Runwaize Logo
Runwaize Logo
EN|FR
Pour les ManagersPour les Développeurs d'Agents
Solutions
Supervaize StudioSupervaizer ControllerThe Skills CookbookAidan · Agent Intervieweur
Services
Consulting AgentiqueDéveloppement AgentiqueAidan
Aidan pour les ConseilsAidan pour l'Agro-industrieAidan pour les AvocatsAidan pour l'ImmobilierAidan pour la Conduite du ChangementAidan pour l'Évaluation du ManagementAidan pour les Opérations Terrain
L'Horror Show de l'IA
S'inscrire
Retour à toutes les histoires
Reputational Disaster
🔴 Real Incident

The Compliance Review That Cited a Book That Didn't Exist

Deloitte Australia billed the federal government A$440,000 for a compliance review of a welfare-penalty IT system. The report quoted a federal judge who never said the words and cited academic papers that don't exist.

2025-10-07·8 min read·Par Supervaize Team
The Compliance Review That Cited a Book That Didn't Exist

The Compliance Review That Cited a Book That Didn't Exist

🔴 REAL INCIDENT: Deloitte Australia — hallucinated citations in a A$440K government welfare-system assurance review (July–October 2025)

What Happened

In December 2024, the Australian Department of Employment and Workplace Relations (DEWR) signed a contract with Deloitte Australia worth roughly A$440,000 (≈US$290,000). The deliverable was a 237-page independent assurance review of the IT system used to automate penalties under Australia's Targeted Compliance Framework — the algorithm that decides when welfare recipients lose their payments for missing obligations. A compliance review of a compliance system. The kind of document that exists precisely so that vulnerable Australians, and the courts that hear their appeals, can trust that the government's enforcement machinery has been independently checked.

The report was published in July 2025 on the department's website.

In August, Sydney University researcher Chris Rudge — a specialist in health and welfare law — read a passage that attributed a book to Lisa Burton Crawford, a Sydney University professor of public and constitutional law. The book's title was outside Crawford's field of expertise. Rudge knew Crawford. He had never heard of the book. "I instantaneously knew it was either hallucinated by AI or the world's best kept secret because I'd never heard of the book and it sounded preposterous," he later told the Associated Press.

He kept reading. The report contained a fabricated quote attributed to a federal court judgment. It cited academic papers that did not exist. It referenced authors and works that no library catalog could find. The Australian Financial Review broke the story on August 22, 2025.

On September 26, Deloitte quietly republished the report. The revised version removed the fabricated quote from the federal court judge, scrubbed the non-existent references, and added a new disclosure that had not appeared in the July version: a generative AI language system, Azure OpenAI, had been used in its creation. The accompanying "Report Update" section assured readers that the changes "in no way impact or affect the substantive content, findings and recommendations in the report."

On October 7, 2025, Fortune confirmed Deloitte would refund the government. Two weeks later, on October 21, the department confirmed the refund had landed: A$97,000 — approximately US$63,000, the final installment of the contract. The first three installments, totaling roughly three-quarters of the fee, were retained.

The same month Deloitte was caught, the firm announced a US$3 billion investment in generative AI through fiscal year 2030. The same week the refund was finalized, Anthropic announced a partnership making Claude available to more than 470,000 Deloitte professionals worldwide.

How a Fabricated Judge Quote Survived to Publication

The mechanics of the failure are unremarkable. The fact that nobody caught them is the story.

The model hallucinated authoritative citations. This is the most well-documented LLM failure mode in existence. Large language models trained on legal and academic corpora produce plausible-looking case citations, book titles, and academic references because that is the shape of their training data. They produce them whether or not the source exists. Hallucinated citations have already cost American lawyers six-figure sanctions, license suspensions, and disbarment proceedings throughout 2025. None of this was unknown when Deloitte's team prompted Azure OpenAI for help drafting the report.

No citation verification layer existed in the workflow. Every citation in a 237-page government assurance review is a falsifiable claim. Each one resolves to either an existing source or a fabrication. A trivial pipeline — feed every citation to a search index, flag any that fail to resolve — would have caught every error before the document left Deloitte's office. The pipeline was not run. There is no evidence it was even contemplated.

No human review checkpoint covered AI-generated content. Deloitte's revision disclosed "a generative AI language system, Azure OpenAI, was used in its creation." It did not disclose what proportion of the text was AI-generated, what prompts were used, or whether any human ever read the model's output against a primary source. The omission is telling. A Big Four firm with a US$3B AI strategy did not have a documented protocol for verifying AI-generated citations in client-facing deliverables. The model wrote a paragraph quoting a federal judge. Nobody checked whether the judge had ever said the words.

The document carried the institutional weight of "independent assurance." This is the part that should keep professional services CEOs awake. The deliverable was not a marketing whitepaper. It was a 237-page review whose purpose was to be cited — by the department, by the minister, by tribunal members, by appellate courts hearing welfare-penalty challenges. Anything inside it carried Deloitte's reputation as warranty. When the firm published a quote that no judge ever uttered, that quote became, for a brief moment, part of the public record on which subsequent enforcement decisions could rest.

The disclosure came after the discovery. The original July report contained no AI-use disclosure. The September 26 revision added one. The disclosure was retroactive — a consequence of being caught, not a prerequisite of the work. Every Deloitte AI deliverable shipped before August 2025 is now in a category called "did anyone check?"

The Broader Pattern

The Deloitte report is the same failure as Air Canada's chatbot promising bereavement refunds it could not deliver and as every AI-citation sanction case currently piling up in American and Australian courts. An AI system produces plausible language that is not anchored to a verified source, and the organization deploying it ships the output as authoritative without checking. The technology is the same. The professional context just keeps getting heavier.

In Air Canada's case, the consequence was a $812 tribunal award and a precedent on chatbot liability. In Deloitte's case, the consequence is a $63K refund — and an undisclosed number of revised academic citations that will now be quietly removed from every Deloitte deliverable shipped during 2024 and 2025. The financial hit is small. The professional credibility hit is the entire balance sheet of a $3B AI strategy.

The UK Financial Reporting Council warned in June 2025 that Big Four firms were failing to monitor how AI and automated technologies were affecting audit quality. The Deloitte Australia report is the first publicly verified case of that failure landing in a government deliverable. It will not be the last. The same pattern — partner-led work, junior staff drafting with AI, no citation verification, no second-pair-of-eyes review — exists at every Big Four firm, at every management consultancy, at every law firm now offering "AI-augmented" services. The only variable is who catches it next.

Australian Greens Senator Barbara Pocock, whose portfolio includes oversight of the public sector, said the partial refund was insufficient. "Deloitte misused AI and used it very inappropriately: misquoted a judge, used references that are non-existent," she told the ABC. "I mean, the kinds of things that a first-year university student would be in deep trouble for."

A first-year university student would, in fact, be in deep trouble. A first-year would face an academic integrity panel, a transcript notation, possibly a suspension. Deloitte faced a refund of less than a quarter of the contract value and a press cycle that lasted three weeks.

How It Could Have Been Prevented

The Deloitte failure was operational, not technical. Every control on this list is available today. None of them were applied.

  • Mandatory citation verification pass. A scripted check that resolves every citation in any AI-generated draft against an authoritative index (LexisNexis, Westlaw, CrossRef, Google Scholar). Citations that fail to resolve are flagged for human review. This is one weekend of engineering work for a firm with a US$3B AI budget.
  • AI use disclosure as a prerequisite, not a remediation. Every deliverable touched by a generative model gets a disclosure line in the front matter, with a description of the model used, the scope of its use, and the human review protocol applied. The protocol should be auditable.
  • Human sign-off on every external-facing citation. Where the model writes a quote attributed to a third party — a judge, an academic, a public official — a named human verifies the quote against the primary source before publication. No exceptions. This is the rule that prevents the fabricated judgment quote and the imaginary book title from ever shipping.
  • Domain-specific RAG, not naked LLM drafting. Compliance reviews of government IT systems should not be drafted by a chat model with no retrieval layer. A retrieval-augmented pipeline grounded in a curated corpus of relevant case law, departmental documentation, and verified academic sources would prevent the model from inventing citations, because invention would not be the path of least resistance — retrieval would.
  • Clear contractual liability for AI-augmented work. Government and enterprise procurement contracts should specify that AI-generated content is the contractor's responsibility, that hallucinated citations are a delivery defect, and that the remedy is full refund and re-performance. Deloitte's A$97K refund — less than a quarter of the contract value — exists because no such clause existed.
  • Independent QA on assurance work. The grim irony of an assurance review failing internal assurance is the headline. Big Four firms perform assurance reviews on each other's audits routinely. None of them currently perform assurance reviews on each other's AI-augmented deliverables. They will, eventually. The question is whether they start before or after the next federal court starts disciplining lawyers for citing a Deloitte report that cited a book that doesn't exist.

The Lesson

The Deloitte Australia case is a small-dollar, big-meaning incident. The refund will not appear on any quarterly earnings call. The 237-page report will be cited, when it is cited, as a footnote in three years' worth of compliance-AI conference talks.

But it is the first case to make the failure mode of professional services AI legible to a non-technical audience: the consulting firm shipped a deliverable that quoted a judge who never said the words, and got paid three-quarters of the fee anyway. Every minister, every government procurement officer, every general counsel reading the Fortune story is now revising their assumptions about what "independent assurance" means when generative AI is in the production chain. Those assumptions, until October 2025, did most of the trust work in the consulting industry. They no longer do.

The same week, Deloitte's $3B AI strategy and the Anthropic partnership for 470,000 seats both landed in the press. The juxtaposition is not subtle. Big Four firms are pricing AI as a productivity multiplier — more deliverables per partner-hour, more revenue per analyst seat. The multiplier only works if the QA stack keeps pace. In this case it did not, by an embarrassing margin, on a deliverable that purported to validate the integrity of a system used to penalize the poorest Australians.

If a fabricated quote from a federal judge can survive your AI workflow to a federal department's published website, the failure is not that the model hallucinated. The failure is that nobody read the output. And if nobody read this output, what else is on your shelf right now with a citation nobody checked?

Sources

  • Fortune — Nino Paoli, "Deloitte was caught using AI in $290,000 report to help the Australian government crack down on welfare after a researcher flagged hallucinations," October 7, 2025
  • CFO Dive — Alexei Alexis, "Deloitte refunds over $60K for report with AI errors, Australian government says," October 21, 2025
  • Australian Financial Review — "Academics raise alarm over suspected AI use in Deloitte report," August 22, 2025
  • Associated Press — Tristan Lavalette, "Deloitte to refund Australian government for AI-generated report errors," October 7, 2025
  • Department of Employment and Workplace Relations — Secretary's statement on the Integrity Assurance Program, October 2025
  • Revised Deloitte Report (DEWR) — Targeted Compliance Framework Assurance Review Final Report (revised version dated September 26, 2025)