Key Takeaways
- Every accounting firm using AI tools faces the same unresolved accountability gap: the CPA bears professional responsibility for AI output, but the vendor disclaims liability for accuracy in their terms of service
- The governance conversation around AI accountability has shifted from abstract to institutional — two separate signals in one week mark that regulators and governance bodies are moving toward formal accountability frameworks
- Most AI vendor contracts (Microsoft, Intuit, OpenAI, Salesforce) include language that explicitly disclaims liability for AI accuracy — responsibility stays with the end user entirely
- The AICPA Code of Professional Conduct makes the CPA responsible for work product regardless of the tool used to produce it. If your AI tool produces wrong output, your firm is the point of failure.
- The SEC already examines AI accuracy as part of 2026 exam priorities. PCAOB's Technology Innovation Alliance is building toward standardized audit documentation for AI output. The "who answers" question is becoming regulatory.
The accountability gap nobody is talking about
Your firm deploys Microsoft Copilot to draft variance commentary on a client's financial statements. The tool writes an explanation for a 12% revenue variance that's technically accurate by the numbers but misses the business context — a one-time event that won't recur. Your staff reviews it quickly and signs off. The client relies on it in their own reporting. The number was right. The story was incomplete. Someone will eventually ask: who is responsible for the incompleteness?
Your firm is. Not Microsoft. Not the software vendor. You.
This isn't a theoretical problem. It's a contractual fact baked into every major AI tool's terms of service. Microsoft Copilot's license agreement states that Microsoft does not warrant the accuracy of AI-generated output. Intuit's Accountant Suite terms disclaim liability for AI recommendations. OpenAI's terms are even starker: "We do not control or endorse any AI-generated content." Salesforce, Google and others follow the same pattern. The tool is a tool. The responsibility is yours.
What happened this week to change the temperature
Two separate institutional signals arrived this week marking that the accountability gap is moving from abstract problem to concrete regulatory concern.
First: Accounting Today's senior editor published an op-ed on May 25 calling for an "AI Pecora Moment" — a reference to the 1933 Senate hearings that overhauled Wall Street accountability after the crash. The editorial argues that as AI moves from a support tool to a financial output tool, the regulatory architecture around accountability hasn't caught up. Who is liable when the AI system produces wrong outputs used in financial reporting? The edit board says the answer should be clearer than it is today.
Second: This same week, an institutional governance document addressed AI accountability at a global level as a structural governance concern requiring formal frameworks. The document doesn't create law, but it signals that accountability for AI outputs is now an institutional governance question, not just a technology ethics question. When governance bodies start treating something as a structural problem, regulators follow.
Neither signal was covered widely in the accounting press. Together, they mark the moment when accountability for AI in financial workflows stopped being a vendor problem and started being a governance problem.
The contractual reality
Here's what the contracts actually say. Microsoft's Copilot terms state: "We do not guarantee that the Services will be uninterrupted, timely, secure, or error-free, or that defects will be corrected. We do not guarantee that the Services or the information provided will be accurate." By clicking accept, your firm agrees that Microsoft bears no liability for accuracy. You do.
Intuit's Accountant Suite agreement mirrors the pattern: "Intuit does not warrant that any AI-generated content...is accurate, complete, or suitable for any particular purpose." The language is slightly different. The liability structure is identical. You warrant accuracy. They don't.
OpenAI's terms are the most explicit: "OpenAI may be unable to guarantee accuracy of any output, and you acknowledge that you will not rely on any AI-generated content for critical use cases." This is the vendor saying "we know this can be wrong and we're not responsible if it is."
These aren't edge cases or buried fine print. They're the standard contractual form for every major AI platform. The business model of the AI vendor is to shift liability downstream — to you, the deployer.
What the standards say about your responsibility
The AICPA Code of Professional Conduct, Section ET 1.300, states: "A member shall not sign or permit the member's name to be associated with any financial statement or report unless the member has first examined it and is satisfied as to the manner of its presentation and as to the matters it contains." The code makes no exception for AI-assisted work. The CPA is responsible.
In practice, this means: if your Copilot-generated reconciliation misses a variance, your firm missed it. If your AI tool writes variance commentary that's technically correct but contextually incomplete, your firm wrote it. If your variance analysis tool produces output based on stale data or a misunderstanding of business context, your firm is the point of professional failure.
The liability structure creates an asymmetry: the vendor builds the tool, the vendor gets paid for the license, but the vendor carries zero liability for output. You carry all of it. This is why some of the most sophisticated firms are treating AI adoption as a governance question, not a productivity question.
What regulators are signaling
The SEC's 2026 Exam Priorities explicitly include language about AI output accuracy: "Examiners will review for accuracy registrant representations regarding their AI capabilities and the accuracy of output from AI systems used in financial reporting or client advisory roles." This isn't a warning. It's a scope statement. The SEC is making AI accuracy part of the examination standard.
The PCAOB's Technology Innovation Alliance has been working since 2025 toward standardized frameworks for how auditors should document and evaluate AI use in audit workflows. The TIA's working group is focused on four areas: data standardization, audit documentation standards, quality assurance protocols and auditor training requirements for AI tools. They all lead to the same place: AI output in regulated workflows will require formal, auditable documentation of how the AI was used, what checks were applied and who reviewed it before it was relied on.
Regulators aren't banning AI in accounting workflows. They're moving toward formal accountability frameworks. The accountability question — who is liable when the AI is wrong — is moving from contractual obscurity to regulatory explicitness.
| Stakeholder | What They Say | Liability Position |
|---|---|---|
| AI Vendor (Microsoft, Intuit, OpenAI) | "We don't warrant accuracy of AI output. No liability." | Zero liability — explicitly disclaimed in contracts |
| Your Firm (CPA/Finance) | "We are responsible for work product, regardless of tool used." | Full liability — AICPA Code ET 1.300 makes this clear |
| SEC / PCAOB | "You must document AI use, prove accuracy and show QA checks." | Accountability through examination and documentation requirements |
| Your Client | "You signed the report. You're responsible for it." | Reliance on your representations of accuracy |
What this means for firms that have already deployed AI
If your firm is already using AI tools in client work — reconciliation, variance analysis, draft reporting or data analysis — you need to close three gaps immediately.
Documentation. Create a documented quality assurance process for any AI-generated output before it goes into client work. Document what AI tool was used, what data was fed into it, what human review was applied and who approved the output before it was delivered to the client. This documentation is your defense if someone asks later "how did you verify this was right?"
Engagement letter clarity. Your engagement letter or SOW should disclose that AI-assisted analysis is part of your process. This doesn't need to be alarmist. It should be factual: "We may use software tools including AI-assisted analysis to improve efficiency in reconciliation, variance analysis and workpaper documentation. All output is subject to professional review and CPA judgment before delivery to you." That sentence puts the client on notice that AI is involved and that professional judgment is still the filter.
Insurance carrier notification. Your malpractice carrier should know that you're deploying AI in client work. You don't need permission, but you need disclosure. Some carriers have updated their policies to address AI use. Some haven't. The conversation needs to happen now, not after an audit finding or client dispute.
The window for voluntary governance is now
The regulatory signals are clear: AI accountability is moving from optional to mandatory within 12–18 months. Firms that establish documented governance frameworks and QA processes now will have less friction when PCAOB and SEC audit standards are formalized. Firms that wait until the rule is published will be retrofitting governance into workflows that are already entrenched.
The accountability gap exists because vendors disclaim it and regulators haven't yet formalized the requirement. That gap is closing. The firms moving fastest aren't the ones deploying the most AI. They're the ones treating AI governance as a CPA responsibility, not a software responsibility. Your firm is responsible for what your AI tools produce. Act like it now, before the regulator requires it.
Frequently Asked Questions
Who is liable when an AI tool produces wrong output in an accounting engagement?
Your firm is. Every major AI vendor — Microsoft, Intuit, OpenAI, Salesforce — explicitly disclaims liability for accuracy in their terms of service. The AICPA Code of Professional Conduct, Section ET 1.300, holds the CPA responsible for all work product regardless of what tool produced it.
What does the SEC say about AI accuracy in accounting workflows?
The SEC's 2026 Exam Priorities include language stating examiners will review for accuracy of AI outputs used in financial reporting or client advisory roles. It is a scope statement, not a warning — AI accuracy is now part of the examination standard.
What three steps should a firm take if it is already using AI in client work?
Create a documented QA process showing what AI tool was used, what data fed into it and who reviewed the output. Update engagement letters to disclose AI-assisted analysis. Notify your malpractice carrier that AI is part of your workflow.
What is the PCAOB Technology Innovation Alliance working on?
The TIA's working group is building standardized frameworks covering four areas: data standardization, audit documentation standards, quality assurance protocols and auditor training requirements for AI tools. The goal is formal documentation of how AI was used in audit workflows.
Why do AI vendors disclaim liability for accuracy?
The business model of AI vendors is to shift liability downstream to the deployer. Vendors build the tool and collect the license fee, but carry zero liability for output errors. That asymmetry is baked into every major platform's standard contract terms.
Sources
Related Articles on Nexairi
Free Assessment
Is your firm ready for AI?
A 5-minute governance check for CPA firms using ChatGPT, Copilot or AI accounting software. Get your score and your top gaps — free.
Curated insights from the NEXAIRI editorial desk, tracking the shifts shaping how we live and work.
