By Suzanne M. Holl, CPA

Artificial intelligence (AI) solutions such as OpenAI’s ChatGPT continue to gain popularity. Many CPA firms are seeking to leverage the use of generative AI to accelerate innovation and increase productivity. The use of any AI technology is going to be very organization-specific, but CPA firms generally need to obtain a solid understanding of their objectives and how AI works before they can begin to identify what, if any, AI opportunities are the right fit for the firm.

Despite the benefits generative AI solutions can provide CPA firms, from the perspective of CAMICO, a professional liability insurance company, there are critical risks associated with its use that should be vetted by firms. Mitigation strategies also should be implemented to minimize potential exposures. These risks include, but are not limited to, concerns with accuracy and quality control, confidentiality, privacy, security, and ethical issues.

Consider the following example areas of potential risk exposure.

Accuracy and Quality Control

AI-generated content cannot be relied upon as provided. The information may be outdated, misleading, or, in some cases, fabricated. All AI-generated content must be reviewed for accuracy before placing any reliance on it. Essentially, it should be given the same consideration as you would the work of an intern or first-year staff person. Firms need to have proper oversight procedures in place to ensure that personnel with the appropriate competencies review and interpret the data and content provided, make informed decisions, and provide expert guidance in applying the AI-generated information to specific client or firm fact patterns.

Confidentiality

In accordance with applicable professional and legal standards of care, sensitive client information as well as firm- and personnel-related information must be treated with the utmost confidentiality. None of this data should be disclosed without express written permission. Since it is critical that the operations, activities, and business affairs of a firm and their clients are kept confidential when using generative AI, it is imperative to ensure employees understand the terms of the firm’s confidentiality policy and are informed that any use of AI technology in violation of the firm’s confidentiality policy is strictly prohibited.

Data Privacy and Security

With data privacy protection initiatives spreading across the United States, it is important for CPAs to ensure the privacy and security of the sensitive personal information they collect, use, and store. To help mitigate data privacy and security risks, it is vital to prioritize data encryption, implement access controls, and adhere to data protection regulations. In addition, transparency is an important part in overcoming generative AI privacy challenges, so it may be necessary to consult with qualified legal counsel and update the firm’s privacy policy if needed to ensure transparency about the categories of sensitive information collected, the sources of that information, the purpose for the collection, and how the firm stores and shares such information.

Ethical Considerations

With the growth of generative AI there has been an accompanying growth in concern about its potential for misinformation, deception, and manipulation of public opinion. Firms need to consider the implications related to its actual or perceived unethical use. For example, firms should establish written guidelines that clarify that these technologies must not be used to create content that is inappropriate, discriminatory, or otherwise harmful to others or the firm.

Risk Management Tips

In an effort to protect your practice before AI is suddenly upon you, take these initial steps to get a footing on managing the potential risks arising from this new technology.

• AI is here to stay, so get educated – Learn more about the generative AI tools that are available and take appropriate due diligence steps to assess which, if any, of these tools may be appropriate to deliver the most benefit to your firm.
• Develop an implementation strategy – Successful integration of generative AI, or any new technology for that matter, requires a well-crafted implementation plan that should include, among other things, appropriate education and training to ensure responsible use.
• Document – Document your firm’s authorized usage (e.g., open use, limited use, or prohibited use) of generative AI and communicate these terms and conditions to your staff.

Suzanne M. Holl, CPA, is executive vice president of loss prevention services at CAMICO. With more than 30 years of experience in accounting, she draws on her Big Four public accounting and private industry background to provide CAMICO’s policyholders with information on a wide variety of loss prevention and accounting issues. She can be reached at sholl@camico.com.

Sign up for PICPA's weekly professional and technical updates by completing this form.

^{Statements of fact and opinion are the authors’ responsibility alone and do not imply an opinion on the part of the PICPA's officers or members. The information contained herein does not constitute accounting, legal, or professional advice. For actionable advice, you must engage or consult with a qualified professional.}