Artificial intelligence is making an impact in the type of work we do and the way we do it. From tools such as ChatGPT through to AI components in accounting and productivity applications, it seems the technology is ubiquitous.

Not all practices are at the same place with AI. Some are early adopters, while others are waiting to see how it all pans out. There is also the possibility that your staff may already be using AI in their work, regardless of whether it is sanctioned by your organisation. So, how do you manage what’s known as ‘shadow AI’ and what guardrails should be put in place?

Sha-mayne Chan, co-founder of generative AI studio Friyay, says shadow AI can be a real problem, leading to data leakage, and privacy and intellectual property issues.

For these reasons, she says business leaders need to work with their staff on integrating sanctioned tools, educating them about the dangers to the business and clients of using unapproved AI that could pose a security risk.

AI is everywhere

Kylie Fisher, CA ANZ’s chief information officer, says many applications are now software-as-a-service (SaaS) and vendors are tending to add AI to those apps.

“The number of sanctioned tools gets broad really quickly,” Fisher admits. “And because the vendors are dropping in these AI features, they almost automatically become essential whether you want them or not.”

Sometimes it’s possible to turn the features off but not always, so the AI situation for many practices is constantly evolving. For most practices, Fisher observes, it’s a matter of constantly reviewing what features are being made available, whether you can disable them and, if not, what the best practice is for using those tools within your business.

Building robust AI security and controls

Cybersecurity is an ever-present issue for accounting firms, regardless of size. Where bigger firms may have a dedicated IT department or at least a person, smaller firms and solo practices aren’t so lucky. This usually means the responsibility for maintaining robust security falls to someone who is probably not an IT professional. So, how can practices address this, given AI opens a can of worms when it comes to best-practice cybersecurity?

Fisher says CA ANZ embarked on an education program when it made Microsoft Copilot available to staff, and emphasises that security and privacy are expected of everyone working with AI.

“As part of [our] launch, we introduced our generative AI guiding principles,” she says. “We made updates to our technology policy, giving our people guidance.

“Our generative AI guiding principles leveraged Australian Government, Microsoft and NIST [National Institute of Standards and Technology] resources. They are strong principles that cover what ‘good’ should look like, and what secure and reliable is and what that means.”

Chan agrees education is critical. “It doesn’t need to be expensive, and there are plenty of resources available for low or zero cost online, on YouTube and on LinkedIn,” she says.

Leading from the top: ethical and effective AI use

It doesn’t matter how big or small your practice is, the guiding principle for any AI adoption is to lead from the top. As the principal of a practice, a practice owner or manager, you can’t expect your people to use AI ethically, safely and effectively if you’re not using it yourself.

It’s impossible to write policy or create guardrails without firsthand experience of the AI tools your people will be using, says Fisher.

“For us, it’s been leader-led change,” she says. “Our CEO, Ainslie van Onselen, and our executive team have been very clear about enabling and empowering our people to use AI, to test and learn, in a secure and safe way.”

Fisher also says CA ANZ has been clear from the outset that AI is not about taking people’s jobs or replacing roles. Instead, it’s a tool to help people do their jobs better and more effectively.

Creating AI guardrails and policy

Chan says addressing staff concerns about AI taking their jobs is paramount. Part of addressing those concerns involves putting in place strategies to upskill staffers in AI tools and use.

“A crucial part of a successful AI integration is fostering a culture of experimentation,” she says. “Employers should encourage their people to learn and try new tools, without the fear that they’re ‘doing it wrong’.”

Your guide to AI fluency

In response to the rapid evolution of AI and its growing impact on the accounting profession, CA ANZ created the AI Fluency Playbook: a comprehensive guide to harnessing the power of genAI ethically, effectively and strategically. It includes:

• Real-world case studies to show how AI is transforming client engagement, reporting and workflow automation
• Toolkits and prompt guides to use genAI tools more effectively
• Best-practice strategies for the ethical use of AI, as well as AI governance, implementation and risk management
• Learning pathways to help members assess and grow their AI skills.

Download the CA ANZ AI Fluency Playbook.

To take your learning further, CA ANZ has launched a new Certificate in AI Fluency to equip finance professionals with critical skills to embrace genAI. View our AI learning options here.