Guides

CAQ says audit committees must step up genAI oversight in reporting

Audit committees are pressing harder on genAI, and KPMG teams need proof of control, not just proof of adoption, before reporting risk turns into a committee problem.

Derek Washington··5 min read
Published
Listen to this article0:00 min
CAQ says audit committees must step up genAI oversight in reporting
Source: uniqus.com

Audit committees are no longer treating genAI as a side issue

The Center for Audit Quality is putting audit committees on notice: generative AI is moving into financial reporting and internal control over financial reporting, and oversight can no longer be casual. In its May 2026 Audit Committee Insights, 33 percent of respondents said finance transformation sat in their committee’s top three priorities for the next 12 months, yet 66 percent said their audit committee had spent insufficient time discussing AI governance over the prior year.

That gap matters inside KPMG as much as it does in the client boardroom. The pressure is shifting from “Are you using AI?” to “Can you prove it is governed, repeatable, and auditable?” For engagement teams, that means every AI-enabled workflow now needs to stand up to committee scrutiny, not just management enthusiasm.

What the committee will ask before the quarter closes

The CAQ’s oversight resource is blunt about the committee’s role: members need a basic understanding of how genAI works, how it affects financial reporting and ICFR, and what questions they should ask management and the auditor. The practical questions are not mysterious, but they are high stakes.

    Committees want to know:

  • What data trained the model, and where did it come from?
  • Who monitors outputs, and how often are they reviewed?
  • What happens when the model produces a wrong answer?
  • How does management show the control environment still works when AI is embedded in reporting workflows?
  • Where does human oversight sit, especially at sign-off points that affect judgments, estimates, or disclosures?

Those are the questions that separate a useful automation tool from an audit risk. If the answers are vague, the issue stops being a technology story and becomes a reporting-quality problem.

Why this lands directly on KPMG engagement teams

For auditors, the job is not to become technologists overnight. It is to connect AI use to evidence, process integrity, and governance. The CAQ flags the main risks clearly: information security, data quality, hallucinations, and repeatability. In practice, that means KPMG teams should expect to show exactly how AI affects the reporting process, where outputs are checked, and how exceptions are handled.

That changes the cadence of client conversations. Instead of accepting a general assurance that “the system has controls,” teams need documentation of how those controls operate in real life. Walkthroughs, version history, approval gates, output testing, escalation logs, and user access review all become part of the conversation. In busy season, when deadlines are tight and partner reviews are already compressed, weak AI governance can become another source of rework.

The adoption curve is already too wide to ignore

The CAQ says interest in generative AI surged after the public release of several large-language-model chatbots beginning in November 2022, and one in three audit partners said companies in their sector were deploying or planning to deploy AI in financial reporting. KPMG’s own U.S. survey pushes the point further: more than 7 in 10 companies were already using AI in some form in financial reporting, and all 300 U.S. companies in the survey were either already using AI or planned to deploy it within three years.

AI-generated illustration
AI-generated illustration

KPMG also said 33 percent of those companies rated as AI finance leaders, 39 percent as solid implementers, and 46 percent were using or piloting genAI. That mix tells you where the market is headed: AI is not confined to a pilot team or an innovation lab. It is entering routine finance work, which is exactly why audit committees are being pushed to get serious about governance now rather than after a control failure.

KPMG is already building for that reality

KPMG has been making the case that the firm’s own audit model is changing alongside client adoption. In a related CAQ post, KPMG said it had embedded its GenAI assistant into KPMG Clara for 90,000 auditors globally. It also said its transaction scoring tool can analyze 100 percent of transactional populations through its MindBridge alliance.

That matters because it shows where the profession is going: faster testing, broader coverage, and more technology inside the audit itself. It also raises the bar internally. If KPMG wants clients to trust AI-supported audit work, teams need to be able to explain the guardrails, the human review points, and the evidence trail with complete confidence. The technology may change the pace of the work, but it does not lower the standard for audit quality.

What stronger governance looks like in the committee room

KPMG’s November 2024 guide on AI and automation in financial reporting says responsible use and strong governance support investor confidence, and that companies need a game plan for identifying intelligent tools already in use, evaluating tools under consideration, assessing risks, and setting strong governance and control policies over development, acquisition, deployment, and operation. It also says new or existing rules may require disclosures about how a company uses AI, the risks tied to that use, and the board’s oversight role.

    For committees, that translates into a sharper oversight checklist:

  • Inventory every AI tool used in finance and reporting.
  • Map which tools affect estimates, journal entries, disclosures, or reconciliations.
  • Document who owns each tool and who reviews its outputs.
  • Test whether controls still work when inputs, prompts, or models change.
  • Confirm whether disclosures are needed about AI use and governance.
  • Keep the external auditor in the loop before issues become findings.

KPMG’s 2026 audit committee agenda adds another layer: committees should clarify their role in overseeing AI, cybersecurity, and data governance, while also understanding how technology affects finance talent, efficiency, and value-add. That is not a one-time discussion. It is becoming part of the standing committee workload, right beside risk, controls, and financial reporting judgment.

The real test is whether oversight keeps pace with use

The CAQ and KPMG are converging on the same point: AI governance is no longer a niche technology topic. It is becoming a core audit committee responsibility because it now touches the reliability of reporting itself.

For KPMG teams, that means the winning posture is simple but demanding: be ready to show how genAI is controlled, where it is validated, and why the output can be trusted. In a profession built on evidence, the firms that can document AI governance well will move faster. The firms that cannot will spend their next committee meeting explaining gaps nobody wanted to discover late.

This article was produced by Prism’s automated news system from verified source data, official records, and press releases, then run through automated quality and moderation checks before publishing. The system is built and supervised by the people who set the standards it runs under. Read our full AI policy.

Did this article answer your question?

Discussion

More KPMG News

CAQ says audit committees must step up genAI oversight in reporting | Prism News