Enhancing Confidence in AI through Assessments

by | Feb 25, 2026 | Accounting, Artificial Intelligence (AI), Income Tax, Tech News

As artificial intelligence (AI) scales across the global economy, the need to ensure its safe, reliable, and effective deployment has become paramount. While the potential economic impact is substantial—with generative AI alone projected to add up to US$3.4 trillion to global GDP by 2033—the risks are equally significant. The Organisation for Economic Co-operation and Development (OECD) reported a twenty-fold increase in the monthly average of harmful AI incidents between November 2022 and January 2025.

In response, a new technical discipline is emerging: AI assessments. These structured evaluations are designed to build the confidence necessary for businesses, policymakers, and the public to realize AI’s full potential. A joint report by EY and ACCA provides a comprehensive framework for understanding, implementing, and governing these critical assessments.

This technical note outlines the key findings of the report, including the taxonomy of AI assessments, the current policy landscape, and the foundational elements required for effective and credible evaluation.

The Three Pillars of AI Assessments

The report identifies three distinct but complementary categories of AI assessments that organizations can use separately or in combination:

  1. Governance Assessments

    • Focus: Evaluating the internal corporate governance structures surrounding AI systems.

    • Subject Matter: Policies, processes, personnel, and risk management frameworks. This assesses whether an organization has the foundational controls to manage AI risks, suitability, and reliability.

  2. Conformity Assessments

    • Focus: Determining compliance with applicable laws, regulations, and standards.

    • Subject Matter: The AI system’s adherence to a defined set of legal or regulatory requirements, such as those found in the EU AI Act or local bias laws.

  3. Performance Assessments

    • Focus: Measuring the quality of an AI system’s core functions.

    • Subject Matter: Quantitative metrics like accuracy, non-discrimination, and reliability. This assessment validates whether the system performs as intended against predefined quality benchmarks.

The Evolving Policy Landscape

Policymakers globally are actively developing frameworks that incorporate these assessments, leading to a complex and rapidly evolving landscape. As of January 2025, nearly 70 countries have proposed over 1,000 AI policy initiatives.

Key themes observed across these initiatives include:

  • Regulatory Fragmentation: There is significant variation in the scope, subject matter, and methodologies of assessments across jurisdictions. For example, the EU AI Act focuses on conformity assessments for high-risk systems, while NYC Local Law 144 mandates a specific “bias audit” for automated employment decision tools.

  • Voluntary vs. Mandatory: Frameworks range from voluntary standards like Singapore’s AI Verify and the NIST AI Risk Management Framework to mandatory requirements like those in the Colorado AI Act and the EU’s Digital Services Act.

  • Diverse Terminology: Terms such as “AI audit,” “assurance,” “impact assessment,” and “safety testing” are often used interchangeably but can have distinct meanings depending on the context, leading to potential confusion.

Challenges to Effectiveness

Despite the momentum, the report identifies several common challenges that hinder the robustness and effectiveness of current AI assessments:

  • Ambiguity: A lack of clear definition regarding the purpose, subject matter, and methodologies of assessments can lead to misaligned expectations and inconsistent outcomes.

  • Inconsistent Terminology: Subjective and loosely defined terms like “fairness” or “trustworthiness” can be interpreted differently, making assessments difficult to compare or validate.

  • Technological Complexity: The inherent nature of AI, including model drift and integration into complex ecosystems, complicates assessments. Determining the appropriate period of relevancy for an assessment result is a non-trivial technical challenge.

  • Provider Qualifications: There is a shortage of professionals with the necessary blend of technical AI knowledge, assessment competency, and ethical/regulatory understanding.

The Path Forward

To address these challenges and build a foundation of trust, the report recommends that all AI assessments be built on three clearly defined, fundamental elements:

1. What is to be Assessed?

  • Clear Objective: Every assessment must have a well-specified business or policy purpose to guide its scope and methodology.

  • Defined Scope: The assessment must clearly articulate its subject matter (e.g., the entire system, the model, or just its outcomes) and the type of assessment being performed (governance, conformity, or performance).

2. How to Perform the Assessment

  • Methodology & Criteria: Assessments must utilize clearly defined and consistent methodologies. The report highlights existing standards like ISAE 3000 (Revised)—a principles-based standard for assurance engagements—as a suitable foundation. Methodologies can also include techniques like formal verification, red teaming, and quality assurance. The criteria for evaluation must be relevant, objective, measurable, and complete to ensure comparability.

3. Who Performs the Assessment

  • Competency: The provider must possess the necessary technical AI knowledge and assessment expertise.

  • Objectivity: The provider must demonstrate the absence of conflicts of interest to ensure credibility.

  • Professional Accountability: Adherence to established ethical codes (such as the IESBA Code of Ethics for the accountancy profession) and transparent reporting practices is essential for stakeholder confidence.

Considerations for Business Leaders and Policymakers

The report concludes with targeted recommendations for key stakeholders:

For Business Leaders:

  • Leverage Assessments for Governance: Use AI assessments not just for compliance, but as a tool for corporate governance and risk management.

  • Consider Voluntary Assessments: Even without regulatory requirements, voluntary assessments can build trust with employees, customers, and investors.

  • Select the Right Assessment Type: Determine whether a governance, conformity, or performance assessment—or a combination—is most appropriate for your needs and whether it should be conducted internally or by an independent third party.

For Policymakers:

  • Clarify Purpose and Components: Clearly define the objectives and structure of assessment frameworks to set realistic expectations.

  • Build Market Capacity: Work with professional bodies to develop a pipeline of qualified assessment providers through accredited training and quality criteria.

  • Promote Alignment: Wherever possible, endorse assessment standards that are compatible with those in other jurisdictions to reduce costs and foster cross-border trust in AI systems.

Conclusion

AI assessments are rapidly becoming a cornerstone of responsible AI adoption. By moving beyond a compliance checklist and embracing a structured approach that clearly defines the what, how, and who of evaluation, organizations and governments can build the robust foundation of trust needed to safely and effectively unlock the transformative power of artificial intelligence.

Source: ACCA EY report 18 Sep 2025, 25 February 2026