The Silent AI on Your Balance Sheet

The question the CFO cannot answer

Friday afternoon, the CFO receives a one-line email from the enterprise Chair:

“Before Tuesday — give me a quantitative measure of our AI exposure. Assets, liabilities, contingent risk. A number, not a narrative.”

The CFO has prepared for fiscal meetings countless times before: binders, tabs, board deck, the quarterly close memo, variance commentary. Routine. Predictable. Controlled.

She can quantify goodwill, capitalized software, lease obligations, contingent liabilities, cybersecurity insurance premiums, even deductibles — down to the dollar. But not this. There is no general ledger account for AI exposure. No footnote disclosure. No balance sheet line item. No recognized framework that translates AI risk into a number the board can govern against.

And yet AI is already materially reshaping the business — affecting revenue, through the sales-forecasting model the commercial team relies on; cost, through the back-office automation the finance organization runs against the close; liability exposure, through the third-party model the contact center uses to draft responses to customers; and regulatory profile, through the underwriting tool the lending division has begun to deploy. The exposure is unambiguously present in the operations of the business. The dependency is real. The measurement is unambiguously absent from any document the audit committee would normally rely on.

This is not a technology problem. Modern enterprises are running material AI exposure through their operations with no quantitative representation of it on any document a board, an auditor, a lender, or an acquirer can use.

This is a measurement problem. Boards cannot govern what the enterprise cannot quantify. Governance begins where measurement becomes possible.

What “on the balance sheet” actually means here

Before going further, a definitional note: this article uses “balance sheet” in the broader sense familiar to audit committees and rating analysts — not the GAAP balance sheet narrowly, but the complete picture of value drivers and risk exposures that determine what the enterprise is actually worth and what it actually owes.

AI is silently on the balance sheet in four distinct ways, and each of them is currently invisible to the instruments that ordinarily measure enterprise value:

• As an asset. Productivity gains, revenue lift, pricing precision, forecasting accuracy, underwriting capacity — embedded models now drive parts of the income statement that used to be produced by people. Where the gain is real, the asset is real. It is just not recorded as one.
• As a liability. Contingent exposure from vendor model failure, discriminatory outputs in regulated workflows, hallucinated outputs in customer-facing or compliance-facing systems, intellectual-property contamination from data of unknown provenance. The exposure is contingent, but it is not theoretical. It is being underwritten — or, more often, not underwritten — every quarter.
• As goodwill at risk. Acquired AI capabilities whose value depends on the documentation, talent retention, and explainability of the underlying systems. Acquirers paid premiums for those capabilities. The persistence of those premiums depends on institutional knowledge that, as a prior issue of this series observed, often resides in a small number of people whose departure would compromise the asset itself.
• As an off-balance-sheet exposure. Vendor and supply-chain AI that the company does not own, but is operationally dependent on — the model that scores the loan applications, the agent that triages the support tickets, the embedded intelligence inside the SaaS platforms that the business now runs on. The dependency is contractual, not proprietary. The risk is operational.

None of this is currently captured in the financial statements with any precision. US GAAP and IFRS were not written with embedded AI in mind. Internally developed AI is generally expensed as incurred. Acquired AI is buried inside goodwill, which is tested for impairment, but not disaggregated. Vendor AI is invisible unless the contract happens to be material. The economic substance is real and growing. The accounting representation is partial and lagging. That is the gap this article is about.

The Standard Is Coming

The disclosure gap is widening. We have been here before. When economic activity outruns its representation in the financial statements, regulators wait, watch, and eventually intervene. That cycle has begun.

In March 2024, the SEC announced its first two enforcement actions for what it called “AI washing” — material misrepresentation of AI capabilities — against the investment advisers Delphia and Global Predictions. Both firms settled, paying combined civil penalties of $400,000.¹ In January 2025, the SEC brought its first AI-washing action against a publicly listed company, the restaurant-technology firm Presto Automation.² In April 2025, the SEC and the U.S. Attorney for the Southern District of New York filed parallel civil and criminal charges against the former CEO of the AI startup Nate, Inc., alleging that he had raised more than $42 million by misrepresenting his shopping app as AI-driven when transactions were in fact being processed manually by contract workers overseas.³ The Commission has since established a Cyber and Emerging Technologies Unit with explicit responsibility for AI-related disclosure cases.⁴

The pattern in the private bar tracks the same arc. AI-related securities class actions have grown from seven in 2023 to fourteen in 2024 to at least seventeen in 2025, according to filings tracked by the Stanford Class Action Clearinghouse and corroborated by independent reviews.⁵ The most prominent of the 2025 cases, Tucker v. Apple, alleges that the company’s representations about its Apple Intelligence initiative misled investors when the promised Siri upgrades were delayed and the stock subsequently lost roughly $900 billion in market capitalization from its peak.⁶ The pattern reads, in the aggregate, as a market repricing the difference between AI as said and AI as built.

At the standard-setting level, the response has been more measured, but no less consequential. In December 2024, the FASB staff issued an Invitation to Comment on the recognition of intangibles — a project that includes software costs, internally developed intangibles, and research and development, the three buckets into which most AI investment currently flows.⁷ In September 2025, the FASB issued ASU 2025-06, modernizing the long-standing rules for capitalizing internal-use software costs and explicitly acknowledging that those rules, written in 1998, no longer fit how software is built today.⁸ The PCAOB has identified “audit areas with increased use of technology, including use of generative artificial intelligence” as a 2025 inspection priority, and Board members have begun to speak publicly about whether existing auditing standards are adequate for engagements in which both the audit work and the underlying financial reporting are AI-influenced.⁹

Around all of this sits the underlying economic reality. Eighty-eight percent of organizations now report using AI in at least one business function.¹⁰ Only about six percent are realizing significant enterprise value.¹¹ Roughly two-thirds are still in piloting. Among organizations that have suffered a data breach, sixty-three percent have no AI governance policy in place, or are still developing one.¹² The economic activity is broad and accelerating. The governance substrate underneath it is thin.

History suggests how this resolves. Non-GAAP measures, lease accounting, off-balance-sheet vehicles, ESG — each began as a category that the financial statements did not capture, accumulated to material scale, drew enforcement attention, and was eventually codified into a disclosure regime. AI is at that inflection point. The standard is the next step, not the question.

The market is guessing

With no reliable AI governance signal to price against, the market is guessing. The cost of that guessing is already being paid. Four constituencies that price enterprise risk in different ways have each begun to adjust their behavior accordingly.

M&A diligence. Acquirers are paying for AI-enabled revenue without being able to verify the governance posture of the systems producing it. The market has begun to price the asymmetry. A 2026 analysis by Skadden, Arps reports that buyers of AI-native companies have tied up to twenty percent of purchase price to AI-related performance KPIs uncovered during diligence — a structural attempt to convert measurement uncertainty into contingent consideration.¹³ Earnouts and reps-and-warranties cannot price what diligence cannot measure; when the measurement is unavailable, the deal absorbs the uncertainty in the price.

Lending and credit. Lenders extending working capital and senior debt to AI-dependent businesses have no covenant framework for AI governance quality. The credit agreement does not contemplate it. There is no incurrence test for adopting a foundation model, no maintenance covenant for retention of an AI-fluent CIO, no event-of-default tied to a model-validation failure. The borrower’s AI posture can deteriorate materially between covenant reporting dates without anything in the document picking it up. The first lender to write an AI governance covenant will be the first lender with a covenant that can do work.

D&O and management liability. Carriers writing directors-and-officers coverage for AI-deploying enterprises have begun to scrutinize AI disclosures even though policy language has not yet shifted.¹⁴ The economic logic is straightforward: the gap between AI deployment and AI governance at the board level is the central driver of the new AI-related securities litigation, and underwriters can see that gap in the absence of an objective signal that would let them price it. In the meantime, premiums for the most AI-exposed insureds drift up, retentions widen, and exclusions are tested on the margin. The market is asking for a number it cannot get.

Audit and internal controls. External auditors increasingly need to satisfy themselves that AI-influenced financial reporting — revenue forecasting, allowance models, fair-value estimates, impairment testing — rests on controlled systems. The PCAOB flagged this as an inspection priority for 2025.⁹ But the auditor has no standard external benchmark against which to assess the governance of a client’s AI estate, and no comparable rating to anchor a discussion with the audit committee. The control framework is being asked a question the framework was not built to answer.

In every one of these contexts, someone is being asked to make a financial decision about an AI exposure they cannot measure. The decisions are being made anyway — by guess, by precedent, by the room. Being unmeasured does not improve them. It only defers the reckoning.

The yardstick is missing

You cannot govern what you cannot see. You cannot manage what you cannot measure.

The AI governance problem is most often framed as a policy problem (we need an AI policy), an ethics problem (we need an AI ethics committee), or a technical problem (we need a model review process). Each is real. None is sufficient. The binding constraint is measurement — the absence of a comparable, auditable, defensible quantification of AI governance posture that an outside party can rely on.

The historical parallel is instructive. Before standardized accounting, companies had policies. They had ethics committees in some form. They had technical practices for inventory valuation and cost allocation. None of it scaled into a functioning capital market until measurement was standardized, audited, and disclosed in a comparable form. The discipline that made modern finance possible was not the policy, not the ethics, and not the technical practice. It was the comparability of the number. The same is true for AI now.

AIQA Global was created to achieve the same for AI. Today, AI governance is being assessed the way credit was assessed before FICO and the way patent quality was assessed before Ocean Tomo: bespoke narratives produced by interested parties, incomparable across organizations, unable to support the underwriting and capital-allocation decisions the market now requires. The work of this article’s final sections is to describe what the measurement looks like in practice and what boards and CFOs should do with it.

What boards and CFOs should do now

Four actions, all available now, none of which requires regulators or standard-setters to act first.

1. Build an AI exposure inventory that the CFO can sign. Not an IT inventory of internally hosted models — a finance-grade map of every AI system that materially touches revenue, cost, liability, or reporting, including embedded AI inside vendor platforms. The inventory is the prerequisite for everything else. Without it, the answer to the audit committee chair’s question is necessarily a guess.
2. Treat AI governance as a disclosure control. Bring AI-related claims, risks, and exposures into the same controls framework that governs other material disclosures. The SEC’s AI-washing enforcement arc makes clear that statements about AI in filings, on earnings calls, in marketing, and in product documentation are now being read as disclosures in the legal sense. They should be controlled as disclosures in the operational sense.
3. Adopt a measurable, third-party-comparable governance metric. Internal scorecards cannot satisfy the audit committee, the underwriter, the acquirer, or the lender. Only an independent, standardized score can. The standardization is what allows the score to do work outside the room that produced it.
4. Brief the board in quantitative terms. Quarterly AI governance reporting should be metric-driven — score, trend, peer comparison — not narrative. Boards cannot exercise oversight of trends they cannot see plotted over time. A narrative report is comforting; a metric is governable.

The measurement that closes the gap

The gap between AI’s economic footprint and its measurable representation is real, growing, and consequential. Every constituency that prices risk in the enterprise — boards, auditors, lenders, insurers, acquirers, investors — needs a number. None has one in a form that supports cross-organization comparison or trend monitoring over time. AIQA Global was founded to produce that number.

The AIQ™ Score is an independent, quantitative rating of enterprise AI governance maturity, expressed on a 0–200 scale across five weighted dimensions: Strategic Alignment, Governance and Accountability, Technical Robustness, Responsible AI and Compliance, and Adaptability and Education. The score is built from 250 evidence-based data points, fifty per dimension, drawn from disclosed material, structured client surveys, and AI-assisted verification, and is framework-aligned with the NIST AI Risk Management Framework, ISO/IEC 42001, the OECD AI Principles, the EU AI Act, and GDPR. The methodology is patent-pending.

Each dimension corresponds to a measurement gap this article has described. Strategic Alignment is what the audit committee chair’s question implicitly tests: is the AI exposure visible at the level of the people who own it. Governance and Accountability is what the D&O underwriter needs to price. Technical Robustness is what the auditor needs to assess controls over AI-influenced figures. Responsible AI and Compliance is what the regulator is increasingly going to require. Adaptability and Education is what the lender, the acquirer, and the board need to assess whether the governance posture is stable or deteriorating. A standardized score across these dimensions, produced by an independent third party, is what allows the gap to close.

The methodology is descended directly from earlier Chicago institutions that solved analogous measurement problems for earlier markets. Underwriters Laboratories did it for electrical safety, the Chicago Board of Trade for agricultural commodities, Morningstar for mutual-fund quality, and Ocean Tomo for patent portfolios. The NYSE-listed Ocean Tomo 300 Patent Index, built on Ocean Tomo’s proprietary patent rating, outperformed the S&P 500 by more than 1,600 basis points over its first decade. The discipline is not new. The application is.

Positioned this way, the score is the instrument that lets AI come onto the balance sheet in a form the CFO, the auditor, the board, the lender, the insurer, and the market can actually use.

From silent to stated

The unmeasured does not stay unmeasured forever. Every previous category of material enterprise exposure — credit quality, market risk, environmental liability, cyber exposure, ESG performance — eventually moved from silence to measurement, because the market demanded it and regulators codified it. The cycle is well-understood. It always closes.

AI is at that transition now. The enterprises that move first will be the ones whose AI exposure is stated — quantified, disclosed, defensible — while their peers’ exposure is still silent. The audit committee will have a number. The underwriter will have a basis for pricing. The lender will have a covenant that can do work. The acquirer will have something to diligence against. The board will have something to govern.

This is not a compliance burden. It is the discipline that lets well-governed organizations price, sell, insure, finance, and defend their AI on terms the rest of the market cannot. Measurement is what governance is. Silence is not.

Citations

1. U.S. Securities and Exchange Commission, “SEC Charges Two Investment Advisers with Making False and Misleading Statements About Their Use of Artificial Intelligence,” Press Release 2024–36, March 18, 2024.
2. In re Presto Automation Inc., SEC settled administrative proceeding, January 2025. See also Holland & Knight, “2025 Cybersecurity and AI Year in Review,” December 2025.
3. SEC v. Saniger, S.D.N.Y., complaint filed April 9, 2025; parallel criminal indictment, U.S. Attorney’s Office, Southern District of New York.
4. White & Case LLP, “SEC FY 2025 Review: A transformative year in SEC enforcement,” January 2026; DLA Piper, “SEC emphasizes focus on AI washing despite perceived enforcement slowdown,” May 2025.
5. Stanford Class Action Clearinghouse, AI-related securities class action tracking through 2025; Cornerstone Research, Securities Class Action Filings—2025 Mid-Year Assessment; DLA Piper, “AI-related securities class action filings are on the rise,” September 2025.
6. Tucker v. Apple Inc. et al., N.D. Cal., No. 25–05197, June 2025.
7. FASB Invitation to Comment, Recognition of Intangibles, December 2024.
8. FASB Accounting Standards Update 2025–06, Intangibles—Goodwill and Other—Internal-Use Software (Subtopic 350-40): Targeted Improvements to the Accounting for Internal-Use Software, September 18, 2025.
9. PCAOB, Staff Report Outlining 2025 Inspection Priorities, December 2024; PCAOB Staff Spotlight, “Staff Update on Outreach Activities Related to the Integration of Generative Artificial Intelligence in Audits and Financial Reporting,” July 2024; “AI and the Pursuit of Audit Quality: A Regulatory Perspective,” PCAOB speech, September 16, 2025.
10. McKinsey & Company, “The state of AI in 2025: Agents, innovation, and transformation,” November 2025. (Prior-year baseline of 78 percent from McKinsey, “The state of AI: How organizations are rewiring to capture value,” March 2025.)
11. McKinsey, State of AI 2025, “AI high performers” segmentation.
12. IBM Security, Cost of a Data Breach Report 2025, conducted by Ponemon Institute (figure reported among breached organizations: 63 percent either lack an AI governance policy or are still developing one).
13. Skadden, Arps, Slate, Meagher & Flom, 2026 M&A Insights, cited in industry coverage of AI-native company transactions.
14. Insurance Business America, “D&O in the AI era: Insurers zero in on corporate disclosures,” October 2025; Risk & Insurance, “AI Litigation and Its Impact on D&O Insurance,” October 31, 2025.