An Evidence-Aware and Risk-Sensitive Retrieval-Augmented Generation Framework for Internal Auditing

Abstract: Large Language Models (LLMs) that are enhanced with Retrieval-Augmented Generation(RAG) can aid in internal auditing, particularly in search and analysis of documents. However, in general, most RAG-based audit tools focus more on quick document access and being easy to use, then about deeper auditing reasons. They don’t do much to help with significant audit procedures, such as maintenance of clear evidence, calculating risk, and making intelligent decisions. Because of this, they are yet to find a place in ongoing internal auditing, which needs serious evidence and must adhere to recommended auditing standards. This study introduces an Evidence-Aware and Risk-Sensitive Retrieval-Augmented Generation (ER2-RAG) to help in internal auditing. The framework doesn’t just see how well documents can be retrieved, but also manages audit evidence and considers risk. It connects audit conclusions to supporting documents with confidence levels, modifies the information retrieval based on the audit risk and materiality, and restricts the process of generation to the standard audit reasoning practices. These design choices make AI assistance more transparent, reliable, and defensible in audit judgments. ER2-RAG has been developed and evaluated using the normal audit situations. These situations are related to the analysis of exceptions, evaluation of control efficiency, and control over procedural adherence. The research uses design science methodology. Compared to the older methods of RAG, ER2-RAG is efficient and presents a higher scope of evidence, references the sources much better, and the argument is clearer. The results indicate that risk sensitivity must be taken into account, and evidence should be used when adopting AI systems to perform continuous internal audits. The given research transforms RAG into not only aiding in information retrieval but also as a powerful reasoning foundation of professional assurance. It strives to enhance audit reliability and guide future development of evidence-aware AI systems.

Tareq Fahad Aljabri and Mariam Abdulaziz Alnajim. “An Evidence-Aware and Risk-Sensitive Retrieval-Augmented Generation Framework for Internal Auditing”. International Journal of Advanced Computer Science and Applications (IJACSA) 17.3 (2026). http://dx.doi.org/10.14569/IJACSA.2026.01703106

@article{Aljabri2026,
title = {An Evidence-Aware and Risk-Sensitive Retrieval-Augmented Generation Framework for Internal Auditing},
journal = {International Journal of Advanced Computer Science and Applications},
doi = {10.14569/IJACSA.2026.01703106},
url = {http://dx.doi.org/10.14569/IJACSA.2026.01703106},
year = {2026},
publisher = {The Science and Information Organization},
volume = {17},
number = {3},
author = {Tareq Fahad Aljabri and Mariam Abdulaziz Alnajim}
}