The auditing profession is undergoing rapid transformation as artificial intelligence tools move from theoretical possibility to practical deployment, raising urgent questions about whether regulatory frameworks can keep pace with industry innovation and adequately protect the public interest.
EY's audit technology chiefs have demonstrated their new platform, illustrating the real-world adoption of AI in auditing practice. Simultaneously, the UK Financial Reporting Council is finalizing what it said would be the first published guidance for audit firms on the use of generative and agentic AI—a regulatory response that highlights both the necessity and the lag inherent in government oversight of fast-moving technology.
The Speed of Industry Change
The pace of change in AI for auditing is being framed as potentially delivering real benefits to audit quality in the near term. Industry proponents argue that AI can enhance audit procedures, identify anomalies more quickly, and improve the consistency of audit work across firms and geographies. EY's demonstration reflects this optimistic assessment and signals the profession's commitment to technological advancement.
However, this rapid deployment raises a fundamental governance question: how much should innovation in critical financial oversight functions proceed without comprehensive regulatory frameworks already in place? Auditing sits at the intersection of market function and public trust. When audit quality deteriorates, the consequences extend far beyond individual firms to affect investor protection, financial stability, and market integrity.
New Risks and Regulatory Gaps
The report explicitly acknowledges that AI introduces new risks and potential failure modes that regulators and firms need to manage. This frank assessment suggests that while benefits are anticipated, they are not guaranteed—and the downside risks are real.
Agentic AI systems, which operate with increasing autonomy, present particular challenges. If an AI system makes errors in audit judgment, identifies patterns incorrectly, or fails to escalate issues appropriately, the consequences could be severe. Traditional audit quality depends on human judgment, skepticism, and accountability. When AI becomes the primary tool, questions arise: Who is responsible if the AI fails? How do auditors maintain professional skepticism when they rely on AI recommendations? Can regulators meaningfully oversee systems whose decision-making processes are not fully transparent?
Regulatory Preparation
The FRC's upcoming guidance represents an important step toward establishing baseline standards for AI use in auditing. This regulatory response, however, arrives after industry deployment has already begun—a pattern that has characterized technology regulation across sectors. The guidance will need to address not only how firms can use AI responsibly, but also establish mandatory disclosures about AI deployment, require human oversight protocols, and create enforcement mechanisms for failures.
Why This Matters:
Auditing is a foundational public service function: it provides the assurance that allows capital markets to operate with reasonable confidence in financial reporting. When AI tools are deployed in auditing before comprehensive regulatory guidance exists, the public bears the risk of potential audit failures. The gap between industry innovation and regulatory readiness is not merely a timing issue—it reflects a structural imbalance in how technology governance works. Firms have strong incentives to adopt AI to reduce costs and improve efficiency; regulators have limited resources and slower decision-making processes. This asymmetry means that public interest protections often lag behind private sector deployment. The FRC's guidance is necessary, but it must establish binding standards, not merely recommendations. Firms should be required to disclose their AI usage, maintain human audit partners with clear accountability, and submit to independent audits of their AI systems themselves. Without robust regulatory frameworks that are updated continuously as AI capabilities evolve, audit quality—and by extension, financial market integrity—remains vulnerable to the new failure modes that AI introduces.