Research on Innovation in Internal Control and Risk Management of Financial Enterprises in the Digital Intelligence Era

Zhou Xiaodong
(School of Accounting, Guangdong Technology College, Zhaoqing, Guangdong 526100, China)

Abstract

Establishing a comprehensive risk management system and a sound, effective internal control mechanism constitutes a critical foundation for the survival and healthy development of financial enterprises. This paper analyzes the lessons from Société Générale's 2008 crisis, which triggered financial shocks across Europe due to severe deficiencies in its internal monitoring mechanisms. It elaborates on the influencing factors and implementation pathways for internal control in the digital intelligence era, identifies key elements for constructing a risk management-oriented internal control system, and proposes primary methods and six major technologies for internal control in this new era. The paper further argues that digital transformation of auditing facilitates the achievement of internal audit objectives and enhances internal audit effectiveness. It introduces the main pathways and critical considerations for audit digital transformation, highlighting intelligent auditing as the major trend in future audit development, and discusses the application of digital twins in commercial bank auditing. The paper concludes that audit digital transformation also requires organizational and talent upgrading, necessitating vigorous cultivation and recruitment of auditing professionals to support its successful implementation. Financial enterprises should continuously innovate their internal control mechanisms, strengthen internal control and risk management functions, and enhance internal control effectiveness to promote high-quality development.

Keywords: Internal control; Risk management; Digital transformation; Artificial intelligence; Intelligent auditing

In modern financial enterprise management, strengthening and standardizing internal control represents a vital condition for improving management standards, enhancing risk prevention capabilities, and promoting sustainable development. Internal control refers to the methods, procedures, and measures established among various functional departments to organize, constrain, evaluate, and regulate business activities in order to achieve management objectives. In the digital intelligence era, intensified market competition has made various risks ubiquitous. To prevent risks before they occur and mitigate them in a timely manner, financial enterprises must advance internal control construction. Through training and education, management at all levels and all employees should recognize and appreciate the significance of internal control in corporate governance, comprehensively understanding its necessity and vital role in establishing appropriate organizational structures, systems, and processes that enable efficient operation, cost savings, profit generation, and risk control—all effectively implemented across all business segments, departments, and positions.

II. Strengthening and Standardizing Internal Control: A Critical Condition for Sustainable Development of Financial Enterprises in the Digital Intelligence Era

Erwin Schrödinger, the Austrian theoretical physicist and Nobel laureate, wrote in his 1944 book What Is Life?: "In an isolated system or a system in a uniform environment, entropy increases, approaching the state of maximum entropy, a state of inertia, sooner or later. We now recognize that this fundamental law of physics is precisely the natural tendency of all things toward disorder, unless we intervene." Any isolated system, including enterprises and other organizations, will evolve toward chaos and disorder without intervention, management, and control. The objectives of internal control are to provide reasonable assurance regarding the legality and compliance of operations, asset safety, authenticity and completeness of financial reporting and related information, improvement of operational efficiency and effectiveness, and promotion of strategic goal achievement. In December 2021, China's Ministry of Finance issued the Accounting Informatization Development Plan (2021-2025), which states: "Improve the informatization supporting construction of internal control systems to promote effective implementation of internal control systems." Therefore, financial enterprises should timely identify and assess internal and external risks related to their control objectives and determine appropriate risk response strategies. Based on risk assessment results, they should implement corresponding control activities to keep risks within acceptable limits. Countless facts and lessons repeatedly prove that establishing a comprehensive risk management system and a sound, effective internal control mechanism are essential conditions for the survival and healthy development of financial enterprises.

(1) Société Générale's "Severe Deficiency" in Internal Monitoring Mechanisms Triggered Financial Shocks Across Europe

Founded in May 1864, Société Générale was a 150-year-old European bank listed on stock exchanges in Paris, Tokyo, and New York. It employed 55,000 staff, operated 2,600 domestic branches, maintained 500 branches in 80 countries worldwide, and served 5 million private and corporate clients. The bank provided comprehensive, professional financial services ranging from traditional commercial banking to investment banking and was once considered one of the world's best banks in risk control. However, in January 2008, Jérôme Kerviel, a futures trader at Société Générale, purchased large amounts of European stock index futures without authorization, creating a massive loss of €4.9 billion (approximately $7.1 billion)—the largest single loss in banking history caused by employee misconduct. This shocking fraud case also triggered financial shocks in France and across Europe, causing global stock markets to plummet. In both nature and scale, it stands as one of the greatest financial tragedies in history.

(2) Post-Crisis Emergency Risk Measures and Regulatory/Judicial Actions

1. Analysis of Post-Crisis Emergency Risk Measures

Despite exposing deficiencies in Société Générale's internal risk management and causing enormous losses, the bank immediately implemented a series of emergency risk measures upon disclosure, avoiding the fate of Barings Bank's bankruptcy and minimizing risk losses.

(1) Prudent Operations to Maintain Market Confidence
Upon discovering signs of Kerviel's fraudulent trading on January 18, Société Générale immediately took measures to remedy some losses. By January 20, the bank had identified all of Kerviel's positions and closed the unauthorized transactions within three days, exercising extreme caution to maintain market confidence. Specific measures included: limiting liquidation trading volume to under 10%; rapidly establishing a special investigation team and introducing external auditors to publicly disclose investigation progress, projecting an image of transparency and avoiding investor panic; launching an "emergency communication mechanism" worldwide to visit clients individually; implementing a capital strengthening plan through preferential subscription rights to raise €5.5 billion; and proceeding with the planned acquisition of a majority stake in Russia's Rosbank to restore market confidence.

(2) Diversified Business Operations Played a Key Role
Unlike Barings Bank's single-business structure (which went bankrupt in 1995 due to unauthorized derivatives trading by its Singapore manager Nick Leeson; see Leeson's Rogue Trader), Société Générale's business covered personal retail banking, investment banking, and asset management services, with investment banking as the main profit source. After the crisis, "Société Générale announced unaudited financial statements showing a group net profit of €947 million after deducting subprime mortgage and Kerviel-related factors. Although the investment banking business incurred losses, strong growth in other business segments compensated for these losses."

2. Regulatory and Judicial Actions

On July 4, 2008, the French Banking Commission, France's banking regulator, fined Société Générale €4 million for "severe deficiencies" in its internal monitoring mechanisms that led to the massive fraud. On October 5, 2010, a Paris court convicted Jérôme Kerviel, the "rogue trader" behind the largest unauthorized trading case in financial history, on all charges including breach of trust, forgery, and use of false documents, sentencing him to five years in prison and ordering him to pay Société Générale €4.9 billion in damages, making him the most indebted individual in history.

(3) Analysis of Société Générale's Risk Management Problems

1. High-Performance Culture Ignored Risk Alerts

A major cause of the crisis was Société Générale's overly aggressive corporate culture. Since previous violations had generated substantial profits for the bank, management relaxed its vigilance, resulting in managerial inaction and absence. From June 2006 to January 2008, the bank's operations department, equity derivatives department, and over-the-counter trading units across 28 departments issued 75 automated alerts through 11 risk control systems regarding Kerviel's various transactions. In November 2007, Eurex had also questioned Kerviel's trading positions, but Société Générale focused solely on profit pursuit, ignoring various internal and external warning signals and lacking a sound information exchange mechanism and upward reporting system, ultimately leading to disaster.

2. Limitations in Limit Management Metrics

Société Générale focused its risk limit monitoring on net position calculations for traders while neglecting the scale of total transactions and risk exposure from one-sided trades. Kerviel exploited this by using fictitious transaction data to create the illusion of hedged portfolio net exposure, evading the limit management system's monitoring. Additionally, European exchanges provided Société Générale with aggregated rather than trader-specific transaction data. Since the bank traditionally handled massive derivatives trading volumes, Kerviel's huge transactions did not raise excessive suspicion.

3. Information Firewall System Loopholes

A bank's front-office trading department, risk management department, and back-office settlement department should be completely independent. However, Société Générale neglected the sensitive information access of middle and back-office personnel during internal staff rotations. Kerviel's five-year work experience in middle and back-office departments gave him intimate knowledge of the internal control system's operations and allowed him to develop good personal relationships with certain employees. He exploited these system vulnerabilities to successfully evade monitoring and cross-departmental inspections for his front-office violations.

4. Technical Vulnerabilities in Information Systems

Operational management errors occur in details, while success depends on systems. Any minor technical defect can expose a bank to enormous risks. According to Société Générale's disclosures, the bank's system developers, acceptance personnel, and IT managers failed to take effective measures on system technical vulnerabilities over an extended period, allowing traders to exploit them. While Kerviel had criminal motives, the bank's information system technical vulnerabilities provided him with the opportunity and tools to commit the crime.

III. Risk Management as the Main Content of Internal Control

Inherent risk refers to all potential risks an enterprise faces after setting an objective but before implementing any risk control activities. Residual risk refers to potential risks that remain after an enterprise identifies risks and implements a series of control activities to reduce, avoid, or transfer them. Internal control refers to controls implemented within the enterprise in this series of control activities. COSO (The Committee of Sponsoring Organizations of the Treadway Commission) believes internal control provides reasonable assurance for achieving three major objectives: (1) effectiveness and efficiency of operations; (2) reliability of financial reporting; and (3) compliance with laws and regulations. To achieve these internal control objectives, enterprises must establish effective internal control systems. The enactment of the U.S. Sarbanes-Oxley Act on July 30, 2002, marked a milestone where regulators in developed capital markets viewed the establishment, maintenance, evaluation, and reporting of internal control systems as important responsibilities of management.

On May 22, 2008, China's Ministry of Finance and four other ministries jointly issued the Basic Norms for Enterprise Internal Control (Cai Kuai [2008] No. 7), effective July 1, 2009, for listed companies and encouraged for large non-listed enterprises. This marked the official launch of China's version of the "Sarbanes-Oxley Act." In April 2010, the Ministry of Finance and four other ministries issued the Notice on Issuing Supporting Guidelines for Enterprise Internal Control (Cai Kuai [2010] No. 11), releasing 18 application guidelines, the Enterprise Internal Control Evaluation Guideline, and the Enterprise Internal Control Audit Guideline (collectively referred to as the supporting guidelines for enterprise internal control), effective January 1, 2011, for companies listed both domestically and abroad, and January 1, 2012, for companies listed on the Shanghai and Shenzhen Stock Exchanges' main boards, with implementation on the SME and ChiNext boards to follow. Large non-listed enterprises were encouraged to implement ahead of schedule. In July 2017, the Ministry of Finance issued the Notice on Issuing the Internal Control Standards for Small Enterprises (Trial) (Cai Kuai [2017] No. 21), effective January 1, 2018. As society advances toward the rule of law and financial industry competition intensifies, financial enterprises can only achieve stable, sustainable development by establishing, improving, and effectively implementing internal control systems.

(1) The Relationship Between Enterprise Internal Control and Risk Management

Internal control and risk management are both distinct and interconnected. The essence of internal control is risk control, and risk management constitutes the main content of internal control. Risk includes internal and external risks; control of internal risks is internal control. In this sense, risk management is an important component of internal control, enterprise risk management encompasses internal control, and internal control is the means of managing internal risks within an enterprise. A fundamental function of financial enterprise internal control is risk control; risk management involves identifying, assessing, and controlling potential risks during financial service operations, with the ultimate goal also being risk control. In summary, risk management represents the evolution of internal control, expanding its connotation and developing it into risk-oriented internal control.

(2) Main Problems in Current Financial Enterprise Internal Control and Risk Management

1. Misunderstanding Internal Control and Risk Management as Merely System Establishment

Internal control and risk management are not merely rules and regulations, such as policy documents, technical specifications, and application models, nor are they additional, separate control activities like information exchange, review and supervision, and risk assessment. They should not be viewed as static but rather embedded in the daily service and management activities of financial enterprises to form a conventional management and service operation mechanism. Internal control and risk management represent both an institutional arrangement and a management process, as well as the legal and compliant self-disciplined behavior of all departments and employees in financial enterprises.

2. Believing Internal Control and Risk Management Are Unrelated

The connotations of internal control and risk management have many overlapping elements and similar methods. However, their specific application must be implemented according to the characteristics, development stage, industry features, technical conditions, and external environment of the financial enterprise itself.

3. Exaggerating the Role of Internal Control and Risk Management

Regardless of how advanced their methods or how perfect their systems, both internal control and risk management are management activities that can only provide reasonable—not absolute—assurance for enterprises moving toward their objectives. Internal control and risk management are necessary but not sufficient conditions for financial enterprises to win markets (customers) and achieve healthy development. Especially when the character, beliefs, capabilities, or sense of responsibility of a financial enterprise or its key employees are lacking, success cannot be entrusted to internal control and risk management alone.

4. Disconnect Between Risk Control Theory and Practice

Financial enterprise internal control and risk management must integrate knowledge with action. Management personnel should incorporate risk management concepts and internal control and audit frameworks into daily service and management activities. The journey from knowledge to action and from theory to practice requires both ideological recognition and conscious action from employees.

5. Inadequate Implementation of Systems and Processes

A system that is not implemented or is poorly executed serves no purpose. Internal control targets "matters" rather than "people," representing an "impersonal" control mechanism whose control objects include not only the controlled parties but also the controlling parties. Financial enterprise internal control requires full participation, parallel involvement, and equal participation from all staff—a significant departure from traditional hierarchical and bureaucratic systems.

(3) Implementation Pathways for Financial Enterprise Internal Control in the Digital Intelligence Era

The widespread application of new-generation information technologies such as cloud computing, big data, the Internet of Things, mobile internet, artificial intelligence, and blockchain provides new technical means for financial enterprise internal control construction while also presenting many new challenges. How to implement internal control in financial enterprises is an urgent problem for both enterprises and the market. Practice has proven that internal control can be effectively achieved through business process reengineering and management transformation based on new-generation information technologies. First, enterprises must build a sound internal control environment and reengineer internal control processes, systems, and measures. Second, process digitalization and intelligence ensure the explicitness, accuracy, and authenticity of internal control, helping financial enterprises achieve transparent, data-based management of finance, assets, human resources, and knowledge. Third, based on process digitalization, improving the data middle platform function can solve the effective and timely collection and communication of internal information.

IV. Six Technologies for Enhancing Financial Enterprise Internal Control Levels in the Digital Intelligence Era

Whether creating a world-class financial enterprise financial management system or improving internal control levels, digital technology serves as the key driving force. In March 2022, China's State-owned Assets Supervision and Administration Commission (SASAC) issued the Guiding Opinions on Accelerating the Construction of a World-Class Financial Management System for Central Enterprises, proposing that enterprises should "actively apply new technologies such as big data, artificial intelligence, mobile internet, cloud computing, and blockchain, fully leverage the advantage of finance as a natural data center, promote the transformation of financial management from informatization to digitalization and intelligence, and achieve the conversion from accounting scenarios to business scenarios as the core."

(1) "Cloud" as Infrastructure in the Digital Economy Era

"Cloud" is an indispensable infrastructure in the digital economy era. Cloud infrastructure consists of three major components: computing resources, network resources, and storage resources, integrating numerous tools and solutions to form an important foundation for successful cloud application deployment. Financial enterprise system applications such as financial sharing and tax sharing typically adopt cloud deployment architectures. Enterprises should fully utilize national opportunities to promote cloud-network coordination and computing-network integration development, accelerating the construction of a nationally integrated big data center system with collaborative computing power, algorithms, data, and application resources. Faced with accelerated digital transformation, adopting flexible cloud deployment methods can provide advantages such as professional operation and maintenance, rapid deployment, and elastic resource scaling, while simultaneously addressing financial enterprises' requirements for security and stability in steady-state businesses involving core data and the agility and adaptability capabilities required for high-growth, rapidly changing businesses—thus meeting the adaptation conditions for financial enterprises' dual-mode IT.

(2) Low-Code Development: Lowering Application Development Barriers

Low-code development means financial enterprises can quickly generate applications through visual drag-and-drop methods by directly reflecting business requirements in data models and page logic design, without writing code or with minimal coding. This supports rapid response of digital applications according to business needs, offering advantages such as faster development and deployment, lower barriers, more agile operation and maintenance, and higher security. Low-code development is widely used in financial enterprise-level system platforms such as financial sharing, procurement sharing, and audit supervision. However, it also has disadvantages such as lower operational efficiency and development freedom, and it is not irreplaceable. Nevertheless, facing increasingly intense market and business demand changes, low-code development applications will become more widespread.

(3) Data Middle Platform: Providing a Platform for Financial and Audit Digitalization

The data middle platform is a mechanism and application set that integrates enterprise data, uses big data platforms for unified processing, and provides data services externally to achieve the goals of fast, accurate, and cost-effective data empowerment for business development in the DT (Data Technology) era. First, the data middle platform can break down data barriers between decision-making and business layers and among departments, enabling real-time data flow and sharing across all dimensions, fields, processes, and operation service cycles. Second, financial enterprises can build data governance systems based on the data middle platform to achieve data standardization and transform data into valuable assets. Third, financial enterprises can conduct data modeling and processing based on the data middle platform, providing a solid foundation for rich scenario-based applications in management accounting areas such as budgeting, expense management, and performance evaluation. Fourth, it enables timely and efficient internal control information communication.

(4) RPA: Assisting Financial Enterprise Finance and Audit Automation

RPA (Robotic Process Automation) offers advantages such as rapid deployment and scalability, quick results, low cost, and greater suitability for operating heterogeneous systems with high closure. However, it is not economical for scenarios with complex business rules or high-performance requirements and can be replaced by rule engines and APIs (Application Programming Interfaces). For example, Deloitte's "financial robot" can replace manual operations in financial processes within financial shared service centers, completing tasks such as information entry, data consolidation, summary statistics, and management monitoring of automated financial processes, and even performing some business compliance audit work. This saves significant manpower, reduces communication costs, and improves work efficiency. Over 500 commercial banks in China already use RPA or RPA platforms.

(5) Multi-Dimensional Modeling and Calculation for Financial Enterprise Audit Intelligence

Multi-dimensional modeling and calculation establishes a database model based on factual analysis and multiple dimensions to meet the needs of data query and analysis from various angles and levels, achieving OLAP (Online Analytical Processing). Data models embody financial and audit management concepts and business decision-making demands, serving as the core means of data value mining. In the design and application of digital audit models, it is necessary to evaluate the accuracy of big data audit models based on various risk evaluation algorithms such as precision and recall methods, cost-sensitive error rate methods, and mean square error methods to assess the reasonableness and accuracy of audit clues and issues discovered through data analysis. Through multi-faceted model validation, model results are summarized, invalid models are eliminated, model thresholds are adjusted, model logic and data cleaning rules are optimized, and model accuracy and effectiveness are improved.

(6) From RPA to IPA: A Catalyst for Intelligent Finance and Intelligent Auditing in Financial Enterprises

The artificial intelligence (AI) technologies mainly applied in financial and audit digital transformation include three categories: Natural Language Processing (NLP), knowledge graphs, and Machine Learning (ML). NLP technology possesses the ability to perceive and understand natural language, enabling real-time and efficient interaction with system data. Knowledge graphs and intelligent reasoning technology enable systems to automatically retrieve and read information and conduct intelligent Q&A with users, achieving the transformation from people searching for data to data finding people. Applying machine learning allows systems to scientifically predict, reasonably control, and intelligently analyze based on understanding business knowledge.

RPA, as a pioneering application of AI technology in finance and auditing, has gained widespread recognition in financial enterprises. However, RPA does not represent the top development technology of AI nor the advanced model of "intelligent finance" or "intelligent auditing." With the deepening development of AI technology and increasing demand for intelligence in financial enterprises, the application of IPA (Intelligent Process Automation) will become the general trend. Based on RPA, IPA integrates the complexity of AI and expands the robot's scope of work through auxiliary technologies such as NLP, OCR (Optical Character Recognition), and ML, further unleashing the potential and value of automation. Compared with traditional RPA, AI-enhanced IPA offers greater advantages in reading unstructured data, making decisions, ensuring task execution accuracy, and connecting human-machine interaction tasks. With the deep development of AI technology, based on powerful deep learning, computing, and response capabilities, "following RPA and IPA, AI technology applications in finance and auditing may even autonomously collect and analyze information and replace humans in making business decisions like humans do." Through the systematic application of new-generation internal control software development and information technology, it is hoped that internal control design defects like those at Société Générale can be resolved and information system technical vulnerabilities can be plugged.

V. Digital Transformation of Financial Enterprises: Enabling Precise Internal Control and Enhancing Risk Management Effectiveness

Digital transformation utilizes new-generation information technology to reshape and transform enterprise business models. Researchers Jiao Zongshuang and Zhang Xueying from the China Academy of Information and Communications Technology (2020) believe that digital transformation is driven by new-generation information and communication technologies such as big data, cloud computing, artificial intelligence (AI), and blockchain, with data as the key element. By achieving production intelligence, marketing precision, operational datafication, and management wisdom, it spawns new business forms, models, and drivers, realizing high-quality, cross-domain synchronized development driven by innovation.

Audit digitalization represents the organic integration of digital technology and audit work. In the process of enterprise audit digital transformation, the focus is on enhancing attention to the security, reliability, and economy of information technology, accelerating the construction of an audit digital capability system, and promoting the development of digital audit standards and talent teams. If computer-assisted auditing and internet auditing under the influence of information technology are considered internal auditing in the informatization era, then as society moves from the informatization era to the digital intelligence era driven by the development and widespread application of new-generation information technologies such as big data, AI, mobile internet, cloud computing, the Internet of Things, and blockchain, the era of internal audit digital intelligence has arrived. "Internal audit digital intelligence is the collective term for internal audit digitalization and internal audit intelligence, representing an iterative upgrade of internal audit informatization in the informatization era. Internal audit digitalization is the data foundation for internal audit intelligence; without the datafication brought by internal audit digitalization, there would be no internal audit intelligence." Through digital transformation of business, finance, and auditing, financial enterprises continuously strengthen these functions, enrich internal control audit perspectives, and enhance risk control effectiveness. Digital transformation has become the inevitable path for financial enterprises' internal control and risk management to adapt to the digital intelligence trend and improve development quality.

(1) Strengthening Audit Supervision and Promoting Automation, Real-Time Capability, and Intelligence in Internal Auditing

In May 2018, President Xi Jinping emphasized at the first meeting of the Central Audit Committee: "We must adhere to technology-strengthened auditing and enhance audit informatization construction." We must strengthen the application of audit supervision technology, seek resources from informatization and efficiency from big data, actively expand the use of digital technologies such as "Internet Plus," cloud computing, big data, AI, and blockchain in internal audit work, vigorously promote digital audit models, and use digital technology to achieve full coverage of internal auditing. Internal auditing should strengthen digital audit supervision capability construction and promote the automation, real-time capability, and intelligence of audit methods and content.

In August 2020, the General Office of SASAC issued the Notice on Accelerating the Digital Transformation of State-Owned Enterprises, proposing digital transformation concepts such as "data-driven, integrated innovation, and win-win cooperation," clarifying the foundation, direction, focus, and measures for digital transformation of state-owned enterprises. Financial enterprises in the digital economy era should accurately recognize changes, respond scientifically, and actively seek change, accelerating transformation to cultivate new development drivers. In September 2020, the SASAC Supervision Bureau issued the Implementation Opinions on Deepening Internal Audit Supervision Work in Central Enterprises, proposing that big data auditing currently needs to promote the construction and application of internal audit informatization. By building an "business-audit integration" informatization platform that integrates decision-making, investment, finance, funds, operations, and internal control business information systems, data sharing can be achieved. On this basis, big data, cloud computing, AI, and other methods can be actively applied to conduct big data-assisted auditing, while exploring the establishment of real-time audit supervision platforms to achieve real-time supervision and improve audit quality.

(2) Main Pathways for Audit Digital Transformation

Audit digital transformation must align with financial enterprises' internal audit strategic planning while also proceeding gradually in coordination with the overall digitalization level of the enterprise.

1. Top-Down Approach

Through top-level design of audit informatization, plan and design an audit business support and analysis application system that supports online interconnection, in-depth analysis, and real-time warning in functionality, and multi-level management and advanced technology routes in architecture. Fully consider business and information linkage between risk control and internal auditing, clarify the development direction and implementation route of internal audit informatization, and clearly define the direction of audit digital transformation from the top down. Fully evaluate the feasibility of informatization and digitalization support required for internal audit digitalization, adequately plan the support needed for audit digital transformation from both business and technical levels, plan before implementation, ensure current plans are implementable, and achieve effective results in future implementation.

2. Pilot-First Then Scale-Up Approach

Through pilot verification, conduct pilot implementation in business areas and user promotion scope, selecting high-risk business areas and scopes with high informatization levels for pilot promotion of audit informatization. Combine audit project on-site verification, internal and external expert verification, and other methods to comprehensively and multi-dimensionally verify the efficiency and effectiveness of audit digital transformation, providing an论证 basis for full-scale audit digital transformation, ultimately achieving full-domain, full-user scope audit digital transformation.

This pathway suits large enterprises, adopting a big data perspective to achieve overall monitoring of the entire business chain, truly focusing on high-risk areas. Through multi-domain and multi-subsidiary pilots, it effectively improves audit efficiency and significantly enhances audit coverage. Based on the visualization design principle of "global overview + detailed display," for pilot areas, it uses big data analysis and AI technology for data mining, builds big data audit models, conducts visual design of big data models, and displays audit results and risk content more profoundly and concisely, ultimately achieving group-wide, multi-domain promotion from the group level to realize audit transformation.

3. Momentum-Following Approach

Some industries have high IT maturity, such as telecommunications and internet industries. With the arrival of the mobile internet era and explosive growth in data volume, traditional auditing can no longer meet industry risk identification needs in the big data era. To adapt to development, these industries fully leverage internal audit functions while continuously updating audit digitalization thinking and technical levels with the development of informatization and digitalization, striving to maintain a leading edge in audit digitalization technology.

4. Mechanism Precipitation Approach

The mechanism precipitation digital transformation pathway forms a closed-loop management of the entire audit lifecycle by combining operational activity importance evaluation for planning assessment, conducting data auditing through data exploration and mining, and applying and managing digital audit results through continuous audit projects and data audit projects. Enterprise internal audit departments implement full lifecycle management of data auditing from planning assessment, data mining, topic selection and modeling, development and implementation, application promotion, to audit follow-up for known risks and issues, solidifying big data auditing into audit mechanisms.

5. Data Focus Approach

Professional organizations are an important component for achieving audit digital transformation. The development of big data auditing also requires strong support from professional teams, but audit digitalization demands often do not match audit talent capabilities. Professional audit institutions have professional data analysis talents that can assist enterprises in continuously exploring "remote + on-site" data audit models, supporting normalized audit projects through big data analysis, promoting sharing and improving efficiency; enhancing risk identification in key areas, conducting risk analysis and prediction more comprehensively, efficiently, and intelligently, and continuously promoting the improvement of the company's overall refined management level.

(3) Key Considerations for Financial Enterprise Audit Digital Transformation

Financial enterprises should conduct comprehensive assessments from three aspects—business, data, and systems—to establish suitable audit digital transformation pathways, areas, and methods that align modern audit work with audit demands and match informatization levels.

1. Feasibility Analysis

Audit digital transformation must begin with feasibility analysis. Based on the financial enterprise's business and risk assessment, clarify the business scenarios and rules of the audited area, and comprehensively determine executable big data audit areas by combining the systems and data support involved in financial business. In terms of systems, comprehensively evaluate from system functional completeness, data transmission integration level, logical configuration rationality, and business support effectiveness. In terms of data, comprehensively evaluate from data structurization level, data granularity, data accuracy, and data completeness.

2. Audit Model Design

The foundation of big data audit model design is to use various methods such as comparative analysis, keyword search, behavioral characteristic analysis, trend analysis, cluster analysis, decision tree analysis, structural analysis, hierarchical analysis, and neural network analysis to mine anomalies in financial data and business processing, as well as associated scenarios and risks between business and financial data. Combined with process automation, machine learning, and unstructured data analysis technologies, audit model judgment capabilities are enhanced.

3. Business Data Preparation

Design data access specifications based on different data sources, including data extraction methods, data cleaning rules, and integration logic. Establish data access, storage, and preprocessing rules to form data templates. Through data screening and collection from multi-channel data sources, access various operational and financial data required by models during the audit period to form an audit data warehouse.

4. Model Optimization and Application

In the design and application of financial enterprise digital audit models, it is necessary to evaluate the accuracy of big data audit models based on various risk evaluation algorithms such as precision and recall methods, cost-sensitive error rate methods, and mean square error methods to assess the reasonableness and accuracy of audit clues and issues discovered through data analysis. Through multi-faceted model validation, model results are summarized, invalid models are eliminated, model thresholds are adjusted, model logic and data cleaning rules are optimized, and model accuracy and effectiveness are improved.

5. Big Data Audit Platform Construction

By building a big data audit platform, audit models are solidified, and appropriate visualization forms are selected to vividly and intuitively display semantic features contained in data. Financial enterprise audit digitalization models are embedded in visualization tools and can penetrate audit project details to support visualization results, enabling auditors to comprehensively assess business risks from both "macro" and "micro" perspectives and improving audit efficiency and effectiveness.

6. Continuous Audit Process Solidification

Coordinated with big data audit construction, continuous audit operation processes should also be solidified. For audit items automatically generated by financial enterprise audit models, responsibilities should be defined for "who is responsible, who follows up, who rectifies, and who closes the item," forming a closed-loop management mechanism for audit items to improve audit rectification timeliness. This truly transforms big data auditing into continuous auditing and integrates it into daily internal audit workflows to empower internal auditing in financial enterprises.

VI. Intelligent Auditing: A Critical Tool for Future Financial Enterprise Internal Control and Risk Management

The Regulations on Internal Audit Work (Order No. 11) issued by China's National Audit Office in 2018 requires internal audit to fulfill twelve responsibilities. In 2019, the General Office of the National Audit Office issued the 2019 Internal Audit Work Guidance (Shen Ban Nei Shen Fa [2019] No. 39), proposing that internal audit institutions should play a vital role in achieving full audit coverage by innovating audit methods, optimizing organizational approaches, highlighting audit priorities, striving to achieve full audit coverage, ensuring all necessary audits are conducted, eliminating audit supervision blind spots, and increasing audit supervision intensity. Through technological innovation to further improve audit efficiency, focusing on core risks within financial enterprises, and expanding audit coverage has become an important topic for current internal audit innovation and quality improvement. We should actively innovate audit methods and work models, improve data storage management efficiency and standardization levels, accelerate the deep integration of digital technology and audit business, accelerate the pace of audit digital transformation, strengthen reusable data audit methods, and achieve intelligent auditing on this basis, shifting from "human auditing" to "machine auditing" as the primary approach.

(1) Practical Problems in Current Data Auditing

Currently, data auditing applications are mainly concentrated in banking, insurance, and securities enterprises. Faced with a big data audit environment, traditional data auditing methods of constructing audit intermediate tables and audit analysis models have gradually transitioned to professional data mining algorithm technologies. Data auditing still faces many application effectiveness issues. First, insufficient big data processing capability: current data auditing objects are mainly structured data, unable to process unstructured data such as text, images, and geographic locations. Second, low automation level in execution: many repetitive audit procedures in daily audit project execution lack automated inspection tools and still rely on manual sampling methods, resulting in low efficiency. Third, lack of intelligent applications: "existing data auditing methods cannot provide auditors with intelligent decision-making suggestions such as risk prediction and model expansion." Against this background, there is an urgent need to comprehensively apply and integrate big data analysis automation, artificial intelligence, and other technologies to explore a completely new intelligent audit ecosystem based on existing data auditing.

(2) Digital Intelligence Technology Empowering Financial Industry Audit Transformation

Audit digital transformation affects the future landscape of auditing. The emergence of various intelligent technologies has broken the limitations of traditional data auditing in terms of data scale, scope, and type. Intelligent audit applications that integrate advanced data analysis, cognitive technology, intelligent prediction, agile methods, and robotic process automation will provide comprehensive digital empowerment for financial enterprise internal auditing to reach a higher level. Intelligent auditing can not only reduce the time for audit data collection and analysis and greatly reduce repetitive operations in audit work but also allow auditors to devote more time and energy to important issues and timely provide valuable management recommendations to decision-makers. The advantages of intelligent auditing are mainly manifested in three aspects:

1. Comprehensive Analysis Capability for Big Data

Intelligent auditing uses a Data Lake architecture (a system or storage that stores data in its natural/raw format, usually object blocks or files, typically a single storage for all enterprise data, which can be built in local data centers or on the cloud), constructs a big data audit platform and audit data operation and management mechanism, collects and stores various structured and unstructured data from inside and outside the enterprise, and achieves professional processing of various data, including collection, processing, conversion, storage, exchange, association, sharing, and management. For example, for internal auditing in banks, by comprehensively analyzing retail customers' expenditure patterns, payment channels, consumption habits, and other data, auditors can comprehensively, dynamically, and authentically obtain overall information about audit objects, providing valuable references for internal audit departments' credit evaluations of relevant customers.

2. Efficient Automated Processing Capability

Intelligent auditing uses audit robotic process automation (RPA; business process automation technology based on software robots and AI; an RPA system is an application that automates end-user manual operation processes by mimicking manual operations on computers) to replace manual execution of repetitive and deterministic audit actions with clear definitions and minimal exceptions. This achieves savings in audit labor costs and rational allocation of audit resources, forming a focused audit resource capability. This technology can help auditors complete repetitive transactional work such as external data mining, data collection, data comparative analysis, system security checks, and audit working paper preparation. Additionally, using AI technologies such as pattern recognition (text recognition, facial recognition, voice recognition) can provide auditors with full-sample inspections of unstructured data.

3. Intelligent Insight Capability into Financial Business Risks

Intelligent auditing applies machine learning technology to directly process and analyze large amounts of audit object data, helping auditors reveal hidden data relationships. Intelligent auditing is neither purely information technology development and computer network application nor purely human brain function development but rather the collaborative development of auditors' intelligence and tool intelligence. Intelligent auditing is a process of continuously enhancing audit value, a new generation of auditing that continuously develops during the process of audit digital transformation and intelligent application. It uses high-tech such as artificial intelligence as infrastructure and core elements to achieve comprehensive integration of AI and auditing and continuously empower audit organizations. In the era of intelligent auditing, transactional and repetitive work in financial enterprise auditing will shift from "manual" to "artificial intelligence," with various intelligent audit software automatically completing audit data collection, data preprocessing, data analysis, clue verification, and audit report generation "intelligently" according to auditors' thinking.

(3) Three Types of Intelligent Auditing

1. Assisted Intelligent Auditing

Assisted intelligent auditing primarily supports auditors' decision-making or corresponding actions through machine intelligence, which can be called audit process automation. When using assisted intelligent auditing systems, auditors' experience and thinking still play a decisive role, and auditors retain final decision-making authority. Assisted intelligent auditing systems support and help auditors fully identify possible anomalies and risks, provide valuable and insightful consulting recommendations to management, assist financial enterprise risk management and control, and improve operational performance.

2. Augmented Intelligent Auditing

Augmented intelligent auditing demonstrates excellent audit analysis intelligence and learning capabilities, serving as an important supplement to auditors' decision-making. In this scenario, auditors and intelligent auditing systems make decisions together, performing audit work that was previously difficult to complete. For example, using machine learning modeling methods to mine clues or analysis dimensions that are difficult to discover through auditors' thinking alone, thereby more deeply identifying financial risk scenarios and data sources and designing data indicators and analysis models.

3. Autonomous Intelligent Auditing

Autonomous intelligent auditing often does not require auditors' assistance or participation. It adapts to different audit situations through autonomous learning and can make decisions or take actions independently, with auditors delegating decision-making authority to the intelligent auditing system. In this scenario, the intelligent auditing system can creatively and effectively adapt to new audit environments, understand possible situations of audit objects, make appropriate responses and decisions based on judgment, and conduct productive interactions with audit objects without intervention. For example, in financial product marketing audit scenarios, "intelligent systems can adaptively handle different marketing media such as voice, images, and text, autonomously analyze marketing personnel's language, including sensitive word recognition, sentiment analysis, and evaluation scoring, and use AI perception technology to independently audit and evaluate marketing content."

(4) RPA Application Scenarios in Auditing

RPA is a set of software-based business processes that use various forms of artificial intelligence to perform repetitive tasks or tasks that can be learned through software algorithms. Historically, RPA initially emerged as a form of "data scraping" that extracted data from fixed-format outputs such as screens or paper printouts. Robot software has evolved into enhanced graphical visualization software and underlying data collection technology. With enhanced data collection capabilities, the software's logic primarily addresses repetitive activities such as tracking, matching, and guaranteeing. Subsequently, a layer of software learning intelligence and analysis of exceptions, anomalies, and hidden rule-based analysis was added.

Today, RPA is applied in universal big data applications such as banking, mortgage application processes, sales, OCR, and data extraction, and increasingly in auditing. "A 2017 article by PricewaterhouseCoopers estimated that 45% of global labor tasks could be automated. In November 2019, Deloitte disclosed that it widely uses RPA in financial audit processes. The rapid application of RPA from 2017 to 2019 not only demonstrates a near-perfect match between technology and demand but also shows that the return on investment argument has been fully proven."

RPA application in auditing is similar to many intelligent software applications—it is a layered framework that begins with data collection (a simple, repetitive task) and ends with visual deliverables for decision-makers (an evolving intelligent task):

1. Rule-Based Activities
Rule-based activities involve matching, guaranteeing, and tracking that can be performed after data collection. For example, once a set of invoices and delivery reports is obtained through OCR or extraction from ledgers, rule-based software can create a matching set between them without manual intervention. The software can also be programmed to attempt matching multiple deliveries to a single invoice (or vice versa) by obtaining details such as delivery dates from underlying paper documents or assuming a close date. Of course, for entities using Extensible Markup Language (XML) or its business derivative Extensible Business Reporting Language (XBRL), OCR is less relevant, and direct data extraction will reduce errors in underlying processes and subsequent rule-based applications.

2. Sample Selection for Auditor Actions
Sample selection for auditor actions represents one of the top actionable stages that RPA can provide. By creating explicit rules or setting exceptions for guarantees, tracking, or matching, a risk-ranked set of exceptions can be provided for human interaction. Guaranteeing, tracking, and matching are simple RPA repetitive tasks that either produce perfect results or imperfect results (with exceptions). These exceptions can be executed manually in business processes or by auditors. This stage is suitable for auditing by creating implicit rules, which can also be part of the audit process because it can determine expected behavior of data sets and then find anomalies. By nature, exceptions can be internal control breakdowns or the basis for substantive testing of specific transactions. For example, an implicit rule "adjusts the timestamp of journal entries to 20 days after the period they claim to adjust"; this exception makes sense. "Month-end closing typically occurs about three weeks after month-end. However, if adjusting journal entries appear significantly later than 20 days, auditors may be suspicious of these implicit rule exceptions and select them for additional analysis by the audit team."

3. Visual Delivery for Decision-Makers
Visual delivery for decision-makers stems from the visualization of static historical data, unmodified data, or data that changes rapidly during analysis. Visual deliverables can be superimposed on RPA, for example, by providing financial risk-based visualization to assist in financial enterprise audit processes. Colors, shapes, and volumes can help audit teams identify areas with increased misstatement risk and areas where audit procedures have addressed such risks. RPA algorithms can learn different problems for fixed asset auditing versus revenue auditing. Once the algorithm knows how to identify which implicit rules and exceptions are more vulnerable to risk, it can provide a smarter, more focused deliverable for auditors to review. For example, for most financial enterprise financial audits, revenue overstatement and premature recognition are persistent risks. If 10 implicit rules are derived with a constant rule class, RPA may be able to rank them based on past audit responses. If the implicit rule for revenue delayed recording exceptions through adjusting journal entries consistently receives auditor attention, RPA will learn to maximize its efforts in this area. Auditors typically do not suspect rounding errors due to large invoice amounts, so RPA is relatively more sensitive to such errors.

VII. The Future of Digital Intelligence-Driven Banking Risk Control

(1) AI Empowering Transformation of Banking Internal Auditing

Thanks to the rapid development of new technologies such as big data, cloud computing, and artificial intelligence, banks' off-site monitoring and management scenarios are becoming increasingly rich. Most institutions have established off-site monitoring systems serving business operations, internal control compliance, risk management, and audit supervision, gradually moving toward full business, full scenario, full data, continuous dynamic, and intelligent off-site monitoring systems. While digital transformation enhances bank customer experience, it also brings many challenges to risk control and internal auditing in the banking industry. Driven by the digital wave, operational risks such as market risk, business risk, financial risk, and compliance risk continue to increase, becoming more concealed and difficult to control, making internal auditing increasingly important and audit departments placing greater emphasis on internal control auditing and risk management auditing.

Domestic banking is developing and changing rapidly, and a small number of institutions still have imperfect internal control compliance systems. Additionally, "due to the diversification of internal违规 operation methods and the complexity and variability of违规 and illegal actions, bank auditors have always lacked a tool to effectively mine hidden information beneath surface information from massive business data and huge customer groups. Relying on traditional audit tool systems has become increasingly difficult to match the internal control and compliance requirements of the digital era, making the establishment of an intelligent, flexible, and efficient audit supervision platform extremely urgent." With continuous innovation in banking financial technology, remote audit models and various intelligent audit tools are gaining increasing favor among audit practitioners. As intelligence approaches, wisdom shapes the future. Audit digital intelligence affects the future landscape of auditing, and the emergence of various intelligent technologies breaks the limitations of traditional data auditing in terms of data scale, scope, and type. Intelligent audit applications that integrate advanced data analysis, cognitive technology, intelligent prediction, agile methods, and robotic process automation will provide comprehensive digital empowerment for internal auditing to reach a higher level.

(2) Application of Digital Twins in Commercial Bank Auditing

"The metaverse can be regarded as a new world integrating the physical world and the digital world, called the third-generation Internet (Web 3.0), which can be subdivided into three-dimensional Internet and value Internet." The metaverse provides a new path for digital transformation of human society. Its comprehensive intersection with "post-human society" creates a new era with the same historical significance as the Age of Discovery, the Industrial Revolution, and the Space Age. The metaverse will empower all industries, stimulate new development functions in traditional industries, and achieve high-quality industry development. Zhang Lijun, Enterprise Technology Strategy Architect at DELL Technologies Greater China, believes that the metaverse's foundational technologies, namely AI-supported generation logic, include application scenarios such as significantly improving computing performance; generating non-repetitive massive content to achieve spontaneous organic growth of the metaverse; driving virtual digital humans to present content to users in an organized manner; and massive content review. Digital twin technology plays the role of realizing the blueprint of the metaverse technology world, with main application scenarios including: "establishing dynamic digital twins of physical objects in virtual space, using sensors to map the ontology's operating status and external environmental data to the twin in real time, building an extremely detailed realistic environment for the metaverse, and creating an immersive presence experience."

In 2021, the Internal Audit Department of Bank of Jiangsu (stock code: 600919) continuously conducted research-oriented auditing in the scientific research project application research organized by the Jiangsu Provincial Audit Department, closely focusing on big data audit characteristics, innovatively introducing digital twin theory and technology, proposing application models of digital twins in commercial bank big data auditing, exploring future development directions of commercial bank internal auditing driven by digital twins, and improving audit service capabilities. "Digital twins are digital shadows of physical products. By integrating with external sensors, they reflect all characteristics of objects from micro to macro, display the evolution process of product life cycles, and achieve seamless integration covering product design, production, and operation and maintenance."

1. Combining Experts and Internal Audit Backbones with Parallel Research and Application Promotion

To ensure the smooth and orderly implementation of research work, Bank of Jiangsu established a project leadership team headed by the Chairman of the Supervisory Board, who is responsible for overall planning and providing policy support and theoretical guidance for the research; the General Manager of the Internal Audit Department is responsible for the research progress plan and implementation process management. A project research team composed of five audit backbones from the Internal Audit Department is responsible for implementing the leadership team's work requirements, investigating the current status of big data auditing research in commercial banks at home and abroad, conducting theoretical research on digital twins and big data technology, promoting the practical application of new-generation information technology in Bank of Jiangsu's internal auditing, and directly transforming research results into real value. "Bank of Jiangsu also specially invited Vice President Wang Huijin and Deputy Dean Li Tingliao from Nanjing Audit University as expert group members to guide the research team."

2. Innovating Internal Audit Models with Prominent Application Effects

Bank of Jiangsu's research and practice show that during data collection, the internal logic of business should first be clarified to form a data resource view. Then, from inside and outside the bank, various collection and conversion methods such as automatic data loading, external data crawling (crawling, a computer science term announced in 2018; a method of obtaining relevant World Wide Web resources based on web page links), and unstructured data conversion should be used to integrate data with non-uniform standards and structures. Then, data governance should be conducted regularly, data quality should be assessed periodically, data governance issues should be resolved promptly, and system capacity and performance should be monitored and optimized to lay a high-quality data foundation.

During digital modeling, data analysis, statistical analysis, and data prediction modeling technologies should be combined to continuously establish and optimize audit models that simulate risk levels and evolution patterns under business operation conditions, helping achieve audit objectives such as monitoring non-performing assets, strengthening case prevention, evaluating duty performance, and promoting innovation. In model management, a professional model system should be constructed and improved from multiple dimensions, continuously strengthening model development process control, increasing model promotion and sharing efforts, and strengthening model lifecycle management to provide a model foundation for big data auditing that can truly simulate business risk states.

During interactive application, effective feedback of audit results to business and deep application in business should be emphasized. Audit model thinking should be embedded into the bank's intelligent risk control system to promote real-time risk warning. "Audit monitoring model results are automatically pushed to business departments to achieve pre-event blocking of risk matters. Rectification problem ledgers, reconciliation and cancellation, and project audit tracking are used to promote audit problem rectification, fully leveraging the auxiliary role of internal auditing in commercial bank risk management." Bank of Jiangsu's 2024 annual report shows that in 2024, it achieved operating revenue of 80.82 billion yuan, a year-on-year increase of 8.778%; net profit of 31.84 billion yuan, a year-on-year increase of 10.76%; and return on net assets of 13.59%. From January to June 2025, total operating revenue was 44.86 billion yuan, a year-on-year increase of 7.782%; net profit was 20.24 billion yuan, a year-on-year increase of 8.05%.

Financial enterprise audit institutions should take big data auditing as the core, use key technical means such as AR/VR/XR (Augmented Reality/Virtual Reality/Extended Reality), cloud computing, blockchain, and digital twins, accelerate audit digitalization and intelligent construction, adapt to the formation and development of smart banks, and fully leverage the important role of internal auditing as the "economic physical examination" in the financial industry to help enterprises achieve high-quality development.

(3) Cultivating Intelligent Audit Talent to Accelerate Intelligent Internal Auditing in the Financial Industry

The rapid development of artificial intelligence has profoundly changed human social life and the world. After more than 60 years of evolution, especially driven by new theories and technologies such as mobile internet, big data, supercomputing, sensor networks, and brain science, as well as strong demand from economic and social development, AI has accelerated its development, presenting new characteristics such as deep learning, cross-boundary integration, human-machine collaboration, group intelligence openness, and autonomous control. Big data-driven knowledge learning, cross-media collaborative processing, human-machine collaborative enhanced intelligence, group integrated intelligence, and autonomous intelligent systems have become development priorities for AI. Brain-inspired intelligence inspired by brain science research is poised to take off, and the trend toward chip-based, hardware-based, and platform-based systems is becoming more obvious, marking a new stage in AI development. Currently, new-generation AI is triggering chain breakthroughs, promoting all fields of economy and society to accelerate the leap from digitalization and networking to intelligence.

1. Artificial Intelligence Changing Corporate Governance Mechanisms Including Internal Control and Auditing

Regarding future directions and priorities that may trigger paradigm changes in AI, the Chinese State Council's July 2017 Notice on Issuing the New Generation Artificial Intelligence Development Plan (Guo Fa [2017] No. 35) pointed out: "Advanced machine learning theory should focus on breakthroughs in adaptive learning, autonomous learning, and other theoretical methods to achieve AI with high interpretability and strong generalization capabilities. Brain-inspired intelligent computing theory should focus on breakthroughs in brain-inspired information encoding, processing, memory, learning, and reasoning theories, forming theories and methods for brain-inspired complex systems and brain-inspired control, establishing new models for large-scale brain-inspired intelligent computing and brain-inspired cognitive computing models. Quantum intelligent computing theory should focus on breakthroughs in quantum-accelerated machine learning methods, establishing hybrid models of high-performance computing and quantum algorithms, and forming efficient, accurate, and autonomous quantum AI system architectures."

As the core driving force of a new round of industrial transformation, AI will spawn new technologies, products, industries, business forms, and models, trigger major changes in economic structure, profoundly change human production and lifestyle and thinking patterns, and achieve an overall leap in social productivity. "By 2030, AI theory, technology, and applications will reach a world-leading level overall, becoming a world-leading AI innovation center, with intelligent economy and intelligent society achieving obvious results, laying an important foundation for becoming an innovative country and an economic power." The rapid development of AI will profoundly change and enhance corporate and social governance mechanisms, including financial and audit businesses.

2. Intelligent Audit Talent as the Backbone of Financial Industry Risk Prevention and Control

With the development and widespread application of new-generation information technologies such as cloud computing, big data, the Internet of Things, and AI, human society has entered the digital intelligence era. The development of new-generation information technologies and explosive data growth have driven financial enterprises to undergo major changes in management architecture, management methods, business organizational forms, and information systems. The core of financial enterprise management has shifted to managing data, understanding data, and making decisions based on data. Traditional risk control and audit methods can hardly meet the needs of financial enterprise management improvement. Therefore, innovating audit methods and tools, developing intelligent audit technology, and building an intelligent risk control and audit system that conforms to big data management models are important tasks in the current audit field and the development direction of audit practice.

Intelligent audit talent is a necessary condition for conducting intelligent auditing. The whole society should attach importance to cultivating composite talents, both vertically composite talents who understand AI theory, methods, technology, products, and applications, and horizontally composite talents who master "AI+" economics, society, management, standards, and law. Universities should be encouraged to form new composite professional training models of "AI+X," emphasizing the cross-integration of AI with mathematics, computer science, physics, biology, psychology, sociology, law, and other disciplines. Industry-academia-research cooperation should be strengthened, encouraging universities, research institutes, and enterprises to cooperate in AI discipline construction and vigorously cultivate composite talents in intelligent finance and accounting and intelligent auditing.

The Intelligent Auditor is both a new professional title and a composite talent of "AI+." It refers to composite talents who can innovate audit methods and tools, master and develop IT audit and big data audit technologies, build intelligent risk control and audit systems that conform to informatized big data management models, and use digital and intelligent technologies to support internal audit operations. Intelligent auditors are intelligent audit management personnel who can help enterprises achieve audit transformation and upgrading and promote the development of audit fields and practices. To effectively solve the problem of talent shortage in risk control and auditing under big data, informatization, and intelligent environments, the China Commercial Accounting Society has launched an "Intelligent Auditor" training program aimed at cultivating professional talents who meet the requirements of future audit digital intelligence work. "Intelligent Auditors" are composite talents who can master information technology methods, data mining and analysis technologies, and intelligent audit technologies and skillfully apply them to audit practice. "Intelligent Auditors" will contribute to the development of intelligent auditing in China.

VIII. Conclusion

In April 2020, the National Development and Reform Commission and the Cyberspace Administration issued the Notice on Promoting the "Cloud-Data-Intelligence" Action to Cultivate New Economic Development (Fa Gai Gao Ji [2020] No. 552), requiring: "Further accelerate industrial digital transformation, cultivate new economic development, help build a modern industrial system, and achieve high-quality economic development." Digital transformation is the cornerstone for improving the operational efficiency of financial enterprises. Digital transformation is an important means to enhance and stimulate the driving force of financial enterprises and an important way to cultivate new development drivers. We should further strengthen digital transformation concepts such as data-driven, integrated innovation, and win-win cooperation, promote the digitalization, networking, and intelligent development of financial enterprises, enhance competitiveness, innovation, control, influence, and risk resistance, and continuously strengthen internal control and risk management of financial enterprises.

The State Council's January 2022 "14th Five-Year Plan" for Digital Economy Development emphasizes the need to "guide enterprises to strengthen digital thinking and improve employees' digital skills and data management capabilities," "vigorously develop digital commerce, comprehensively accelerate the digital transformation of service industries such as commerce, logistics, and finance, optimize management systems and service models, and improve the quality and efficiency of the service industry." Based on comprehensive consideration of financial enterprises' own business models, corporate philosophy, management operations, and technical capabilities, we should do a good job in the overall planning of digital transformation and formulate stage goals and construction paths. As an important foundation and guarantee for financial enterprise governance, auditing plays an important role in the digital economy era. Financial and audit digital transformation is also an organizational and talent upgrading transformation that requires upgrading the capabilities of existing organizations and talents and vigorously cultivating and introducing professional talents to truly support the successful achievement of digital transformation.

In summary, the essence of internal control management in the financial industry lies in risk control. Therefore, financial enterprises should uphold risk prevention and control awareness under the background of "Internet Plus" and "Intelligence Plus," achieve effective risk identification and evaluation, summarize potential factors causing enterprise risks based on existing internal control problems, analyze their specific impact levels, compile specific risk lists, and establish risk case databases based on practical experience in risk prevention to further improve the internal control risk system of financial enterprises.

"Accelerating digital development and building a digital China" is an important part of the national "14th Five-Year Plan" and 2035 long-term goals outline. Financial enterprise internal control and risk management also face opportunities and challenges brought by digital transformation. Digitalization, networking, and intelligence will help financial enterprise internal control become more rigorous, timely, accurate, and efficient. In digital transformation, financial enterprises should continuously improve and strengthen internal control and risk management functions, continuously enhance internal control effectiveness, and help enterprises achieve high-quality development.

References

[1] Accounting Encyclopedia. Internal Control [DB/OL]. [2023-06-08]. http://baike.esnai.com/history.aspx?id=23393
[2] Erwin Schrödinger. What Is Life? [M]. Translated by Xiao Meng. Tianjin: Tianjin People's Publishing House, 2020: 110.
[3] Ministry of Finance of China and four other departments. Notice on Issuing the Basic Norms for Enterprise Internal Control (Cai Kuai [2008] No. 7) [EB/OL]. (2008-07-02) [2025-08-29]. http://www.gov.cn/zwgk/2008-07/02/content_1033585.htm
[4] China Accounting Network. Case Analysis of Société Générale Internal Control [DB/OL]. (2018-09-10) [2025-08-28]. http://m.canet.com.cn/view-618067-1.html
[5] Nickname 40301303. Case Analysis of Société Générale's Huge Loss in 2008 [DB/OL]. (2022-05-12) [2025-09-05]. http://www.360doc.com/content/22/0512/17/40301303_1031015662.shtml
[6] Ministry of Finance of China and four other ministries. Notice on Issuing Supporting Guidelines for Enterprise Internal Control (Cai Kuai [2010] No. 11) [EB/OL]. (2020-05-05) [2025-09-05]. http://www.gov.cn/zwgk/2010-05/05/content_1599512.htm
[7] Ministry of Finance of China. Notice on Issuing the Internal Control Standards for Small Enterprises (Trial) (Cai Kuai [2017] No. 21) [EB/OL]. (2017-07-07) [2025-09-05]. http://www.gov.cn/xinwen/2017-07/07/content_5208800.htm
[8] Bureau of Financial Management and Operation, SASAC. SASAC Issues Guiding Opinions on Accelerating the Construction of a World-Class Financial Management System for Central Enterprises [EB/OL]. (2022-03-02) [2025-08-28]. http://www.sasac.gov.cn/n2588035/c23471965/content.html
[9] Qingdao Jiuyi Finance. Industry News Interpretation: Will "Deloitte Financial Robot" Replace Financial Accounting Positions? [DB/OL]. (2020-04-21) [2025-08-29]. https://zhuanlan.zhihu.com/p/133962911
[10] Beijing Top Information Technology Company. Heavy Release! Eight Major Trends in Enterprise Financial Digital Transformation in 2022 [EB/OL]. (2022-02-23) [2025-09-05]. https://baijiahao.baidu.com/s?id=1725534630890197570&wfr=spider&for=pc
[11] Jiao Zongshuang, Zhang Xueying. Industrial Internet and Manufacturing Digital Transformation [J]. Information and Communications Technology and Policy, 2020(3): 49-52.
[12] Jinyue Finance. Impact of New Technologies on Internal Audit Work: From Informatization to Digital Intelligence [DB/OL]. (2022-06-02) [2025-09-05]. https://baijiahao.baidu.com/s?id=1734516418864906697&wfr=spider&for=pc
[13] SASAC. Notice on Accelerating the Digital Transformation of State-Owned Enterprises [EB/OL]. (2020-09-21) [2025-09-05]. http://www.sasac.gov.cn/n2588020/n2588072/n2591148/n2591150/c15517908/content.html
[14] SASAC Supervision Bureau. Notice on Issuing the Implementation Opinions on Deepening Internal Audit Supervision Work in Central Enterprises (Guo Zi Fa Jian Gui [2020] No. 60) [EB/OL]. (2020-10-12) [2025-09-05]. http://www.sasac.gov.cn/n2588035/c15661368/content.html
[15] General Office of the National Audit Office. Notice on Issuing the 2019 Internal Audit Work Guidance [EB/OL]. (2019-04-29) [2025-08-29]. http://www.gov.cn/zhengce/zhengceku/2019-09/06/content_5427876.htm
[16] Zhang Qinglong, He Jianan, Rui Baisong. The Innovation Path of Internal Auditing in the New Era: From Data Auditing to Intelligent Auditing [J]. Finance and Accounting Monthly, 2021(22): 78-83.
[17] AACA China Official Website. Understanding the Application of Robotic Process Automation in Auditing [DB/OL]. [2025-09-05]. http://afcpa.cn/Item/Show.asp?m=1&d=3125
[18] JRJ.com. AI-Driven Future of Bank Auditing: Intelligent Auditing Methodology Based on Knowledge Graphs [EB/OL]. (2022-01-05) [2025-09-05]. https://baijiahao.baidu.com/s?id=1721105352323193723&wfr=spider&for=pc
[19] Fang Jun. Metaverse Super Introduction [M]. Beijing: China Machine Press, 2022: 6, 19.
[20] Song Zhenglong. Business Opportunities in the Metaverse [M]. Beijing: China Industry and Commerce Associated Press, 2022: 4.
[21] ENI Economic and Informatization Network. When the Metaverse Meets Industry, It's Time to Discuss Some Down-to-Earth Issues [EB/OL]. (2022-06-22) [2025-09-05]. https://www.sohu.com/a/559895302_120012740
[22] Sun Yanming, Pi Shenglei, Hu Yongjun, Sun Lijun. "Intelligent Plus" Manufacturing: Enterprise Empowerment Path [M]. Beijing: China Machine Press, 2020.
[23] Qu Minghuan. Conducting Research-Oriented Auditing to Promote Audit Digital Transformation [DB/OL]. (2021-11-29) [2025-09-05]. https://m.sohu.com/a/504126457_121106832/?pvid=000115_3w_a
[24] Eastmoney.com. Data Center - Bank of Jiangsu (600919) Performance Reports [DB/OL]. (2025-08-23) [2025-09-05]. https://data.eastmoney.com/bbsj/600919.html
[25] State Council. Notice on Issuing the New Generation Artificial Intelligence Development Plan [EB/OL]. (2017-07-20) [2025-09-05]. http://www.gov.cn/zhengce/content/2017-07/20/content_5211996.htm
[26] NDRC, Cyberspace Administration. Notice on Issuing the Implementation Plan for Promoting the "Cloud-Data-Intelligence" Action to Cultivate New Economic Development [EB/OL]. (2020-04-10) [2025-09-05]. http://www.cac.gov.cn/2020-04/10/c_1588063906057671.htm
[27] State Council. Notice on Issuing the "14th Five-Year Plan" for Digital Economy Development (Guo Fa [2021] No. 29) [EB/OL]. (2022-01-12) [2025-09-05]. http://www.gov.cn/zhengce/content/2022-01/12/content_5667817.htm