KPMG Australia confirmed in February 2026 that 28 of its staff had used artificial intelligence tools to cheat on internal training exams since July 2025, after the firm introduced monitoring systems specifically designed to detect unauthorised AI use during assessments. The most senior case involved a registered company auditor at partner level, who was fined more than A$10,000 and required to retake the exam. The partner also self-reported to Chartered Accountants Australia and New Zealand, which launched its own separate investigation. The remaining cases involved staff at or below manager level.
The exam in question was not a general compliance test. It was a mandatory training course on the ethical and responsible use of artificial intelligence, part of KPMG’s internal programme to standardise how staff understand and apply AI in audit and advisory work. The training materials recommended that participants download a reference manual to consult during the open-book assessment. The partner uploaded that document into an external generative AI tool and used it to produce answers, which violated explicit firm policy. KPMG’s monitoring systems flagged the activity within weeks of the assessment taking place.
What the firm says happened
KPMG Australia employs around 10,000 people and administers more than 20,000 internal tests each year, according to reporting by the Australian Financial Review, which first covered the story in December 2025. The firm upgraded its monitoring infrastructure in 2024 after a period of widespread cheating on internal exams between 2016 and 2020, during which KPMG was sanctioned by the US Public Company Accounting Oversight Board, fined US$450,000, and required to retain an independent consultant to undertake a systemic review of the firm’s culture, conduct, and ethics, according to a PCAOB disciplinary order issued in September 2021.
KPMG Australia chief executive Andrew Yates described the challenge candidly. “Like most organisations, we have been grappling with the role and use of AI as it relates to internal training and testing,” he told the Australian Financial Review. “As soon as we introduced monitoring for AI in internal testing in 2024, we found instances of people using AI outside our policy. We followed with a significant firm-wide education campaign and have continued to introduce new technologies to block access to AI during testing.”
The firm has said it will separately disclose AI-related cheating cases in its annual results and will strengthen processes to ensure staff meet their obligation to self-report misconduct to relevant professional bodies. That commitment came after a complication on the disclosure side: Greens senator Barbara Pocock asked the Australian Securities and Investments Commission about the matter at Senate estimates, and ASIC’s response indicated it had not received a formal report from KPMG about the cheating cases before the Financial Review‘s December coverage. KPMG maintains it had voluntarily informed ASIC as part of ongoing discussions with the regulator. ASIC commissioner Kate O’Rourke acknowledged at estimates that the regulator’s oversight of Big Four non-audit services and partnership structures is partial under the current framework. Under existing rules, firms are only required to file a formal report with ASIC if a staff member has been formally disciplined by a governing professional body. Since Chartered Accountants ANZ had not yet concluded its investigation at the time, no formal filing was triggered.
The context the incident sits inside
KPMG Australia became the first organisation globally to achieve ISO 42001 certification for AI management systems, granted in October 2024 by BSI. The ISO 42001 standard provides a framework for establishing, implementing, and maintaining an AI management system, and the certification involved a detailed external audit of the firm’s governance, risk controls, and approach to embedding responsible AI practices across its operations. The firm’s Trusted AI Framework is a consulting product it sells to clients navigating AI governance. Both products, the certification and the framework, rest on the proposition that KPMG has internalised what responsible AI looks like.
That background does not make the cheating cases worse in a factual sense, but it does change what they mean reputationally. A firm that has positioned itself as the first in the world to certify its AI management practices now has to account for staff, including a senior partner, using AI to avoid engaging with the material those practices are built on. The gap between the institutional claim and the individual behaviour is the story, more than the misconduct itself.
The fine, A$10,000 deducted from future income, is modest relative to what partners earn. The Going Concern accounting publication noted that average partner pay at KPMG Australia was A$715,000 for 2025. Whether the penalty is proportionate to the seniority of the breach and the reputational exposure it created is a question KPMG has not directly addressed.
The broader pattern in the Big Four
This is not the first time the large accounting and professional services firms have faced questions about internal assessment integrity. EY paid a US$100 million fine to the US Securities and Exchange Commission in 2022 after staff cheated on Certified Public Accountant ethics exams. The PCAOB imposed a record US$25 million fine on KPMG Netherlands in April 2024, after hundreds of professionals shared exam answers and the misconduct reached senior leadership including the firm’s head of assurance. In that case, according to a PCAOB press release, some leaders misled regulators and failed to disclose the misconduct when they became aware of it.
The cheating on an AI ethics exam is different in kind from exam-sharing scandals. It does not require collusion or pre-arranged access to answers. A single employee with a smartphone can upload course materials to a freely available AI tool and have responses generated in seconds. The ease of the act is what creates the governance problem. No institutional culture of answer-sharing is required; only a calculation, probably unconscious in many cases, that completing mandatory training is a box to be ticked rather than knowledge to be acquired.
Deloitte Australia offers a recent comparison point from a different direction. In 2025, the firm agreed to refund part of a A$440,000 government contract after a report it produced for the Department of Employment and Workplace Relations was found to contain multiple errors linked to AI use, including a fabricated quote from a federal court judgment and references to non-existent academic papers. The partner responsible is reported to be leaving the firm. The two incidents are different in character: one involves staff bypassing training, the other involves AI-generated content being submitted to a government client without adequate checking. What connects them is a set of professional services firms in the middle of integrating AI rapidly into their practices, and finding that their governance systems have not kept pace with the ease of misuse.
What the monitoring arms race suggests
KPMG’s response to detecting the cheating was to introduce additional technology to block AI access during testing. The sequence is worth sitting with. The firm deployed AI tools for client and internal work. It then prohibited those tools during assessments. Staff used the tools anyway. The firm deployed detection software. The firm then deployed blocking software. Each step consumes resources and creates new enforcement problems.
One structural question this raises: if the point of mandatory AI training is to ensure staff understand what the tools can and cannot do appropriately, what does it mean if the assessment of that understanding can be automated away? The open-book format existed to reduce exam pressure, not to invite outsourcing the work entirely. KPMG’s own training presumably covers exactly this kind of use-case distinction. That the course materials were themselves used as the input for bypassing the assessment is, in the driest sense, a demonstration of the problem the course was designed to prevent.
Whether invigilated in-person testing is a practical response for a firm of KPMG’s scale, and whether any format can reliably assess genuine understanding rather than the ability to locate correct answers, are questions without clean answers. They are also questions that extend well beyond KPMG. Professional certification bodies across multiple fields are working through the same problem; the Association of Chartered Certified Accountants announced in December 2025 that it would end remote exams from March 2026, citing inadequate safeguards against AI-assisted cheating.
What to watch next
Chartered Accountants Australia and New Zealand has an open investigation into the partner’s self-reported misconduct, and the outcome will determine whether a formal regulatory report to ASIC is required. KPMG has committed to disclosing AI-related cheating cases in its annual results; how that disclosure is framed, and whether it covers the full 28 cases or only those that result in formal findings, will be worth examining when those results are published. Senator Pocock’s questions about ASIC’s oversight of the Big Four have not yet produced a legislative response, but the exchange at estimates placed on public record that the regulator’s visibility into firm-level misconduct is constrained by the current reporting framework. That constraint predates AI; the AI cases have simply made it more visible.
Sentinel — Human
The text exhibits strong signs of human journalistic authorship characterized by deep context, varied sourcing, and nuanced analytical framing rather than synthetic pattern repetition.
