In This Section

Generative AI Solutions: 4 Key Risk Areas for CPA Firms

May 28, 2024
Photo concept Internet security and cyber network. Businessman's hand works with a key icon virtual screen a cell phone on a computer, laptop, and a digital tablet.

The artificial intelligence (“AI”) solutions such as OpenAI’s ChatGPT continue to gain popularity. Many CPA firms seek to leverage the use of generative AI to accelerate innovation and increase productivity. As the use of any AI technology is very organization specific, CPA firms need to obtain a solid understanding of their needs and objectives and gain an understanding of how AI works before they can begin to identify what, if any, AI opportunities are the right fit for their firm.

"There are critical risks associated with generative AI that should be vetted by firms and mitigation strategies implemented to minimize potential exposures."

Although generative AI solutions can provide benefits for CPA firms, from CAMICO’s perspective, there are critical risks associated with generative AI that should be vetted by firms and mitigation strategies implemented to minimize potential exposures. These risks include but are not limited to concerns with accuracy and quality control, confidentiality, privacy, security, and ethical issues.

For example, consider the following areas of potential risk exposure:

Accuracy & Quality Control

AI-generated content cannot be relied upon as-is, as the information may be outdated, misleading or — in some cases — fabricated. All AI-generated content must be reviewed for accuracy before placing any reliance on it and should be given the same consideration as you would to the work of an intern or first-year staff person. Firms need to have proper oversight procedures in place to ensure that personnel with the appropriate competencies will review and interpret the data and content provided, make informed decisions, and provide expert guidance in applying the AI-generated information to specific client and/or firm fact patterns.

"Firms need to have proper oversight procedures in place to ensure that personnel with the appropriate competencies will review and interpret the data and content provided."

Confidentiality

In accordance with applicable professional and legal standards of care, sensitive client information, as well as firm- and personnel-related information, must be treated with the utmost confidentiality and should not be disclosed without express written permission. Since it is critical that the operations, activities, and business affairs of a firm and their clients are kept confidential when using generative AI, it is imperative firms ensure employees understand the terms of the firm’s Confidentiality Policy and are informed that any use of AI technology in violation of the firm’s Confidentiality Policy is strictly prohibited.

Data Privacy & Security

With data privacy protection initiatives spreading across the U.S., it is important for CPA firms to ensure the privacy and security of the sensitive personal information they collect, use, or store. To help mitigate data privacy and security risks, it is vital that firms prioritize data encryption, implement access controls, and adhere to data protection regulations. In addition, transparency is a key element in overcoming generative AI privacy challenges so it may be necessary to consult with qualified legal counsel and update, if needed, the firm’s Privacy Policy to ensure transparency about the categories of sensitive information collected, the sources of that information, the purpose for the collection, and how the firm stores and shares such information. 

Ethical Considerations

As generative AI has raised concerns about its potential for misinformation, deception, and manipulation of public opinion, firms need to consider the implications related to its actual or perceived unethical use. For example, firms should establish written guidelines to clarify that these technologies must not be used to create content that is inappropriate, discriminatory, or otherwise harmful to others or the firm.

Risk Management Tips:

  • Get educated, as AI is here to stay. Learn more about the generative AI tools that are available and take appropriate due diligence steps to assess which, if any, of these tools may be appropriate to deliver the most benefit to your firm.
  • Develop an implementation strategy. Successful integration of generative AI, or any new technology, requires a well-crafted implementation plan which should include, among other things, appropriate education and training to ensure responsible use. 
  • Document! Document your firm’s authorized usage (e.g open use, limited use, or prohibited use) of generative AI and communicate these terms and conditions to your staff. CAMICO offers a sample Generative Artificial Intelligence Chatbot Usage Policy template for this purpose on CAMICO’s Members-Only Site.

CAMICO policyholders with questions regarding this communication or other risk management questions should contact the Loss Prevention department at lp@camico.com or call our advice hotline at 800.652.1772 and ask to speak with a Loss Prevention Specialist.



Load more comments
Thank you for the comment! Your comment must be approved first
avatar
New code

Suzanne M. Holl, CPA
About the Author

Suzanne M. Holl, CPA, is Executive Vice President of Loss Prevention Services at CAMICO. With more than 30 years of experience in accounting, she draws on her Big Four public accounting and private industry background to provide CAMICO’s policyholders with information on a wide variety of loss prevention and accounting issues.