By the Shadow AI Policy team
**Accounting firms are using AI tools on client data right now — and most don't have a written policy that addresses what that actually means under professional conduct rules.** This post covers the five policy areas your firm needs to address before the next staff member pastes a client's tax schedule into a chatbot: client data and tool restrictions, audit workpaper handling, current AICPA and state CPA society guidance, attest engagement limitations, and the confidentiality obligations that run underneath all of it.The confidentiality rules in the AICPA Code of Professional Conduct don't have a "we used a third-party AI tool" exception. If client data leaves your control and ends up in a vendor's training pipeline, that's a potential violation — regardless of whether the output was useful. Lock down the tool list before you address anything else.
Most AI acceptable use policies are written for general business use: don't share passwords, don't put HR data in public tools, get approval before using new software. That baseline is necessary but not sufficient for accounting firms. Your staff operates under a professional conduct framework — the AICPA Code of Professional Conduct and applicable state CPA society rules — that creates obligations no standard corporate policy covers.
The practical gap shows up fast. A tax manager uses ChatGPT to draft a client memo and pastes in the client's income summary to give the tool context. A staff auditor asks an AI assistant to help summarize a workpaper. Neither action looks alarming to someone used to general business AI policy. Both raise real questions under Rule 1.700.001 of the AICPA Code of Professional Conduct, which governs the confidentiality of client information. Your policy needs to name these scenarios explicitly — not leave staff to guess whether AI tools count as "disclosure."
For a broader grounding in what unmanaged AI tool adoption looks like across industries, see our overview of what shadow AI is and why it spreads. The accounting context is a sharper version of the same problem.
Client tax data — returns, supporting schedules, K-1s, payroll records, financial statements provided for tax purposes — is confidential client information under AICPA Code § 1.700.001. Sharing it with a third party without client consent is a violation, and "third party" includes AI tools that process inputs on external servers, retain inputs for model training, or make inputs accessible to vendor employees for safety review.
Your policy needs to draw a clear line between tool categories. Consumer and free-tier AI tools (ChatGPT free, Claude.ai free, Gemini personal accounts) generally process inputs on shared infrastructure with terms of service that permit data use for model improvement. Enterprise or API-tier versions of the same tools often offer different terms — data processing agreements, no training on customer data, deletion controls. The distinction matters enormously for compliance, and most staff don't know it exists.
Use this table to structure your firm's tool approval tiers:
| Tool Tier | Examples | Client Tax Data Allowed? | Key Requirement Before Use |
|---|---|---|---|
| Consumer / Free-tier | ChatGPT (free), Claude.ai (free), Gemini personal | No | Blocked by policy; no exceptions |
| Business / Enterprise (no DPA) | ChatGPT Team without negotiated DPA | No | Requires DPA and legal review first |
| Enterprise (DPA executed) | Microsoft 365 Copilot, ChatGPT Enterprise, Google Workspace with approved BAA/DPA | Conditional | DPA executed, no training on firm data confirmed in writing, use-case approved by practice leader |
| Firm-deployed / on-premise | Private Azure OpenAI instance, self-hosted models | Yes (with controls) | Access controls, audit logging, and data retention policy in place |
Your policy should also address IRC § 7216, which restricts tax preparers from disclosing or using tax return information without client consent. This is a federal criminal statute — violations carry fines and potential imprisonment. "Using" an AI tool that processes return data on a third-party server is a plausible § 7216 disclosure. Get explicit client consent language drafted before approving any client-data AI workflow, even on enterprise tools.
Audit workpapers are the evidentiary backbone of an attest engagement. AICPA auditing standards require that workpapers be sufficient to enable an experienced auditor with no prior connection to the engagement to understand the procedures performed, evidence obtained, and conclusions reached (AU-C Section 230). The moment an AI tool helps draft, summarize, or structure workpaper content, two questions arise: Is the output accurate? And is its provenance documented?
Your policy should require that any AI-assisted workpaper content be clearly labeled as AI-assisted, reviewed by the responsible engagement team member before inclusion, and supported by the underlying evidence the AI summarized — not just the AI's summary. AI tools hallucinate. An auditor who signs off on a workpaper section because the AI summary "looked right" without checking the source documents has a documentation problem, not just a technology problem.
There's also a practical PCAOB consideration for firms with public company audit clients. The PCAOB has signaled through inspection findings and staff guidance that it expects firms to be able to explain and support every conclusion in audit documentation. An AI-generated summary that can't be traced to specific procedures and evidence doesn't meet that standard regardless of how well-written it is.
The AICPA has been actively developing AI-related resources. In 2023 and 2024, the AICPA's Technology and Innovation team published guidance acknowledging that members are using AI tools and stressing that existing professional standards — particularly the confidentiality rules under the AICPA Code of Professional Conduct and the competence requirements under § 0.300.040 — apply directly to AI use. The AICPA has not yet issued a standalone AI-specific standard, but the clear message from published resources is that existing ethics rules already govern the conduct; firms shouldn't wait for a new AI-specific rule to act.
Several state CPA societies have gone further with jurisdiction-specific guidance. The California Society of CPAs and the New York State Society of CPAs have both published member alerts addressing AI tool use and confidentiality. If your firm operates in multiple states, check each applicable state society's published guidance — obligations can stack. A policy that satisfies AICPA baseline requirements may still fall short of a state society's recommended practices for members in that jurisdiction.
The AICPA Code of Professional Conduct § 1.700.001 (Confidential Client Information Rule) states that a member in public practice shall not disclose any confidential client information without the specific consent of the client. The rule doesn't have a technology exception. It applies to AI tools the same way it applies to fax machines and cloud storage.
Your policy should reference both the AICPA Code and any applicable state rules by name, so staff understand this isn't a firm preference — it's a professional obligation with licensure consequences.
Attest engagements — audits, reviews, and compilations — carry the highest AI risk in an accounting firm. The reason is independence. AICPA independence standards (ET § 1.200.001) and, for SEC clients, SEC independence rules require that the firm not take on management responsibilities for the client. If an AI tool is used to generate a significant portion of an audit conclusion, sampling approach, or risk assessment without the auditor exercising genuine professional judgment over the process, there's a plausible argument that the auditor outsourced a professional judgment — which creates both an independence and a competence question.
The practical policy guidance here is more conservative than most firms want to hear: AI tools on attest engagements should be used for efficiency tasks (formatting, cross-referencing, drafting routine communications) rather than judgment tasks (risk assessment, materiality determination, evaluation of evidence sufficiency). The engagement partner needs to make that distinction explicit in the policy and train staff on which category each approved use case falls into.
The confidentiality obligations under the AICPA Code aren't limited to tax data or audit files. They cover all confidential client information obtained in the course of the professional relationship. That includes strategy discussions, acquisition plans, payroll data, ownership structures, and any other non-public information a client shares with the firm. Any AI tool that processes that information is handling confidential client information — and your policy needs to treat it that way.
The consent pathway matters here. AICPA Code § 1.700.040 (Disclosing Information to Third-Party Service Providers) creates a pathway for sharing client information with vendors who provide services to the firm, as long as the member is reasonably assured the vendor will maintain confidentiality and the member has informed the client. "Reasonably assured" means a executed data processing agreement with confidentiality terms — not just a vendor's marketing claims about security.
Build your policy to require three things before any AI tool can process client information: (1) an executed data processing agreement with the vendor that includes confidentiality obligations; (2) a confirmed representation from the vendor that client data will not be used for model training; and (3) client engagement letter language that discloses use of third-party technology service providers. Many firms already have this last element for cloud storage; extend it explicitly to AI tools.
For a complete starting framework your firm can adapt, see our AI acceptable use policy template guide, which covers data classification, tool approval workflows, and the DPA requirement in a format you can customize for professional services. If you want a policy draft tailored to your firm's size and practice areas, you can generate a tailored policy kit directly.
About Shadow AI Policy: We build AI acceptable use policy tools for HR and operations teams at 50–500 person companies. We publish guides on shadow AI, acceptable use policies, and AI governance, updated as regulations and AI tools change.
The primary rule is AICPA Code of Professional Conduct § 1.700.001, the Confidential Client Information Rule, which prohibits disclosing client information without specific client consent. When an AI tool processes client data on a third-party server, it's a plausible disclosure under that rule. Section 1.700.040 creates a vendor exception if you have a written confidentiality agreement with the vendor and have informed the client — but that requires actual paperwork, not just choosing a reputable tool.
Yes. IRC § 7216 prohibits tax preparers from knowingly or recklessly disclosing or using tax return information for purposes other than preparing the return. Sending client return data to a third-party AI service that processes it on external servers is a plausible "use" or "disclosure" under the statute. This is a federal criminal statute with penalties including fines and up to one year imprisonment, so it's worth getting explicit written consent from clients — and a DPA from vendors — before approving any AI workflow that touches return data.
A standard Microsoft enterprise agreement doesn't automatically cover Copilot data handling for professional services confidentiality purposes. You need to confirm that your specific Copilot deployment includes Microsoft's data processing addendum with the relevant provisions — particularly that client data isn't used for model training — and that Copilot is scoped to your firm's tenant only, with no data leaving that environment. You also need to document that you've performed the professional judgment review required under AU-C Section 230 for any workpaper content Copilot assists with. A Microsoft sales agreement alone isn't sufficient.
Yes, and this is one of the easier compliance steps. AICPA Code § 1.700.040 requires that clients be informed when their data is shared with third-party service providers. Your engagement letter should include a disclosure that the firm uses technology service providers — including AI-assisted tools — to deliver services, and that those providers are bound by confidentiality obligations. Many firm engagement letters already have cloud storage disclosure language; extending that to AI tools is a straightforward amendment. Have your professional liability insurer review the language as well, since many are starting to ask about AI tool use during policy renewals.
Tailored to your industry and the AI tools your team uses. Free preview, $79 one-time or $149/mo with monthly updates.
Generate my policy kit →