Artificial intelligence (AI) is not a future consideration for corporate boardrooms—it’s here, and it’s moving fast. Businesses across industries are actively experimenting with and deploying advanced AI systems, from customer-facing applications like support and sales automation to back-office functions like forecasting, fraud detection and process automation for routine, rules-based processes. The pace and breadth of this rollout are significant. CAQ research revealed that 90 percent of S&P 500 companies mentioned AI in their 2024 10-K, an increase from 25 percent in 2023.
As the benefits and risks of AI work their way through the enterprise, the issue of overseeing and governing AI is front and center for boards, particularly audit committees. As AI becomes more embedded in the processes and systems that underlie financial reporting and internal controls, audit committees must develop a working grasp of how these technologies function, where they introduce new vulnerabilities and what questions to ask of management as well as auditors. Fulfilling the oversight role in today’s environment means getting ahead of AI, not waiting for it to surface as a problem.
I recently facilitated a webinar with practitioners, management and board leaders who are experiencing AI integration and oversight firsthand: Mike Leonardson, Partner at EY; Stacy Mills, Global Controller and Chief Accounting Officer at Marsh; and Tom Petro, author of AI in the Boardroom and board director.
Here’s what stood out from our discussion for audit committees seeking guidance on AI:
The Risk of Doing Nothing
The panel’s most pointed message was that the biggest risk isn’t moving too fast, it’s moving too slow. AI represents a massive shift in operating leverage because it fundamentally re-prices cognitive work within organizations. If your company is at a scale where AI could drive efficiency in financial reporting and it’s not being explored, audit committee members should challenge management on why.
However, traditional financial reporting rigor must remain in place. One AI-associated risk is that it can hallucinate, leading to eroded trust in AI-driven outputs. Ensuring that your committee exercises the same level of oversight is critical. AI handles the data-heavy work, but human judgment is the final backstop.
“The key is—accountability stays with people. AI can automate tasks and surface insights, but management remains accountable for judgments, approvals and outcomes. AI supports the process, it doesn’t own it.” — Mike Leonardson, Partner at EY
What Good AI Integration Looks Like
Mills shared that at Marsh, AI is already deeply integrated across several financial reporting processes. For example, a custom journal entry application was built to automate routing, approvals and processing.
“Once this was live, we eliminated about 200 FTEs and saved the company about $10 million. So, the benefits are real, and you can get there.” — Stacy Mills, Global Controller and Chief Accounting Officer at Marsh
The company also utilizes a financial analytics tool that surfaces variances and anomalies across all 600 of its legal entities at the end of each reporting period. This dramatically reduces the time finance teams spend manually hunting for exceptions and frees up time for more strategic work that maintains audit quality.
Five Questions Every Audit Committee Should Ask
Deploying AI models at your company requires an evaluation of how technology will impact current and future operations.
Petro distilled oversight of AI systems into five topics and shared guiding questions to define each:
- Temperature: Is this use case deterministic (i.e., no uncertainty incorporated) or probabilistic (i.e., the model incorporates uncertainty), and what does that mean for risk?
- Training mandate: Does the model’s embedded judgment align with your accounting policies before it touches a live ledger?
- Autonomous boundary: Exactly when can the system act without human review, and what are the guardrails?
- Exception architecture: What gets flagged for human eyes? If the system never identifies anything, that’s a concern.
- Verification loop: How do you know it’s working as intended, not just at launch, but over time?
Answering these questions before launching AI-driven systems is key to identifying potential risks and how you will respond to ensure responsible AI use that stakeholders can trust.
A Note on Third-Party Models
As vendors increasingly embed AI into financial reporting tools, audit committees face a governance gap. SOC 1 and SOC 2 reports address controls, not the accuracy or behavior of AI models themselves.
When AI systems learn and evolve, there is a risk that the model falls out of step with the business, or that the business changes in ways the model hasn’t caught up to. Either way, the outputs may no longer reflect reality.
“If our models are learning on a flow basis, then every time the model increments and starts doing something differently based on what it’s learned, it’s a de facto accounting policy change for us, whether we recognize it or not.” — Tom Petro, author of AI in the Boardroom and board director
AI technology requires ongoing oversight to ensure it continues to perform the way it was designed. Committees need to understand their vendors’ AI, how often it changes and what controls, if any, govern that evolution internally.
The Bottom Line
For audit committees, technological expertise is not necessarily needed to exercise effective oversight. Asking the right business and control questions, staying close to management’s journey with AI models and holding AI-driven outputs to the same standards as human judgment will ensure financial reporting can evolve alongside technological advancements.
Interested in learning more about AI in financial reporting? Here are some resources you can explore:
- Audit Committee Oversight in the Age of Generative AI
- AI, Digital Assets, and Sustainability: What Form 10-Ks Tell Us About Reporting Trends
- Enhancing Investor Confidence in an Era of AI-Driven Innovation
- The Role of the Auditor in AI: Present and Future
Stay updated on the latest webinars in the CAQ’s Audit Committee Effectiveness series by subscribing here.
