Latest News

Understand the risks of generative artificial intelligence solutions

Written on Jun 13, 2024

By Suzanne M. Holl, CPA 

Artificial intelligence (AI) solutions such as OpenAI’s ChatGPT continue to gain popularity. Many CPA firms seek to leverage the use of generative AI to accelerate innovation and increase productivity. As the use of any AI technology is organization-specific, companies need to obtain a solid understanding of their needs and objectives and gain an understanding of how AI works before they can begin to identify what, if any, AI opportunities are the right fit for their firm.  


Although generative AI solutions can provide benefits for any business, there are critical risks associated with generative AI that should be vetted and mitigation strategies implemented to minimize potential exposures. These risks include concerns with accuracy and quality control, confidentiality, privacy, security and ethical issues.  

Consider the following areas of potential risk exposure: 

Accuracy and quality control 

AI-generated content cannot be relied upon as-is, as the information may be outdated, misleading or — in some cases — fabricated. All AI-generated content must be reviewed for accuracy before placing any reliance on it and should be given the same consideration as you would to the work of an intern or first-year staff person. Firms need to have proper oversight procedures in place to ensure that personnel with the appropriate competencies will review and interpret the data and content provided, make informed decisions and provide expert guidance in applying the AI-generated information to specific client and firm fact patterns.  


In accordance with applicable professional and legal standards of care, sensitive client information, as well as firm- and personnel-related information, must be treated with the utmost confidentiality and should not be disclosed without express written permission. Since it is critical that the operations, activities and business affairs of a firm and their clients are kept confidential when using generative AI, it is imperative firms ensure employees understand the terms of the firm’s confidentiality policy and are informed that any use of AI technology in violation of the firm’s confidentiality policy is strictly prohibited.  

Data privacy and security 

With data privacy protection initiatives spreading across the U.S., it is important for CPA firms to ensure the privacy and security of the sensitive personal information they collect, use or store. To help mitigate data privacy and security risks, firms should prioritize data encryption, implement access controls and adhere to data protection regulations. In addition, transparency is a key element in overcoming generative AI privacy challenges so it may be necessary to consult with qualified legal counsel and update, if needed, the firm’s privacy policy to ensure transparency about the categories of sensitive information collected, the sources of that information, the purpose for the collection and how the firm stores and shares such information.   

Ethical considerations 

As generative AI has raised concerns about its potential for misinformation, deception and manipulation of public opinion, firms need to consider the implications related to its actual or perceived unethical use. For example, firms should establish written guidelines to clarify that these technologies must not be used to create content that is inappropriate, discriminatory or otherwise harmful to others or the firm.  

Risk management tips: 

Educate yourself, because AI is here to stay. Learn more about the generative AI tools that are available and take appropriate due diligence steps to assess which, if any, of these tools may be appropriate to deliver the most benefit to your firm.  

Develop an implementation strategy. Successful integration of generative AI, or any new technology, requires a well-crafted implementation plan that should include, among other things, appropriate education and training to ensure responsible use.   

Document! Document your firm’s authorized usage (e.g. open use, limited use or prohibited use) of generative AI and communicate these terms and conditions to your staff. CAMICO offers a sample Generative Artificial Intelligence Chatbot Usage Policy template for this purpose on CAMICO’s Members-Only Site.  

CAMICO policyholders with questions regarding this communication or other risk management questions should contact the Loss Prevention department at [email protected] or call Camico’s advice hotline at 800.652.1772 and ask to speak with a Loss Prevention Specialist. 

Suzanne M. Holl, CPA, is Executive Vice President of Loss Prevention Services at CAMICO. With more than 30 years of experience in accounting, she draws on her Big Four public accounting and private industry background to provide CAMICO’s policyholders with information on a wide variety of loss prevention and accounting issues.

Related Upcoming Events