be able to open the analytics workpaper and follow it: what the procedure was for, what data it ran on, and how the conclusion was reached. Documentation rules require exactly that, and they apply to a regression output or a population analysis the same way they apply to a manual workpaper. Exception reports sitting in a folder with no supporting narrative are the most common way good analytics turns into a review finding.

This is where agent-executed analytics changes the math. When a Field Agent in Fieldguide runs a procedure, it captures its own inputs, steps, and sources as a Trace, so the documentation isn't a separate write-up the team produces after the fact. It's a byproduct of how the work got done, which is what makes it reviewable in the first place.

Classification and skills

Two quieter points round out the picture. First, an analytics procedure only helps when it has a defined evidentiary purpose: the same technique can be a risk assessment procedure, a test of controls, or a substantive procedure depending on how it's used, and blurring that undercuts the sufficiency assessment. Second, the team needs the skills to run and review the work. As analytics handles more of the routine execution, current technology skills are what keep the work standing up, in practice and in review.

The Reviewer's Job Is the Real Shift

Every technique above changes the same thing: what the reviewer spends their time on. The old model had a preparer run a sample by hand and a reviewer re-perform enough of it to get comfortable. When analytics runs the full population in minutes, re-performing it line by line burns the time the technology was supposed to give back.

The reviewer's expertise moves instead to the judgment the tool can't make: which of the flagged exceptions actually matter, whether the data behind them holds, and whether the conclusion is right. That's a more senior job than tickmark-checking ever was, and it's where the firms getting analytics right are pointing their best people. The analytics widens what the team can see. The practitioner decides what it means.

Put Analytics Inside the Engagement, Not Beside It

The firms pulling ahead aren't running analytics in a separate tool and reconciling it back later. They've stopped treating analytics as a separate step at all. When the data, the procedure, the documentation, and the review all live on one platform, the reliability checks and the audit trail regulators now expect get produced as the work happens, not reconstructed at review. That's the difference between analytics that adds review risk and analytics that takes it off the table.

That's the operating model the next few years reward: analytics that executes the volume, practitioners who apply the judgment. Request a demo to see how it runs inside a live engagement.