Artificial Intelligence (AI) and digital tools are rapidly transforming the accountancy sector with promises of enhanced efficiency, insight and audit quality. Embracing this innovation wave however, does not come without risk, and regulators are increasingly alert to the ethical implications. The FRC has very recently issued new guidance on the use of AI in audit, coinciding with the ICAEW’s new technology-centred revisions to its Code of Ethics, which came into force on 1 July 2025. Responsible and ethical use of AI is now therefore no longer optional, but a regulatory expectation.
FRC Guidance on Use of AI in Audit
FRC Guidance
On 26 June 2025, the FRC issued “landmark” guidance on the ethical and effective use of artificial intelligence in audit (“the Guidance”).
The Guidance seeks to assist audit firms in leveraging AI tools while also upholding professional standards, and comprises two key parts. First, there is a case study outlining a “coherent approach” when deploying AI-enabled tools for an audit engagement. Second, the Guidance sets out principles for documentation of tools using AI in audits.
The case study concerns a hypothetical AI tool, used as part of an audit firm’s fraud identification procedures. The tool was deployed to assist in identifying potentially anomalous items which were unusual relative to the wider journal population. While the FRC in the case study narrates the key judgments involved at each step of the tool’s development and use, it also notes that such judgments were not “the best or only reasonable” ones. Some examples of key judgments included:
- Choices surrounding the development of the AI tool itself (e.g. developing an unsupervised machine learning model vs a deep learning model).
- Decisions regarding the appropriate methodology to support usage of the tool (e.g. whether use of the tool should replace existing rules-based techniques for identifying riskier journals, or whether the two approaches should be combined).
- Considerations for when the tool was actually used (e.g. whether the data quality is sufficient for the tool to be deployed in the first place; recognising when the tool’s assessments/output could potentially be systemically flawed).
The second part of the Guidance outlines matters that should be documented about the AI tool both centrally and on the audit file. Such matters could include the tool’s function and appropriateness; how it was developed and the relevant governance processes; the available training material on use of the tool (including how to interpret its outputs and mitigate bias); as well as the extent to which the behaviour/decisions of the tool can be “appropriately explainable” and understood.
The FRC has ultimately noted that the Guidance is not prescriptive and is deliberately flexible to reflect the fast-moving nature of AI. However, it is clearly helpful guidance, and constitutes a set of regulatory expectations for audit firms as they increasingly rely on AI tools.
FRC’s Accompanying Thematic Review
The Guidance was published alongside the FRC’s thematic review into the certification processes used by the six largest accountancy firms for new technology in audits. The thematic review focused on certification of “Automated Tools and Techniques” (ATTs), namely tools used in audit engagements to perform risk assessment procedures and obtain audit evidence.
While the thematic review sets out observations of good practice across the firms, it also notes a number of shortcomings across the development lifecycle of ATTs. This included the need for there to be documented policies on ATT certification and decommissioning; active reassessment and continual monitoring, via specific policies or metrics, of how ATTs impact audit quality; as well as clearly defining accountability and who was responsible for monitoring ATTs deployed firmwide in global firms.
The FRC’s expectation is that by sharing common practices, as well as examples of good practice via the thematic review, ATT certification processes (and therefore audit quality) would ultimately be improved.
Technology Revisions to the ICAEW Code of Ethics
While the FRC’s guidance focuses specifically on audit engagements, the ICAEW’s recent revisions to its Code of Ethics adopt a wider approach to ethical use of technology. Moreover, unlike the FRC’s non-prescriptive guidance, the ICAEW’s changes carry potentially more serious consequences for member firms and practitioners in the event of a breach.
The key amendments worth noting include:
- Professional Competence – Ensuring compliance with the principle of professional competence and due care now requires a “continuing awareness and understanding” of technology-related developments (113.1 A3). Firms should therefore review their current training frameworks and consider embedding this into CPD requirements, so that practitioners remain capable of making informed decisions when using technological tools.
- Confidentiality – The Code now broadens the definition of confidential information to include any information, in whatever form or medium, that is not publicly available. The prohibition on misuse of confidential information also extends beyond personal advantage, and includes misuse by the firm or third parties (114.2(b)). This will have implications for the use of confidential data in respect of AI tools, including for instance when training Generative AI models, the types of data inputted into such tools, as well as how that data could be subsequently disseminated. Professionals should also consider how such obligations overlap with other legislative and regulatory requirements regarding IP, data protection, and privacy.
- Addressing Ethical Threats from Technology – The Code contains a new section detailing the threats to ethical principles arising from the use of technology (200.6 A2). This includes consideration of self-interest threats (such as whether the available data is sufficient for the use of the technology, or if the practitioner has the requisite expertise), as well as self-review threats (such as whether the technology was developed using the expertise or judgment of the accountant or the firm itself).
Nonetheless, professional judgment remains essential. When accountants are seeking to use technology to prepare or present information, they must not abdicate their obligations of professional judgment and scepticism. This will include not only understanding how the technology itself works and how oversight is exercised, but also the appropriateness of any data inputs and considerations of risk when relying on outputs. Accountability cannot be outsourced to software.
This is particularly important in the realm of audit, where it is often junior staff who may be the relevant team members heavily interacting with AI tools. Oversight at all levels is therefore crucial, whether in the design and implementation of firmwide policies regarding the use and development of AI tools, or having a robust training framework to mitigate against automation bias and ensure that the core responsibilities of professional judgment and scepticism are not overlooked.
Conclusion
The message from the FRC and ICAEW is clear: AI and other technologies offer significant opportunities for improving quality and efficiency, but must be deployed responsibly.
Firms should accordingly assess their systems, documentation processes, training programmes, and ethical safeguards to ensure alignment with these developments. For individual practitioners, there is an equally pressing need to stay informed and continue to exercise professional judgement in the face of new technology.
Compliance is now an ethical and regulatory obligation, and will help to ensure that practitioners can effectively embrace technological change while preserving public trust in financial reporting and the wider profession.
This article was first published in Business & Accountancy Daily on 22/07/25.
About the authors
Ian is a Senior Associate (Foreign Qualified) in the Regulatory team. He specialises in acting for professional services firms and individuals, particularly in the accountancy and audit sector, who are subject to investigations and enforcement proceedings by their regulator. He also advises firms seeking advice on regulatory compliance and ethical obligations, including in relation to the development and use of AI.
Lucy is a trainee solicitor at Kingsley Napley and is currently sitting in the Regulatory team as her fourth seat.
Join the conversation
