News and articles

Accountants will be the profession best placed to bring the necessary rigour to the analysis and governance of critical data in the age of AI, writes Sharon Cotter Canadian philosopher Marshall McLuhan has suggested: “We become what we behold. We shape our tools, and thereafter our tools shape us”. This is important to remember today, when the spotlight is on the potential consequences, intended and unintended, of the artificial intelligence (AI) tools being shaped by humans. The rise of AI AI encompasses a vast range of computer science research. Since the 1950s, scientists have pursued the goal of building machines capable of completing tasks that normally require intelligent human behaviour.  Machine learning (ML), a subset of AI, enables machines to extract knowledge from data and to learn from it autonomously.  In the past decade, the exponential increase in the volume of data generated, captured, stored and available for analysis, coupled with advances in computing power, have created the impetus and means to rapidly advance ML, which in turn has facilitated the development of narrow AI applications.  In essence, narrow AI applications are computer programs, or algorithms, specifically trained, using very large datasets, to carry out one task, or a limited number of tasks. Best suited to tasks that do not require complex thought, narrow AI algorithms can often accomplish such tasks better and more swiftly than humans.  Most of the AI capability we use today is narrow AI – from Alexa and Siri, which carry out human voice commands, to ChatGPT and Bard, which generate output based on conversational text prompts, and Dall-E2, which generates visual images based on text prompts, to name but a few.  In the field of accounting, we can utilise coding languages and software tools such as Python, ‘R’ and Alteryx to generate predictive forecasts and models.  We often use these tools without realising that we are using elements of narrow AI. For example, these programming languages and software tools embed many of the statistical algorithms that allow us to easily carry out linear regression analysis, a common method of predicting future outcomes based on past data. Adapting to broaden our role The word ‘computer’ was first coined by the English poet Richard Brathwaite in 1613 to describe a person who carried out calculations or computations. For the next 350 years or so, most humans who needed to perform calculations used mental arithmetic, an abacus or slide rules until the widespread availability of electronic handheld calculators in the 1970s. As accountants, we have seamlessly adapted to the tools available to us – whether these are an abacus, double-analysis paper, a totting machine, or computer software tools like Excel and Alteryx.   The use of these tools, and the time saved by their use, have allowed us to broaden our role from recording, summarising and presenting the underlying economic transactions to providing a much wider range of useful information to decision-makers both within, and outside, organisations.  This is reflected in commentary from the professional accountancy bodies emphasising the importance of good organisational decision-making and suggesting that the core purpose of our profession should be to facilitate better decisions and identify the business problems that better decisions will resolve. Asking the right questions In 1968, Pablo Picasso is reputed to have said: “Computers are useless. They can only give you answers”. While the remark may have been dismissive of the then cumbersome mainframe computer, it does encapsulate the notion that the real skill lies in figuring out the right question to ask, as this requires both judgement and creativity.  Useful, timely and relevant information for decision-making can only be produced if the right question is asked of the right data at the right time. On the face of it, this seems simple and straightforward, but in practice it is often much more difficult to achieve.  Deciding what question to ask requires knowledge of the business context, and an understanding of the issue being addressed as well as an ability to clearly articulate the issue. Critical thinking is key to identifying what answers are needed to identify the range of solutions for the issue at hand. Deciding what data is appropriate to use in the analysis requires an understanding of what data is available, where it is stored, how it is stored, what each data element selected represents, how compatible it is with other data, and how current that data is. It also requires knowledge of the limitations posed by using particular sets of data. Being able to generate the answer to the right question using the right data is only relevant if it can be produced at the point at which this information is needed. Sometimes, not all the data needed to answer the question is readily available, or available in the required format. Data from several sources may need to be combined and, where data is incomplete, judgement will be needed on the assumptions necessary to generate a relevant and timely set of data. Accountants are well-positioned The skills, experience and mindsets we develop as part of our professional training positions accountants well to provide the best possible decision-enabling information to decision-makers.  Scepticism is a key tenet of our profession. We look to spot anomalies in data and information, and to question the information by asking “does it make sense?” We are trained to be methodical, thorough and to look beyond the obvious. Training and experience enable us to develop our professional judgement, which we apply when determining what is relevant, appropriate and faithfully represents the underlying economic transactions.  We are adaptable and flexible in the tools we use, and aware of the need to stay up to date with the law and regulation applying to the storage and use of data. In short, we are valued problem-solvers and critical thinkers. Accountants’ ‘jurisdiction’ In his book The System of Professions: An Essay on the Division of Expert Labor, Andrew Abbott uses the term ‘jurisdiction’ to represent the link between a profession and its work.  Jurisdiction is an important concept, as the acknowledged owner of a task is likely to be able to shape the characteristics of that task. In the context of accountants’ work, the term ‘jurisdiction’ means the extent to which organisations, and society, accept that due to their professional expertise, only specific roles and responsibilities should be carried out by accountants.  Within organisations, accountants’ jurisdiction is not static. The roles and responsibilities that fall within their remit can, and do, change.  The jurisdiction of accountants can be encroached upon. Others within the organisation may also have expertise allowing them to claim work once exclusively identified with accountants. Challenges to jurisdiction The emergence of new roles, such as data or information specialists, who collect, clean and analyse data, has meant that complex analysis of financial information can now be done by non-accountants.  Some organisations have explored ways in which operational managers and decision-makers can be given direct access to financial systems.  Known as ‘self-service’ menus, such direct access to information allows decision-makers to drill down into the detail of transactions – for example, to identify the underlying causes of deviations from budget, all without the need to consult with their colleagues in the finance department.  If an organisation transfers responsibility for data analysis and decision support to data specialists and/or decision-makers, then the jurisdiction of the accountant may be narrowed or reduced. Opportunities for role expansion Equally, however, accountants’ roles and responsibilities can be increased, resulting in their jurisdiction being broadened or expanded.  The expansion of an accountant’s role requirements can either result from increased job tasks and responsibilities, or from changes in the tools and technologies available to carry out these tasks and responsibilities.  Recent research and professional body commentary has, for example, explored the extent to which management accountants have embraced changes in their role or taken on wider responsibilities, such as business partnering.  Multiple elements such as role identity, the ability to embrace change in a positive way and developing strong communication skills, to name but a few, all contribute to the successful adoption of additional responsibility. Futureproofing with digital fluency The rapid and on-going development, enhancement and availability of software tools that can be used to capture, store, identify, slice and dice data, and present information in visual graphics, are forcing accounting professionals to consider the level of IT competency required to operate efficiently and effectively in today’s digital world.   Professional accountancy bodies emphasise the importance of digital skills in futureproofing the accountant’s role while many of the larger multinational companies espouse the need for finance staff to have good digital fluency. Challenges and opportunities Both encroachments and expansions to the jurisdiction of accountants bring their own set of challenges and opportunities.  Maintaining, and expanding, accountants’ jurisdiction over the integrity of data, and the provision of information for decision-making, should be a key part of the profession’s strategy in the digital age.  I believe that the ‘governance’ of data, rather than the use of specific AI tools, should be the focus of the accountancy profession when formulating strategies for its future direction. In addition to enhancing our digital skills, we need to consider strategies such as adapting and changing the role of the chief financial officer to include overall direct responsibility for data analytics.  The governance, management and analysis of data should be as important as traditional responsibilities in finance.  Governance of data requires rigour and objectivity to ensure that its integrity is preserved. We should noticeably stake our claim as the profession best placed to bring that rigour and objectivity to the governance and analysis of data used for decision-making.  Failure to consider such strategies may mean we increase the risk that encroachments rather than expansions to our role – our jurisdiction – will become a reality. We should strive to ensure that our future role is shaped by us rather than by these new digital tools and techniques. Sharon Cotter, FCA, lectures in accounting and finance at the University of Galway

Michael Diviney and Níall Fitzgerald explore the ethical challenges arising from artificial intelligence (AI), particularly ‘narrow’ AI, and highlight the importance of ethics and professional competence in its deployment Earlier this year, artificial intelligence (AI) industry leaders, leading researchers and influencers signed a succinct statement and warning: “Mitigating the risk of extinction from AI should be a global priority alongside other societal-scale risks such as pandemics and nuclear war.” Was this a publicity stunt? Well, probably not, as the generative AI ChatGPT was already the fastest-adopted application in history.  Was this an over-the-top, alarmist statement by a group possibly trying to steal a march on self-regulation of a rapidly emerging technology and growing industry?  Again, this is unlikely if one considers the warnings of pioneer thinkers like Nick Bostrom, Max Tegmark, Stephen Hawking and Astronomer Royal Martin Rees. They concur that there is an existential threat to humankind if human-level or ‘general’ AI is developed and the ‘singularity’ is reached when AI surpasses human intelligence.  Autonomous weapons and targeting are a clear risk, but more broadly, unless we can ensure that the goals of a future superintelligence are aligned and remain aligned with our goals, we may be considered superfluous and dispensable by that superintelligence.  As well as the extinction threat, general AI presents other potential ethical challenges.  For example, if AI attains subjective consciousness and is capable of suffering, does it then acquire rights? Do we have the right to interfere with these, including the right to attempt to switch it off and end its digital life?  Will AI become a legal entity and have property rights? After all, much of our economy is owned by companies, another form of artificial ‘person’. Ethical challenges from ‘narrow’ AI Until general AI is here, however – and there is informed scepticism about its possibility – the AI tools currently in use are weak or ‘narrow’ AI. They are designed to perform a specific task or a group of related tasks and rely on algorithms to process data on which they have been trained.  Narrow AI presents various ethical challenges:  Unfairness arising from bias and opacity (e.g. AI used in the initial screening of job candidates include a gender bias based on historical data – in the past more men were hired); The right to privacy (AI trained with data without the consent of the data subjects); Threats to physical safety (e.g. self-driving vehicles); Intellectual property and moral rights, plagiarism and passing-off issues in the use of generative AI like ChatGPT and Bard; and Threats to human dignity from the hollowing out of work and loss of purpose. Regulation vs. ethics Such issues arising from the use of AI, particularly related to personal data, mean that regulation is inevitable.  We can see this, for example, with the EU’s landmark AI Act, due to apply by the end of 2025, which aims to regulate AI’s potential to cause harm and to hold companies accountable for how their systems are used. However, as Professor Pat Barker explained at a recent Consultative Committee of Accountancy Bodies (CCAB) webinar, until such laws are in place, and in the absence of clear rules, ethics are required for deciding on the right way to use AI.  Even when the regulation is in place, there are likely to be cases and dilemmas that it has not anticipated or about which it is unclear. Legal compliance should not be assumed to have all the ethical issues covered, and as AI is evolving so quickly, new ethical issues and choices will inevitably emerge.  Ethics involves the application of a decision-making framework to a dilemma or choice about the right thing to do. While such a framework or philosophy can reflect one’s values, it must also be objective, considered, universalisable and not just based on an instinctual response or what may be expedient. Established ethics frameworks include: the consequentialist or utilitarian approach – in the case of AI, does it maximise benefits for the greatest number of people?; and the deontological approach, which is based on first principles, such as the inalienable rights of the individual (an underlying philosophy of the EU’s AI Act). (The Institute’s Ethics Quick Reference Guide, found on the charteredaccountants.ie website, outlines five steps to prepare for ethical dilemmas and decision-making.)  A practical approach While such philosophical approaches are effective for questions like “Should we do this?” and “Is it good for society”, as Reid Blackman argues in Harvard Business Review, businesses and professionals may need a more practical approach, asking: “Given that we are going to [use AI], how can we do it without making ourselves vulnerable to ethical risks?”  Clear protocols, policies, due diligence and an emphasis on ethical risk management and mitigation are required, for example responsible AI clauses in agreements with suppliers. In this respect, accountants have an arguably competitive advantage in being members of a profession; they can access and apply an existing ethical framework, which is evolving and adapting as the technology, its opportunities and challenges change.  The Code of Ethics The International Ethics Standards Board for Accountants (IESBA) recently revised the Code of Ethics for Professional Accountants (Code) to reflect the impact of technology, including AI, on the profession. The Chartered Accountants Ireland Code of Ethics will ultimately reflect these revisions.  IESBA has identified the two types of AI likely to have the most impact on the ethical behaviour of accountants:  Assisted intelligence or robotic process automation (RPA) in which machines carry out tasks previously done by humans, who continue to make decisions; and  Augmented intelligence, which involves collaboration between human and machine in decision-making. The revisions also include guidance on how accountants might address the risks presented by AI to ethical behaviour and decision-making in performing their role and responsibilities.  Professional competence and due care The Code requires an accountant to ensure they have an appropriate level of understanding relevant to their role and responsibilities and the work they undertake. The revisions acknowledge that the accountant’s role is evolving and that many of the activities they undertake can be impacted by AI.  The degree of competency required in relation to AI will be commensurate with the extent of an accountant’s use of and/or reliance on it. While programming AI may be beyond the competency of many accountants, they have the skill set to:  identify and articulate the problem the AI is being used to solve;  understand the type, source and integrity of the data required; and assess the utility and reasonableness of the output.  This makes accountants well placed to advise on aspects of the use of AI. The Code provides some examples of risks and considerations to be managed by professional accountants using AI, including: The data available might not be sufficient for the effective use of the AI tool. The accountant needs to consider the appropriateness of the source data (e.g. relevance, completeness and integrity) and other inputs, such as the decisions and assumptions being used as inputs by the AI. This includes identifying any underlying bias so that it can be addressed in final decision-making. The AI might not be appropriate for the purpose for which the organisation intends to use it. Is it the right tool for the job and designed for that particular purpose? Are users of the AI tool authorised and trained in its correct use within the organisation’s control framework? (One chief technology officer has suggested not only considering the capabilities of the AI tool but also its limitations to be better aware of the risks of something going wrong or where its use may not be appropriate.) The accountant may not have the ability, or have access to an expert with that ability, to understand and explain the AI and its appropriate use.  If the AI has been appropriately tested and evaluated for the purpose intended. The controls relating to the source data and the AI’s design, implementation and use, including user access. So, how does the accountant apply their skills and expertise in this context?  It is expected that accountants will use many of the established skills for which the profession is known to assess the input and interpret the output of an AI tool, including interpersonal, communication and organisational skills, but also technical knowledge relevant to the activity they are performing, whether it is an accounting, tax, auditing, compliance, strategic or operational business decision that is being made.  Data and confidentiality According to the Code, when an accountant receives or acquires confidential information, their duty of confidentiality begins. AI requires data, usually lots of it, with which it is trained. It also requires decisions by individuals in relation to how the AI should work (programming), when it should be used, how its use should be controlled, etc.  The use of confidential information with AI presents several confidentiality challenges for accountants. The Code includes several considerations for accountants in this regard, including: Obtaining authorisation from the source (e.g. clients or customers) for the use of confidential information, whether anonymised or otherwise, for purposes other than those for which it was provided. This includes whether the information can be used for training AI tools.  Considering controls to safeguard confidentiality, including anonymising data, encryption and access controls, and security policies to protect against data leaks.  Ensuring controls are in place for the coding and updating of the AI used in the organisation. Outdated code, bugs and irregular updates to the software can pose a security risk. Reviewing the security certification of the AI tool and ensuring it is up to date can offer some comfort.  Many data breaches result from human error, e.g. inputting confidential information into an open-access web-based application is a confidentiality breach if that information is saved, stored and later used by that application. Staff need to be trained in the correct use and purpose of AI applications and the safeguarding of confidential information. Dealing with complexity The Code acknowledges that technology, including AI, can help manage complexity.  AI tools can be particularly useful for performing complex analysis or financial modelling to inform decision-making or alerting the accountant to any developments or changes that require a re-assessment of a situation. In doing so, vast amounts of data are collected and used by AI, and the ability to check and verify the integrity of the data introduces another level of complexity.  The Code makes frequent reference to “relevancy” in relation to the analysis of information, scenarios, variables, relationships, etc., and highlights the importance of ensuring that data is relevant to the problem or issue being addressed. IESBA was mindful, when revising the Code, that there are various conceivable ways AI tools can be designed and developed to use and interpret data.  For example, objectivity can be challenged when faced with the complexity of divergent views supported by data, making it difficult to come to a decision. AI can present additional complexity for accountants, but the considerations set out in the Code are useful reminders of the essential skills necessary to manage complexity. Changing how we work As well as its hugely beneficial applications in, for example, healthcare and science, AI is proving to be transformative as a source of business value.  With a range of significant new tools launched daily, from personal effectiveness to analysis and process optimisation, AI is changing how we work. These are powerful tools, but with power comes responsibility. For the professional accountant, certain skills will be brought to the fore, including adaptability, change and risk management, and leadership amidst rapidly evolving work practices and business models. Accountants are well placed to provide these skills and support the responsible and ethical use of AI.  Rather than fearing being replaced by AI, accountants can prepare to meet expectations to provide added value and be at the helm of using AI tools for finance, management, strategic decision-making and other opportunities. Michael Diviney is Executive Head of Thought Leadership at Chartered Accountants Ireland Níall Fitzgerald is Head of Ethics and Governance at Chartered Accountants Ireland

With the Central Bank of Ireland’s consultation on the Individual Accountability Framework drawing to a close later this month, Níall Fitzgerald reviews the scope and effectiveness of similar regimes already in place in other parts of the world Following the 2008 financial crisis, global governance and regulatory reforms in the financial services sector have had a significant impact on how financial institutions, such as banks, insurance companies and investment firms, are run.  The EU has been at the forefront of regulatory change in financial services in Ireland since the creation of the Banking Union, which includes the European Supervisory Mechanism, and significant regulatory developments from rule-setters such as the European Banking Authority.  The Central Bank of Ireland has also put in place governance requirements for all financial institutions and implemented fitness and probity standards. These have included regulations requiring minimum competencies for individuals working in certain roles and, in some cases, regulatory pre-approval before individuals can be appointed to certain management positions, such as – to name just a few – board director, head of compliance, head of internal audit and chief risk officer. The proposed Central Bank of Ireland Individual Accountability Framework (IAF) is an extension of the current suite of regulations and efforts to address cultural failings and ensure better governance, performance and accountability among financial services firms.  The IAF is not the first of its kind, however, and while it has some unique features, it also shares similarities with regimes of this nature operating in other parts of the world.  UK: Senior Managers and Certification Regime The UK introduced the Senior Managers and Certification Regime (SM&CR) in 2016. Following a three-phase roll-out over three years, the SM&CR now applies to banks, insurance companies and a large portion of the remaining regulated financial services firms in the UK. This regime introduced: Prescribed responsibilities for certain roles; Requirements for firms to follow when allocating those roles to individuals, including: applying a certification process (up to obtaining pre-approval from the Regulator for an appointment to a role); and  the introduction of individual conduct rules. Hong Kong: Manager-in-Charge Regime In Hong Kong, The Securities and Futures Commission introduced the Manager-in-Charge (MIC) Regime for licensed corporations in 2017.  The regime did not bring in any new sanctions and was implemented by way of circular, rather than legislation, but it provided the regulator with additional powers of enforcement and the ability to hold individuals to account. A key objective of the MIC regime is to enable Hong Kong’s Securities and Futures Commission to assess culture within the licensed organisation.  The regulator attributes non-compliance with elements of the regime – e.g. failure to assess whether individuals have discharged their responsibilities appropriately, as evidence of cultural failings. Australia: Banking Executive Accountability Regime  Australia’s Banking Executive Accountability Regime (BEAR) came into effect in 2018, applying to the directors of, and the most senior and influential executives within, banks and authorised deposit-taking institutions (ADIs). The regime introduced prescribed responsibilities for certain roles, an accountability framework, and a list of accountability obligations, which look a lot like conduct rules.  The regime also introduced a requirement for relevant firms to defer a portion of the variable remuneration of any person found to be non-compliant with the regime until an investigation concludes, whether or not any or all of the remuneration is subject to clawback.  Singapore: Individual Accountability and Conduct Guidelines  The Individual Accountability and Conduct (IAC) Guidelines were introduced in Singapore in 2021. Like the MIC regime in Hong Kong, Singapore’s IAC Guidelines are not supported by underlying legislation and are described as “best practice standards”.  The level of adherence to IAC Guidelines among the financial institutions will impact the Monetary Authority of Singapore’s overall risk assessment of the relevant organisation or individual.  These guidelines focus on embedding a strong culture of responsibility and ethical behaviour by ensuring individual accountability and a supportive governance framework within regulated organisations.  Prevention is better than cure While there are similarities between the accountability regimes outlined above, none is the same.  The instances of enforcement action taken under these regimes are very low and, if prevention is better than cure, this may be a good measure of success.  Just one enforcement action was taken against an individual for non-compliance during the first four years of the UK’s SM&CR, for example. Following a review of Australia’s Banking Executive Accountability Regime, and amid public criticism citing the lack of enforcement action, the Australian government is currently proposing the wider reaching Financial Accountability Regime (FAR).  The FAR contains additional requirements and extends the regime beyond banks to other financial service providers regulated by the Australian Prudential Regulation Authority.  Elsewhere, the United Arab Emirates does not have a specific accountability regime. However, its laws and regulations, which pre-date 2016, give financial services regulators enforcement powers to hold individuals to account and apply sanctions.  Looking at just one member of the United Arab Emirates, Dubai, the Dubai Financial Services Authority has taken enforcement action against 32 individuals since 2016. The majority of these cases have related to individuals providing investment services.  Perhaps it is still too early to reliably judge the effectiveness of these various models of individual accountability regimes.  Sometimes, there is a benefit in not being first past the post in introducing a regime of this nature and being able to stand back and learn from global experiences.  With our Individual Accountability Framework, Ireland is building on a solid foundation of banking regulations and governance requirements. The IAF is only one of many regulatory changes impacting financial services providers. Other requirements on the way include the EU’s Digital Operational Resilience Act (DORA) and the inevitable evolution of governance codes, and other regulations, addressing sustainability and other emerging risks.  World-class standards are laudable, but their true outcome is only evident when we have a high level of public trust and a financial services sector that is efficient and competitive, driving a better future for society and a prosperous economy. Níall Fitzgerald, FCA, is Head of Ethics and Governance at Chartered Accountants Ireland Impact of individual accountability on organisational culture Chartered Accountants Ireland welcomes the timely publication by the Central Bank of Ireland (CBI) of the Individual Accountability Framework (IAF) draft regulations and guidance, and the certainty of action required for Irish financial services firms, writes Níall Fitzgerald.  The framework contains measures, including conduct standards and prescribed responsibilities, designed to enhance customer-focused cultures and embed responsibility and ethical behaviour across financial services in Ireland.  While it promotes the necessity for cultural change, the CBI agrees that more is required to achieve this. Insights from the introduction of similar measures in other jurisdictions show that an individual accountability regime better impacts on organisational culture when supported by: Promoting individual accountability but emphasising collective decision-making Being accountable as individuals for actions and behaviour is not new. Professionals are accountable to codes of ethics. There are also many laws and regulations that hold individuals accountable for their roles in an organisation, such as fiduciary duties of directors. However, many organisations thrive on collaboration, teamwork and diversity, which improve collective decision-making. Individual accountability is not designed to override this, and emphasising other positive behaviours, such as these, supports the objectives of the IAF. Promoting a ‘just culture’ and avoiding a ‘blame culture’ A blame culture focuses on identifying culprit/s, penalising them, and moving forward on the assumption that the same issue/s won’t happen again, because an example has been set.  A just culture acknowledges that mistakes and underperformance can occur, but that both are better addressed by reflecting on what went wrong and focusing on what can be learned to improve future outcomes.  Individual accountability exists in both scenarios, but the latter will have a more positive impact amongst the workforce, helping to achieve the objectives of the IAF. Promoting trust and integrity Certain informal reactions to a regime such as the Individual Accountability Framework can undermine its objectives. In some jurisdictions individuals with prescribed responsibilities prepare personal compliance files, for example, privately maintained outside of the firm’s documentation system.  A ‘cover your actions’ (CYA) approach has developed in these jurisdictions, whereby there is a tendency to give advice formally (e.g. in writing), which would differ if given informally (e.g. verbally).  Notwithstanding the risk of breaching privacy and confidentiality rules, these informal practices are indicative of low levels of trust and integrity within a firm.  Embedding a culture of psychological safety can deter this risk and foster greater trust within the organisation.