What is AI governance for audit and remuneration committees?

It is committee-level oversight of how AI affects controls, assurance, financial reporting judgement, remuneration decisions, workforce risk and accountability.

Why does the audit committee need to ask about AI in 2026?

Because AI can affect the evidence, estimates, controls and assurance work that support financial reporting and risk oversight, including the board's Provision 29 declaration.

Why does the remuneration committee need to ask about AI?

Because AI can influence pay benchmarking, performance metrics, workforce analytics and management incentives, all of which need human judgement, fairness checks and committee discretion.

Should AI governance sit only with the technology team?

No. Technology teams may operate AI systems, but committees oversee the controls, assurance, incentives and accountability that determine whether those systems are governed well.

AI Governance in Audit and Remuneration Committees: Key Questions for 2026

AI governance for audit and remuneration committees means board-level oversight of how AI affects controls, assurance, reporting judgement, pay decisions and workforce risk. In 2026, the useful question is not whether the company uses AI; it is where AI changes a committee's evidence, discretion, accountability or control environment, and who can prove those controls work.

Key takeaways

Provision 29 of the 2024 UK Corporate Governance Code applies to financial years beginning on or after 1 January 2026, so boards need stronger evidence over material controls, according to the Financial Reporting Council.¹
The audit committee should ask where AI affects financial reporting, audit evidence, estimates, controls testing, fraud risk and assurance quality.
The remuneration committee should ask whether AI affects pay benchmarking, performance metrics, workforce analytics, incentive design or the use of discretion.
NIST's AI Risk Management Framework organises AI oversight around govern, map, measure and manage; those four words make a useful board-level test.²
If AI processes personal information, the ICO expects UK GDPR governance, accountability and fairness controls to be built into the system, not added after deployment.³

Why does AI governance now sit with audit and remuneration committees?

AI governance sits with audit and remuneration committees because AI now touches the evidence those committees rely on. Audit committees depend on reliable controls, estimates, audit evidence and reporting judgement. Remuneration committees depend on reliable performance measures, workforce insight, pay benchmarking and discretion.

The board still owns overall oversight, but committee work is where AI risk becomes specific. A full-board AI paper can describe policy. An audit committee has to ask whether an AI-assisted revenue forecast changes the control environment. A remuneration committee has to ask whether AI-assisted performance scoring creates an incentive the board did not intend.

That distinction matters in 2026. The FRC's revised UK Corporate Governance Code raises the evidential burden around risk management and internal controls for financial years beginning on or after 1 January 2026.¹ AI governance is no longer a general-interest item for the annual strategy day. It is part of the evidence base committees need before they sign off their own responsibilities.

What should the audit committee ask first?

The audit committee should start by asking where AI changes financial reporting evidence, management judgement or material controls. The first question is not technical. It is whether an AI system has become part of the chain that produces, reviews or assures numbers the board relies on.

Useful audit committee questions include:

Which financial reporting processes now use AI, including forecasting, variance analysis, anomaly review or narrative reporting?
Which of those processes affect material controls or significant management judgements?
Who validates AI-assisted outputs before they reach management, auditors or the board?
What evidence shows that AI-generated analysis is complete, accurate and explainable enough for assurance work?
Where could AI make fraud, bias, model drift or over-reliance harder to detect?
How has the external auditor assessed AI use in the audit or in the company's reporting process?

The FRC's 2026 material on AI in audit focuses on practical risks and mitigations around AI use, including where professional judgement and audit quality can be affected.⁴ That is the audit committee's cue: do not ask only whether AI is efficient. Ask whether it changes the assurance file, the control owner, or the quality of challenge.

Richard Moriarty, Chief Executive of the FRC, has described AI in audit as a "wake-up call, not a death knell" for the profession.⁵ The same is true for audit committees. AI does not remove the need for judgement; it makes the committee's evidence for judgement more important.

What should the remuneration committee ask first?

The remuneration committee should start by asking whether AI affects pay evidence, performance assessment or workforce incentives. Remuneration is not just a reward process; it is one of the board's strongest signals about behaviour, risk appetite and long-term value.

Useful remuneration committee questions include:

Are AI tools used in executive pay benchmarking, job evaluation, performance scoring or succession analysis?
Are any incentive metrics now partly produced or interpreted by AI-assisted models?
Could AI adoption targets reward speed, cost reduction or automation before control quality is mature?
Has management tested whether AI-assisted workforce tools create unfair or unexplained outcomes?
Does the committee retain enough discretion to override formulaic results where AI-influenced measures produce an outcome that feels wrong?
Are workforce AI policies consistent with culture, inclusion and the company's stated values?

The UK Corporate Governance Code expects remuneration policies and practices to support long-term sustainable success, and it expects boards to retain judgement rather than follow formulae blindly.¹ That principle applies directly to AI. If AI affects the evidence behind pay, the remuneration committee needs to know how that evidence was produced and when it should be challenged.

How should committees divide the work?

Audit and remuneration committees should divide AI governance by decision type, not by technology label. The same AI system can create different oversight questions for different committees, so the board needs a clear routing model.

AI governance question	Primary owner	Why it matters
Does AI affect material controls or reporting judgement?	Audit Committee	Controls and assurance evidence sit within the audit committee's remit.
Does AI affect executive metrics, pay benchmarks or workforce analytics?	Remuneration Committee	Incentives and workforce fairness sit within remuneration oversight.
Does AI affect strategy, risk appetite or ethics?	Full board	The board owns the overall risk and opportunity frame.
Does AI process personal information or create fairness risks?	Audit, Remuneration and board, depending on use	The ICO treats AI governance and accountability as part of UK GDPR compliance.³
Does AI create EU regulatory exposure?	Board, with committee input	The EU AI Act is phasing in obligations, with broad application from 2 August 2026.⁶

The point is not to create a new committee for every AI issue. The point is to stop AI issues from falling between committees because everyone assumes the technology team has it covered.

What evidence should a NED ask for?

A NED should ask for evidence that proves AI is governed in the same way any material business risk is governed: ownership, controls, assurance, escalation and board-level judgement. Policy wording is not enough.

Ask management for a short evidence pack covering:

AI inventory: the AI systems used in reporting, audit support, workforce processes, pay decisions and board reporting.
Risk classification: which uses are material, high impact, externally regulated or connected to personal information.
Control ownership: who owns the process, who validates outputs and who can stop use if controls fail.
Assurance plan: what internal audit, external audit, legal, compliance or risk work has tested the system.
Human judgement points: where humans are expected to challenge, override or approve AI-assisted outputs.
Incident and escalation route: how errors, bias, drift or unexplained outcomes reach the committee.
Director-ready summary: what has changed since the previous meeting and what decision is being requested.

NIST's AI Risk Management Framework is useful because it avoids vague comfort language. Its functions - govern, map, measure and manage - translate well into committee questions: who governs this, what has been mapped, how is it measured, and what happens when it needs managing?²

What are the signs that AI governance is weak?

Weak AI governance usually shows up as uncertainty about ownership, evidence or escalation. The risk is not that the board lacks a technical explanation. The risk is that no one can explain who is accountable for an AI-assisted decision the committee is being asked to trust.

Watch for these warning signs:

AI use appears in management papers but not in the risk register.
Management describes productivity benefits but cannot describe controls.
The audit committee sees AI-assisted analysis but no validation evidence.
The remuneration committee sees AI-assisted workforce analysis but no fairness or bias testing.
No one can distinguish experimental AI use from business-critical AI use.
AI issues are routed to technology teams even when they affect reporting, pay or workforce decisions.
Committee papers use AI output as evidence without saying how it was reviewed.

The ICO's AI and data protection guidance is clear that accountability, fairness and risk assessment matter where AI processes personal information.³ For committees, that means asking for proof. A dashboard is not evidence unless the committee knows how the numbers were generated, reviewed and challenged.

What should go into the 2026 committee calendar?

The 2026 committee calendar should include AI governance at the points where committees already make decisions. Do not add a generic AI item that everyone can admire and ignore. Attach AI questions to controls, audit planning, pay metrics, workforce oversight and annual reporting.

A practical calendar could look like this:

Committee cycle	AI governance item	Output
Audit planning	AI use in finance, reporting and audit evidence	Agreed assurance questions for internal and external audit.
Internal controls review	AI impact on material controls and evidence quality	Control ownership and testing plan for Provision 29 evidence.
Half-year reporting	AI-assisted judgements, estimates or variance analysis	Committee challenge record and management response.
Remuneration policy review	AI impact on pay benchmarks, metrics and discretion	Documented decision on where human judgement overrides AI-assisted inputs.
Workforce/culture review	AI in recruitment, performance, scheduling or productivity monitoring	Fairness, transparency and escalation questions for management.
Annual report preparation	AI governance disclosure, if material	Clear wording on oversight, accountability and assurance.

This is manageable because it uses existing committee rhythms. AI governance becomes a sharper way to ask familiar questions: what evidence do we have, who owns the risk, and how do we know the controls work?

The central answer for 2026

AI governance is now a committee discipline. Audit committees need to know where AI changes controls, assurance and reporting judgement; remuneration committees need to know where AI changes incentives, workforce analysis and discretion.

The strongest NED question is simple: where has AI entered the evidence chain, and who can prove that the controls around it work?

For more governance-focused preparation, explore meetinginsight.ai or read the related governance articles on the blog.

Notes

Footnotes

Financial Reporting Council, UK Corporate Governance Code 2024. Provision 29 applies to financial years beginning on or after 1 January 2026; the Code also sets board and remuneration expectations around controls, long-term success and judgement. https://www.frc.org.uk/library/standards-codes-policy/corporate-governance/uk-corporate-governance-code/ ↩ ↩² ↩³
National Institute of Standards and Technology, AI Risk Management Framework 1.0 and AI RMF Playbook. The framework uses Govern, Map, Measure and Manage as its core functions. https://www.nist.gov/itl/ai-risk-management-framework and https://airc.nist.gov/airmf-resources/playbook/ ↩ ↩²
Information Commissioner's Office, Guidance on AI and data protection. The guidance covers accountability, governance, fairness and risk assessment where AI systems process personal information. https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/artificial-intelligence/guidance-on-ai-and-data-protection/ ↩ ↩² ↩³
Financial Reporting Council, AI in Audit. The FRC guidance discusses AI use in audit and practical risks and mitigations for firms and auditors. https://www.frc.org.uk/library/standards-codes-policy/audit-assurance-and-ethics/guidance/ai-in-audit/ ↩
Financial Reporting Council LinkedIn post summarising Richard Moriarty's comments on AI in audit judgement, 2026. https://www.linkedin.com/posts/financial-reporting-council_ai-will-not-replace-auditors-judgment-says-activity-7440380347088830464-53fA ↩
European Commission, AI Act. The EU AI Act entered into force in 2024 and is phasing in obligations, with broad application from 2 August 2026. https://digital-strategy.ec.europa.eu/en/policies/regulatory-framework-ai ↩

AI governance questions for audit and remuneration committees in 2026