As artificial intelligence (AI) solutions such as OpenAI’s ChatGPT gain popularity many CPA firms are seeking to leverage the use of generative AI to accelerate innovation and increase productivity. As the use of any AI technology is organization specific, CPA firms need to obtain a solid understanding of their needs and objectives, as well understand how AI works before they can begin to identify what, if any, AI opportunities are right for them.
While generative AI solutions can benefit CPA firms, from CAMICO’s perspective, there are critical risks associated with the technology that should be vetted by firms and strategies implemented to minimize potential exposures. These risks include, but are not limited to, concerns with accuracy and quality control, confidentiality, privacy, security and ethical issues.
For example, consider the following areas of potential risk exposure:
Accuracy and Quality Control
AI-generated content can’t be relied upon as-is, as the information may be outdated, misleading or—in some cases—fabricated. All AI-generated content must be reviewed for accuracy before placing any reliance on it. Firms need to have oversight procedures in place to ensure that personnel with the appropriate competencies review and interpret the data and content, make informed decisions, and provide expert guidance in applying the AI-generated information to specific client and/or firm fact patterns.
Confidentiality
In accordance with applicable professional and legal standards of care, sensitive client information, as well as firm- and personnel-related information, must be treated with the utmost confidentiality and should not be disclosed without express written permission. Since it’s critical that the operations, activities and business affairs of a firm and their clients are kept confidential when using generative AI, it’s imperative firms ensure employees understand the terms of the firm’s confidentiality policy and are informed that any use of AI in violation of that policy is strictly prohibited.
Data Privacy and Security
With data privacy protection initiatives spreading across the U.S., it is important for CPA firms to ensure the privacy and security of the sensitive personal information they collect, use or store. To help mitigate data privacy and security risks, firms should prioritize data encryption, implement access controls and adhere to data protection regulations. In addition, transparency is a key element in overcoming generative AI privacy challenges, so it may be necessary to consult with qualified legal counsel and update, if needed, the firm’s privacy policy to ensure transparency about the categories of sensitive information collected, the sources of that information, the purpose for the collection and how the firm stores and shares such information.
Ethical Considerations
As generative AI has raised concerns about its potential for misinformation, firms need to consider the implications related to its actual or perceived unethical use. For example, firms should establish written guidelines to clarify that these technologies must not be used to create content that is inappropriate, discriminatory or otherwise harmful to others or the firm.
Risk Management Tips
Get educated, as AI is here to stay. Learn more about available generative AI tools and take the appropriate due diligence to assess which, if any, of these tools may be appropriate for your firm.
Develop an implementation strategy. Successful integration of generative AI, or any new technology, requires a well-crafted implementation plan that includes, among other things, appropriate education and training to ensure responsible use.
Document! Document your firm’s authorized usage (e.g., open use, limited use or prohibited use) of generative AI and communicate these terms and conditions to your staff. CAMICO offers a sample Generative Artificial Intelligence Chatbot Usage Policy template for this purpose on CAMICO’s Members-Only Site.
Suzanne M. Holl, CPA, is executive vice president of Loss Prevention Services at CAMICO.