Your staff are almost certainly already using ChatGPT on client work. The real question is not whether to allow it, it is whether you have written the guardrails first. Without a short policy and a map of which tasks are safe, a public model can leak client data or hand a confident wrong number to a client under your firm’s name.
Last updated: July 16, 2026
Are my staff already using ChatGPT on client work?
Almost certainly, yes, and probably on a general tool rather than anything you chose. Among tax firms that already use a generative AI tool, 52% are on open-source technology like ChatGPT and only 17% are on an industry-specific tool (Thomson Reuters).
I say this plainly because pretending otherwise is how firms get hurt. The junior on your team who is drowning in a document chase during close is not waiting for a committee to approve a tool. They have a phone, they have a browser, and they have a deadline. They are pasting a client’s trial balance into a chat window to ask it to spot what looks off, and they think they are being resourceful. In a lot of ways they are. The problem is that nobody told them what is and is not allowed to go into that window, because nobody wrote it down. Banning the tool does not stop this. It just moves it somewhere you cannot see it.
What is the actual risk of staff using ChatGPT in an accounting firm?
The risk is not that the work is slow. It is that the work is confidently wrong and it goes out with your name on it. A firm runs on judgment and accuracy, and a public model does not inherit either one.
Think about what a general model does when your staff hand it a messy set of books and ask it to reconcile something. It does not say “I am missing the mapping you use for this client.” It produces a clean, formatted, plausible answer, because that is what these tools are built to do. If the underlying process, which client’s owner draws get coded where, how this one handles inter-company transfers, lives only in the head of your senior bookkeeper, the model fills that gap with a guess. The output looks finished. It looks like something you could send. That is exactly the trap, because a wrong number that looks right is worse than an obvious blank.
There are two exposures stacked on top of each other. The first is data. When staff paste identifiable client financials into a public tool, you have moved confidential information into a system you do not control, which is why 70% of accounting professionals name data security as a concern (Karbon). The second is judgment. The model will happily draft a client email that misstates a deduction, or summarize a P&L in a way that is subtly wrong, and a rushed reviewer signs off. Both of those land on you.
Why do so few firms have guardrails yet?
Because the tools showed up faster than the rules did, and almost nobody has trained their people. Only 25% of tax, accounting, and audit firms have provided any generative AI training to staff, the second lowest rate across all professional services (Thomson Reuters).
Read that against the adoption numbers and you see the gap clearly. Staff are using these tools daily. Firms are not teaching them how to do it safely. That is not a technology problem, it is a documentation problem, and it is the same one I see in every vertical I work in. The knowledge of what is safe to do lives in the owner’s gut and the machine cannot read a gut. So the tool runs ahead of the rules, and the firm finds out where the line was only after somebody crosses it.
What guardrails should an accounting firm actually put in place?
Start with a short, specific written policy, then map your tasks into safe, conditional, and off-limits. You do not need a fifty-page governance document. You need something a busy staff member will actually read and follow.
Here is the split I hand accounting firms as a starting frame. It is deliberately blunt.
| Green: generally safe | Yellow: only with the client data stripped or a firm-approved tool | Red: do not put in a public tool |
|---|---|---|
| Drafting a first-pass explanation of a concept for internal use | Summarizing a P&L or reconciliation once identifiers are removed | Client names, EINs, SSNs, bank or account numbers |
| Rewriting your own rough notes into cleaner prose | Drafting a client email from a template you then verify | Raw trial balances or ledgers tied to a real client |
| Researching a general treatment before you confirm it in your real source | Generating a checklist for a task you already know how to do | Anything you would sign and send without a human reading it |
The rule under the table is the one that matters most: a model draft is a first draft, never a filed one. Nothing a public tool produces goes to a client or a taxing authority until a licensed person has read every line and owns it. The tool speeds the typing. It does not carry the judgment, and it does not carry your liability.
Should I just ban ChatGPT to be safe?
No, and a ban usually makes you less safe, not more. A ban does not remove the tool from your firm. It removes your visibility into how the tool is being used, which is the opposite of a guardrail.
The firms that handle this well do the boring thing. They write the short policy, they name the approved tools, they say plainly what client data can never leave the building, and then they find out which of their actual workflows are documented well enough that a model has something accurate to read. That last part is the piece most firms skip, and it is the one that decides whether AI helps you or embarrasses you. If the process the tool is assisting exists only in someone’s head, the guardrail on the input does not save you, because the model is still filling gaps with fiction. This is the whole thesis behind AI only amplifies what it can read. Point it at a documented workflow and it helps. Point it at a blank page and it invents.
Your next step
If your team is already using ChatGPT and you do not have guardrails written, start where the risk is lowest. The AI Readiness Audit reads your firm the way a model would and tells you which tasks are safe to hand it today, which need documenting first, and where your real client-data exposure is. It is $750 and credits toward the build.
For the bigger picture on where a firm should begin, read AI for accounting and bookkeeping firms. If you are still choosing tools, read how to pick an AI tool for your accounting firm. And if a past rollout already went sideways, read why our accounting firm’s AI rollout failed.