· Essays

The thinking behind the courses.

Positions on the questions every firm is asking about AI, written for the practitioners doing the work, not for an IT department that does not exist. No hype, no vendor pitch.

• / 01

  What about security?

  What every firm should know before letting AI touch client work.

  Where the real risk lives, why two tools labeled “AI” can have opposite risk profiles, the controls that contain it, and what the AICPA Code, Circular 230, §7216, the FTC Safeguards Rule, and the SSTS already require.

  ~10 min

  Read →

• / 02Account to read

  The rules already apply, they just don’t spell it out

  What the standards require today, and where they go quiet on AI.

  The WISP, the FTC Safeguards Rule, §7216, the AICPA Code, and the SSTS already bind you, but no comprehensive AI-specific standard exists yet. What’s required, where the gaps are, and how a careful firm navigates both.

  ~12 min

  Read →

• / 03Coming soon

  Which AI, and how to set it up safely

  The tools you already trust, the AI already inside them, and how to bring a new one up to the same bar.

  You already hand full client files to QuickBooks, your tax engine, and your DMS under contract. The AI inside those is already in your trusted-vendor perimeter, and a standalone assistant can join it. Tiers, no-training terms, zero data retention, a signed DPA, and where anonymizing stops being enough.

  ~13 min

  In the works

• / 04Coming soon

  Your firm’s one-page AI policy

  Approved uses, prohibited inputs, and the controls that fit on a single page.

  A practical, editable AI policy a solo or small firm can adopt the same week, approved tools, the anonymize-first rule, human-review requirements, and vendor selection criteria.

  ~9 min

  In the works