AICPA Ethics Framework for AI Use at CPA Firms

The AICPA hasn't yet issued an "AI Formal Opinion" equivalent to ABA Formal Opinion 512, but existing AICPA standards apply fully to AI-augmented CPA practice. The framework is clear when traced through the existing Code of Professional Conduct and supplemental guidance.

The applicable AICPA standards

• Code of Professional Conduct — Foundation including independence, integrity, objectivity
• Rule 301 (Confidentiality) — Client information protection
• Rule 201 (Professional Competence) — Adequate technical training
• Rule 202 (Auditing Standards) — When applicable
• SSARS — Statements on Standards for Accounting and Review Services
• SQMS — Statements on Quality Management Standards

Plus Circular 230 (IRS practice) and state board rules.

How AICPA standards apply to AI

Rule 301 Confidentiality:

• AI tools that retain or use client data for training violate confidentiality
• Free consumer AI tools (free ChatGPT, etc.) typically not compliant
• Enterprise-tier tools with proper data handling are acceptable
• Document handling for AI processing must protect privilege

Rule 201 Professional Competence:

• CPAs must understand AI tools sufficient to use them competently
• Verification of AI output is part of professional competence
• Training and ongoing education on AI tools

SSARS and Quality Management:

• AI use in attestation and review services must comply with applicable standards
• Quality management framework applies to AI-augmented work
• Documentation of AI-assisted procedures

Due Diligence under Circular 230:

• CPAs must exercise due diligence in tax practice
• AI accelerates work but doesn't reduce due diligence obligation
• Verification of AI output essential

Practical framework for CPA firms

Tool selection:

• Enterprise-tier tools only for client work
• SOC 2 Type II or equivalent
• Data not used for training
• Encryption at rest and in transit

Workflow design:

• AI-assisted work clearly designated
• CPA verification and supervision at every step
• Documentation of AI use

Training:

• Annual AI competence training
• Tool-specific training for staff
• Documentation of training

Audit and review:

• Quarterly review of AI-assisted work product
• Quality control sampling
• Annual policy refresh

Engagement letter language

Many CPA firms include AI disclosure:

"Our firm uses AI tools to assist with tax preparation, document analysis, advisory services, and related tasks. All AI-assisted work is reviewed and verified by our CPAs, and client confidentiality is maintained through tools that protect privileged information. Our billing reflects the value of our work, including time spent reviewing and verifying AI-assisted output."

State-specific considerations

State CPA boards vary in AI guidance:

• Some states have published initial AI guidance
• Most reference AICPA standards with state-specific notes
• State CPA board rules apply for licensed practice
• Maintain awareness of your state's specific guidance

What examiners and peer reviewers look for

Common questions:

• Do you have written AI policy?
• What AI tools are in use?
• How are CPAs and staff trained on AI?
• How is client confidentiality protected?
• How is AI use documented?
• Have you addressed AICPA standards in your AI policy?

Documentation supporting these answers protects the firm.

What can go wrong

Pattern 1: Free consumer AI for client tax data. Rule 301 violation.

Pattern 2: Inadequate verification. Errors in returns or advisory work.

Pattern 3: Documentation gaps. Peer review or examination finds issues.

Pattern 4: Inadequate staff training. Rule 201 (competence) concerns.

Pattern 5: Aggressive billing. Honest billing applies to CPAs same as attorneys.

What we deploy

For CPA firms working with us on AI ethics infrastructure:

• AI policy aligned with AICPA standards
• Training curriculum (60-90 min annual)
• Workflow documentation
• Quality management updates
• Engagement letter language

Cost: $5-25k initial for policy and training development. Ongoing maintenance light.

Bottom line

AICPA standards fully apply to AI-augmented CPA practice. The framework is clear: enterprise-tier tools, professional competence, supervisory oversight, due diligence, honest billing.

Firms with structured AI ethics infrastructure operate AI confidently. Firms without face growing peer review, examination, and state board pressure.

The investment is modest. The protection is substantial. Build the framework before you need it.