Deloitte surveyed 3,235 enterprise leaders across 24 countries. The findings confirm what most CPA firm partners already suspect: AI capability is outpacing governance — and the firms that solve the governance problem first will build structural advantages that late movers cannot close.
These are not projections or analyst opinions. They are self-reported findings from enterprise leaders actively deploying AI.
Each finding below comes directly from the Deloitte report. The "What this means for your firm" sections are ours — connecting Deloitte's enterprise-wide data to the specific realities of CPA practice.
Only 21% of companies have a mature governance model for autonomous AI agents. Meanwhile, 74% plan to deploy agentic AI within two years. The gap between capability deployment and governance readiness is not closing — it is widening.
Deloitte is explicit: "Rushing to deploy agents widely before establishing governance foundations can expose organizations to significant risks."
CPA firms handle some of the most sensitive data in business — tax returns, financial statements, client payroll, entity structures. If 80% of enterprises lack mature agent governance for general business data, the governance gap for confidential financial data is even more acute. Any firm deploying AI without a governed execution boundary is operating in that gap.
73% of leaders cite data privacy and security as their top AI concern — more than legal/regulatory compliance (50%), governance capabilities (46%), or model quality (46%). Workforce impact ranks last at 30%.
This is not an abstract worry. Some organizations discovered AI models deployed into production without formal oversight or monitoring processes. One leader found there was no clear inventory of all AI tools currently active.
Your staff may already be using AI tools you have not vetted — uploading client data to services with unknown data retention policies. The risk is not that AI does not work. The risk is that it works well enough that people use it before governance exists. A governed execution architecture solves this by making the boundary the system's job, not the individual's judgment call.
77% of companies now factor an AI solution's country of origin into vendor selection. 83% view sovereign AI as at least moderately important to strategic planning. 58% now build their AI stacks primarily with local vendors.
The report frames this as "where is as crucial as what" — where AI runs and who controls the data matters as much as what model you use.
For CPA firms, sovereignty is not about geopolitics — it is about client data residency. Where does the data go when AI processes a tax return? Which servers touch a financial statement? Can you demonstrate to a client — or a regulator — that their data never left a controlled environment? These questions now have purchasing weight at the enterprise level. They should have even more weight for firms whose entire business rests on client confidentiality.
42% of leaders say their AI strategy is "highly prepared." But when it comes to execution:
Strategy improved. Infrastructure, data, and talent perceptions declined. Leaders know what they want to do — they just cannot do it yet.
This is the preparedness gap that most CPA firms experience intuitively — the partners see the potential, but the firm lacks the infrastructure, the data discipline, and the AI-literate staff to execute safely. Closing that gap is not a training problem. It is an architecture problem. The right execution layer bridges the gap between strategic intent and operational reality.
Despite rising adoption, 84% of companies have not redesigned jobs or the nature of work itself around AI capabilities. Most are layering AI onto existing processes rather than rethinking how work is structured.
The report warns: "Organizations must redesign work holistically rather than layering AI onto legacy processes."
Handing a staff accountant ChatGPT access is not AI adoption. It is AI exposure without workflow design. Governed AI adoption means defining which workflows AI handles, under what controls, with what review gates, and producing what evidence. That is work redesign — and it is exactly what most firms have not done.
Insufficient worker skills are cited as the biggest barrier to integrating AI into existing workflows. Yet talent preparedness is the lowest-rated dimension at only 20% "highly prepared" — and it declined year-over-year.
Only 48% of companies are designing upskilling strategies. Only 33% are redesigning career paths. The profession's traditional development pipeline — where associates learn by doing entry-level work that is now being automated — faces real disruption.
AI that requires every user to be an AI expert will not scale inside a CPA firm. The solution is an execution layer that abstracts the complexity — where the system handles routing, policy enforcement, and evidence collection, and the practitioner focuses on review, judgment, and client service. The skill gap shrinks when the platform carries the governance burden.
Every finding points to the same structural gap:
AI capability is ready. Governed execution infrastructure is not.
The enterprises in Deloitte's survey are not skeptics — 84% are increasing AI investment, 78% report greater confidence in the technology, and 25% say AI is already having a transformative effect (up from 12% a year ago). The capability story is settled.
What is not settled — what 80% of enterprises have not solved — is the question that sits between capability and deployment:
For general enterprises, these are important questions. For CPA firms — where the entire business model rests on client confidentiality and professional duty — they are existential.
"The choice is not between AI and no AI.
It is between ungoverned AI and governed AI."
The firms that solve governance first build advantages that late movers cannot close.
Foresight was built to close exactly the gap that Deloitte's report measures. It is not a chatbot. It is not a prompt wrapper. It is a governed AI execution layer that sits between your firm's workflows and the AI models that power them.
Every Foresight deployment uses the same interface, the same workflows, the same team experience. What changes is the governed boundary underneath:
| Deloitte Finding | What Foresight Does |
|---|---|
| 80% lack mature agent governance | Deterministic policy engine — not prompt-based safety. Routing, capability exposure, and approvals enforced outside the model. |
| 73% cite data privacy as top risk | Private Local mode: client data never leaves the firm's environment. Period. |
| 77% factor data sovereignty into vendor selection | Three execution modes — including fully on-prem / private cloud. You choose the boundary. |
| 84% have not redesigned work for AI | Pre-built governed workflows: bookkeeping classification, workpaper prep, document extraction, review, client memo drafting. |
| Skills gap is the #1 barrier | The platform carries the governance burden. Practitioners focus on review and judgment — not AI expertise. |
| Strategy ≠ operational readiness | Foresight is the operational layer between strategic intent and governed deployment. |
Deloitte's report makes the timing concrete:
That combination — surging deployment intent with lagging governance — creates a window. The firms that close the governance gap now will have governed AI workflows running while their competitors are still debating whether to start.
The advantage is not in being first to use AI. It is in being first to use it defensibly.
Request a walkthrough tailored to your firm's size, workflow, and compliance requirements. We will show you what Private Local and Hybrid Governed execution actually look like — with real accounting workflows, not slide decks.