TL;DR
The Financial Reporting Council has issued the UK’s first formal guidance for audit firms deploying generative and agentic AI, placing responsibility for any failure squarely on the auditor. The framework lands as EY rolls out an AI-powered Canvas platform and KPMG pilots orchestration agents on its Clara system.
A Regulator Trying to Keep Pace
EY’s global leadership previewed a revamped Canvas audit platform late last month that accelerates risk assessment, surfaces relevant accounting guidance in real time and pre-fills working papers. KPMG, meanwhile, has already embedded multiple AI tools into its Clara platform and is now testing orchestration agents that co-ordinate other models on routine audit work.
The FRC’s response, published this month, sets out three ways AI can cause an audit to misfire: a flawed input or model producing wrong output, misinterpretation of that output, or AI simply failing to perform enough work to meet the standard expected of a human auditor. Mark Babington, the FRC’s executive director of regulatory standards, put it bluntly to the FT: “You can’t blame it on the box. If you use this technology, you are still accountable for it.”
Context for UK Firms
Audit failures have cost UK investors billions over the past decade, from Carillion to Patisserie Valerie, and the Big Four’s appetite for AI has raised obvious concerns about oversight. The FRC’s principles-based approach contrasts with the more prescriptive US regime, where the PCAOB’s 2024 task force recommended standardised working papers to make AI easier to review. The FRC framework is deliberately light-touch and iterative, reflecting a recognition that rigid rules written today would be obsolete within a year.
For UK businesses outside the Big Four, the guidance matters because it sets expectations smaller audit firms will eventually have to meet. It also signals how the FRC will treat AI-assisted decisions if and when a post-failure investigation arrives.
Looking Forward
The immediate friction point is terminology: many audit standards still require a “person” to perform specific steps, even when AI checked by a human could do the job. Firms want that language revisited. Meanwhile, the PCAOB’s new chair has warned that the US regulator needs to “enhance its own technological capabilities” after budget cuts under the Trump administration — a reminder that regulatory capacity, not just regulatory ambition, will decide whether AI auditing improves quality or quietly erodes it.