CORAA
लाइव डेमो बुक करेंमुफ्त ट्रायल शुरू करें
ब्लॉग/AI in Audit· लेख

ICAI Code of Ethics 13th Edition (Effective 1 April 2026): The AI-Related Clauses Every CA Should Know

ICAI Code of Ethics 13th Edition takes effect 1 April 2026. New clauses cover AI-based assurance engagements, transparency in emerging technology, NOCLAR enhancements, and how AI use intersects with auditor independence and professional skepticism. Practical guide for CA firms.

CCORAA Team7 January 20269 min read

ICAI Code of Ethics 13th Edition (Effective 1 April 2026): The AI-Related Clauses Every CA Should Know

ICAI publishes the Code of Ethics in editions reflecting the latest IFAC International Code of Ethics for Professional Accountants (IESBA) plus India-specific overlays. The 13th Edition takes effect 1 April 2026 — coinciding with the IT Act 2025 transition, ICAI 60 Tax Audit Cap, and Peer Review Phase IV deadline.

The 13th Edition adds material content on AI use in audit / assurance engagements — addressing how AI affects independence, professional skepticism, NOCLAR (Non-Compliance with Laws and Regulations), and transparency obligations. For practising CAs and firms adopting AI tools, the 13th Edition is the operational compliance framework.

This post covers the AI-related clauses, what they mean in practice, and how to align firm policies with the 13th Edition.

Why the 13th Edition matters

The Code of Ethics is binding on ICAI members. Breach is professional misconduct under the CA Act 1949 — leading to ICAI Disciplinary Directorate proceedings. The Code is also referenced in:

  • ICAI Peer Review (compliance with Code is reviewed)
  • NFRA inspections (Code references in audit-quality assessments)
  • Court proceedings against auditors (Code provisions used to establish standards)

The 13th Edition adds AI-related clauses largely because:

  1. IFAC IESBA issued an "Ethical Considerations Relating to Technology" pronouncement
  2. NFRA enforcement orders increasingly reference AI use considerations
  3. SEBI Responsible AI Framework and DPDP Act create regulatory context for AI ethics
  4. ICAI's own AICA program (see AICA critique) drives normalisation of AI use

Key AI-related provisions in the 13th Edition

Based on public ICAI announcements and IFAC IESBA pronouncements that ICAI has adopted, the 13th Edition is expected to cover:

1. AI-assisted execution doesn't reduce auditor responsibility

The 13th Edition reinforces: the auditor's responsibility for the audit conclusion is NOT diminished by use of AI tools. The professional opinion remains the auditor's.

Practical implication: When AI generates a CARO observation, the auditor reviews + verifies + signs off. The auditor's name + UDIN is on the report; the AI's name is not.

This is consistent with the Adopting AI in Audit playbook — treat AI output as draft, take professional responsibility.

2. Independence considerations when AI is the auditor's tool

If the audit firm receives AI tools from the audit client (e.g., the audited entity provides software, or the auditor's parent / network provides AI infrastructure used in the audit), this creates independence considerations.

Practical implication: Document the source of AI tools used. If using vendor-provided audit AI (CORAA, others), the vendor isn't the audit client — no independence issue. If the audited entity provides AI tools to the auditor — independence issue requiring evaluation and likely refusal.

3. Confidentiality of client data + AI use

The 13th Edition reinforces ICAI Code's existing confidentiality obligation — including in AI contexts. Specifically:

  • Confidential client data must not be used to train AI models without explicit consent
  • Confidential client data must not be input into public LLMs (ChatGPT, Claude, Perplexity, Grok) — DPDPA + Code violation
  • Client engagement letter must address AI use if AI is material to the engagement

Practical implication: The DPDPA-safe prompt approach (see the prompt template library) is now Code-compliance, not just DPDPA compliance.

4. Professional skepticism + AI hallucination

The 13th Edition explicitly addresses AI hallucination risk. Professional skepticism requires the auditor to:

  • Critically evaluate AI-generated output, not accept at face value
  • Verify factual citations against source
  • Apply professional judgement on AI's substantive conclusions
  • Document the verification

Practical implication: The 5-step detection workflow from the hallucinations post becomes part of professional skepticism evidence.

5. NOCLAR (Non-Compliance with Laws and Regulations) and AI

ICAI Code's NOCLAR provisions (covering when the auditor must report regulatory non-compliance) extend to AI:

  • If the auditor identifies the audited entity is non-compliant with AI-related regulations (DPDPA, SEBI Responsible AI Framework, etc.), NOCLAR procedures apply
  • If the AI tool itself is being used in non-compliant ways, the auditor considers reporting

Practical implication: For audited entities using AI (especially SEBI-regulated entities), the auditor must assess AI compliance. See SEBI Responsible AI Framework post.

6. Transparency in client communication

The 13th Edition adds expectation that auditors disclose AI use to clients when material to the engagement. This isn't necessarily disclosure in the audit report — it's transparency in the engagement letter / scoping discussion.

Practical implication: Updated engagement letter language. Reference AI tools used in scope discussion. Document client's awareness.

7. Documentation of AI use under SA 230

Cross-referenced with SA 230, the 13th Edition Code clarifies that AI use should be documented in working papers:

  • What tool was used
  • What prompt / input
  • What output
  • What verification was performed
  • Auditor's conclusion

Practical implication: Standard working paper template needs an "AI Use Documentation" section. See the prompt template library for the format.

Firm-level implications

For audit firms, the 13th Edition requires updates to:

1. Firm AI policy document

A board-approved firm policy covering:

  • Approved AI tools (which Claude / ChatGPT / vendor AI / etc.)
  • Authorised use cases per tool
  • Prohibited use cases (client data into public LLMs, etc.)
  • Documentation requirements
  • Training requirements for staff
  • Periodic review and update

2. Engagement letter template

Update to address AI use, where material:

The engagement may involve use of AI tools to assist in [research, drafting, 
data analysis, working paper preparation]. The use of AI tools does not 
reduce the auditor's responsibility for the conclusions reached. Where 
material, AI use is documented in the audit working papers.

3. Staff training

Annual training on:

  • The 7-rule AI adoption framework
  • DPDPA-safe prompting
  • Documentation requirements
  • Professional skepticism + AI

4. Quality monitoring

Cold reviews include explicit testing of AI-use documentation:

  • Is the working paper showing AI use?
  • Is verification documented?
  • Is auditor responsibility clear?

5. Independence review

Annual independence review now includes AI-tool considerations:

  • Source of AI tools (vendor, network firm, client)
  • Conflicts where AI tools come from related parties

Where the 13th Edition is unclear (gaps to watch)

Three areas where the 13th Edition leaves practical questions:

Gap 1: Vendor selection ethics

Does using a specific audit AI vendor (vs another) create independence or conflict issues? The Code is silent. Most practitioners interpret as: vendor relationships are commercial, not Code-relevant. But if the vendor provides services to audited entities, more scrutiny applies.

Gap 2: AI-generated audit reports

If AI drafts substantively the audit report (including KAM, opinion language), is the auditor still discharging professional responsibility? Code says yes (auditor signs and takes responsibility), but the substantive question of how much human judgement is required is contested.

Gap 3: Audit firm using its own AI in client work

A CA firm that uses CORAA / equivalent in client work — is this disclosed to the client? At what level of detail? Code expects disclosure where material; "material" is judgement.

For these gaps, watch ICAI guidance, NFRA enforcement examples, and peer review observations as the 13th Edition is interpreted in practice.

The cross-references — 13th Edition + other regulations

The 13th Edition doesn't exist in isolation. The compliance stack for FY 2026-27:

Regulation Focus Effective
Code of Ethics 13th Edition Ethics + independence 1 April 2026
IT Act 2025 Tax + cash transaction regulation 1 April 2026
ICAI 60 Tax Audit Cap Guidelines 2025 Tax audit volume 1 April 2026
Peer Review Phase IV Quality assurance 31 December 2026
DPDP Act 2023 (SDF audit + breach notification) Data protection Phase 2 Nov 2026
SEBI Responsible AI Framework AI in SEBI-regulated entities 2026-27 implementation
Information Systems Audit Standards (ICAI) IT audit 2026-27 rollout
ICAI Code AICA L1/L2 progression Practitioner education Ongoing

For CA firms, FY 2026-27 is the most regulation-heavy year in recent memory. Compliance with all of these simultaneously requires structured policy + training + audit-tech adoption.

Practical action items

For the next 6 months (to be 13th Edition ready by 1 April 2026):

Month 1-2: Read the 13th Edition (when published in full). Identify all AI-related clauses.

Month 3: Draft firm AI policy. Board approval.

Month 4: Update engagement letter template + working paper template.

Month 5: Conduct staff training on 13th Edition + AI policy.

Month 6: Update internal monitoring (cold review template) to include AI-use review.

After 1 April 2026: ongoing compliance + quarterly review of firm AI policy + annual training refresh.

Bottom line

The ICAI Code of Ethics 13th Edition (effective 1 April 2026) formalises AI-related ethics for Indian Chartered Accountants. Key provisions:

  • Auditor's responsibility undiminished by AI use
  • Independence considerations for AI tool source
  • Confidentiality + DPDPA-safe AI use
  • Professional skepticism + hallucination verification
  • NOCLAR extended to AI compliance
  • Transparency in client communication
  • Documentation in SA 230 working papers

For firms:

  1. Draft AI policy with board approval
  2. Update engagement letter + working paper templates
  3. Train staff annually
  4. Include AI in independence review
  5. Include AI use in cold-file-review monitoring

For practitioners:

  1. Follow the 7-rule framework
  2. Use DPDP-safe prompts
  3. Document AI use per the hallucinations workflow
  4. Maintain professional skepticism — verify, verify, verify

The 13th Edition is the Code framework for AI-era audit. The same firms that handle the 60-cap + IT Act 2025 + Peer Review IV transitions will absorb the 13th Edition smoothly. Firms still treating AI as optional are working against the regulatory direction.

Try CORAA → Audit-grade AI built for the Code-compliant audit practice — documentation, audit trail, India-hosted, transparent methodology. See pricing · Trust Centre · AI Audit Tool Evaluation Checklist.

विषय
ICAI Code of Ethics 13th editionICAI Code AI clausesAI auditor independenceNOCLAR AIICAI 2026 ethicsAI professional skepticism
← वापस to सभी लेख
Keep पठन

अधिक ai in audit में।

AI in Audit
SEBI Responsible AI / ML Framework: What Statutory Auditors of SEBI-Regulated Entities Need to Know
9 min read
AI in Audit
AI in Forensic Audit: Benford Subset Divergence Analysis and What Else Works
10 min read
AI in Audit
CA GPT (ICAI): An Honest Review of the 70+ Tools — What Works, What Doesn't
9 min read
भारत के लिए बनाया गया · DPDPA अनुपालक

शुरू करने के लिए तैयार automate your ऑडिट कार्य.

See how Coraa reduces ऑडिट एंगेजमेंट समय by 60%, from लेजर जाँच to वर्किंग पेपर्स, सभी from one Tally import.

शुरू करें free 14-दिन ट्रायललाइव डेमो बुक करें