AI has arrived in tax and accounting firms faster than the policies to govern it. Staff are already pasting client questions into chatbots, summarizing returns, and drafting client emails with tools the firm never formally approved. The technology is useful. The risk is not the technology; it is the data that flows into it, where that data goes, and whether a firm can prove it stayed protected.
For a firm bound by IRS Publication 4557 and the FTC Safeguards Rule, AI is a data-governance question before it is a productivity one. This guide covers the rules to set, the tool categories to understand, and how a managed-IT setup keeps AI use inside the firm’s compliance perimeter.
TL;DR
- The risk in firm AI use is data leakage and retention, not the model itself. Client data pasted into a consumer AI tool can be retained or used for training unless you change the settings.
- Set five rules before staff use any AI tool: no client PII in consumer tools, training turned off, retention limited, access controlled by SSO and MFA, and an approved-tools list.
- Most of the protection is configuration: the firm’s Microsoft 365 or Google Workspace tenant and the AI tools’ own account-wide settings.
- This is hands-on work, so who does it and how fast they answer matters. A provider built for accounting firms configures the controls and resolves issues in minutes, not days.
- A managed-IT provider can configure both. Verito’s VeritGuard and VeritComplete set up the tenant controls and help apply the restrictive AI-tool settings, with a sub-60-second support response.
Why AI is a data-governance problem for tax firms
A tax firm’s value and liability are the same thing: client data. Social Security numbers, financials, and filings are exactly what the FTC Safeguards Rule and IRS Publication 4557 require a firm to protect, and exactly what a careless AI workflow can expose. The failure mode is rarely dramatic. It is an employee pasting a client’s full return into a free chatbot whose default settings retain the input and may use it to train future models. Nothing looks broken. The data has simply left the firm’s control.
The good news is that almost all of the exposure is configurable. The question is whether anyone has configured it.
The five data rules to set first
- No client PII in consumer AI tools. Free, personal-tier chatbots are for non-client work. Client data only goes into tools the firm has vetted and configured.
- Turn training off. Most business-tier AI tools let you disable using your inputs to train the model. This is usually a setting, not a default. Turn it on for every approved tool.
- Limit retention. Configure how long prompts and outputs are stored, and set it to the minimum the workflow needs.
- Control access with SSO and MFA. Route AI tools through the firm’s single sign-on and multifactor authentication so access follows the same identity controls as everything else.
- Publish an approved-tools list. Staff should know which tools are sanctioned and which are off limits. An unwritten policy is not a policy.
The tool categories to understand
| Category | Example use | Main data risk | What to configure |
| Consumer chatbots | Quick drafting, research | Inputs retained or used for training | Keep client PII out; use business tier with training off |
| Business AI assistants | Document summaries, email drafts | Retention, broad access | SSO/MFA, retention limits, role-based access |
| Embedded software AI | Features inside tax or accounting apps | Vendor data handling | Read the vendor’s data terms; disable training where offered |
| Firm-controlled AI | Internal tools on firm-managed infrastructure | Misconfiguration | Wall off client data; restrict access and web reach |
Categories are general; confirm each tool’s actual data terms before approving it.
Where the protection actually lives: configuration
Most AI safety in a firm is not a product you buy; it is a set of controls you turn on in two places.
The firm’s tenant. Microsoft 365 and Google Workspace carry the identity, access, and data-loss controls that govern how staff reach any cloud tool, AI included. Multifactor authentication, conditional access, and data-loss-prevention rules are configured here.
The AI tools’ own settings. Each approved AI tool has account-wide settings for training, retention, single sign-on, and its own audit logging. These are one-time changes that decide how the tool treats your data going forward.
A firm without dedicated IT often has neither configured. This is the gap a managed-IT provider closes.
Who actually configures this, and how fast do they respond?
The controls above are hands-on work, so the provider that sets them matters as much as the checklist. A firm without an IT person needs someone to configure the tenant and the AI-tool settings, then answer fast when something breaks mid-season. Judge that provider on response speed, first-touch resolution, and tax-software fluency. Verito publishes a sub-60-second response and resolves 92% of issues on first contact.
A managed-IT provider built for accounting firms does the configuration so the controls actually get set, not just discussed, and brings tax-software fluency a generalist help desk does not. When a setting breaks a workflow at the worst possible time, the number that matters is how fast a person who understands the software picks up. The setup itself is part of a managed, white-glove onboarding, so the tenant and AI-tool controls are configured during the move rather than left as a to-do list.
“The customer support team at Verito is very quick to respond and consistently courteous, providing excellent support that enhances my overall experience.”
- David C., Owner, David Cleaver-Bartholomew, EA (G2, Oct 2025)
How a managed-IT provider fits in
A managed-IT provider built for accounting firms handles the configuration work above so the controls actually get set. Verito’s VeritGuard managed IT and the VeritComplete bundle configure the firm’s Microsoft 365 or Google Workspace tenant, including MFA, identity, and access controls, and help apply the restrictive account-wide settings on the AI tools the firm approves, such as disabling training, limiting retention, and enforcing single sign-on.
Verito’s own internal AI use follows the same discipline it recommends: its AI tooling is never used with client data or personally identifiable information, and access is restricted by policy. Safe AI use is a configured state, and configuration is the service.
“I no longer have to worry about IT problems or managing backups, since Verito takes care of most of my IT needs and handles all backups.”
- Dana S., Owner, Dana U Sambogna LLC (G2, Oct 2025)
An AI-readiness checklist for your firm
- Written AI-use policy with an approved-tools list.
- Client PII excluded from consumer tools, in policy and in training.
- Training disabled and retention limited on every approved tool.
- SSO and MFA enforced on AI access through the firm’s tenant.
- Data-loss-prevention rules configured in Microsoft 365 or Google Workspace.
- A named owner for reviewing new AI tools before staff adopt them.
Frequently asked questions
Is it safe to use ChatGPT or other AI tools in a tax firm? It can be, but not by default. The risk is client data being retained or used for training. Keep client PII out of consumer tools, use a business tier with training disabled and retention limited, and route access through SSO and MFA. Safe use is a configuration, not an assumption.
Does using AI violate IRS or FTC data rules for tax preparers? It can if client data flows into an unvetted tool. IRS Publication 4557 and the FTC Safeguards Rule require firms to protect client information, which extends to how AI tools handle it. Vet each tool’s data terms and configure the controls before staff use it.
What AI settings should a firm change first? Disable training on your inputs, limit retention, and enforce single sign-on and multifactor authentication. These are one-time, account-wide settings on each approved tool, plus tenant-level controls in Microsoft 365 or Google Workspace.
Can a managed IT provider set this up for us? Yes. A provider built for accounting firms configures the firm’s tenant controls and helps apply the restrictive settings on approved AI tools, then supports the firm after. Verito’s VeritGuard and VeritComplete cover both, with a sub-60-second support response and 92% first-touch resolution.
Should we ban AI in the firm instead? A ban tends to push usage into the shadows rather than stopping it. A short approved-tools list with configured controls is usually safer than an unenforceable prohibition.
The bottom line
AI is a data-governance decision for a tax firm, and the protection is mostly configuration: the firm’s tenant and the AI tools’ own settings. Set the five data rules, keep client PII out of consumer tools, and make sure someone has actually configured the controls and can answer fast when a workflow breaks. A managed-IT partner built for tax and accounting, not generic IT, such as Verito, configures the tenant and the AI-tool settings during onboarding and backs it with a sub-60-second support response, so AI use stays inside the firm’s compliance perimeter. The right next step is to write the approved-tools list and configure the controls before the next client question gets pasted into a chatbot.
About Verito
Verito provides cloud hosting, managed IT, and cybersecurity built exclusively for tax and accounting firms. More than 1,000 firms run on Verito’s dedicated private servers, backed by sub-60-second support response, 92% first-touch resolution, and 100% uptime since 2016. Learn more at verito.com.