Partners rarely search for AI tools first. They search for permission: what do CA ANZ and CPA Australia actually expect, what does a defensible policy look like, and how do we let staff use these tools without a Privacy Act incident carrying penalties that now reach $50 million for companies. This is that digest, written to be turned into a one-page policy this week. Both bodies update their guidance regularly, so treat this as the shape of their position and check the current versions before you adopt.
What the professional bodies converge on
Read CA ANZ's AI resources and CPA Australia's practice guidance side by side and the same themes repeat. Members remain fully responsible for work products regardless of what tools prepared them. Confidentiality obligations under APES 110 do not relax because software is clever: putting client information into a tool is a disclosure decision. Competence cuts both ways, meaning members should understand the tools well enough to supervise them, and wilful ignorance of AI is itself becoming a competence question. And transparency with clients is encouraged: not a disclaimer on every email, but a clear answer when asked how the firm uses AI. None of this bans anything. Both bodies frame AI as legitimate professional tooling that needs the same governance as any other delegation, which is roughly how a firm should already treat a junior preparer.
The one-page policy, section by section
Permitted tools and accounts: named tools on business plans with training off; consumer accounts prohibited for client work, stated plainly
Client data rules: what may enter a prompt, what must be redacted, and the scoped-folder principle for agent tools
Consent: one paragraph added to the engagement letter template covering the use of AI tools under confidentiality obligations
Review: every AI-prepared output reviewed by a person with authority to sign it; declarations and lodgement always human
Disclosure posture: the agreed answer staff give when a client asks
Training and ownership: who owns the policy, how staff learn the tools, and when the policy gets reviewed
Incidents: what staff do the moment something goes into a tool that should not have
Seven sections, one page. A policy longer than that stops being read, and a policy nobody reads governs nothing.
The three mistakes that create shadow AI
Banning everything: staff do not stop using AI, they stop telling you, and the firm inherits consumer-account risk with zero visibility
Writing policy without provisioning tools: a rule that says use approved tools only, where no approved tool exists, is a ban wearing a lanyard
Policy as a one-off document: tools change monthly; a policy with no owner and no review date is out of date by the second quarter
The pattern across all three is the same: governance that fights the tide creates exactly the risk it was written to prevent. The firms with the least shadow AI are the ones that made the sanctioned path genuinely better than the unsanctioned one.
Rolling it out without a revolt
The rollout matters as much as the wording. Announce the policy alongside the tools it permits, not before them, so the first thing staff hear is what they can now do. Have the most respected senior in the practice, not the most enthusiastic one, present the review requirements; the standard lands differently coming from the person everyone already trusts on quality. Run one honest session on what the tools do badly, because staff who have seen the failure modes supervise better than staff who have only seen the demo. And put a review date on the policy itself, three months out for the first cycle, so everyone knows the rough edges will be revisited rather than argued about in the corridor. A five-partner firm can do the whole exercise, policy drafted, tools provisioned, staff briefed, in a fortnight for less than $5,000 all-in, which is cheaper than a single privacy near-miss and considerably cheaper than the quiet chaos of fifteen staff freelancing on personal accounts.
Mapping to the legal layer
For Australian firms the policy sits on top of the Privacy Act 1988 APPs, with cross-border disclosure documented and the vendor's data processing agreement as the contractual basis, and beside the Tax Agent Services Act code of conduct on confidentiality and competence. New Zealand firms map the same structure to the Privacy Act 2020. The professional-body guidance, the privacy law and the tax agent rules all point at the same operational controls: scoped access, named tools, human review, written consent. One set of habits satisfies all three masters, which is why the one-page policy is achievable at all.
From policy to practice
A policy without provisioned tools is theatre, and tools without a policy is exposure; do both in the same fortnight. A fixed-fee Claude Cowork setup at $3,500 deploys the governed version by construction: scoped folders, named connectors, drafts never auto-sent. Book a brainstorm call and we will bring a policy skeleton your partners can argue about productively for half an hour and then actually adopt.
This article is part of AI for Accountants in Australia, the complete guide from Automata AI, a Sydney-based Claude consultancy and the automation partner accounting firms across Australia and New Zealand use to put Claude Cowork into production. The approach in every guide is the same: Claude does the preparation, your people keep the judgment.



