A partner at a mid-size CPA firm outside San Jose recently told us she’d started using an AI-assisted tax research tool to speed up complex returns. Six months in, she realized she’d never actually read the vendor’s data processing agreement. What she found wasn’t reassuring.

Her clients’ financial data was being used to improve the model.

The Problem: Most Firms Are Adopting AI Tools Faster Than They’re Vetting Them

The promise is real. AI tools can speed up tax prep, flag audit anomalies, and surface research faster than any associate browsing the Internal Revenue Code. In a profession where billable hours are finite and filing deadlines don’t move, that matters.

But adoption is racing ahead of due diligence. Firms are signing up because a vendor demo looked polished or a colleague mentioned it at a conference. They’re not asking what actually needs to be asked: Where does the client data go? Who has access to it? Is it used to train the underlying model? What happens to it after a session ends?

This isn’t theoretical. Several popular AI-assisted tax and audit platforms send queries—including client financial data, entity names, and transaction details—through large language models hosted by third-party providers. Some of those providers hold onto inputs for 30 days by default. Some use inputs for model improvement unless you opt out. Most firms don’t know this.

The harder part: even firms that read the vendor terms often stop there. They don’t ask if the vendor’s subprocessors have the same protections. They don’t confirm where data lives geographically. They don’t check whether the vendor will notify them in a breach or what that notification window looks like.

That’s a compliance gap. And in your profession, compliance gaps have consequences.

Why This Matters for CPA Firms: Real Obligations, Real Exposure

Your professional obligations don’t disappear when you hand data processing off to a vendor. Two frameworks matter here.

IRS Publication 4557, Safeguarding Taxpayer Data, requires tax preparers to maintain a written information security plan (WISP), control access to taxpayer data, and oversee third-party vendors who handle that data. If a vendor’s AI model is processing your clients’ Social Security numbers and Schedule K-1s, that vendor is a service provider under your WISP. You’re responsible for vetting them.

State data protection laws add another layer. California’s Consumer Privacy Rights Act (CPRA) gives clients rights over their personal data, including the right to know how it’s being used. If an AI vendor is using client data to train models and you haven’t disclosed that—or gotten appropriate consent—your firm is exposed under California law.

There’s also professional liability. The American Institute of Certified Public Accountants (AICPA) is clear: CPAs retain responsibility for all work product, including AI-generated outputs. “The software suggested it” won’t work in a client dispute, malpractice claim, or state board inquiry. If an AI tool produces an incorrect depreciation schedule and you file it, that’s your error.

The financial exposure adds up quickly—corrected returns, amended audit workpapers, client remediation, and regulatory action. The speed gains from AI tools are real, but they don’t offset those costs if the tools are deployed without care.

How to Evaluate and Deploy AI Tools Responsibly

A structured approach doesn’t mean halting adoption indefinitely. It means building a process that protects your firm while you move forward. Here’s what works.

Step 1: Ask the hard vendor questions before you sign anything.

Before deploying any AI tool in client work, get clear written answers to these:

  • Does your platform send client data to a third-party model provider? If so, which one?
  • Is our data used to train or fine-tune any AI model? Can we opt out?
  • What is your data retention policy for inputs and outputs?
  • Where is our data stored, and is it ever transferred outside the United States?
  • Do you have a SOC 2 Type II report available?
  • What is your breach notification policy and timeline?
  • Are your subprocessors bound by the same data protection terms?

If a vendor can’t answer these clearly, that’s your answer.

Step 2: Classify your engagements before you deploy.

Not all work carries the same risk. A tax research query about depreciation rules for a generic asset is very different from running a complete trial balance through an AI analysis tool. Map your engagement types by sensitivity first, then decide where AI fits.

Step 3: Pilot on non-sensitive engagements first.

Start with internal use cases that don’t involve client-identifiable data—research queries, draft memo templates, workflow automation. Evaluate the tool’s accuracy, how your staff actually uses it, and whether data flows go where they shouldn’t before you expand to client-facing work.

Step 4: Update your WISP and engagement letters.

If AI tools are part of your workflow, they belong in your written information security plan. You may also need to update client engagement letters to disclose AI-assisted processing. Your malpractice carrier probably has opinions too—ask.

Step 5: Build a real review layer into every AI-assisted output.

Establish a documented sign-off process for any work product touched by AI tools. Someone with appropriate expertise needs to review, verify, and take ownership before anything goes to a client or regulator. That review has to be genuine, not a box you’re checking.

What to Look for in an IT Partner

If you’re working with a managed IT services provider to evaluate or deploy AI tools, they should bring more than technical setup. Ask them specifically:

  • Have you helped other CPA or financial services firms implement AI tools under IRS Publication 4557 and CPRA requirements?
  • Can you help us review vendor data processing agreements and subprocessor lists?
  • Do you have experience configuring enterprise AI tool deployments that keep client data within our environment?
  • Can you help us document AI tool usage in our WISP?
  • What monitoring do you have to detect unexpected data flows from new software?

A provider who can’t speak to the compliance context of your industry isn’t the right partner for this. This isn’t generic software deployment—it’s regulated work.

The Bottom Line

AI tools can make your firm faster and more competitive. But they come with data privacy obligations, professional liability exposure, and vendor vetting requirements most firms haven’t worked through. Before you deploy any AI-assisted tax or audit tool in client-facing work, know where your data goes, update your written policies, and build a real review process. The speed is worth pursuing—just not at the cost of your clients’ trust or your firm’s standing.

Frequently Asked Questions

Can AI tools for tax and audit work put my CPA firm at risk for a data breach?

Yes, if the tool routes client data through third-party cloud infrastructure without adequate safeguards. Many AI platforms use large language model providers as subprocessors, and those providers may retain input data for model improvement or debugging. Reviewing a vendor’s data processing agreement and subprocessor list before deployment matters.

Does IRS Publication 4557 apply to AI tools my firm uses?

It does. IRS Publication 4557 requires tax preparers to maintain a written information security plan that covers third-party service providers who handle taxpayer data. If an AI tool processes client tax information, the vendor falls under your WISP obligations—you’re responsible for confirming they meet appropriate security standards.

Who is liable if an AI tax tool produces an incorrect output that gets filed with the IRS?

The CPA is liable. The AICPA’s professional standards are clear: CPAs retain responsibility for all work product, regardless of the tools used to produce it. An AI-generated error in a filed return or audit workpaper is the firm’s error. That’s why a documented human review process for all AI-assisted outputs isn’t optional—it’s a professional requirement.

What questions should I ask an AI vendor before using their tool with client data?

The critical questions cover data retention (how long do they keep your inputs?), model training (is your data used to improve their model?), subprocessors (who else has access?), geographic data storage (is data stored in the US?), and security certifications (do they have a SOC 2 Type II report?). Get answers in writing. Vague or evasive responses are red flags.

If you’re working through AI tools risks and compliance challenges at your firm, let’s talk. One82 works exclusively with CPA firms, law firms, and financial advisory companies in the Bay Area—we know your world.