All answers
Security & compliance Open question — the Lab is working on this

Should firms update their engagement letters to disclose that AI may be used to process client work?

1:04:43From the May 27 call · A Smart Ledger Demo, Quick Claude Builds, and Engagement Letter Questions

One member relayed advice from another group: consider adding a short paragraph to engagement letters or terms disclosing that the firm may use AI to process some client work, since clients' expectations may already assume this. Most members present indicated they're starting to add this language, though one admitted they hadn't thought about it since they've mainly used AI for internal firm management rather than direct client engagement work. A counterpoint raised: if the AI vendor is SOC 2 Type II compliant, is disclosure any different than putting client files in a cloud storage system — arguably it isn't strictly necessary, but it likely doesn't hurt to disclose given client expectations. A prior session's discussion of server locations and potential 7216 implications was also referenced as relevant context. It was noted this is an individual firm decision, and one member joked that most clients won't actually read the engagement letter anyway, so there's little downside to including the language.

The full answer is members-only

Membership is free. Apply and get this answer, the recording, and the rest of the library.

Apply to join

Already a member? Sign in