How to Use AI for a CPA Firm in 2026: Tax Prep, Audit, Advisory, FinCEN BOI, Safeguards Rule & Owner Scorecard
Published 2026-05-31 · 16 min read
TL;DR — CPA-firm AI stack for 2026.Point AI at six bottlenecks: (1) client onboarding + engagement letters + §7216 consent + KYC, (2) tax prep with Document AI scan-and-populate for 1040 / 1120 / 1120-S / 1065 / 1041 / 990 / 706 / 709 + return review, (3) audit + review + AUP fieldwork (journal-entry testing, full-population analytics, AI confirms, workpaper review), (4) advisory + CAS + tax planning (§199A, §1031, §1202, §1244, R&D §41, cost-seg, entity-choice, S-corp reasonable comp), (5) FinCEN BOI + state filings + 1099 / W-2 / W-9 workflow, (6) FTC Safeguards Rule WISP + IRS Pub 4557 + Pub 5708 + state breach response. Wrap it in a compliance floor: IRS Circular 230, AICPA Code of Professional Conduct, state board of accountancy, PCAOB (if issuer audits), GLBA + FTC Safeguards, IRC §7216, §6694 / §6695 preparer penalties, and state CPA AI-disclosure rules. Target owner KPI: 60-70% realization, <15% write-down, >$200/hr partner effective billing rate, and a monthly 90-minute owner scorecard review.
The 7-layer CPA-firm AI stack (2026)
| Layer | Examples | Owner |
|---|---|---|
| Client portal + onboarding | Liscio, Canopy, TaxDome, Karbon AI, SafeSend, Suralink AI, Ignition, Practice Ignition, ShareFile, Citrix RightSignature, DocuSign | Firm administrator |
| Document AI + source-doc OCR | CCH Axcess Document AI, UltraTax Document Capture, Drake Documents, Lacerte SmartScan, GruntWorx, SurePrep TaxCaddy, Bot Keeper, Vic.ai, AutoEntry, Dext Prepare, Hubdoc | Tax manager |
| Tax prep + review | CCH Axcess Tax + AI, Thomson Reuters UltraTax CS + Onvio, Intuit Lacerte, ProSeries, ProConnect Tax, Drake Tax, ATX, TaxAct Pro, TaxSlayer Pro, CoCounsel Tax, Blue J Legal, TaxGPT | Partner / signing CPA |
| Audit + review + AUP | Caseware Cloud + IDEA, CCH ProSystem fx Engagement, Thomson Reuters AdvanceFlow, AuditFile, AuditBoard, MindBridge AI Auditor, Validis, DataSnipper, Inflo, Suralink AI, Numeric, FloQast, MazarsAI | Audit partner |
| Advisory + CAS + planning | TaxPlanIQ, Holistiplan, FP Alpha, Tax-Clarity, Corvee, Bloomberg Tax Workpapers AI, BNA Income Tax Planner, Datafies, Black Ore, Vertex, Avalara, Sovos, QuickBooks Online Advisor, Xero, Sage Intacct + Bill.com | Advisory partner |
| FinCEN + 1099 + state filings | FincenFetch, FileForms, BOIfincen.com, Wolters Kluwer CCH BOI, Thomson Reuters CS BOI, Track1099, Tax1099, Yearli, Greatland, AvidXchange 1099, state e-file portals | Compliance lead |
| Security + WISP + IR | Right Networks, Rightworks, Cetrom, Avalara WISP, Verito, Practice Protect, Egnyte, Tresorit, Microsoft Purview, KnowBe4, Huntress, SentinelOne, CrowdStrike, Arctic Wolf | Owner / MP + IT |
10 copy-paste prompts for CPA-firm teams
1) Client onboarding + engagement letter + §7216 consent
You are the firm administrator. For new client [NAME] at [ENTITY/INDIVIDUAL], produce:
1) Engagement letter scoped to service (1040 / 1120 / 1120-S / 1065 / 1041 / 990 / audit / review / AUP / advisory / CAS) with fee structure (fixed / hourly / value), document deadlines, scope limits, and AICPA-compliant disclaimer
2) IRC §7216 + Reg §301.7216-3 written consent IF the firm will use or disclose taxpayer info to any third-party tool, affiliate, or non-engagement service — verbatim language, separately signed
3) GLBA / FTC Safeguards Rule privacy notice
4) KYC / CIP for entities (TIN verification, business purpose, beneficial-owner inquiry per FinCEN BOI status)
5) Conflicts check (search firm CRM for prior engagement adverse to this party + AICPA ET §1.110)
6) Engagement risk rating (low / medium / high) with sign-off requirements
7) Pricing + retainer + ACH authorization
8) E-signature packet via DocuSign / SafeSend / TaxDome
Output the packet. Do NOT release portal access until the letter is countersigned.
2) Document AI scan-and-populate for 1040 / 1120 / 1065
You are the tax preparer. For client [NAME] tax year [YEAR], using CCH Axcess Document AI / UltraTax Document Capture / Drake Documents / Lacerte SmartScan / GruntWorx / SurePrep TaxCaddy:
1) Auto-classify uploaded source docs (W-2, 1099-NEC, 1099-MISC, 1099-INT, 1099-DIV, 1099-B, 1099-R, 1099-K, K-1, 1098, 1098-T, 1095-A/B/C, brokerage 8949, crypto 1099-DA, charity, mortgage, prior year)
2) Extract values to the proper tax-software import field
3) Flag missing docs vs prior-year carryover (e.g., last year had K-1 from XYZ partnership — not received)
4) Cross-check 1099-K vs Schedule C / E gross receipts — flag any mismatch > threshold
5) Reconcile brokerage 1099-B against 8949 wash-sale adjustments
6) Flag any document with confidence score below 95% for human review
7) Produce a one-page client missing-info request if applicable
NEVER auto-file. The signing CPA reviews and signs every return per IRS Circular 230 §10.22 + §10.34 + IRC §6694.
3) Tax-return review + Circular 230 due-diligence checklist
You are the reviewing partner. For draft return [CLIENT_ID] [YEAR] [FORM]:
1) Compare YoY: AGI, taxable income, federal + state liability, refund / balance due — flag any line item with year-over-year change > 25% or absolute change > $5,000
2) Verify positions taken meet IRS Circular 230 §10.34 (more-likely-than-not / substantial authority / reasonable basis with disclosure) — produce a position memo if any return position is below substantial-authority
3) Run the AICPA Statement on Standards for Tax Services (SSTS) checklist
4) §6694 preparer-penalty exposure scan (unreasonable position, willful or reckless conduct)
5) §6662 substantial-understatement / accuracy-related penalty scan
6) State residency + nexus check (Wayfair + state economic nexus + convenience-of-employer NY/PA/DE/NE/CT)
7) Required disclosures (Form 8275, 8275-R, 8867 EITC due-diligence, 8821, 2848)
8) E-file readiness + signature workflow (Form 8879)
Return a signed-off review memo. The partner signs the return; AI does not.
4) Audit fieldwork + journal-entry testing + AI confirms
You are the audit senior. For engagement [CLIENT] [PERIOD]:
1) Risk-assessment refresh per AU-C 315 + SAS 145 — flag changes in business, IT environment, fraud-risk factors
2) Journal-entry full-population testing via MindBridge / Caseware IDEA / Validis / Inflo — flag manual entries, period-end / weekend / holiday entries, round-dollar entries, entries above threshold, entries with one-sided characteristics
3) Three-way match testing on AP via DataSnipper / Suralink AI — sample size per AU-C 530
4) AI-assisted confirmations (Confirmation.com, Suralink, Validis Connect) — flag any non-response, partial response, or discrepancy
5) Analytical procedures with full-population data (gross margin %, days sales outstanding, days payable outstanding, inventory turns) vs prior period and industry benchmark
6) Workpaper documentation: AI tool used, parameters, exceptions, auditor disposition + sign-off — required by PCAOB AS 1105 + AS 1215 + AICPA AU-C 230
7) Quality-control sign-off per PCAOB QC 1000 (effective Dec 15 2025 for issuer audits) or AICPA SQMS No. 1
The audit partner signs the opinion; AI does not.
5) Advisory + tax planning brief (§199A / §1031 / §1202 / §41 R&D / cost-seg)
You are the advisory partner. For client [NAME] entity [TYPE]:
1) §199A QBI: SSTB classification, threshold ($383,900 MFJ / $191,950 single 2024 indexed) + phase-in, W-2 wages + UBIA, aggregation election (1.199A-4)
2) §1031 like-kind: real-property only (TCJA), 45-day ID + 180-day exchange, QI selection, related-party trap §1031(f), boot, DST/TIC alternatives
3) §1202 QSBS: 5-yr holding, eligible C-corp, $50M gross-asset limit at issuance, §1045 rollover, $10M / 10x basis exclusion, state conformity (CA + PA + NJ + AL nonconformity)
4) §41 R&D credit: 4-part test, qualifying activities, ASC method (14% × QRE excess) vs regular (20%), §174 capitalization 5-yr / 15-yr (TCJA + 2025 extender status), payroll-tax election for QSB
5) Cost-segregation: §1245 + §1250 reclass, partial-disposition election §1.168(i)-8, §179 + bonus phase-down (60% 2024, 40% 2025, 20% 2026, 0% 2027 unless Congressional action)
6) S-corp reasonable comp: industry comp study (RCReports, BizComps), §162 + §1.162-7 + Watson v. Comm'r (TC 2010), distribution vs salary mix
7) Retirement: SEP, Solo 401(k), Cash Balance + DB combo, SECURE 2.0 changes (mandatory Roth catch-up ≥ $145k wages 2026, auto-enrollment, 529-to-Roth rollover)
Output a 2-page client-facing memo + a 1-page risk / authority appendix. Cite §, Reg, case, Rev Rul, Notice. Never represent AI-generated authority without verifying it exists (Mata v Avianca + Park v Kim 2d Cir 2024 + Morgan & Morgan 2025 sanctions).
6) FinCEN BOI / 1099 / W-2 / state filing workflow
You are the compliance lead. For the firm's filing workload:
1) FinCEN BOI status: confirm current rule on FinCEN.gov (post-March 2025 interim rule narrowed to foreign reporting companies — domestic exempt pending further rulemaking). For each client entity, classify: foreign-reporting / domestic-exempt / dissolved / opted-into-voluntary-filing. Send client instruction letter + e-sign authorization. File via FincenFetch / FileForms / Wolters Kluwer CCH BOI / Thomson Reuters CS BOI.
2) 1099 filings (1099-NEC due Jan 31, 1099-MISC due Feb 28 paper / Mar 31 e-file): pull AP vendor list from QBO / Xero / Sage Intacct, match to W-9 + TIN-match via IRS TIN matching, file via Track1099 / Tax1099 / Yearli, deliver to recipients
3) W-2 / W-3 (due Jan 31): pull from payroll provider (Gusto / Rippling / ADP / Paychex / Paycom / Justworks)
4) State filings: state income tax + sales/use tax (Avalara / Sovos / Vertex), state unemployment (SUTA), state new-hire reporting, state annual report
5) 1042 / 1042-S / 8804-8805 for foreign withholding
6) Form 5471 / 5472 / 8865 / 8858 for international ownership
7) FBAR FinCEN 114 + Form 8938 FATCA
Track every filing with deadline + status + confirmation # + signed Form 8879 / 8453 / state e-sign authorization. Late-filing penalties: 1099 $60-$330/form (FY 2026 indexed) + intentional disregard $660+/form, W-2 same range, BOI $591/day inflation-adjusted.
7) FTC Safeguards Rule WISP + IRS Pub 4557 + breach response
You are the firm's qualified individual. Produce / refresh the Written Information Security Plan (WISP) per FTC Safeguards Rule 16 CFR 314 (2023 + 2024 amendments) + IRS Pub 4557 + Pub 5708 + state-specific (NY 23 NYCRR 500 + MA 201 CMR 17 + CA CCPA/CPRA + WA My Health My Data — N/A here but conceptually):
1) Risk assessment (annual): inventory of customer info, threats, vulnerabilities, controls
2) Access controls: MFA on every system handling customer info (FTC 2024 amendment), least-privilege, quarterly access review
3) Encryption: at-rest + in-transit on all customer info (FIPS 140-2 / 140-3)
4) Secure software development + change management
5) Vendor oversight: every third-party (cloud, e-file transmitter, AI tool) signed BAA-equivalent + SOC 2 Type II + annual review
6) Incident response plan: detect / contain / eradicate / recover / lessons-learned + 30-day notification to FTC for breach affecting 500+ consumers + state AG + IRS Stakeholder Liaison + state board of accountancy
7) Annual report to owner / board (FTC 2023 amendment)
8) Employee training: KnowBe4 / SANS / annual phishing simulation + IRS Security Awareness Training
9) Incident response tabletop annually
10) Change to PTIN: written data security plan as condition of holding PTIN
Output the current WISP with version, owner, last-review-date. Flag any gap.
8) Client status letter + value-added insights
You are the engagement partner. For client [NAME] this month, produce a 1-page status letter:
1) Completed: returns filed, audits issued, advisory deliverables, FinCEN / 1099 / payroll handled
2) Open: returns drafted awaiting client signature, audit fieldwork in progress, advisory questions outstanding
3) Next 30 days: estimated-tax payment date, payroll filing, sales-tax filing, BOI status, board meeting, any quarterly review
4) Tax-planning observations: §199A optimization, retirement contribution capacity, S-corp reasonable comp adjustment, SECURE 2.0 mandatory Roth catch-up, §1031 timing window, depreciation (bonus phase-down), R&D credit capture, state nexus exposure
5) Risk paragraph: any significant tax position, any cybersecurity incident, any unfiled return, any outstanding IRS / state notice
6) Fee status: prior-month invoice paid, current WIP, retainer balance
Plain English + dollar amounts where possible. Do NOT use boilerplate disclaimer language that hides risk.
9) State-board-compliant ad + AICPA marketing
You are the marketing lead. Draft ad copy variants for Google Ads + LinkedIn + LSA + GBP + AICPA Find-A-CPA + state society directory for [SERVICE_LINE] in [STATE]:
1) State board of accountancy ad rules: license # + firm registration + state-board permit verbatim, no false / misleading / deceptive (every state CPA practice act + AICPA ET §1.400/§1.500/§1.600), no "guaranteed refund" / "lowest tax" / "audit-proof" claims, no comparative claims vs named CPA firms without substantiation
2) AICPA Code of Professional Conduct ET §1.400 advertising + §1.500 commissions/referral fees + §1.600 form-of-organization-and-name
3) FTC Endorsement Guides 2023 + 2024-2025 + Fake Reviews Rule 16 CFR 465 — $51,744/violation FY 2026 — no incentivized reviews, material-connection disclosure on testimonials
4) Specialization claims: only state-licensed in PFS / ABV / CFF / CITP / CGMA disciplines if certificant, or "experienced in" / "focuses on" for non-certificant areas
5) FTC Act §5 UDAP + state UDAP — no "free consult" if there's a hidden retainer
6) Accessibility: WCAG 2.1 AA on firm website
Output 3 headline + 3 body + 1 CTA + image-caption brief + state-board pre-publication review note.
10) Owner monthly scorecard (the number)
Produce a 1-page firm-owner monthly scorecard:
- Realization: budgeted hours vs billed hours by partner / manager / senior / staff, write-down %, write-up %, target 60-70% realization
- Effective billing rate: $ collected / hour worked, target > $200/hr partner, > $150/hr manager, > $100/hr senior
- WIP + AR aging: 0-30 / 31-60 / 61-90 / 90+, days sales outstanding, target DSO < 45 days
- Pipeline: new clients onboarded, lost clients, net retention, referral source mix
- Service mix: tax / audit / advisory / CAS / other gross revenue + margin
- Compliance: license renewal runway, CPE deficit, peer-review cycle, PCAOB inspection (if applicable), SOC 2 Type II expiration, WISP last-review date
- Capacity: % of staff > 50 hrs/wk during busy season, OT cost, turnover trailing-12, partner succession plan progress
- Risk: open IRS / state notices for clients, any §6694 / §6695 exposure event, any cybersecurity event, any malpractice claim filed
- Tech: AI tool ROI (hours saved / $ subscription), client portal adoption %, e-sign rate
Flag the 3 highest-priority issues for next month. No more.
Compliance floor (2026) — do not ship without these
- IRS Circular 230 (31 CFR Part 10) — §10.22 due diligence, §10.34 standards for tax returns, §10.35 covered opinions removed but advice standards remain in §10.37, §10.50 sanctions. Every signing CPA + EA + attorney is bound; AI does not sign.
- IRC §7216 + Reg §301.7216-1/-2/-3 — disclosure or use of taxpayer information requires written consent. Criminal misdemeanor + $1,000/violation + 1 year. Sending data to a non-tenant AI tool without §7216 consent is a violation.
- IRC §6694 + §6695 + §6713 + §7407 — preparer penalties for understatements, due-diligence failures, and disclosure violations. §6694(a) $1,000 or 50% of fee for unreasonable position; (b) $5,000 or 75% for willful/reckless.
- AICPA Code of Professional Conduct — Independence (ET §1.200), Integrity & Objectivity (§1.100), Confidential Client Information (§1.700), Advertising (§1.400), Form of Organization & Name (§1.600). Plus AICPA Statements on Standards for Tax Services (SSTS) + AICPA SSARS for compilations / reviews.
- State board of accountancy — every state has a separate CPA practice act + ad rules + CPE requirements + peer-review requirement (typically 3-yr cycle for firms doing A&A). License # + firm registration + permit on every ad. Some states (CA, NY, TX, FL) have specific AI-disclosure or AI-use guidance — confirm state-specific rules.
- PCAOB AS 1015 / 1105 / 1215 / 2110 + QC 1000 — applies to firms registered with PCAOB doing audits of issuers + broker-dealers. QC 1000 effective Dec 15 2025. Annual Form 2 filing. PCAOB inspection cycle annual (firms > 100 issuer audits) or triennial (smaller).
- GLBA + FTC Safeguards Rule 16 CFR 314 (2023 + 2024 amendments) — every CPA firm is a financial institution. WISP, qualified individual, MFA, encryption, vendor oversight, IR plan, annual report, FTC notification within 30 days of breach affecting 500+ consumers.
- IRS Pub 4557 + Pub 5708 — written data security plan as condition of holding PTIN. Failure to comply can result in PTIN revocation.
- FinCEN BOI 31 U.S.C. §5336 + 31 CFR 1010.380 — confirm current rule status (March 2025 interim rule narrowed to foreign reporting companies; domestic exempt pending further rulemaking). $591/day civil penalty + criminal up to $10,000 + 2 years for willful violation if rule applies.
- Mata v Avianca SDNY 2023 + Park v Kim 2d Cir 2024 + Morgan & Morgan 2025 sanctions — citation verification mandatory; fabricated AI citations / authority lead to court sanctions, state-bar / state-board referral, and §6694 preparer-penalty exposure.
- State data-breach notification — 50-state patchwork (CA Civ. §1798.82, NY GBL §899-aa, MA 93H, TX BCC §521, FL §501.171, IL 815 ILCS 530, etc.). Notify affected residents + state AG + national consumer reporting agencies if > 500 / state threshold.
- FTC Act §5 UDAP + state UDAP + FTC Endorsement Guides 2023 + Fake Reviews Rule 16 CFR 465 ($51,744/violation FY 2026) — no false / misleading / deceptive ad claims, no incentivized reviews, material-connection disclosures on testimonials.
60-day AI rollout for a 5-25 person CPA firm
- Days 1-5: Inventory current tech stack. Pick one client portal (Liscio / Canopy / TaxDome / Karbon AI / SafeSend) and migrate active engagements. Engagement letter + §7216 consent template (Prompt 1) attorney-reviewed.
- Days 6-15: Document AI seat for tax team (CCH Document AI / SurePrep TaxCaddy / GruntWorx) on next 50 returns (Prompt 2). Measure scan-and-populate accuracy + time saved.
- Days 16-25: Tax-return review checklist (Prompt 3) live. Reviewer signs on the AI-flagged-only basis. §6694 + Circular 230 due-diligence documentation in every return file.
- Days 26-35: Audit fieldwork AI (MindBridge / DataSnipper / Suralink AI / Caseware IDEA) on next 5 audits (Prompt 4). PCAOB QC 1000 / AICPA SQMS workpaper template updated.
- Days 36-42: Advisory + planning AI (TaxPlanIQ / Holistiplan / FP Alpha / CoCounsel Tax / Blue J) on top 20 clients (Prompt 5). Memo + risk-appendix output.
- Days 43-48: FinCEN BOI + 1099 + state filing workflow (Prompt 6) automated. Compliance lead has dashboard.
- Days 49-54: WISP refresh (Prompt 7) + MFA on every system + vendor oversight cycle + IR tabletop. KnowBe4 phishing simulation. PTIN data-security-plan attestation.
- Days 55-60: Owner monthly scorecard (Prompt 10) live. Marketing audit (Prompt 9) state-board reviewed. First quarterly review meeting set.
8 mistakes that sink CPA-firm AI projects
- Pasting client tax data into a public ChatGPT / Claude / Gemini / Copilot consumer tier — IRC §7216 violation + AICPA confidentiality breach + FTC Safeguards violation + state-board referral.
- Letting AI sign or e-file a return — IRS Circular 230 + §6694 require a human preparer who has reviewed and signed.
- Citing AI-generated cases / Rev Ruls / Notices without verifying they exist — Mata v Avianca + Park v Kim 2d Cir 2024 + Morgan & Morgan 2025 sanctions + state-board referral.
- Skipping the §7216 written consent before sending data to a third-party AI tool — even with a BAA-equivalent, §7216 still requires separate consent for tax-preparer disclosure / use.
- Running audit fieldwork through AI without documenting the auditor's professional judgment in the workpaper — PCAOB AS 1215 / AICPA AU-C 230 violation.
- No WISP + no MFA + no vendor oversight — automatic FTC Safeguards Rule violation + PTIN at risk + uninsurable.
- Advertising "guaranteed refund" / "audit-proof" / "lowest tax" — state board of accountancy + FTC Act §5 + AICPA ET §1.400 violation.
- No peer review on schedule (3-year cycle for A&A firms) + no firm SQMS + no PCAOB QC 1000 implementation by Dec 15 2025 — license + registration risk.
FAQ
Can a CPA firm legally use AI to prepare a 1040 or 1120?
Yes — but the CPA preparer signing the return is fully responsible under IRS Circular 230 §10.22 (due diligence) and §10.34 (standards for tax returns), and the firm must comply with IRC §7216 + Reg §301.7216-1/-2/-3 on disclosure or use of taxpayer information. Sending client tax data to a non-BAA-equivalent third-party model without §7216 written consent is a criminal misdemeanor + $1,000/violation + 1 year. Use AI tools that contractually keep data inside the firm tenant (CCH Axcess Beta + Document AI, UltraTax CS + AI, Drake AI, Lacerte AI, CoCounsel Tax, Blue J, TaxGPT BAA-tier) and review every AI-drafted line before signing.
Does the FTC Safeguards Rule apply to small CPA firms?
Yes — every CPA firm that prepares tax returns or provides financial advice is a 'financial institution' under GLBA + FTC Safeguards Rule 16 CFR 314 (2023 + 2024 amendments). Required: written information security program (WISP), qualified individual, risk assessment, MFA, encryption at-rest + in-transit, access controls, vendor oversight, incident response plan, annual report to board / owner, and notification to the FTC within 30 days of any breach affecting 500+ consumers. IRS Pub 4557 + Pub 5708 also require a written data security plan as a condition of holding a PTIN.
What's the FinCEN Beneficial Ownership Information (BOI) reporting status in 2026?
After the Corporate Transparency Act 31 U.S.C. §5336 + 31 CFR 1010.380 was enjoined and re-enjoined through 2024-2025, FinCEN issued an interim final rule March 2025 narrowing scope to foreign reporting companies only — domestic entities are currently exempt from BOI filing pending further rulemaking. CPA firms should still maintain BOI workflow capability (FincenFetch, FileForms, BOIfincen.com, Wolters Kluwer CCH BOI, Thomson Reuters CS BOI) and document client-instruction letters because the rule status can change with administration or congressional action. Confirm current status on FinCEN.gov before advising clients.
How does AI fit into PCAOB-registered audit work vs AICPA non-issuer audits?
PCAOB AS 1015 (due professional care) + AS 1105 (audit evidence) + AS 2110 (risk assessment) + the new PCAOB QC 1000 (firm quality control, effective Dec 15 2025) require documented evaluation of any AI tool used in audits of issuers. AICPA AU-C 315 (revised, effective for periods ending Dec 15 2023 and later) + AU-C 500 + SAS 145 govern non-issuer audits — AI-assisted journal-entry testing, full-population analytics, anomaly detection (MindBridge, Caseware IDEA, AuditBoard, Validis, Suralink, Inflo, DataSnipper, Numeric, MazarsAI). Workpaper documentation must show what the AI did, what the auditor reviewed, and the auditor's professional judgment — AI does not sign the opinion.
What ROI can a 5-25 person CPA firm expect from AI in the first 12 months?
Realized gains in well-run firms: 30-50% reduction in tax-prep first-pass time (Document AI scan-and-populate + AI review of K-1s, 1099s, brokerage 8949s), 20-40% faster audit fieldwork (DataSnipper, MindBridge, Suralink AI confirm), 1.5-3x advisory / CAS capacity per partner (CoCounsel Tax + Blue J + TaxPlanIQ + Holistiplan + FP Alpha for §199A / §1031 / §1202 / R&D §41 / cost-seg / entity-choice memos), 50%+ faster client onboarding (Liscio + Canopy + TaxDome + Karbon AI). The owner monthly scorecard (Prompt 10) is where the realization rate, write-down %, and partner billable hours actually move.
Sources + further reading
- IRS Circular 230 (31 CFR Part 10) + IRS Pub 4557 + IRS Pub 5708
- IRC §7216 + Treas. Reg. §301.7216-1/-2/-3 + IRC §6694 + §6695 + §6662 + §6713
- AICPA Code of Professional Conduct (ET §1.100/.200/.400/.500/.600/.700) + Statements on Standards for Tax Services (SSTS) + SQMS No. 1 + AU-C 230/315/500/530 + SAS 145
- PCAOB AS 1015 / AS 1105 / AS 1215 / AS 2110 + QC 1000 (effective Dec 15 2025)
- GLBA 15 U.S.C. §6801 + FTC Safeguards Rule 16 CFR 314 (2023 + 2024 amendments)
- FinCEN BOI 31 U.S.C. §5336 + 31 CFR 1010.380 + March 2025 interim final rule
- SECURE 2.0 Act + IRC §199A + §1031 + §1202 + §41 + §174 + §168(k) bonus phase-down
- Mata v Avianca SDNY 2023 + Park v Kim 2d Cir 2024 + Morgan & Morgan 2025 citation-verification sanctions
- FTC Act §5 UDAP + FTC Endorsement Guides 2023 + Fake Reviews Rule 16 CFR 465
- State boards of accountancy (CA, NY, TX, FL, IL, etc.) + AICPA Find-A-CPA