When the PCAOB announced the agenda for its upcoming Standards & Emerging Issues Advisory Group (SEIAG) meeting, featuring dedicated sessions on Artificial Intelligence and Cryptocurrency, its relevance reached far beyond the US market. For UK organisations operating globally, relying on US investors, or aligning with international assurance standards, these emerging tech priorities signal a wider shift in audit expectations and regulatory scrutiny.
UK businesses, especially those publicly listed, cross listed, or supplying to US regulated entities, must now consider how AI and crypto exposures map against their ITGC, SOX equivalent controls, and wider governance frameworks. Even for organisations not directly under PCAOB oversight, the agenda highlights a clear trend: emerging technologies are rapidly becoming mainstream audit concerns.
AI Risk in a UK Context
With UK organisations accelerating adoption of AI and automation across operations, customer services, decision support and internal processes, the associated risks are no longer theoretical. The PCAOB’s focus mirrors concerns raised domestically by the UK’s own regulatory bodies, including the ICO, FCA and the emerging UK AI governance initiatives.
Audit considerations for UK companies now include;
AI model governance and explainability under UK regulatory expectations,
Data lineage and integrity for machine-learning pipelines,
Accountability for automated decision-making under UK GDPR,
Model change logging, testing and fallback controls.
These elements are increasingly relevant to UK audit committees and internal audit teams, regardless of sector.
With the FCA increasing scrutiny of crypto asset promotions, custody and operational resilience, UK internal audit and technology risk teams must ensure their controls keep pace, not just for compliance, but for assurance maturity as well.
Why UK Audit & Risk Teams Must Take Note
Although the PCAOB is a US regulator, global audit practice tends to harmonise. Signals from US oversight bodies frequently cascade into UK and EU governance expectations, especially for multinational organisations or those adopting COSO, COBIT, NIST or ISO frameworks.
UK organisations should respond by;
Updating emerging, tech risk registers to explicitly include AI/crypto exposures,
Refreshing ITGC scoping to reflect evolving systems, models and data pipelines,
Including AI/crypto themes in annual internal audit planning,
Briefing audit committees and boards on regulatory momentum abroad and at home,
Call to Action
The PCAOB’s agenda is a strong indicator of where global audit expectations are heading. For UK organisations aiming to stay audit ready, competitive and resilient, emerging technology governance must now be integrated into core risk and assurance routines.
If your organisation isn’t yet evaluating AI or crypto within its ITGC or audit framework, now is the time to act. Strengthening your governance today will help you meet tomorrow’s standards with confidence.
