Without clear IRS guidance, what practical steps can a firm take to reduce risk when using AI tools on client tax data (e.g., regarding IRC 7216 consent)?
One practical approach discussed: use a trusted, established program (rather than a self-built tool), disclose the use of the tool somewhere in the engagement letter, update your Written Information Security Program (WISP), and confirm your IT provider/software has strong privacy and security features. The reasoning offered was that if the IRS ever questioned the practice, the firm could point to having followed a documented protocol and used vetted software rather than building something in-house with no support. One participant noted they hadn't treated the AI tool as a third party requiring a formal 7216 consent, reasoning it was 'just software' with no clear guidance saying otherwise. The group acknowledged this is unsettled: a lawyer could help clarify actual risk exposure (what the government could realistically do), but it was also noted that a lawyer may not know more about the specific 7216 application than the accountants do, since the regulation itself is what everyone has to interpret. No definitive legal conclusion was reached.
The full answer is members-only
Membership is free. Apply and get this answer, the recording, and the rest of the library.
Apply to joinAlready a member? Sign in