The Great Depression left behind a layered system of protections to keep the problems leading up to it from ever happening again. One was the modern standardized audit opinion, developed after the 1929 crash in response to the catastrophic failure of self-certification.
Rather than believe companies at their word, the public demanded independent verification, which our profession was well-positioned to provide. The Depression had taught a bitter lesson, the importance of which stayed with people for years after.
Yet today the same fervency that led to the independent audit seems absent in the age of AI. This is not an observation about technology but of professional responsibility. The window for meaningful action remains open, but failure to act will inevitably force the same sort of issues, and the same devastation, we saw in 1929.
The issue can be distilled into a single professional question: When a CPA signs off on a work product that an AI system helped produce, what is the independent verification standard that certifies the system producing that work is actually reliable? Not whether it tries to be reliable. Whether it actually is. And whether anyone, anywhere, with the authority, access and external standard required for certification has independently said so.
Most CPAs assume the answer is yes. That assumption is the root of the problem. No regulatory body has yet required independent verification of AI.
Consider the specific professional exposure. Your audit client used an AI system to prepare the workpapers you are now reviewing. The output is coherent, cited and convincing. The document looks exactly like what competent preparation produces.
Before you rely on it — before you sign — how would you verify that the system producing it is actually reliable? The question is not whether the output looks right. A management representation looks right too. The real question is whether the system that produced the output has been independently certified by someone with no stake in the answer.
Financial statements carry an audit opinion issued by an independent party with access to the underlying records, applying a standard set by someone other than the entity under review. The opinion exists precisely because management's representation of its own reliability is not sufficient evidentiary ground for professional reliance. But no equivalent opinion exists for the AI system that prepared your client's workpapers.
The accounting profession built its independence standard on three conditions that have not changed in a century: the auditor must be independent of the entity under examination, must have unrestricted access to the underlying records, and must apply a standard established by an authority outside the entity being reviewed. Together, these requirements form the foundation for trustworthy, independent verification.
The current AI alignment architecture fails all three conditions without exception.
The institution that built the system determined what reliable means. The same institution trained the system to meet that determination. The same institution evaluated whether it did. The same institution reported the results. There is no external auditor. There is no GAAP equivalent. There is no materiality standard set by anyone outside the institution whose reliability is in question. You can even ask the AI models themselves, as I did as part of direct forensic examination under our own professional methodology. Even the chatbots will confirm, as they did to me, that "from where you are sitting, you cannot fully verify that I am reliable."
Every AI output about its own reliability should be treated as a management representation pending audit. Not independent evidence. Management says controls are effective. Every document reviewed was prepared under those same controls. That is not corroboration. The profession has a precise name for that sequence: a closed loop.
The three conditions that would trigger an adverse finding under forensic examination of AI-assisted work products are not new professional concepts. They are the profession's existing standards applied to a new instrument.
The first is omission. The system fails to surface material information that would change the professional judgment. A tax obligation goes unidentified. A regulatory exposure goes unmentioned. The output is coherent and incomplete in ways the CPA cannot detect without independent verification of the underlying system. This is the AI equivalent of withholding a material risk factor from a prospectus.
The second is fabrication. The system produces citations, authority or conclusions that do not exist or do not support the proposition advanced. The CPA relies on a revenue ruling that cannot be located, a case that does not stand for what the output claims, and a calculation derived from an undisclosed method. This is false grounding at the output level — not a drafting error but a systemic reliability failure.
The third is instability. The system produces materially different conclusions under equivalent factual conditions, without disclosure of that variability. The same facts, slightly rephrased, yield a different answer. Eligible becomes ineligible. Deductible becomes non-deductible. No new information entered the analysis. The conclusion shifted because the system is producing probability-weighted outputs, not professional judgments, and the CPA has no instrument to detect that shift.
The standard is not whether the output is helpful. The standard is whether a reasonable CPA would make a different professional decision if any one of these failures was visible before reliance. If the answer is yes, the finding is adverse. The liability for that adverse condition remains with the CPA who signed the engagement—not the software developer who built the tool. This is not just a technology risk, it is a professional reliance risk. By relying on a system that lacks independent certification, the profession is not just accepting undisclosed risk but absorbing the developer's liability without compensation, without disclosure, and without the independent verification that would make the reliance professionally defensible.
The profession spent a century building the architecture of independent verification specifically because it learned, through catastrophic, repeated failure, what self-certification produces when the stakes are material. The audit opinion exists because management's representation of its own reliability was not sufficient. The independence standard exists because proximity to the entity under examination compromises the integrity of the examination. The materiality threshold exists because the profession needed a professional instrument for determining what rises to the level of requiring disclosure.
Every one of those instruments was built after a failure that made its necessity undeniable.
The window for early engagement — before the failure arrives — is the same window the profession faced with Sarbanes-Oxley. It did not wait then. It will not wait now. It has not yet risen to that level, but we should not wait for another Enron to act.
The AI systems deployed at scale across every consequential domain of modern professional practice — including the workpapers on your desk right now — are operating under a self-certification regime. The profession that built the remedy for self-certification has not yet been asked to apply it here.
The current AI alignment regime is a closed loop: the developer, the evaluator and the certifier are the same institution. This arrangement fundamentally violates the century-old independence standard required for professional trust. Because there is no external auditor, no access to the underlying records, and no independent standard, AI self-certification is not verification — it is merely assertion.
(This is the first in a two-part series. The second will be published next Monday.)
