techsolutions

BY SUZANNE M . HOLL , CPA

While generative AI solutions can benefit CPA firms , from CAMICO ’ s perspective , there are critical risks associated with the technology that should be vetted by firms and strategies implemented to minimize potential exposures . These risks include , but are not limited to , concerns with accuracy and quality control , confidentiality , privacy , security and ethical issues .

For example , consider the following areas of potential risk exposure :

Accuracy and Quality Control AI-generated content can ’ t be relied upon as-is , as the information may be outdated , misleading or — in some cases — fabricated . All AI-generated content must be reviewed for accuracy before placing any reliance on it . Firms need to have oversight procedures in place to ensure that personnel with the appropriate competencies review and interpret the data and content , make informed decisions , and provide expert guidance in applying the AI-generated information to specific client and / or firm fact patterns .

Confidentiality In accordance with applicable professional and legal standards of care , sensitive client information , as well as firm- and personnel-related information , must be treated with the

www . calcpa . org

utmost confidentiality and should not be disclosed without express written permission . Since it ’ s critical that the operations , activities and business affairs of a firm and their clients are kept confidential when using generative AI , it ’ s imperative firms ensure employees understand the terms of the firm ’ s confidentiality policy and are informed that any use of AI in violation of that policy is strictly prohibited .

Data Privacy and Security With data privacy protection initiatives spreading across the U . S ., it is important for CPA firms to ensure the privacy and security of the sensitive personal information they collect , use or store . To help mitigate data privacy and security risks , firms should prioritize data encryption , implement access controls and adhere to data protection regulations . In addition , transparency is a key element in overcoming generative AI privacy challenges , so it may be necessary to consult with qualified legal counsel and update , if needed , the firm ’ s privacy policy to ensure transparency about the categories of sensitive information collected , the sources of that information , the purpose for the collection and how the firm stores and shares such information .

Ethical Considerations As generative AI has raised concerns about its potential for misinformation , firms need to consider the implications related to its actual or perceived unethical use . For example , firms should establish written guidelines to clarify that these technologies must not be used to create content that is inappropriate , discriminatory or otherwise harmful to others or the firm .

Risk Management Tips

• Get educated , as AI is here to stay . Learn more about available generative AI tools and take the appropriate due diligence to assess which , if any , of these tools may be appropriate for your firm .

• Develop an implementation strategy . Successful integration of generative AI , or any new technology , requires a well-crafted implementation plan that includes , among other things , appropriate education and training to ensure responsible use .

• Document ! Document your firm ’ s authorized usage ( e . g ., open use , limited use or prohibited use ) of generative AI and communicate these terms and conditions to your staff . CAMICO offers a sample Generative Artificial Intelligence Chatbot Usage Policy template for this purpose on CAMICO ’ s Members-Only Site .

Suzanne M . Holl , CPA , is executive vice president of Loss Prevention Services at CAMICO . You can reach her at camico . com . CAMICO policyholders with questions about risk management issues can contact the Loss Prevention department at lp @ camico . com or call CAMICO ’ s advice hotline , ( 800 ) 652-1772 .

JULY 2024 CALIFORNIA CPA 17