AI Regulation & Compliance
How evolving AI regulations affect the accounting profession — standards from AICPA, PCAOB, FASB, SEC, and international bodies on AI use in financial reporting.
U.S. Regulatory Landscape
PCAOB (Public Company Accounting Oversight Board)
The PCAOB oversees public company audits. Recent focus areas:
- AI-Augmented Audit Procedures: Guidance on using AI tools in audits while maintaining professional skepticism
- Auditing AI Systems: How auditors should evaluate client systems that rely on AI for financial reporting
- Testing & Validation: Standards for testing AI models used in audit procedures (sampling, analytics, exception detection)
- Lookout Statement (2024): PCAOB issued expectations for audit firms regarding AI governance and risk assessment
AICPA (American Institute of CPAs)
The AICPA sets professional standards. Recent initiatives:
- AI Governance Framework: Developing guidance for firms on using AI in tax, audit, and accounting services
- Competence & Continuing Education: CPAs must maintain competence in AI tools they use professionally
- Ethical Standards: AI systems must align with AICPA Code of Conduct (integrity, objectivity, competence)
- Risk Assessment: Firms must document AI-related risks and mitigation strategies
FASB & SEC
Financial reporting standards and disclosure requirements:
- Disclosure of AI Risks: Companies may be required to disclose risks related to AI in financial reporting and operations
- Internal Control Reporting: SEC Sarbanes-Oxley requirements extend to AI-augmented processes
- Accuracy & Completeness: FASB standards on what constitutes reliable financial information when AI is involved
International Standards
- IAASB (International Auditing & Assurance Standards Board): ISAs and AI guidance for international auditors
- EU AI Act: Proposed regulations on high-risk AI systems (includes financial services)
- OECD AI Guidelines: Recommendations on AI governance for organizations
- IFAC (International Federation of Accountants): Global standards and guidance on professional ethics and competence
Key Compliance Areas for Firms
Documentation & Audit Trails: All AI-assisted procedures must be logged, with clear rationale for decisions.
Quality Control: Firms must test AI systems before deployment. Validation must be documented.
Professional Skepticism: AI cannot replace professional judgment. Auditors must challenge AI outputs.
Cybersecurity & Data Privacy: AI systems handling financial data must comply with cybersecurity and privacy regulations (GDPR, CCPA, etc.).