If you run or work at an accounting firm, you have probably heard the pitch: AI is going to transform your practice. And it probably will. But most of what you have read is either too vague to be useful or too aggressive about stuffing client data into tools that were not built with your compliance requirements in mind.
This is a practical guide. Here is what accounting firms can safely use AI for right now, what you should absolutely never put into a general-purpose AI tool, and where to start if you want to move carefully but not get left behind.
What AI is good at for accounting firms
The sweet spot for AI in accounting is everything that surrounds the technical work but is not the technical work itself. Your expertise is in the numbers, the tax code, the compliance requirements. AI is not going to do that for you, and you should not want it to. But there is a massive amount of writing, communicating, organizing, and explaining that wraps around your core work. That is where AI shines.
Client communication drafts
Accountants spend a staggering amount of time writing emails. Status updates during tax season. Requests for missing documents. Explanations of what a tax form means. Follow-ups when clients do not respond to the first three requests for their K-1.
AI is excellent at drafting these. You give it the context ("Client owes us their 1099 forms, this is the third time I am asking, deadline is April 15, tone should be firm but polite") and you get a professional email in 15 seconds that you can review and send. During busy season, this adds up to an hour or more saved per day per person.
Engagement letter and proposal templates
Every new client needs an engagement letter. Every scope change needs documentation. These documents follow predictable structures but still need to be customized for each situation. AI can generate a first draft based on your firm's standard terms and the client's specific circumstances. You review it for accuracy, adjust the scope and fees, and send it out. What used to take 30 minutes takes 10.
Tax research summaries
When a client asks "Can I deduct my home office if I am a W-2 employee who works from home three days a week?" you know the answer, but explaining it in writing takes time. AI can draft a client-friendly explanation that you verify against current tax code. You are still the expert doing the verification. AI is just handling the writing so you do not spend twenty minutes composing a three-paragraph email from scratch.
A critical note here: always verify AI-generated tax information against current IRS publications or your own research tools. AI models can confidently state things that are outdated or flat-out wrong. Use it for the writing, not the research.
Internal knowledge base building
Every firm has institutional knowledge trapped in people's heads. How you handle a specific type of return. What your process is for onboarding a new client. Which forms are needed for a multi-state filing. AI can help you turn informal knowledge into structured documentation.
Have each team member spend 15 minutes describing a process they know well, either by typing it out or recording themselves talking about it. Paste that into AI and ask it to create a clean, step-by-step procedure document. Over a few weeks, you can build an internal knowledge base that makes your firm less dependent on any single person's memory.
What you should never put into AI
This is the part most AI articles skip, and it is the most important section for accounting firms. General-purpose AI tools like ChatGPT and Claude are not HIPAA compliant, they are not SOC 2 certified in their free tiers, and in many configurations, the data you enter can be used to train future models.
Here is the hard line. Do not paste any of the following into a general-purpose AI tool:
Client Social Security numbers, EINs, or other tax identification numbers. Client financial statements, bank account numbers, or credit card information. Specific client income figures, deductions, or tax return data. Client names paired with any financial details. Any information covered by your firm's confidentiality agreements. Any data subject to IRS regulations around taxpayer information (IRC Section 7216).
This is not optional and it is not being overly cautious. A data exposure could mean regulatory penalties, loss of your license, malpractice liability, and the kind of reputational damage that closes a firm. The convenience of saving twenty minutes on an email is not worth that risk.
How to use AI safely in practice
The rule is simple: AI gets the task description, not the client data. Instead of "Draft an email to John Smith explaining why his $47,000 in rental income needs to be reported on Schedule E," you write: "Draft an email to a client explaining why rental income needs to be reported on Schedule E. Keep it in plain language. The tone should be helpful and educational."
You get the same useful draft. You just add the client's name and any specific details yourself after the AI generates the template. This approach works for virtually every accounting use case: get the structure and language from AI, add the confidential details yourself.
If your firm wants to use AI with actual client data, look into enterprise-tier plans that offer data processing agreements, SOC 2 compliance, and contractual guarantees that your data will not be used for model training. These exist, but they cost more than the free tier and require some setup.
Where to start this week
If you want to test AI at your firm without any risk, start with client communication. Pick one type of email you send repeatedly, the document request, the status update, the "here is what this form means" explanation. Write a prompt template for it. Test it a few times. If it saves time and the output is good, share it with your team.
That one workflow will show you how AI fits into your practice. From there, you can expand to engagement letters, internal documentation, and research summaries at whatever pace feels comfortable.
If you want help building an AI strategy that respects the compliance requirements your firm operates under, that is the kind of work I specialize in. Practical adoption, clear boundaries, and real time savings without cutting corners on data security.