Financial reporting: responsibility does not transfer to the AI
The most important governance principle for finance teams using AI in reporting: responsibility for the accuracy of financial statements remains with those who sign them. ASIC has made clear that Australian financial services conduct obligations — requiring statements and disclosures to be accurate, complete and not misleading — apply fully to AI-assisted outputs.
Treat AI-generated financial analysis and reporting as a draft for human review. The control question is: what is the review process between AI generating a number or narrative and it appearing in a signed document? That process must be documented, consistent, and capable of catching AI errors — reviewers need sufficient understanding to identify when AI analysis is wrong.
Tax obligations and the ATO
The ATO has not issued AI-specific guidance but its longstanding position applies: accuracy and completeness of tax returns are the taxpayers legal responsibility. AI-generated errors are the taxpayers errors. Shortfall penalties and interest apply regardless of whether the error originated from human judgment or AI processing. Finance teams using AI for BAS preparation, income tax returns, or R&D tax offset claims should ensure a qualified tax professional reviews every AI-assisted output before lodgement.
Privacy obligations for financial data
Finance teams handle significant personal information: employee payroll and superannuation data, supplier bank account details, customer payment information, and creditworthiness assessments. All are subject to the Privacy Act and APPs. Before processing through AI tools, confirm: data handling is within the purpose for which it was collected (APP 6); the AI tool provider is contractually bound to handle data appropriately (APP 11); and data does not leave Australia without appropriate safeguards (APP 8) unless a lawful exception applies.
From December 2026, APP 1.7 requires disclosure in the privacy policy when AI makes decisions about individuals access to credit, payment terms, or financial services that significantly affect their rights or interests.
Fraud risk in automated finance processes
Automated accounts payable and payment workflows create specific fraud risks. AI approval systems can be manipulated by adversarially crafted invoices designed to pass automated checks. Business email compromise increasingly targets AI-automated payment workflows where redirection instructions can be processed without human review. Controls needed: mandatory human approval for high-value transactions regardless of AI assessment; enhanced verification for payment redirection instructions; audit logging of AI approval decisions; and anomaly detection monitoring for manipulation patterns.
