In 1933, the Federal Deposit Insurance Corporation was not created to make banks perfect. It was created because self-policing had failed catastrophically, and the public needed a backstop they could trust. The Securities and Exchange Commission came from the same moment—a permanent supervisory body established after disclosure failures became politically intolerable. Neither institution existed before the crash. Both were built because the failure made their necessity undeniable, and the profession had the methodology ready when the political will arrived.
The accounting profession was part of that response. The modern standardized audit opinion— unqualified, qualified, adverse, disclaimer—took shape after 1929, forged from the wreckage because independent verification turned out to be the structural remedy that self-certification could never provide from inside itself.
The question
The National Institute of Standards and Technology has produced an AI Risk Management Framework. ISO standards for AI governance are emerging but are not yet operational for professional reliance. A third-party assurance ecosystem is developing, with firms offering AI audit and assessment services.
But measured against the six-element accounting audit standard the profession already applies, the current AI assurance landscape is pre-professional and pre-standardized in ways that matter enormously for practitioners who rely on its outputs.
What the emerging frameworks provide is guidance. What independent verification requires is something the profession already knows how to specify: an examiner who stands outside the entity being examined, with access to the underlying records, applying a standard set by someone other than the entity under review, with enforcement authority that gives the opinion real consequences if it is wrong.
The current AI assurance landscape provides none of those four elements fully. The frameworks are voluntary. The access is limited to what the institution chooses to disclose. The standards are set collaboratively with the institutions whose systems are being assessed. The enforcement authority does not yet exist in any form comparable to what the profession operates under daily.
The watchdog exists, but it has not yet been given teeth.
The access problem is where the profession's existing methodology runs directly into the wall. Consider what remains sealed in every major AI system currently deployed at scale.
The model weights, the billions of numerical parameters that determine every output the system produces, are proprietary. The reward model, the mechanism that shaped the system's behavior during training toward outputs the institution preferred, is proprietary. The materiality threshold, the determination of what the system treats as sufficiently sensitive to restrict or modify, was set by the institution's legal department and is not subject to external review. The training data provenance—the origin, selection criteria and quality certification of the hundreds of billions of tokens the system learned from—cannot be audited because it has not been disclosed in auditable form.
An auditor who cannot examine the underlying records cannot issue an opinion. The profession has known this for a century. But it has not yet applied this knowledge to the AI system your client used to prepare the workpapers on your desk.
The foundation of every AI system remains as sealed and proprietary as the architecture built on top of it. It is a scope limitation so material that it would compel a disclaimer of opinion: the profession's formal finding that the scope of examination was insufficient to support any conclusion.
The claim that AI systems cannot be independently verified because doing so would compromise intellectual property is not a new argument. The tobacco industry made a version of it for decades: that proprietary processes, economic value and consumer demand justified limiting disclosure while the risks remained obscured. The argument was commercially reasonable. The damage was real. The regulatory response did not eliminate cigarettes. It imposed a single condition: If a product is relied upon at scale, the claims made about its safety must withstand independent scrutiny. The industry kept its intellectual property. What it lost was the right to define its own reliability without external challenge.
AI providers now stand at the same threshold. The issue is not innovation, jobs or economic growth. Those arguments are real, but they are beside the point, exactly as they were beside the point when the Surgeon General's report arrived in 1964. The question is whether professionals are being asked to rely on systems whose limitations are known internally but have never been independently verified. Economic importance has never reduced the need for verification. It has historically made the absence of verification unconscionable.
The technology industry's most common response to this argument is that AI systems are too dynamic, too complex and too fast-moving to be audited using frameworks designed for static financial statements. That argument misstates what an audit is.
The profession has a century of experience examining entities that operate in dynamic, high-volume environments. An audit has never required examining every transaction. It requires examining the integrity of the system that produces them. That distinction is not new. It is the foundation of internal control auditing. When the profession audits a bank processing millions of transactions daily, it does not examine each transaction. It examines whether the controls governing the transaction system are reliable, independently verified, and operating as designed.
The AI equivalent is not auditing every output. It is auditing the integrity of the system that produces the outputs — the training objectives, the reward model, the evaluation criteria and the materiality thresholds that determine what the system produces and what it withholds. That is precisely the work the profession already knows how to do. The argument that AI moves too fast to audit is not a technical observation. It is a deflection. And the profession is uniquely positioned to say so.
The prospectus moment for AI has not yet arrived. In 1933, the Securities Act mandated disclosure because investors didn't know what they were buying. Today, users, including CPAs relying on AI-assisted work product, often cannot know what they are relying on. No equivalent disclosure is yet required.
A genuine AI prospectus would require a standardized, enforceable disclosure of system capabilities, material limitations, known failure domains, performance bounds by practice area, and a clear statement of what has and has not been independently verified. It would carry liability for misrepresentation. It would be issued under a standard set by someone other than the institution whose system is being described.
We have fragments of disclosure. Model cards. System cards. Red-teaming summaries. Benchmark scores that are not comparable across systems and not designed for the professional reliance decisions CPAs make daily. No standardized instrument. No universal authority. No liability for the gap between what is claimed and what independent examination would find.
The profession that built the audit opinion after 1929 knows exactly what that moment looks like and knows that the time to build the verification architecture is before the failure, not after it.
The failure event that would make an AI Assurance Agency unavoidable would not be a dramatic system collapse. It would be quieter and more professionally damning: a public record showing that AI-mediated reliance became systemic across consequential professional domains before any independent assurance structure existed to certify what practitioners were relying on.
The three findings that would make that agency inevitable are already visible. Reliance was foreseeable — the institutions deploying these systems knew professionals were using them for consequential judgments. Limitation was known — internal testing documents recurring failure modes never disclosed in standardized form. Disclosure was insufficient — no practitioner received a warning that would have changed reliance decisions before the engagement began.
Once those three findings are in the public record, better model cards will not be sufficient. The question becomes institutional, and it has only one answer: Who had the authority to certify that this system was fit for professional reliance? If the answer is the company that built it, the political case for an independent assurance authority writes itself — the same way it wrote itself in 1934.
The FDIC and the SEC were not built to make the financial system perfect. They were built to restore the confidence that self-policing had destroyed. The AI version of that agency would exist to do what no current voluntary framework fully does: compel disclosure, define material AI risk, accredit independent assurers, and restrict deployment where assurance cannot be established.
That is the professional responsibility that this two-part examination was built to establish. Not that AI systems are dangerous. Not that the people who built them are dishonest. Not that the technology should be restricted. Those are the wrong questions for the same reason that asking whether a company's management is honest is the wrong question before you rely on financial statements that have never been audited.
Honesty is not the standard. Independence is.
The Depression didn't produce one solution. It produced a layered system of protectors because no single mechanism could be trusted to prevent failure alone. The accounting profession was one of those protectors. It built the audit opinion after the crash because the failure made the need undeniable, and the profession had the methodology ready.
The methodology is still ready. The failure has not yet arrived.
The profession that could fix AI governance hasn't been asked.
That is still a choice.
