AI governance for professional services firms.

Professional standards

Accounting, auditing, and consulting professional standards require that work product be accurate, properly supervised, and not misleading. AI-assisted analysis or reporting that contains errors, omissions, or hallucinations potentially breaches these standards. The professional obligation is not reduced because AI was involved.

Client confidentiality

Professional services firms handle sensitive client information — financial data, strategic plans, legal matters, personnel information. Entering client information into AI tools without adequate assessment of how that information is processed, retained, and potentially shared breaches confidentiality obligations.

Independence requirements

For audit and assurance firms, the use of AI tools provided by or associated with audit clients creates potential independence concerns that governance must assess. Regulator attention to AI tool use in audit contexts is increasing.

EU AI Act

Professional services firms that develop or provide AI tools for client use — governance frameworks, compliance tools, due diligence products — may be acting as AI providers subject to EU AI Act obligations. The analysis depends on whether the AI system is placed on the market in the EU.

Client data in consumer AI tools

Professional services staff using personal subscriptions to consumer AI tools for client work have inadvertently breached client confidentiality by entering client-specific information into AI systems that process data on third-party infrastructure without adequate contractual protections.

AI-generated analysis without verification

Consulting reports, financial analyses, and due diligence documents produced with AI assistance and not adequately verified before delivery to clients have contained factual errors, incorrect citations, and hallucinated data. Professional liability exposure follows from inaccurate client deliverables regardless of how they were produced.

Auditor AI tool independence gaps

Audit firms using AI tools developed or supplied by entities related to audit clients have faced independence challenges from regulators. Governance must assess AI tool supply chains for independence implications in audit and assurance contexts.

AI disclosure in professional deliverables

Some professional services engagements require disclosure of AI use in work product — including certain regulatory submissions, legal documents, and certified financial statements. Governance must establish disclosure policies before they become mandatory.

Does your AI use policy address what client information may be entered into AI tools — specifically distinguishing between enterprise tools with appropriate data processing agreements and consumer tools?

What verification process exists for AI-assisted client deliverables before they are submitted — and who is responsible for that verification?

For audit and assurance practices, have you assessed AI tool supply chains for independence implications under applicable auditing standards?

What is your policy on disclosing AI use to clients, and in which engagement types is disclosure required or appropriate?

How is AI-assisted work product supervised — and are supervisors equipped with the substantive expertise to identify AI errors in their domain?

Have you assessed whether any AI products you develop for client use constitute AI systems subject to EU AI Act provider obligations?