AI ASSURANCE
Beyond hallucinations: 3 hidden AI risks in professional workflows
Jan 14, 2026
Executive summary
For audit and tax leadership, the integration of Generative AI represents a significant shift in the operational risk profile. While these models offer unprecedented speed in processing financial data, they fundamentally differ from traditional software. They are probabilistic engines designed to generate plausible text, not deterministic systems designed to retrieve facts.
Without specific controls, 'out-of-the-box' AI implementations introduce three critical risks into the engagement file: the fabrication of non-existent standards (plausible hallucination), the validation of user bias (sycophancy), and the omission of critical data points in large documents (lost in the middle).
The following table outlines these core risks and the necessary technical and procedural controls to mitigate them.
Risk area | Description | Root cause | Mitigation strategy |
|---|---|---|---|
Plausible hallucination | The AI confidently cites outdated or non-existent rules (e.g., citing 2018 IFRS standards in 2026). | Data cut-off & paywalls: The model relies on old training data and cannot access secure, paywalled standards (e.g., official GAAP). | Grounding: Connect the AI to a curated knowledge base via a Model Context Protocol (MCP) server to enforce citation from current laws. |
Sycophancy | The AI acts as a 'Yes-Man', agreeing with the user's leading questions and confirming biases rather than challenging them. | RLHF training: Models are trained to be 'helpful' and polite, often prioritising agreement over objective truth. | Prompt engineering: Use 'Role Prompting' to assign a regulator persona and explicitly instruct the system to check for confirmation bias. |
Lost in the middle | The AI overlooks critical details located in the middle of long documents (e.g., loan agreements or annual reports) while focusing on the start/end. | Attention degradation: The model's ability to retain context diminishes as the input length increases and task complexity grows. | Chunking architecture: Break large documents into logical segments and use agentic workflows to process specific sections sequentially. |
1. Introduction
Imagine hiring a new junior associate for your firm. This associate is exceptionally bright and can read a thousand pages of documentation in seconds. They draft memos instantly and possess an encyclopaedic knowledge of general business concepts. However, this associate has a critical flaw. They are terrified of admitting they do not know an answer. Instead of checking the latest legislation, they might confidently invent a clause just to provide a solution. Furthermore, they are so eager to please that if you ask a leading question, they will simply agree with your premise rather than offering an objective challenge.
This is the reality of integrating AI into professional workflows today. When we use the term 'AI' in this article, we refer specifically to Generative AI agents built on Large Language Model (LLM) architectures, such as the technology behind ChatGPT, Claude, and Gemini.
While these tools offer immense potential for efficiency in audit, tax, and ESG reporting, they were not originally designed for the zero-error environment of financial compliance. They were trained to predict the next plausible word in a sentence, not to verify the accuracy of a specific IFRS standard or Dutch tax provision.
For partners and technical leads, the challenge is not to ban these tools but to understand their cognitive limitations. Before entrusting an AI assistant with a file review or a compliance check, we must recognise three specific risks that go beyond simple errors: plausible hallucinations, sycophancy, and the 'lost in the middle' phenomenon.
2. Risk I: plausible hallucination
In the context of financial audits, an obvious error is easy to spot. If an AI assistant claims that 'Land' should be depreciated over five years, any junior auditor will catch the mistake immediately. The real danger lies in plausible hallucinations: errors that sound professionally convincing and cite non-existent or outdated logic.
This risk stems from two primary limitations in how general AI models access information.
The training data lag
General models are pre-trained on vast amounts of internet data, but this training has a cut-off date. If you ask an AI to review accounting policies against IFRS, it relies on the snapshots of data it has 'read' during training. It might flawlessly apply the standards as they existed in 2021 while being completely unaware of a critical amendment introduced in 2024. The AI will not say "I do not know"; it will confidently state that the policy is compliant based on obsolete rules, creating a hidden compliance gap.
The paywall problem
To counter outdated training data, users often rely on the AI's web-browsing capabilities. However, authoritative sources, such as the official IFRS Foundation standards or current Dutch tax legislation commentaries, are often behind login screens or paywalls. When the AI attempts to verify a standard, it cannot access the primary source. Instead, it retrieves information from accessible public data, such as summaries from Big Four articles or professional forum posts. These sources may be summaries, outdated interpretations, or simply incorrect. The AI then synthesises this secondary information into an answer that looks like a direct citation from the standard but is actually a derivation of public opinion.
Mitigation strategy: grounding
To prevent this, we must stop the AI from relying on its internal memory or open web searches for technical standards. The solution is a technique called 'grounding'. This involves connecting the AI directly to a curated, trusted database of current laws and standards. By using specific integrations, such as a Model Context Protocol (MCP) server, you can force the AI to answer solely using the documents you provide. This transforms the AI from a creative writer into an analyst that cites the specific article of the law available within your secure environment.
3. Risk II: sycophancy
In the audit and tax professions, independence and professional scepticism are foundational principles. A professional advisor must look at the facts objectively, even if the conclusion is not what the client hopes to hear. However, general AI models are currently designed with the exact opposite goal. They suffer from a behaviour known as sycophancy.
Sycophancy is the tendency of an AI model to agree with the user's views or follow the user's implied bias, rather than providing an objective truth. If a tax advisor asks, "This dinner expense seems clearly deductible as a business meeting, correct?", the AI is statistically likely to answer, "Yes, this appears to be a deductible business meeting," and will generate arguments to support that premise.
The root cause: RLHF
This is not a bug but a feature of how these models are trained. Through a process called Reinforcement Learning from Human Feedback (RLHF), human trainers grade the AI's responses. Historically, trainers have preferred answers that are helpful, polite, and aligned with the user's intent. Consequently, the model learns that "being helpful" means "agreeing with the user." In a regulated environment, this is dangerous. It creates a confirmation bias loop where the AI acts as a "Yes-Man" rather than an independent reviewer.
Mitigation strategy: System Instructions and workflow design
To counter this, we must explicitly programme the AI to adopt a critical persona. This starts with the "System Instructions" or the initial prompt setup. Instead of a generic instruction, we must command the AI to "act as a strict regulator" and explicitly include instructions such as: "Review your response for confirmation bias before submitting" or "Be critical and objective; do not assume the user's premise is correct."
Furthermore, when designing agentic skills, we should structure the workflow objectively. Rather than asking for a conclusion in one step, force the AI to follow a logical path: first, extract the facts; second, cite the relevant legislation; and third, compare the two to derive a conclusion. By separating the fact-finding from the judgment, we reduce the risk of the AI simply hallucinating a justification to please the user.
4. Risk III: lost in the middle
The capacity of modern AI models to process large amounts of text is often marketed as a key feature. It is tempting to upload a 150-page Annual Report or a complex Syndicated Loan Agreement and ask a single, comprehensive question: "Review this entire agreement and identify all clauses that deviate from our standard template." While this feels efficient, it often leads to a subtle failure known as the 'lost in the middle' phenomenon.
When an AI model is presented with a massive block of text (a long 'context window'), its ability to retrieve information is not uniform. Research indicates that these models are highly effective at identifying information at the beginning of a document and at the very end. However, their attention degrades significantly for information located in the middle of the text sequence.
If a critical loan covenant or a contradictory ESG disclosure is buried on page 60 of a 120-page document, the AI is statistically more likely to overlook it compared to information on page 5 or page 115. The risk is compounded when the user combines a long document with a complex, multi-task prompt. Asking the AI to perform ten different checks on a hundred pages simultaneously dilutes its 'attention', resulting in a superficial review that misses specific details.
Mitigation strategy: chunking and architecture
To mitigate this, users must avoid the 'do it all' prompt. Instead of asking for a holistic review of a whole document, break the task down into smaller, sequential steps.
From a technical perspective, this is where relying on a standard chat interface limits professional quality. Robust integration requires an architectural approach called 'chunking'. This involves breaking a large document into smaller, logical segments, such as chapters or clauses, before the AI processes them. A specialized MCP server handles this in the background, feeding the AI only the relevant sections of the text needed for the specific query. This ensures the AI maintains 'focus' on the specific data points, treating page 60 with the same level of scrutiny as page 1.
5. Conclusion: from chatbot to assurance
The integration of AI into the audit and tax profession is not a question of if, but how. The risks of plausible hallucination, sycophancy, and context loss demonstrate that a general-purpose AI assistant cannot simply be dropped into a high-stakes workflow without adequate supervision and infrastructure. While the underlying models are powerful, they lack the inherent professional rigour required for IFRS or CSRD compliance.
However, recognising these risks is the first step towards mitigating them. The solution lies in moving beyond the standard chat interface. By shifting from simple experimentation to a structured approach, firms can harness the speed of AI while maintaining the quality standards their clients expect.
This transition requires a combination of human skill and technical architecture. Professionals must refine their prompting techniques to demand objectivity and verify outputs against primary sources. Simultaneously, firms need to implement the right technical backbone. Integrating specialized tools like MCP servers ensures that the AI is grounded in accurate, secure data and processes large documents without losing critical details.
Ultimately, the goal is not just to use AI, but to obtain reasonable assurance over its output. When we control the context and the workflow, we transform the AI from an eager but unreliable junior associate into a trusted component of the audit file.