The End of Self-Regulation For CPA’s

The CPA (Certified Public Accountant) profession spent a hundred years arguing it could police itself. The argument is over. It was lost one restatement at a time.

Self-regulation works when three conditions hold. The profession knows more than its regulators. Its interests align with the public’s. The cost of being wrong is borne by the professional, not the public. Break one and self-regulation becomes a license to extract. Break all three and it becomes the mechanism of extraction.

Look at the CPA wreckage. Enron and Andersen, a Big Five firm dissolved because audit was compromised by consulting fees from the same client. SOX (Sarbanes-Oxley) was the answer, and the PCAOB (Public Company Accounting Oversight Board) was created because peer review failed. WorldCom, Tyco, HealthSouth, all sailed through audits before collapse. Wirecard, where EY signed clean opinions on a billion euros that did not exist. Carillion under KPMG. Steinhoff under Deloitte. Luckin. Theranos. PCAOB inspections show deficiency rates above 30% at some Big Four firms, one in three audits failing, year after year, without consequence.

Now look at AI. The same conditions are breaking. Labs claim regulators cannot understand the technology. Labs claim alignment matches public safety, it does not, because speed-to-market is real and safety is theoretical. The cost is borne by the public, whose data trained the models, whose jobs are displaced.

The oversights already fill a hearing room. Models released without disclosed training data. Safety teams gutted at every major lab. CSAM (child sexual abuse material) in training data, acknowledged only after researchers proved it. Voice cloning weaponized for wire fraud. Agentic systems given the ability to execute code, send email, move money, with no equivalent of a SOC 2. Models giving legal, medical, financial advice while the model requires nothing.

And independence, please. The CPA is paid by the firm they audit, by definition a conflict. And this comes as the industry builds its own AI to replace junior staff and licenses software to clients to perform services traditionally performed by people. The same firm builds the model, sells it to the client, and signs the opinion on the financials the model produced. Who audits the auditor’s algorithm? Cough, Soc report anywhere?

Nobody audits it because nobody is required to, because the profession that would be required is the profession selling it. There is so much conflict of interest here you loose track of all the different ways that the CPA firms are compromised. They will not survive what comes next, complete loss of customers trust as they facilitate the next market crash brought on by the AI bubble. 

Ever ask why CPA firms don’t have or require other CPA firms to have a SOC report?