Excel Agents is here - automate analysis and testing inside Excel
See it in action

FRC's AI Guidance for Audit, Explained

AI & Intelligent Automation
Blog post featured
The Financial Reporting Council (FRC) released its first guidance on generative and agentic AI in audit in March 2025. Ramana McConnon, Head of Assurance Technology at the Financial Reporting Council (FRC), closed day one of Connect '26 London with his session, "Inside the FRC's New AI Guideline: What It Means for Your Firm Now," walking practitioners through what the guidance says, why it was written, and where the regulator is heading next. 
Here is what every firm deploying AI on audit engagements needs to take away. 

Why the FRC issued AI guidance

The guidance was not issued because inspections revealed problems. McConnon was clear that it was a pre-emptive intervention to codify good practices, not a response to anything the FRC's inspection teams had flagged. Firms were already asking specific questions through technology working groups, and the guidance was an attempt to answer those before bad habits formed. 

One early decision the team has since reconsidered: the guidance was originally scoped to those responsible for developing these tools, which turned out to be too narrow. Most firms buy off-the-shelf solutions rather than build them. The intent was always to cover development and implementation, but the wording did not reflect that. 

Know which risk category your AI deployment falls into

The FRC breaks risk into three categories. Knowing which applies to a given deployment changes how you mitigate it. 

  • Deficient output. The tool produces a flawed result, either because something fails in the system or because the inputs, including prompts, were poorly designed.
  • Misuse of output. The tool produces a good output, but the team does not use it as the firm intended.
  • Non-compliant methodology. The tool and team both perform correctly, but the firm designed its methodology in a way that still falls short of standards.

McConnon flagged a specific concern on agentic deployments: "When you have agentic systems where you can have various components handing outputs to each other, there can be a risk that small errors can amplify and grow into significant ones." 

Build your confidence framework before fixing a review standard

The two questions firms asked the FRC most: how much review is appropriate, and what accuracy level is acceptable when testing a tool? 

The FRC does not answer either with a fixed number. Instead, the guidance introduces a flexible framework. Firms should: 

  1. Determine what level of confidence they need in an output for a given use case.
  2. Decide how to obtain it through some combination of design, testing, certification, staff education, governance, and review.

McConnon explained: "If you are intending to have your audit teams review the output of a generative AI tool very thoroughly, you can probably tolerate a greater degree of errors when testing and certifying it. And vice versa." 

The practical implication is that no two firms need to arrive at the same answer. A large firm that built a tool in-house may invest more in design and testing. A firm using an off-the-shelf solution may do more review. Both can be compliant. 

He acknowledged that human review as firms know it today may not be a permanent fixture. Within a few years, the level of review currently expected could look  very different, even if the profession is not there yet.

Prepare your documentation now, before inspections catch up

The FRC issued a separate guidance on AI documentation in June 2025, and the central principle is straightforward: the more bespoke the tool, the more documentation belongs on the audit file itself. For centrally rolled out tools, the file needs only what is relevant to that specific engagement, how the output informed the judgments that team made, with central testing and design documentation staying at the firm level. For tools built for a specific audit, the balance shifts and more belongs on the file. 

Inspections have not yet caught up with AI use on audit files, largely because of the one-year time lag and because most early Gen AI use was in productivity tasks rather than audit procedures. That is changing. The FRC has a thematic review of Gen AI use across the top eight U.K. firms planned for later in 2026, with findings to be shared with the wider market. 

What the FRC is working on next for AI audit engagements

McConnon outlined several areas the FRC is actively developing: 

  • More illustrative AI examples. The FRC sees these as a signal to firms that specific use cases can be done well, lowering the hesitation that slows experimentation.
  • Qualitative evaluation of AI outputs. McConnon flagged this as an area the FRC may issue dedicated guidance on.
  • Ethics and independence. Specifically, what happens when AI tools surface commercially valuable insights about an audited entity and whether communicating those insights crosses into non-audit services.
  • FRC Innovation and Improvement Hub. A newly launched space for ongoing dialogue with firms, third-party providers, and other stakeholders.

Enjoyed reading this recap? Watch the full session:


Connect '26 continues in New York.

If McConnon's session raised questions about how your firm is mapping AI tools to the FRC's risk and mitigation framework, New York is where those conversations continue.