The Near-Miss That Happens at Every Firm
A controller opens a tax memo her junior just drafted with AI. She's ready to send it to the client. She reads the first cited source. She searches the database. The citation doesn't exist. The AI made it up.
She stops, rewrites the section manually, flags the error in her notes and sends the corrected memo instead. Crisis averted. But the real question is harder: How many other firms didn't catch it in time?
KPMG's Report Had 40 Fake Citations
In October 2025, KPMG released a major report on AI and the future of business. The report sounded authoritative. It cited research, studies and data points throughout. Then someone checked the citations. 40 out of 45 were fabricated. The AI that wrote the report had made up sources.
Going Concern reported the story on June 16. GPTZero, a citation validation tool, found the hallucinations. KPMG removed the report from their website. But the damage was done. The report had already circulated to clients, partners, and competitors.
This is not a KPMG problem. It's an accounting problem. If KPMG didn't catch it, what prevents any firm from shipping hallucinated claims to clients?
What Does "Hallucination" Actually Mean?
Here's the plain truth about AI hallucination. AI learns from patterns in text. When you ask it a question, it predicts the next word, then the next word, building a sentence. This works great for writing and explaining. It fails when the pattern predicts a source or statistic that sounds real but doesn't exist.
The AI doesn't "lie" on purpose. It doesn't know the difference between a real citation and a fabricated one. It only knows that citations sound like this: "[Author Name], [Publication], [Date]." It generates text that matches that pattern. It feels confident. It sounds real. But it might be completely made up.
In accounting, this is a catastrophic failure. A tax memo with fabricated citations to IRS rulings is not just wrong. It's a liability. An audit memo with fake source citations might hide a control gap. A client letter citing research that doesn't exist damages trust and creates exposure.
Nexairi Dispatch
Get the next AI move before it turns into a workflow problem.
Join the free newsletter for concise AI news, practical checklists, and the decisions practitioners need to make next.
Free. No spam. Unsubscribe anytime.
AI Adoption in Accounting Is Rapid. Verification Workflows Aren't.
AI adoption in accounting firms exploded. In 2024, 8% of firms used AI. By 2026, that number hit 40%. Tax professionals are using AI for research. Audit teams are using it for documentation. Accountants are using it for close procedures and memo drafting.
But here's the problem. Only 42% of organizations can audit their own AI-made decisions. That means most firms have no way to explain how the AI reached its conclusion or whether it cited real sources. Most firms don't have a verification step in their workflow before client work ships.
The gap between adoption and verification is growing. Fast AI adoption without verification procedures is a liability waiting to happen.
The 3-Step Verification Gate Your Firm Needs
This doesn't require expensive software or months of setup. It requires a workflow. A process. A gate that every AI-drafted client deliverable passes through before it goes out the door.
Step 1: Flag All AI Sources Before Packaging
When you draft client work with AI, mark which sections are AI-generated. Use a simple tag or comment. "AI SOURCED" in the draft. This is your signal that human review is required before sending. This is not delegation. This is a control marker.
Why? Because you can't verify what you haven't marked as needing verification. By flagging AI sections upfront, you create a clear protocol: AI content gets reviewed. Everything else follows normal procedures.
Step 2: Spot-Check Citations Against Primary Sources
You don't review every sentence. That's not scalable. You sample. Pick 3-5 claims in each AI section. Check them. Pull the actual source. Read it. Confirm the citation matches. Does the source actually say what the AI claims it says?
Keep a simple checklist. Source exists? Check. Claim matches source? Check. Date is correct? Check. You're not fact-checking every detail. You're testing the AI's citation accuracy. If 80% of sampled claims check out, you have a data point on reliability.
Step 3: Document the Review in Your Audit Trail
This is the one step most firms skip. They review. They approve. They send. But they don't document who reviewed, what was checked, and what was approved. That's a liability gap.
Add a simple note to the work papers. "AI draft reviewed by [name] on [date]. Spot-check of X claims completed. 3 citations verified against primary sources. Discrepancies corrected. Client version approved." That's your audit trail. That's your proof you ran the gate.
| Verification Gate | What You Do | Time Investment | Liability Reduction |
|---|---|---|---|
| Step 1: Flag AI Sources | Mark AI-generated sections in draft before sending | 2 minutes per deliverable | Creates clear control checkpoint |
| Step 2: Spot-Check Citations | Verify 3-5 key claims and sources against originals | 10-15 minutes per deliverable | Catches hallucinations before client sees them |
| Step 3: Document Review | Log reviewer name, date, what was checked in work papers | 5 minutes per deliverable | Proves due diligence in audit trail |
Why Control Procedures Matter Before Your Next Miss
KPMG's hallucinated report is not an outlier. It's a warning. As more firms adopt AI without verification workflows, the probability of a hallucination reaching a client increases. The cost of that event is high: reputation damage, malpractice exposure, regulatory questions from state boards.
The 3-step gate isn't a burden. It's basic due diligence. It's the same control principle that applies to any work product: AI produces, human reviews, process is documented.
Why This Matters More Than AI Speed
The appeal of AI is speed. You draft a tax memo in 10 minutes instead of an hour. You summarize audit findings in 5 minutes instead of 20. The time savings are real. But those savings are only valuable if the output is accurate. A fast hallucinated memo is slower than a slow correct one. It has to be redone, client trust has to be repaired, and work papers have to be revised.
The control gate adds 15-20 minutes to a deliverable that might take 1-2 hours total. That is not a speed penalty. That is professional liability management.
Test Your Current Process This Week
Pull a recent AI-drafted section from your files. Don't use a new one. Use something from the past two weeks that went to a client. Count how many claims are unsourced or taken from the AI without your verification. Check one of the citations. Does it match the original source? Is it even real?
If you find unverified claims or broken citations, you've found your gap. That's where the control procedure goes. That's where the risk lives.
If you don't have a written procedure yet, write the 3 steps down this week. Add them to your engagement checklists. Train your team on the gate. Run the first test audit next week. You don't need KPMG's scale to have KPMG's problem. And you don't need KPMG's gap to avoid it.
Sources
Related Articles on Nexairi
Free Assessment
Is your firm ready for AI?
A 5-minute governance check for CPA firms using ChatGPT, Copilot or AI accounting software. Get your score and your top gaps — free.
Sydney Smart is a Certified Public Accountant, Fractional CFO, and Controller with over 17 years of experience across public accounting and corporate finance. She holds a Master's degree in Taxation from Georgia State University, is a licensed CPA through the Georgia Society of CPAs, and is a certified QuickBooks Pro Advisor. Sydney spent 13 years as a Senior Tax Manager at Hungeling CPA preparing and reviewing hundreds of tax returns annually for corporate, partnership, and individual clients before moving into corporate controller roles. As Founder of Simply Smart Consulting, she partners with founders and growth-focused businesses to build financial systems that scale — budgeting, cash flow forecasting, GAAP compliance, and real-time KPI reporting. She reviews Nexairi's accounting and finance coverage to ensure accuracy for the CPAs, CFOs, and operators who rely on it.
