Last time we looked at the general capabilities of generative AI and its potential use in the accounting industry. But beware, in general, generative-AI systems have several potential risks including sensitive data leakage to a large language model (LLM,) unreliable or improper prompt input, unreliable system output, including hallucination, knowledge obsolescence, bias, and unethical output, bottlenecks introduced to your company workflow due to the use of LLM, cascading failure to company operations due to LLM failure, and breaches of legal and compliance requirements.
With respect to the accounting occupation, generative AI does not have a professional license to give accounting advice. So, from this moment, the generative AI output that has the appearance of advice must be reviewed and have the stamp of approval from a licensed certified public accountant (CPA) or a registered (with PCAOB) public accounting firm, with at least one CPA. The output from supportive routine tasks like data entry and formatting must be supervised and inspected. Further, the license is not the only reason for a CPA approval and human oversight, but, to reiterate, there are real risks associated with the use of a generative AI system:
· Confidentiality: Accounting practices handle a lot of sensitive and personal information from their clients, employees, and partners. The practice may face data breaches
(leaks and cyber-attacks,) privacy violations, or legal disputes.
Bard policy on conversation retention states:
Why does Google retain my conversations after I turn off Bard Activity and what does Google do with this data?
Google needs these conversations to respond to you and as context for your feedback to help maintain and improve Bard, and provide all users a safer and better quality experience. –Source: “Bard Privacy Help Hub.” Bard Help, Google, 2024, https://support.google.com/bard/answer/13594961
The following is ChatGPT’s policy on conversation retention:
When you share your data with us, it helps our models become more accurate and better at solving your specific problems and it also helps improve their general capabilities and safety. We don’t use data for selling our services, advertising, or building profiles of people—we use data to make our models more helpful for people. ChatGPT, for instance, improves by further training on the conversations people have with it, unless you choose to disable training.
–Source: Schade, Michael “How your data is used to improve model performance.”
OpenAI, https://help.openai.com/en/articles/5722486-how-your-data-is-used-to-improve-model-performance, Jan, 2024
· Reliability: Generative AI tools may produce inaccurate, incomplete, or misleading outputs, especially if they are trained on low-quality, biased, or outdated data. They also need to be aware of the potential for hallucinations, which are false or random statements that are not justified by the data.
Let’s examine Bard’s disclaimer:
The Services may sometimes provide inaccurate or offensive content that
doesn’t represent Google’s views.
Use discretion before relying on, publishing, or
otherwise using content provided by the Services.
“Generative AI Additional Terms of Service.” Google, Aug, 2023, https://policies.google.com/terms/generative-ai
· Ethics: Generative AI tools may reflect or amplify the biases or values that exist in the data they are trained on, or in the users who interact with them. They may make recommendations or give advice that contravene professional laws, regulations, and standards.
Risk Mitigation
To mitigate the risks associated with generative AI, accounting practices should follow some best practices, such as:
· Ensure data quality and diversity, and frequently update the generative AI models.
· Verify the outputs of generative AI tools with external sources, and provide fact-checking or validation procedures.
· Educate themselves and their clients about the strengths and limitations of generative AI tools, and provide clear and transparent information about their use and purpose.
· Respect the data privacy rights of clients and partners, ensure that their data is protected and secure, and obtain their consent or anonymize their data before using it for generative AI tools.
· Implement robust cybersecurity measures, and monitor and report any suspicious or malicious activities involving generative AI tools.
· Protect the intellectual property rights of others, and give proper attribution or credit to the sources of the generated content.
· Comply with the relevant laws (e.g., intellectual property related,) regulations, and standards that govern their profession.
· Ensure that they use generative AI tools responsibly and ethically and that they do not harm or deceive their clients, stakeholders, or the public; therefore,
· Develop a policy for suitable use of generative AI:
o Scope: the specific purposes or tasks for which generative AI use is permitted.
o Data inputs rules: proscribe the sharing of confidential and proprietary client and firm information with generative AI tools.
o Duty for oversight: as noted above, generative AI models are not licensed CPAs.
· Seek legal advice: to comprehend the terms of service and privacy policies of generative AI model providers.
On the whole, the risks applicable to the use of generative AI systems are the same ones applicable to the accounting practice. But there are specific compliance risks, associated with the practice in the USA, as there are in other jurisdictions, relating to the accounting profession as dictated by the Securities and Exchange Commission (SEC,) the Internal Revenue Service (IRS,) Financial Accounting Standards Board (FASB,) and Public Company Accounting Oversight Board (PCAOB)—a scion of the Sarbanes-Oxley Act of 2002. One implication is that only CPAs or a registered public accounting firm can perform audits and prepare financial statements for publicly traded companies as we are reminded by Investopedia:
CPAs, however, are granted certain roles that only they can perform. These include performing audits of public U.S. companies and preparing audited financial statements for a company, such as a balance sheet or an income statement.
Hayes, Adam. “Certified Public Accountant: What the CPA Credential Means.” Investopedia, Jul, 2023, https://www.investopedia.com/terms/c/cpa.asp
