What Boards Are Asking About AI in Finance

What Boards Are Asking About AI in Finance

The board question about AI used to be ‘what are we doing about AI?’ In 2026 it has changed. Boards at mid-market and larger UK businesses are now asking more specific questions: what AI tools are being used in the finance function and who has approved them; how is the business managing the data security risks of AI use with commercially sensitive financial information; what is the process for ensuring AI-generated financial information is accurate before it appears in board reports or regulatory submissions; and what is the firm’s liability position if AI-assisted financial reporting contains a material error.

The CFO who has not prepared specific, credible answers to these questions before the board meeting is in an uncomfortable position. This piece sets out the questions boards are now asking about AI in finance, the answers that are credible versus those that are not, and the governance framework the CFO needs to be able to describe.

Why Boards Are Asking Now

Several converging developments have moved AI governance from a technology committee agenda item to a board-level finance agenda item in 2026. The Financial Reporting Council published guidance on AI in audit in early 2024, signalling clearly that the use of AI in financial reporting and assurance is within the FCA’s and FRC’s supervisory scope. The FCA published a discussion paper on AI in financial services in 2024 establishing its expectation that firms remain fully accountable for outcomes produced with AI assistance. The UK Government AI Code of Practice establishes accountability expectations for AI use in business more broadly.

These developments have given non-executive directors — particularly audit committee chairs — the frameworks they need to ask specific questions about AI use rather than deferring to management’s general reassurances that ‘AI is being used responsibly.’ The audit committee chair who has read the FRC guidance knows that the external auditors are now required to understand and challenge AI use in financial reporting. The non-executive directors who have read the FCA discussion paper know that regulatory accountability for AI outcomes sits with the board, not with the technology team.

The Six Questions Boards Are Now Asking

1. Which AI tools are being used in the finance function, and who approved them? The board wants to know that the adoption of AI in the finance function was a deliberate, governed decision rather than individual team members adopting tools without organisational oversight. The credible answer names the specific tools approved, states who made the approval decision and on what basis, and describes the approval process for any new AI tools the finance team wants to adopt. The incredible answer is ‘various AI tools are used’ without specifics.

2. What data is going into these AI tools? The board — and particularly the audit committee — wants to know whether commercially sensitive financial data, personally identifiable information, or regulatory data is being processed through external AI services. The credible answer describes the data classification framework: which categories of financial data can be used with which categories of AI tool, and why. See AI Data Security in Finance for the framework the finance function needs to have in place.

3. How do we know AI-generated financial information is accurate? This is the question that most directly tests whether the CFO has built a genuine AI governance framework or is relying on the general competence of the finance team. The credible answer describes a specific review process: AI-generated financial output is reviewed by a named qualified finance professional before it appears in any board paper, financial statement or regulatory submission, and that review is documented. The incredible answer is ‘our team checks everything.’

4. What is our position under UK GDPR for AI processing of personal data? Finance functions regularly process personal data — salary information, individual expenses, customer financial data. Using AI tools to process personal data requires a lawful basis, a data processing agreement with the AI service provider, and a record of processing. The board wants to know the firm is compliant, not just that it is using enterprise-tier AI tools.

5. Has our external auditor asked about AI use and what did we tell them? The FRC guidance puts the auditor in the position of needing to understand AI use in financial reporting. If the external auditors have not asked the question yet, they will. The board needs to know the CFO has a prepared answer that is consistent with what has been disclosed in the financial statements and regulatory submissions.

6. What is our recovery plan if AI produces a material error in financial reporting? This is the question most CFOs have not yet prepared an answer to. The board wants to know that the firm has considered the scenario where AI-assisted financial reporting contains a material error that is not caught before publication — and has a plan for identification, correction, disclosure and prevention. The absence of a plan is a governance gap.

Building the Answers: The CFO’s AI Governance Framework

The CFO who can answer all six questions credibly has an AI governance framework in place. The components of that framework are not complex — they are a tool approval register, a data classification policy, a human review requirement for AI output, a UK GDPR compliance assessment for AI use with personal data, and a prepared auditor briefing note. None of these requires significant resource to produce. All of them can be built by the CFO and FC working together in a matter of weeks.

The CFO who cannot answer the questions — or who answers them with generalities rather than specifics — has a governance gap that will become progressively more visible as the FRC, FCA and external auditors continue to develop their expectations around AI in financial reporting. The gap is easier and less costly to close now than it will be when a board challenge, an auditor question or a regulatory request makes it urgent.

See Human-in-the-Loop AI Controls, AI Usage Policy for Finance Teams, What Auditors Ask About AI and AI in Finance Hub for the complete AI governance resource library.

Senior Finance Recruitment — 0204 553 8893

Accountancy Capital places CFOs, Finance Directors and Financial Controllers who can build and manage AI governance frameworks. Same-day response.

Brief Us Today →  0204 553 8893

A Note from Our Founder — Adrian Lawrence FCA

The board AI governance question is the one I hear most frequently deferred in CFO conversations at the moment — not because CFOs do not understand AI is important, but because the question feels too technical to answer at board level without specialist support. The reality is that the board is not asking a technology question. It is asking a governance question: is the CFO managing the risks of AI use in the finance function, and is the board getting the information it needs to provide oversight? Those are questions every CFO can and should be able to answer specifically.

Call 0204 553 8893 to discuss a CFO or Finance Director search where AI governance capability is part of the brief, or see CFO Recruitment, Group CFO Recruitment and AI Finance Recruitment. ICAEW Fellow Founder Adrian Lawrence FCA — verify via ICAEW.

Adrian Lawrence FCA
Founder, Accountancy Capital — Qualified finance recruitment specialists, £50,000 and above. Adrian is a Fellow of the Institute of Chartered Accountants in England and Wales — verify via ICAEW.

The audit committee is the most important stakeholder in the board AI governance conversation. Audit committee chairs are increasingly receiving guidance from their professional bodies — the Institute of Directors, the ICSA Governance Institute, and their own firms’ audit partners — on what questions to ask management about AI use. The CFO who is prepared for those questions, and who can present the AI governance framework to the audit committee proactively rather than reactively, is in a significantly stronger position than one who is answering ad hoc questions.

The proactive approach is to include an AI governance update in the audit committee’s standing agenda — a brief note setting out the AI tools approved for use, any new tools adopted since the last meeting, any data security incidents involving AI tools, and the current status of the firm’s human review requirements for AI output. This transforms the audit committee’s AI governance oversight from a series of reactive questions into a structured ongoing process. The ICAEW guidance on AI and the finance profession provides a useful framework for structuring this conversation.

See What Auditors Ask About AI in Finance, Human-in-the-Loop AI Controls, AI Usage Policy for Finance Teams and AI in Finance Hub.