Skip to content
All insights

Sector playbooks

AI for accountancy firms: a governed adoption playbook

Where AI genuinely saves time in a UK accountancy practice, what ICAEW and the FRC actually require, and the governance wrapper and 90-day path to adopt it safely.

Hamada Mahdi7 min readResearched and drafted with AI assistance, reviewed by Karl George MBE
Near-white abstract ledger of fine navy ruled lines with a violet seam completing one row, governed accounting work

AI genuinely saves time in a UK accountancy practice on a narrow set of well-defined tasks — document and invoice processing, client-query triage, first-draft working papers and anomaly review — provided the practice keeps professional judgement, client-data control and a human sign-off around every output. The professional bodies are clear on the last point: AI can support the work, but it does not replace the accountant's judgement or accountability. Adopt it that way and it is a real productivity gain. Adopt it as a shortcut around judgement and it becomes a professional and regulatory exposure.

This is a practical playbook for practice owners and partners: where AI saves time today, what ICAEW and the FRC actually say, the governance wrapper you need before rollout, a 90-day adoption path, and how to tell when you need a fractional CTO rather than another off-the-shelf tool.

Key takeaways

  • ICAEW's guidance is explicit that AI can support professional work but does not replace professional judgement, and that AI outputs should be challenged rather than accepted at face value.
  • The FRC's June 2025 guidance on AI in audit holds that the human auditor is always accountable — regulatory accountability for audit quality is unchanged by the use of AI tools.
  • The ICO requires a lawful basis and a risk assessment wherever AI processes personal data, which for a practice means client data must not go into uncontrolled or public systems.
  • The genuine time savings are on bounded, high-volume tasks: document and invoice processing, client-query triage, working-paper drafting and anomaly review — each with a human reviewing the output.
  • Before any rollout a practice needs a governance wrapper: an AI policy, client-data rules, human sign-off on judgements and an audit trail — not a tool bought first and governed later.

Where AI genuinely saves time today

The honest answer is: on repetitive, high-volume, well-scoped tasks — not on the judgement that clients actually pay for. Four hold up in practice.

  • Document and invoice processing. Extracting figures from bank statements, receipts and supplier invoices into structured data is well-suited to AI, and it removes a large slice of manual keying. The controls matter — the finance decisions should stay deterministic, as we set out in our note on AI invoice processing — but the reading is genuine time saved.
  • Client-query triage. Inbound client questions can be classified, routed and given a drafted first response from approved firm guidance, so straightforward queries move faster and the partner's time goes to the ones that need it.
  • Working-paper drafting. AI can produce a first draft of a working paper, a file note or a standard schedule for a person to review and correct. The draft is a starting point, never the finished judgement.
  • Anomaly review. Scanning a ledger or a dataset for outliers and unusual patterns gives the reviewer a prioritised list to investigate. The AI flags; the accountant decides whether the flag matters.

The pattern across all four is the same: AI handles volume and surfaces candidates, and a qualified person makes the judgement. Where a practice tries to push AI past that line — letting it reach a conclusion a client relies on without a human standing behind it — it moves from productivity into risk.

What the professional bodies actually say

The regulatory position is settled enough to design against, and it points consistently at judgement and accountability staying human.

ICAEW. ICAEW's guidance for members is that AI can support professional work but does not replace professional judgement, and that AI suggestions should be challenged and reviewed in the context of the client's specific circumstances rather than accepted at face value. It also stresses integrity — being transparent about how AI supports the work and being able to explain outputs to clients — and data protection, warning against putting identifiable client data into uncontrolled or public systems. See ICAEW's artificial intelligence resources and its guidance on AI and accountants.

FRC. For audit specifically, the FRC published landmark guidance on the use of AI in audit on 26 June 2025, alongside its AI in Audit guidance library. Its central principle is that regulatory accountability is unchanged: the human auditor is always accountable, and firms and Responsible Individuals remain accountable for audit quality regardless of the technology used. AI can enhance quality when it is explainable, controlled and documented — the accountability does not transfer to the tool.

ICO. Wherever AI processes personal data — which in a practice means client data — the ICO's guidance on AI and data protection requires an appropriate lawful basis and a proper assessment of the risks to individuals before processing begins. The practical consequence for a practice is direct: client data must not be pasted into consumer AI tools whose data handling you do not control, and any tool that processes it needs a defensible basis and a risk assessment behind it.

Read together, these say the same thing in three vocabularies. The judgement, the accountability and the responsibility for client data stay with the qualified professional. AI is a tool used under that responsibility, not a substitute for it.

The governance wrapper a practice needs before rollout

Buying a tool first and governing it later is the common mistake, and it is the one that turns a productivity gain into a complaint. Four controls should be in place before AI touches client work.

  • An AI policy. A short, plain document that states which tasks AI may be used for, which it may not, which tools are approved, and who owns the policy. It should be something every member of staff can actually follow.
  • Client-data rules. Explicit rules on what client data may go into which tools. The default is that identifiable client data never enters an uncontrolled or public system, in line with ICAEW's warning and the ICO's requirements.
  • Human sign-off on judgements. A named person reviews and signs off any AI-assisted output that reaches a client or informs a professional judgement. This is the operational form of the ICAEW and FRC accountability principle — the point where a person, not a model, takes responsibility. It is the same human-in-the-loop discipline we build into the systems we deliver.
  • An audit trail. A record of where AI was used, on what, what it produced and who signed it off, so the practice can reconstruct and defend any AI-assisted piece of work. An append-only record is the artefact a regulator or a client would ask for.

None of this is heavy. It is a policy, a data rule, a sign-off step and a log — but having them in place before rollout is the difference between adopting AI professionally and hoping nothing goes wrong.

A 90-day adoption path

A practice can move deliberately without stalling. A realistic sequence:

Days 1–30 — govern and pick one task. Write the AI policy and client-data rules. Choose a single, low-risk, high-volume task to start with — document processing is usually the best first candidate because the output is easy to check. Agree who signs off and how the use is logged.

Days 31–60 — pilot with a human in the loop. Run the chosen task in parallel with existing process, with every AI output reviewed and signed off by a qualified person. Measure the actual time saved and the error rate you catch at review. This is where you learn whether the tool earns its place.

Days 61–90 — review, then extend or stop. Assess the pilot honestly against the evidence. If it saved real time and the review caught what it should, extend to a second task and formalise it in the policy. If it did not, stop — a disciplined stop is a good outcome, not a failure. Only widen scope once the governance is proven, never before.

The principle is one task at a time, always under human sign-off, with a real review before you extend. It is the opposite of the firm-wide rollout that outruns its controls.

Fractional CTO or a vendor tool?

The dividing line is whether an off-the-shelf tool solves your problem or whether you need something built and governed around your practice.

A vendor tool is right when your need is a common, well-served task — bank-statement extraction, a bookkeeping assistant, a document reader — and a reputable product with acceptable data handling already does it. Buy it, govern it with the wrapper above, and move on.

A fractional CTO is right when the need is bigger than a single tool: you are joining several systems together, building something specific to how your practice works, choosing between competing tools across the firm, or you simply have no senior technical person to own AI decisions, data protection and the governance design. A fractional CTO gives you that senior judgement without a full-time hire — someone to set the strategy, choose the tools, design the controls and answer for the technical decisions. For a practice adopting AI across more than one workflow, that ownership is usually what is missing, and its absence is what lets governance slip.

Where to start

If your practice is ready to adopt AI but wants it done under proper professional control, two routes fit. For senior technical ownership of your AI strategy, tool choices and governance without a permanent hire, consider a fractional CTO. If you would rather begin by testing how well your current or planned AI use stands up to scrutiny, our AI governance diagnostic — GovernIQ™, from £3,950 — reviews your controls, data handling and accountability and gives you a scored, evidenced plan. Either way, the goal is the same: the time savings, without surrendering the judgement your clients pay for.

Last reviewed: 10 July 2026.

Sources: ICAEW — artificial intelligence resources · ICAEW — AI and accountants · FRC — landmark guidance on AI in audit (26 June 2025) · FRC — AI in Audit guidance · ICO — guidance on AI and data protection

accountancyprofessional servicesAI governanceICAEWFRC

Where does your board's AI governance actually stand?

Ten questions across accountability, policy, risk, data and capability. You'll get a readiness score, where to focus first, and a recommended next step. It takes about two minutes.

Free · ~2 minutes · your score shown straight away.