Related posts
See all
Key Insights
- An AI QA program is what lets firms scale AI into engagement work with confidence: traceable output, review checkpoints, and documentation that holds up in inspection.
- Purpose-built platforms produce those controls as the engagement runs: every output traced and reviewed before it advances.
- The firms pulling ahead aren't the ones with the most AI tools. They're the ones running AI built so every output survives review.
A senior associate hands a partner a workpaper that looks immaculate. Clean formatting, confident conclusions, every reference footnoted. The partner starts the review and something nags. One citation points to a regulatory guidance document that, when looked up, doesn't actually exist. A general-purpose AI assistant drafted the workpaper and invented the source, and the associate didn't catch it because everything else looked so polished.
Catching that is what AI quality assurance exists for. With general-purpose AI, that QA never ends: every output needs the full check, and the checking can take more time than doing the work by hand. What works is a purpose-built platform like Fieldguide, designed by practitioners for practitioners, running inside the healthy QA program any compliant audit practice should have. This article covers what that program includes, how a purpose-built platform carries most of it, and what inspectors and peer reviewers will look for.
What an AI Quality Assurance Program Covers
AI quality assurance is how firms stand behind AI-assisted work the same way they stand behind any preparer's. The components are the same wherever the AI runs; what varies is how much of the program a firm has to assemble itself and how much arrives built into the platform.
Tool governance and risk assessment
The practical artifacts are a register of which AI tools are approved, for which engagement procedures, and with what restrictions, plus an AI-specific risk assessment covering what a general information security review won't surface: bias in model outputs, data quality, explainability, and model drift.
Traceability
Documentation has to contain enough information that another competent person could repeat the work and reach the same conclusion, and AI-assisted work meets the same bar. In practice that means the workpaper captures what went into the AI, what came out, and the human evaluation that followed. That record is what lets a reviewer rely on AI-assisted work the same way they rely on a preparer's.
Review checkpoints and monitoring
Review checkpoints belong at the point of AI output, not after the workpaper is finalized, and they're what let teams move quickly on routine work: the gate is built in, so speed doesn't come at the cost of reliability. Monitoring backs the checkpoints up, because the more polished the output, the more likely a reviewer accepts it without pushback, and that reviewer deference is itself a known pattern worth designing against. Periodic testing, training refreshers, and documented policies, procedures, and supervision round out the program; the PCAOB expects all three from firms using AI tools.
How a Purpose-Built Platform Builds the QA Layer In
Fieldguide was built by practitioners who carried these review obligations themselves, and the controls above come out of the box as a result: review runs as part of the operating model, not as an extra layer around it.
Every run documents itself
Fieldguide's Agent Workforce works on the model of agent executed, human reviewed, with every run producing a Trace of the inputs, the outputs, and the reasoning in between. The record exists before the review starts, not because someone captured prompts by hand. Evidence only works if the person reading it can understand it, and the bar is the one the documentation rules already set: an experienced auditor with no prior connection to the engagement should be able to open the file and understand what was done and what was concluded.
Review is the operating model
Every agent output runs through practitioner review and approval before it's finalized. Agents plan, execute and document. Humans review, judge and advise. The Agent Review Experience makes the checkpoint concrete: a dedicated workspace where preparers review and append to agent output before it moves to the manager, keeping the review step documented inside the same workflow. The engagement partner still owns supervision and review of documentation in areas involving significant judgments and significant risks, and reviewer time moves to where it earns the most: exceptions, judgment calls, and the client conversation.
Agents run with engagement context
Field Agents execute inside the engagement, not alongside it. The firm's methodology, prior-year work, and standards sit in Agent Knowledge, and the agents draw on linked documents, workpaper data, and framework requirements as they run. That context is also what makes monitoring tractable: the AI runs where the engagement runs, so the activity a QA program would chase across disconnected tools is visible in one place.
The payoff shows up in the work. After adopting Fieldguide, UHY reported tasks dropping from 3 hours to 15 minutes.
What Inspectors and Peer Reviewers Will Look For
Technology use is now an explicit inspection priority, and audit committee chairs are asking how their auditors use AI. The pressure to document AI use well comes from both sides, and the documentation needs to show the QA program operating in practice, not just on paper.
The PCAOB's quality management standard, in effect since December 15, 2025, is risk-based by design, with ongoing monitoring of effectiveness built in. Applied to AI, its documentation expectations translate to capturing which procedures used AI, what inputs the tool received, what output it produced, and how the team reviewed it. That record either exists because the platform produced it, or because someone rebuilt it after the fact. Peer review applies the same test: updated peer review standards align with the firm's quality management system for review years ending on or after December 31, 2025, and peer reviewers will be looking for evidence the system is designed, implemented, and operating.
The management-system level has an answer too. Unlike general-purpose models, Fieldguide is built strictly for regulated environments, and the certifications make that verifiable. It was the first AI platform for audit and advisory to earn independent AIUC-1 certification, which verifies agent resilience against errors and secure data handling.
It also holds ISO 42001, among the first audit and advisory platforms to achieve it; the standard covers how an organization assesses AI risk, sets policy, and improves over time. SOC 2 Type 2 attestation rounds out the set. The certifications cover the governance shell; the Trace covers the engagement-level evidence inside it.
Put AI QA Inside the Engagement, Not Beside It
Fieldguide covers the full engagement lifecycle on one platform built for audit and advisory work, with the Agent Workforce executing and practitioners reviewing, judging, and advising at every stage. The QA evidence regulators expect comes out of doing the work, with the audit trail preserved in the same workflow rather than reconstructed at review. Methodology, evidence, review, and certification live in one place instead of across a toolchain. Request a demo to see how it runs inside a live engagement.
Amanda Waldmann
Increasing trust with AI for audit and advisory firms.
