In the AI Era What Accountants Should Ask Before Pressing Enter
An auditor uploads a loan portfolio extract into an AI tool and asks: “Review this portfolio and identify unusual credit risk trends.”
A tax advisor uploads a draft tax computation and requests: “Identify opportunities to reduce the effective tax rate.”
A consultant uploads a client’s strategic plan and asks: “Summarize the key risks and opportunities for the Board presentation.”
None of these professionals intended to breach confidentiality. None intended to disclose sensitive information. Most were simply trying to work more efficiently.
In fact, many of us would probably view these actions as perfectly reasonable. After all, the objective is not to disclose information. It is to work faster, think more efficiently, and make better use of technology.
Yet that is precisely why this issue deserves attention.
The greatest confidentiality risks associated with generative AI may not arise from deliberate misconduct. They may arise from well-intentioned professionals who do not realize that they have crossed an ethical line.
As generative AI becomes increasingly embedded in professional services, accountants are asking whether AI can improve efficiency, reduce costs, and enhance productivity.
Perhaps the more important question is not whether AI can improve efficiency, but whether accountants are sharing more information than they realize.
Artificial intelligence may be new, but the ethical obligations of professional accountants are not.
The International Code of Ethics for Professional Accountants (including International Independence Standards) issued by the International Ethics Standards Board for Accountants (IESBA) is principles-based. Its five fundamental principles apply regardless of the technology being used:
This position was recently reinforced by the IESBA in its Snapshot: Ethics and Independence Approach to the Use of Technology, which emphasizes that the fundamental principles of the Code remain fully applicable in a technology-enabled environment. The Snapshot reminds professionals that technological innovation does not diminish ethical responsibilities. Rather, it requires those responsibilities to be applied in new and evolving circumstances.
While all five fundamental principles remain relevant, confidentiality and integrity are particularly important in the context of generative AI. Confidentiality requires professionals to protect information obtained through professional and business relationships, while integrity requires them to act honestly, transparently, and responsibly when using emerging technologies.
The emergence of generative AI has not created a new ethical framework. Rather, it requires professionals to apply existing principles to new situations.
Many professionals do not think of an AI prompt as a disclosure of information. Perhaps they should. Consider the following examples.
An audit manager is reviewing expected credit loss calculations for a bank. To save time, she uploads a spreadsheet and enters the following prompt: “Review these ECL calculations and identify any weaknesses in the assumptions.”
The spreadsheet contains customer names, loan balances, credit ratings, and provision amounts.
The objective is entirely legitimate. But the question is whether confidential client information has now been shared beyond those authorized to access it.
If the same spreadsheet had been emailed to an external consultant without authorization, most professionals would immediately recognize the confidentiality concern. Why should the ethical assessment be different simply because the recipient is an AI platform?
A tax advisor is preparing a corporate tax review. He uploads supporting schedules and asks: “Identify potential tax risks and optimization opportunities.”
The information includes shareholder details, profit margins, transfer pricing arrangements, and planned transactions.
The AI response may be useful. However, before considering the quality of the answer, the professional should first consider whether the information should have been submitted in that form in the first place.
A consultant assisting with a strategic transformation project uploads a draft business plan and asks: “Summarize the most important strategic risks.”
The document includes planned acquisitions, future pricing strategies, cost reduction initiatives, and market expansion plans.
The response may be excellent, but the confidentiality implications may be significant. If such information became publicly available, competitors, investors, suppliers, or customers could gain access to highly sensitive insights about the organization.
None of these scenarios necessarily represent an ethical breach. The key point is that professionals should consciously assess the confidentiality implications before sharing information with any AI platform. The ethical risk often arises not from malicious intent, but from failing to recognize that a disclosure may have occurred.
This concern aligns closely with the IESBA’s observations regarding technology-enabled risks. The issue is often not the technology itself, but whether professionals have adequately considered the ethical implications of using that technology, particularly when handling information obtained through professional and business relationships.
One reason confidentiality risks are often overlooked is that many professionals unconsciously make a dangerous assumption: “It’s only AI.”
That assumption can create a false sense of comfort. Professionals may assume that nobody sees the information, that the information is not stored, that it is not retained, that it cannot be accessed by others, or that it remains entirely within their control.
In reality, the answer depends on the platform being used, the contractual arrangements in place, the organization’s policies, and the nature of the information submitted.
It is also important to recognize that not all AI platforms operate in the same manner. Some organizations use enterprise AI solutions that incorporate contractual safeguards, access controls, data governance measures, and restrictions on how information is retained or used. While others may rely on publicly available AI tools with different terms of use and data handling practices.
From an ethical perspective, however, the distinction does not eliminate the need for professional judgment. The existence of technical safeguards does not automatically remove confidentiality considerations. Professional accountants must still assess whether the information being shared is appropriate, whether adequate protections are in place, and whether the use of the technology aligns with their professional obligations.
The IESBA’s technology-related guidance reflects this principle. The ethical assessment should focus not on the nature of the tool, but on the professional accountant’s responsibilities when using it. Whether information is shared with a person or a technology platform, the obligation to protect confidential information remains unchanged.
When discussing AI risks, organizations often focus on cybersecurity. Cybersecurity is important, but confidentiality is not merely a technology issue. It is an ethical obligation.
An organization may have strong firewalls, advanced encryption, and sophisticated access controls. Yet a confidentiality concern may still arise if sensitive information is shared inappropriately.
The question is not simply whether information is secure. The question is whether the professional had the right to share the information in the first place. That distinction sits at the heart of the IESBA Code.
Confidentiality is not the only principle affected by AI. Integrity also plays a critical role.
The IESBA Snapshot also highlights that technology does not replace professional judgment. While AI systems can assist with analysis, drafting, and information processing; accountability for decisions, conclusions, and communications continues to rest with the professional accountant.
Professionals should ask themselves:
Artificial intelligence can generate impressive outputs, but it cannot exercise professional judgment, demonstrate professional skepticism, or assume responsibility for the conclusions reached. Those responsibilities remain with the professional accountant.
Before entering information into an AI platform, consider the following questions:
If any of these questions cannot be answered confidently, additional consideration may be required before proceeding.
The ethical challenge posed by generative AI is not that it creates new confidentiality obligations. As the IESBA has emphasized through its technology-related initiatives and recent Snapshot on the Use of Technology, the fundamental principles of the Code continue to apply regardless of the tools being used. What has changed is not the ethical framework, but the environment in which professionals must apply it.
Most accountants are not asking whether they should use AI. That conversation has largely passed. The more relevant question is how to use it responsibly.
Generative AI may represent one of the most significant technological developments affecting the profession in decades. Yet the IESBA’s message remains clear: integrity, objectivity, professional competence and due care, confidentiality, and professional behavior are as relevant today as they were before the emergence of AI.
Technology will continue to evolve. New platforms will emerge. Capabilities will improve. What should not change is our commitment to protecting the information entrusted to us.
References