AI that does not compromise your independence.
An AI tool that is itself a third-party service is, on most readings, a self-review threat. Aethos is not a service. It is software the firm owns — operated under the same independence safeguards as the rest of the engagement file.
Working-paper-grade audit log. Tax code and standards always current. Client data never leaves the firm.
You.
A portrait of the practiceA practice governed by professional standards.
You are a statutory audit firm, a tax practice, an advisory boutique, or an internal-audit function inside a larger organisation. Your work is governed by ISA, IFRS, the national GAAP, and a tax code that changes every fiscal year. The IFAC Code of Ethics and your national institute's rules — KWT, ICAEW, AICPA, IDW, OEC, KPC — bind you on independence and quality control.
Your engagement files are the working papers, retained for seven years or more, and inspected by the audit oversight body on a defined cycle. The associates already use generative AI informally; the partners know it. The technical director wants a defensible tool the engagement quality reviewer can also defend. The next peer review will look at it.
What's on your desk today.
Three pressures · audit-gradeEach of these is being asked by the technical director, the engagement quality reviewer or the inspection regulator — and they each want it in writing.
A shared AI vendor is a self-review and management threat in waiting.
If the firm uses a public-cloud AI in an audit, and that AI processed audit-client data in training or memory, the analysis under IFAC Code 120, 320 and 600 starts looking uncomfortable. Independence is a question of facts and appearances. The appearance of dependence on a third-party processor is itself the problem.
"I asked a chatbot" does not go in a working paper.
ISA 230 expects the working paper to record the basis of the conclusion. ISA 220 (revised) expects evidence of how the engagement was supervised and reviewed. The audit trail of a public chatbot is not auditable by the firm itself, let alone the inspection regulator. A defensible AI tool must produce its own working-paper-grade trail.
Every year the tax code, IFRS and ISA all move.
National tax code amendments, IFRS interpretations, ISA revisions, anti-avoidance rules, ESRS reporting standards — all change at least annually, often more. Keeping every senior associate current on every change is unsolved. Tax-tech indexes the surface; it does not retrieve the reasoning when a question lands at 10pm in busy season.
What Aethos changes.
Independence preserved · audit trail by constructionThree answers, mapped one-to-one to the three pressures above.
The firm owns the tool.
Aethos is licensed software operated on the firm's infrastructure. There is no ongoing vendor relationship with the audited entity, no shared model, no data transmitted to a third party. Under the IFAC Code the analysis converges with software the firm builds itself. The independence threat from the AI tool is identical to the threat from a spreadsheet — which is to say, not one.
Every query becomes working paper material.
Every prompt, every retrieved source, every response is written to a signed, append-only audit log with the staff member's identity, the engagement code, the timestamp and the model version. The log exports straight into the engagement file. ISA 230 is satisfied by construction; the engagement quality reviewer can trace the reasoning end to end.
The firm's knowledge compounds.
The current tax code, the latest IFRS interpretations, the revised ISA suite, the firm's own technical memoranda and the engagement quality review history — all retrievable by question, in the senior associate's language, with the source paragraph cited. Standards drift becomes a Sunday evening update, not a quarterly crisis.
If it does not survive the next peer review, it does not belong in the working paper.
The modules that matter most for you.
Where accounting firms startTwo modules cover the value for an accounting, audit or tax practice. The remaining Aethos modules are largely not relevant and we will not pretend otherwise.
Tax code, standards and the firm's own memory.
National tax code, IFRS, ISA, the firm's technical opinion archive, past engagement quality reviews, audit committee correspondence — answered with the standard paragraph, engagement reference and date cited. A senior at 10pm in busy season gets the right answer in three minutes; the partner reviews the trail in the morning.
RAG module Module 02 · Aethos CoderFor the audit-data-analytics team.
Substantive analytics, journal-entry testing, three-way matches, anomaly detection scripts — built and maintained by the firm's own data team, with AI assistance, inside the firm's perimeter. Engagement-level scripts version- controlled, change-tracked, and traceable to the engagement partner.
Coder moduleThe standards that bind.
What the standard asks · what Aethos providesProfessional standards, ethics rules and statute that bear on AI in audit, tax and advisory work — and where Aethos plugs into each.
| Source of duty | What it requires of AI use | What Aethos provides |
|---|---|---|
| IFAC Code of Ethics · §120 framework, §320 independence | Independence in fact and appearance. No self-review, no management, no advocacy threats from the tool. | Firm-owned software. No vendor relationship with the audit client. Independence analysis identical to a firm-built spreadsheet. |
| ISA 220 (Revised) · Quality management for the engagement | Documented supervision and review; the engagement partner accountable for the use of automated tools. | Per-engagement audit log of every AI interaction · staff identity captured · review-ready by engagement-quality reviewer · supervisor dashboard. |
| ISA 230 · Audit documentation | Working paper records nature, timing, extent of procedures and basis of conclusions. | Signed audit log exports straight to the engagement file. Every conclusion has its prompt, retrieved sources and response captured. |
| ISA 315 (Revised) · Risk assessment & data analytics | The use of automated tools and techniques is now explicitly inside the audit; documentation expected. | Coder module produces version-controlled analytics scripts · per-engagement script catalogue · change manifest signed. |
| ISQM 1 / 2 · Firm-level quality management | Firm-level controls over technology resources, monitoring and remediation. | Centralised model registry · per-skill governance policy · monitoring exports to the firm's quality dashboard · remediation runbook. |
| EU AI Act | Use in credit assessment, employment decisions and law enforcement is high-risk. Most audit/tax use is limited-risk, but transparency is expected. | Audit log · model card per deployment · technical documentation per release · classifier of high-risk vs limited-risk use cases. |
| GDPR Art. 6, 9 | Audit work routinely touches employee data, payroll, health-insurance premiums and other special categories. | No data egress. Per-engagement purpose binding. Per-tenant DEKs wrapped by firm KMS. Retention aligned with working paper rules (7+ years). |
The next step.
One day · on premises · written outcomeBook a one-day Architecture Workshop.
One day at your firm with Kristijan Stojanović — founder of STK Engineering — and the architect assigned to professional practice. We work through the engagement-file taxonomy, the independence framework, the standards corpus and the analytics roadmap, and produce a signed sizing & integration plan you can present to the technical directorate.