Resources

Templates to start from, free to take and adjust for your own workflows and practices.

Practical, customizable documents for the modern firm: an AI use policy, a security plan structured to the FTC Safeguards Rule, client disclosure language, and a vendor checklist. Written by a practicing CPA, not a vendor selling something. Adapt them to your firm.

Templates

Firm policy & compliance templates

Free Word documents with bracketed placeholders to fill in. Each is a starting point only, not legal or compliance advice, and adopting one as-is does not make your firm compliant. Customize it to your firm and have your own counsel review before relying on it.

AI Governance
Firm AI Use Policy

A written policy governing how your team uses AI tools: approved tools, permitted and prohibited uses, client-data rules, human review, and disclosure. The piece almost no firm has yet.

For: any firm adopting AI tools.

  • Approved-tools list and acceptable-use rules
  • Client confidentiality and IRC 7216 guardrails
  • Human-review responsibility and a staff acknowledgment
Download .docx
Data Security
WISP Template

A Written Information Security Plan structured to the FTC Safeguards Rule (16 CFR Part 314), which paid tax preparers are required to maintain. Aligned with IRS Publications 4557 and 5708.

For: tax preparers and any firm holding client financial data.

  • Qualified Individual, risk assessment, and safeguards
  • Incident response plan and service-provider oversight
  • Training, testing, and annual evaluation
Download .docx
Client Communication
Client AI Disclosure

Plain-language wording for telling clients how you use AI in their engagement, with both a standalone notice and an engagement letter clause. Built to respect confidentiality and consent obligations.

For: firms that want to be transparent with clients.

  • Short plain-language client notice
  • Drop-in engagement letter clause
  • Optional client consent line
Download .docx
Vendor Diligence
AI Tool Vendor Checklist

A due-diligence checklist for evaluating an AI vendor before you adopt it: data handling, training opt-out, security attestations, retention, and contractual terms. Pairs with the AI Use Policy.

For: whoever vets new software at your firm.

  • Data handling, training, and sub-processor questions
  • Security, SOC 2, and incident-response checks
  • Compliance, contract, and re-review tracking
Download .docx
Guides

Deeper how-to guides

Longer walkthroughs for putting AI to work in a firm.

Claude Code for accountants

A practical guide to using Claude Code in a real practice: what it is, how to set it up safely with client data in mind, and the workflows that actually save time.

Read the guide

These templates are provided for general informational and educational purposes only. They are starting points, not legal, tax, or compliance advice, and neither downloading nor using them creates a client, advisory, or professional relationship. They are provided "as is," without warranty of any kind, and Charles J Barmore CPA PC disclaims all liability arising from their use. Using a template does not by itself make your firm compliant with the FTC Safeguards Rule, IRS requirements, professional standards, or any other law or regulation; compliance depends on how your firm adapts, implements, and maintains it. Every firm is different. Laws, regulations, and professional standards change and vary by jurisdiction. Review and adapt each document to your firm's facts and have your own legal counsel and advisors review it before relying on it.

Want help putting these to work?

Templates are a start. If you want AI actually implemented in your firm, safely and with the controls these documents describe, let's talk.