Oversight of the risks and opportunities presented by artificial intelligence (AI) is one of the key challenges facing audit committees.  From March to June 2025, Tapestry Networks (Tapestry) convened six in-person meetings of its U.S. audit committee network to discuss the role of the board in ensuring that AI is implemented responsibly and consistent with long-term value creation. Tapestry’s audit committee network, which is organized and supported by Ernst & Young, is a group of audit committee chairs of North American companies.  The six AI meetings included both audit committee chairs and guests, such as executives, academics, and technical experts.  Artificial intelligence and the board: what audit committees need to know, a publication in Tapestry’s ACN Viewpoints series, summarizes the discussion at these sessions and suggests questions audit committees may want to consider as they come to grips with the complexity of AI oversight.

Four Discussion Themes

Tapestry’s report addresses four themes that emerged from the audit committee network meetings and related conversations.

1. Technology tools deliver the most value when aligned with business strategy.

Companies are integrating AI into business processes, but are at different stages of implementation. “During this early transition period, the key question is not where AI can be applied, but rather where and why it should be applied, especially when not every task or function is ripe for automation.”  Successful AI implementation requires identifying a problem space (i.e., a challenge or opportunity where AI can create value), understanding available AI capabilities, and weighing the trade-offs between off-the-shelf and custom-built AI solutions.  Strong data practices, including governance, the handling of unstructured data, limiting access, and educating employees, are critical for effective AI adoption. 

2. Rapid change prompts deeper board engagement across functions.

AI is moving from experimentation to enterprise-wide impact. This rapid evolution is forcing boards to engage with the broader implications of AI implementation.  Participants discussed key themes that have emerged from this shift:

• The right guardrails are essential to managing risks.  Audit committee chairs are focused on managing risks such as bias, fairness, data quality, and privacy.  “Risk mitigation strategies include employee training, board-management alignment, and technical testing (such as penetration tests).”

• Boards see potential not just to automate but also to explore completely new opportunities.  Many participants see AI as an enabler of productivity, creativity, and competitive advantage.

• Workforce strategies are evolving to meet new needs.  Workforce strategies are shifting to include retraining employees and creating new roles to manage AI-related tasks. “Rather than merely eliminating jobs or job categories wholesale, companies are upskilling current employees or hiring new talent.”

• Companies are preparing for regulatory shifts. The AI regulatory landscape is fragmented, especially in the US. Some companies are aligning with EU standards in anticipation of global harmonization. 

3. Oversight responsibilities are shifting as governance policies evolve.

Companies are experimenting with new AI oversight models. Participants discussed how AI is changing expectations regarding the audit committee’s role and leading to changes in board structure.  AI oversight can extend beyond the audit committee. Some boards have shifted AI oversight to other committees that have relevant expertise.  One participant observed: “If you think about all the other responsibilities that audit committees have, when we are dealing with issues of this complexity that are potentially existential, it strikes me that the audit committee is totally inadequate.”  Participants also pointed out that effective oversight requires human judgment and clear policies. Directors can add value to the evolving oversight model by asking questions and engaging in dialogue with technology leaders.

4. Audit committees are encouraging curiosity and exploring how to support innovation.

Companies must act now to establish AI governance structures and to build the capacity to test and learn responsibly.  Audit committees should foster a culture of AI experimentation while ensuring appropriate guardrails.

• Create space for experimentation. “Boards should ensure management strikes the right balance with safety nets, such as updated crisis response plans and open lines of ongoing communication.” 

• Think about new roles.  Boards should “consider new structures for managing AI-related risk, especially emerging, less-defined risks that fall outside traditional oversight.”

• Start now.  “Companies that lag in technology must act quickly to narrow the gap.”

AI and External Audits

Tapestry’s report also includes comments on the integration of AI tools into audits. These tools include “code readers, disclosure checklists, policy search tools, and risk benchmarking systems.”  In addition, audit firms “are increasingly leveraging internal models to analyze client data for anomalies, accelerate testing, and identify targeted risks.” Tapestry suggests that audit committees ask their auditors the following questions regarding their use of AI:

•         How is AI used in our audit?

•         What productivity or quality gains are expected, and how are they measured?

•         How is our company data being protected?

•         How does AI change the way risks are identified or addressed in the audit?

Reflection Questions for Audit Committees

Tapestry’s report concludes with eleven “reflection questions” that audit committees may want to explore as part of their oversight of the company’s AI initiatives:

• How does your company currently use AI? Which business functions are implementing AI tools? Which use cases have delivered the most value so far?

• Who is responsible for AI oversight in your company? What about at the board level? What role does the audit committee play in overseeing AI?

• What steps is your company taking to ensure data quality, privacy, and governance as AI adoption grows? Are internal data-governance programs in place? How is unstructured data being addressed?

• How are audit committee agendas evolving with AI? Is AI a standing topic?

• How are your board and committees staying informed about AI developments? What steps are being taken to build AI fluency at the board level (e.g., training, advisory support)?

• How are your external auditors using AI in their work? What new AI-related tools are they introducing, and how is your company managing the associated data risks?

• How is your company preparing for the evolving regulatory landscape around AI?

• What are the biggest risks your company sees with AI adoption, and how are they being mitigated? Where do they sit in the broader risk framework?

• What oversight mechanisms exist for reviewing and approving AI use cases? Is there a formal governance body or review process for new AI applications?

• How is your board thinking about emerging AI-related roles and talent needs?

• Is your company creating space for safe experimentation with AI? How are you balancing innovation with control? 

Audit Committee Takeaways

The Tapestry report provides insight into how AI is reshaping corporate governance, risk oversight, and strategic decision-making as it becomes a key part of many business functions. Audit committees that are just beginning to consider the ramifications of AI may find the report particularly useful since it reflects the views of audit committee members who have already had experience with this evolving responsibility. Committees may want to consider the suggestions in the report on aligning AI tools with business strategy and on establishing governance mechanisms. The report’s reflection questions could also be useful in helping audit committees assess their organization’s AI readiness, oversight frameworks, and AI culture. Audit committees that are interested in this topic may also want to review PwC’s suggestions on AI oversight.  See PwC on Audit Committee Oversight of AI, June-July 205 Update.