Nexairi AI Governance Desk
Simple AI rules your team can actually follow.
Simple AI Rules Checklist for Accounting Firms
Use this checklist before your team puts client work into ChatGPT, Claude, Gemini, Copilot, or AI features inside accounting software.
Client Data
Staff Rules
Vendor Review
Disclosure
Quarterly Review
This is a starter checklist, not legal advice. Before making it firm policy, ask counsel, your insurer, or a compliance advisor to review it.
1. Pick one person to own the AI rules
Name the owner. Pick one person who owns the AI rules and one backup person.
Set a review date. Check the rules monthly at first, then once each quarter.
2. List which AI tools are allowed
Make a tool list. Mark each tool as approved, restricted, or not allowed.
Include built-in AI. Check AI features inside tax, payroll, workflow, AP, and practice management software too.
3. Sort data into red, yellow, and green
Red data: do not paste. Tax data, payroll, bank records, returns, client names, IDs, account numbers, and source documents.
Yellow data: ask first. Redacted examples, draft templates, and workflow notes that might still reveal client facts.
Green data: usually okay. Public guidance, blank templates, training questions, and writing help with no client details.
4. Prohibited uses
No client data in unknown tools. Do not upload client-identifying data into public AI tools unless the firm approved the tool.
No final work without review. AI can help draft, but a person must review tax, audit, advisory, and client-facing work.
No unchecked answers. Check citations, math, laws, and sources before anything leaves the firm.
No personal AI accounts for firm work. Staff should not use personal accounts for client or firm information unless approved.
5. Review AI work before clients see it
Name who can approve. Decide which roles can approve AI-assisted work for client delivery.
Check important claims. Verify sources for tax, audit, regulatory, and advisory conclusions.
6. Ask vendors the basic AI questions
Ask what happens to data. Does customer data train models? How long is it kept? Who else can access it?
Ask for security proof. Request SOC 2, MFA, audit logs, incident terms, and breach notice language.
7. Know what to do if something goes wrong
First-hour steps. Tell staff what to stop, save, report, and write down if data goes into the wrong AI tool.
Name the decision maker. Decide who contacts counsel, the insurer, vendors, clients, or regulators if needed.
8. Quarterly review
Check the tool list. Make sure approved tools, owners, limits, and vendor terms are still current.
Check the paper trail. Review incidents, exceptions, staff sign-offs, disclosure language, and policy updates.
Next step: turn this into your firm AI policy.
Use this checklist to find the gaps. Then turn the answers into staff rules, vendor questions, disclosure language, incident steps, and a quarterly review habit.
Get it at: https://www.nexairi.com/for-accountants/ai-policy-kit/