FRC publishes world-first guidance on generative and agentic AI

Angel House, 225 Marsh Wall, London, E14 9FW, United Kingdom

Details: By Super User; Category: AI News; 14 May 2026; 14 May 2026

The Financial Reporting Council has become the world's first audit regulator to issue specific guidance on generative and agentic AI use in audit practice. The guidance categorises three critical risk areas that firms must control.

AI Governance Accountancy

On 30 March 2026, the Financial Reporting Council published specific guidance on generative and agentic AI, establishing itself as the world's first audit regulator to address this emerging challenge directly. The guidance identifies three distinct risk categories: AI tools producing incorrect outputs (including 'hallucinations' where models generate plausible-sounding but false information), correct outputs being misinterpreted by audit teams, and tools failing to comply with audit methodology or applicable regulations. This taxonomy is deceptively simple but analytically powerful, recognising that AI risk in audit is not purely technical—it is epistemological and operational. The FRC's approach implicitly rejects the notion that AI transparency and explainability alone can mitigate these risks; audit firms must embed controls at the point of AI use, output validation and professional judgment.

The hallucination problem is particularly acute in audit contexts where AI might be used for journal entry substantiation, regulatory research, or going concern assessment. Large language models trained on public datasets can confidently produce fabricated case law, misquoted regulations, or fictional audit evidence. Audit firms deploying generative AI tools must establish validation protocols that go beyond prompt engineering—they require human auditors to cross-check outputs against authoritative sources (case law databases, regulatory guidance, financial statements). This is where Trovix Watch adds critical value by maintaining current regulatory intelligence, enabling audit teams to detect when AI outputs diverge from current regulatory expectations. The FRC's guidance implicitly requires audit firms to implement the kind of evidence capture that Trovix Audit provides in governance dashboards, ensuring that every AI-assisted audit decision is documented and reviewable.

The second risk category—misinterpretation of correct outputs—reveals a subtler challenge. An AI tool might accurately summarise complex accounting guidance, but the auditor might misapply that summary to the specific circumstances of the audit client. This is not AI failure; it is user failure. Yet it creates audit quality risk and regulatory exposure. The FRC's guidance suggests that AI literacy among audit staff is not optional—it is a technical competency comparable to knowledge of ISA UK standards. Firms must ensure that teams understand AI model limitations, the conditions under which outputs become unreliable, and the boundaries of appropriate AI use in audit procedures. Trovix Brief could streamline the intake processes that feed audit procedures, but only if teams understand the tool's constraints.

Compliance with audit methodology and regulation represents the third pillar. Trovix Watch flags emerging regulatory expectations and FRC interpretations, but audit firms using agentic AI—systems that autonomously select and execute procedures—face novel questions about professional judgment and auditor responsibility. When an AI system autonomously selects substantive procedures or determines sample sizes, does the auditor retain the independence and judgment required by ISA UK 200? The FRC's guidance does not yet resolve this tension, but it implicitly requires firms to maintain human control over methodology selection and to document where AI recommendations have been accepted or overridden. This is why governance and compliance dashboards that track AI-assisted decisions become audit evidence in their own right.

The FRC's world-first status is significant but provisional. Audit regulators in other jurisdictions will likely converge on similar risk frameworks, and the EU AI Act's classification of audit as high-risk activity suggests that regulatory guidance will become more prescriptive. Audit firms should view the FRC's March 2026 guidance not as a final answer but as a baseline—an opportunity to establish governance maturity before international standards crystallise. Firms that embed the three risk controls (output validation, auditor literacy, methodology compliance) into their audit procedures now will find it easier to adapt to future regulatory evolution. Trovix Audit provides the governance infrastructure for demonstrating to the FRC and other stakeholders that controls are operational and continuously monitored.

Source: ICAEW Insights

Related Trovix product:

→Book a demo →

Our Products

Six AI products for
regulated industries

Purpose-built for law firms, insurers, financial services and accountancy firms. Deployed in your environment. Governed by your controls.

Knowledge Assistant

Trovix Aria

Citation-grounded RAG assistant for fee-earners. Trained on your documents. No hallucinations. SSO-integrated and audit-logged.

Explore Aria

Document Intelligence

Trovix Sift

Extracts structured data from contracts, slips, claims and KYC packs — automatically, accurately, within your own cloud environment.

Explore Sift

Matter Intake Automation

Trovix Brief

Automates matter and deal intake — KYC, AML, conflict checks and engagement letters — reducing onboarding from days to minutes.

Explore Brief

Regulatory Monitoring

Trovix Watch

Monitors the FCA, PRA, SRA, Lloyd's and dozens of regulatory sources — alerting your compliance team before deadlines become crises.

Explore Watch

Client-Facing AI

Trovix Reach

Deploy an AI assistant your clients interact with directly — answering queries, handling intake and providing updates across web, mobile and messaging channels.

Explore Reach

AI Governance

Trovix Audit

The governance and compliance dashboard for your AI deployments — ISO 42001 tracking, decision logs, bias monitoring and EU AI Act readiness.

Explore Audit

Cookie Preferences

OffCanvas Menu