Login

The Age Of Generative AI: How Audit Committees Can Respond

Effective oversight by strong, active, knowledgeable and independent audit committees significantly furthers the collective goal of providing high-quality, reliable financial information in the capital markets.
Man touching virtual interface
AdobeStock

The increased integration of generative AI in organizations’ financial reporting processes is raising important questions about when and how to invest in appropriate technologies that may have an impact on the speed of transformation and the respective organization’s functions. With these changes, how can audit committees exercise oversight responsibilities effectively?

This year’s joint CAQ survey of audit committees found that 20 percent of respondents identified the audit committee as having primary oversight of artificial intelligence governance. As companies explore the transformative potential of gen AI, the role of audit committees is also expanding with new oversight responsibilities.

The CAQ published Audit Committee Oversight in the Age of Generative AI  as a resource for audit committees navigating these uncharted waters.

The Role of Audit Committees

Gen AI’s transformative potential for business processes, including financial reporting, creates exciting opportunities to enhance efficiency, generate new content and obtain greater insights. However, this technology is not without risks and audit committees can play an important role in overseeing the governance of gen AI and understanding its impact on the company’s financial reporting and internal control over financial reporting and the external audit. Audit committees are well-positioned to effectively exercise their oversight given their experience with financial reporting, enterprise risk management and other emerging topics.

What is Gen AI?

Audit committees of companies that are deploying gen AI should have a foundational understanding of how gen AI works and the benefits and risks that may arise from its use. Gen AI is a subset of AI that is based on probabilistic technology that can create content, including text, images, audio or video when prompted by a user. Gen AI creates responses using algorithms that are often trained on open-source information, such as text and images from the internet. AI chatbots, like ChatGPT and Copilot, are well-known examples.

Audit committees should be aware that the probabilistic nature of gen AI is a key distinction from other technologies that may have historically been used in a company’s financial reporting processes. To this end, gen AI technologies are especially helpful for tasks that need creativity or diversity of responses, including generating new content or information, but they may not always provide reliable or repeatable outputs. Gen AI technologies do not work like search engines finding facts within their training data but are instead creating new coherent, human-like text. Consequently, human oversight is needed to ensure the accuracy of information generated by gen AI.

Overseeing Management

A key focus of the audit committee’s oversight will likely be management’s approach to the oversight and governance of gen AI. Establishing policies and procedures regarding acceptable use of gen AI and assigning responsibility for the technology are foundational for successfully managing the use of gen AI throughout the company. To help navigate conversations with management, audit committees may consider posing questions, including:

  • Does the company have the requisite expertise to select, develop, deploy and monitor gen AI technologies?
  • What are the company’s objectives and related success criteria for deploying gen AI technologies? Are gen AI technologies intended to augment or automate existing processes?
  • Who (individual or group) in the company is responsible for oversight of the use of gen AI?
  • Has management established policies regarding the acceptable and ethical use of gen AI?
  • Does the company have a process to track and monitor the use of gen AI throughout the company, including use by third-party service providers?
  • How does the company track risks arising from the use of gen AI technologies and mitigating responses?

Data privacy and security will also likely be a key focus area for audit committees. Maintaining the confidentiality of the company’s data, particularly data used in the financial reporting process, should be top of mind when selecting gen AI technologies and developing policies regarding the acceptable use of those technologies. Further, the use of gen AI technologies can introduce new cybersecurity risks to the company. Appropriate safeguards should be implemented protect against malicious threats.

Through the audit committee’s oversight of the financial reporting process, the audit committee should also understand how gen AI technologies are integrated into relevant processes, how those technologies are selected, tested and monitored, and how the company provides training and guidance to employees to promote consistent and effective use.

Overseeing the External Auditor

The audit committee’s oversight of the external auditor is one of its core responsibilities and directly contributes to audit quality. Active and engaged audit committees have open dialogue with the external auditor on matters critical to the audit, which would likely include discussion to understand how the company’s use of genAI in financial reporting processes or internal control over financial reporting impacts the auditor’s risk assessment and planned audit approach.

Audit committees can use some of the following questions to better understand how the auditor plans to respond to the company’s use of genAI

  • What is the experience of the engagement partner and other senior engagement team members with gen AI technologies? Would the firm be able to supplement the engagement team’s expertise if necessary (e.g., by engaging qualified specialists)?
  • What is the auditor’s understanding of the financial reporting implications of the company’s use of gen AI technologies?
  • How has the impact of the company’s use of gen AI technologies been considered during the auditor’s risk assessment process?
  • Does the company’s use of gen AI technologies have a significant impact on the planned audit scope?
  • Has the auditor identified any fraud risks related to the company’s use of gen AI technologies? How has the auditor addressed such risks in the audit?

When it comes to the transformative power of gen AI and its integration into the financial reporting process, audit committees play a crucial role. Effective oversight by strong, active, knowledgeable and independent audit committees significantly furthers the collective goal of providing high-quality, reliable financial information in the capital markets.

Explore our resource, Audit Committee Oversight in the Age of Generative AI, for more detail on how audit committees can effectively exercise their oversight responsibilities related to the use of gen AI.

Picture of Erin Cromwell

Erin Cromwell

Erin Cromwell is a Senior Manager on the Professional Practice team at the Center for Audit Quality. In her role, she works closely with senior audit leaders to understand the impact of AI and other technologies on public companies, the profession and the capital markets.
View More By This Author

MORE LIKE THIS

Get the Corporate Board Member Newsletter

Timely analysis and practical perspective on the governance, risk and oversight issues shaping today’s board agendas.

We value your privacy.

UPCOMING EVENTS

Agentic AI Immersion | Washington, D.C.

  • March 31, 2026
  • Washington, D.C.

AI Leadership Forum | West

  • April 28, 2026
  • San Francisco, CA

Agentic AI Immersion | Boston

  • June 3, 2026
  • Boston, MA

AI Leadership Forum | East

  • July 28, 2026
  • New York, NY

Boardroom Summit

  • Sept. 29-30, 2026
  • New York, NY

Agentic AI Immersion | Chicago

  • Nov 10, 2026
  • Chicago, IL