I’m Evelyn Khoo, Head of Internal Audit, APAC, with more than two decades across retail, luxury goods, and manufacturing — store and plant-floor audit, operational review, investigations, SOX compliance, and the system implementations that were supposed to make all of it easier. I’m now running a short, independent enquiry into what Heads of Internal Audit — and Controllers — actually want from agentic AI — not the vendor pitch, not the roadmap slide. Ten minutes of your priorities, in your words.
Like most internal auditors and controllers, I started in external audit. The move into internal audit and SOX compliance came before I understood the business — that came later, from the store floor: inventory write-offs, reconciling tills at close, operations audited through a different lens than the one I trained in. Two decades of audit committee reporting, cross-border investigations, and system rollouts later, that operational view is still the one I trust most.
Retail and manufacturing audit resists automation for a reason: cross-border transfers, Limited Risk Distributor structures, consignment and wholesale arrangements rarely fit a standard control framework. Which is exactly why I want to hear from practitioners before I believe a vendor’s demo.
This site is a personal research project, not a firm or a product — my own views, not made on behalf of any employer, past or present.
Control design embedded into ERP, POS, and inventory rollouts — audit involved before go-live, not after the first exception report.
Risk-based audit planning and execution across corporate and regional functions, with reporting lines running to the audit committee.
End-to-end walkthroughs of retail and manufacturing operations — supply chain, merchandising, production and clienteling — and the manual workarounds that live in the gaps between systems.
Fraud, misconduct, and policy-breach investigations — from a till discrepancy in one boutique to cross-border supply chain leakage.
Design and testing of ICFR programmes for listed retail and manufacturing groups, including remediation of deficiencies found the hard way.
Boutique-level control testing across flagship, outlet, and pop-up formats — cash handling, inventory shrinkage, consignment stock, and loss prevention.
Before asking practitioners for their time, I looked at what the recent survey data already shows. Two figures sit uncomfortably close together: adoption is racing ahead, confidence is not.
of audit functions are already piloting or using AI, with another 12% planning to within the year.
Source: Gartner CAE Survey, Jan 2026 ↗of CAEs rank building a culture of innovation and better use of GenAI as an important or extremely important 2026 priority.
Source: Gartner CAE Survey, Jan 2026 ↗cite business process improvement and cybersecurity as tied top investment priorities for the audit function.
Source: Protiviti, Top Risks for Internal Audit 2026 ↗report high or extremely high confidence that their function can actually build a tech-savvy audit culture.
Source: Gartner CAE Survey, Jan 2026 ↗of executives report running into real issues implementing AI in the past year — data quality, skills, and unclear use cases lead the list.
Source: RSM, 2025 implementation study“The gap isn’t whether to adopt AI. It’s that most of what’s being built wasn’t designed by anyone who had to learn the business from the store floor up — the way most of us did.”
This is the part the survey data can’t give me. If you lead an internal audit, controllership, risk, or controls function, I’d like ten minutes of your actual priorities — not for a product, not for a pitch, just for a clearer picture of what would genuinely help.
Responses are used solely to inform this independent research. Individual answers won’t be attributed without your permission; findings will be shared back in aggregate.