Your staff is already using AI for tax research, document review, and client communication. The question is whether they're exposing confidential client information every time they do. I help CPA firms choose AI tools that comply with AICPA ethics rules and protect your professional license.
AI is transforming accounting — but most firms are adopting tools without checking whether they create confidentiality violations.
"If I put client tax data into ChatGPT, is that a confidentiality violation?" — AICPA Code ET §1.700 prohibits disclosure of confidential client information without consent. Most consumer AI tools train on your inputs. That means client financial data is being used to improve a commercial product.
"What if the AI gives wrong tax advice?" — IRS Circular 230 requires due diligence in tax practice. If your AI tool generates incorrect tax positions and you don't verify them, you face preparer penalties and potential malpractice liability.
"Our firm uses AI for document review. Is that covered by our engagement letter?" — Most engagement letters don't address AI use. If your AI tool processes client data outside the scope of your engagement, you may have an unauthorized disclosure problem.
"Our AI vendor has SOC 2 certification — so we're fine, right?" — SOC 2 doesn't address AI-specific risks like model training on client data, output accuracy, or confidentiality obligations unique to CPAs. You need AI-specific vendor due diligence.
AICPA standards, IRS requirements, and state CPA board rules create clear obligations for accounting firms using AI. Here's what you need to know.
Prohibits disclosure of confidential client information without specific consent. Using AI tools that train on user data or lack data protection agreements likely violates this standard. The test: would your client consent to this vendor processing their financial data?
Requires practitioners to exercise due diligence in preparing tax returns and providing tax advice. AI-generated tax positions must be independently verified. Reliance on AI without verification creates preparer penalty exposure under §6694.
Firms with SOC 2 obligations must ensure AI vendors meet security, availability, and confidentiality trust service criteria. Standard SOC 2 audits don't cover AI-specific risks — you need supplemental controls for model training, data retention, and output accuracy.
State CPA boards are issuing guidance on AI use. Illinois, New York, and California boards have addressed AI's impact on independence, confidentiality, and professional competence. Non-compliance can result in license suspension or revocation.
Most engagement letters don't address AI tool use. Without explicit disclosure and consent for AI processing of client data, firms may breach engagement terms. Updated engagement letters should address AI tool use, data handling, and limitation of liability.
For firms auditing public companies, PCAOB standards require auditors to understand and test AI tools used in the audit. SEC has signaled increased scrutiny of AI use in financial reporting and audit processes.
Multiple state boards have initiated inquiries into CPA firms using consumer AI tools for client work without proper confidentiality safeguards. Investigations focused on unauthorized disclosure of client financial information.
IRS Office of Professional Responsibility has flagged AI-assisted tax preparation as an area of concern. Practitioners who rely on AI-generated positions without independent verification face preparer penalty exposure.
Professional liability insurers report increasing claims related to AI-assisted accounting work. Errors in AI-generated work product that go unreviewed are creating new malpractice exposure for CPA firms.
I don't sell AI tools. I help you choose the ones that actually comply with your professional obligations — and avoid the ones that don't.
I evaluate every AI tool your firm uses or is considering — consumer tools, tax-specific platforms, document review software — against AICPA standards, Circular 230, and your state CPA board's guidance.
I review your AI vendor agreements for confidentiality gaps — model training clauses, data retention policies, subprocessor arrangements — and negotiate terms that protect client data.
Not all AI is equal. I help you choose between enterprise platforms with proper data protection, on-premise options for sensitive client data, and hybrid architectures that balance capability with confidentiality.
Firm-specific AI usage policies covering AICPA compliance, engagement letter updates, staff training protocols, and client disclosure requirements. Practical, not theoretical.
30 minutes. We'll review your current AI tools and identify compliance gaps specific to your practice.
Book a Strategy Call25 questions to assess whether your AI tools create confidentiality violations — and what to do if they do. Score your compliance in under 10 minutes.