by CPAs: Are We a Business or a Profession?
Andrew B. Blackman, Mitchell Freedman, and John Levy
outsourcing of tax return preparation to India and other
countries is growing exponentially. The practice raises
many questions for professionals and practice units engaged
in or contemplating engaging in this process. Some questions
are economic, some practical, some administrative, and,
most important, some are ethical.
the preamble to the AICPA Code of Professional Conduct does
not specifically address this topic, it lays a solid foundation
on which to build any arguments, pro or con: .01 Membership
in the American Institute of Certified Public Accountants
is voluntary. By accepting membership, a certified public
accountant assumes an obligation of self-discipline above
and beyond the requirements of laws and regulations.
.02 These Principles of the Code of Professional Conduct
of the American Institute of Certified Public Accountants
express the profession’s recognition of its responsibilities
to the public, to clients, and to colleagues. They guide
members in the performance of their professional responsibilities
and express the basic tenets of ethical and professional
conduct. The Principles call for an unswerving commitment
to honorable behavior, even at the sacrifice of personal
advantage. [ Emphasis added]
is occurring throughout the business community in a variety
of ways. Within the CPA profession, it is most prominent
in the growing practice of having tax returns prepared by
third parties who are not under the direct control of a
is a common scenario: The U.S. CPA, who has the client relationship,
collects relevant documentation and other information from
the client, as has been customary. This information is converted
into an electronic format, usually by scanning. The electronic
information is transmitted to the outsourcing service provider
via the Internet, probably but not necessarily using various
security measures such as encryption.
outsourcing service provider then uses the transmitted information
to prepare preliminary work product, typically federal,
state, and local income tax filings or general ledger accounting,
using commercially available software. The completed tax
preparation or general ledger files are transmitted from
the outsourcing service provider to the CPA via the Internet.
Finally, the CPA reviews and adjusts the work product, then
completes and delivers the final product to the client.
of outsourcing state that the cost to the CPA of servicing
a client using an outsourcing service provider is substantially
less than the comparable cost of preparing the same product
using only in-house staff. Another stated advantage of this
type of outsourcing is that it addresses the often severe
problem of finding the competent seasonal staff necessary
for in-house tax preparation.
issues arise from these circumstances. First, at least part
of the outsourcing service is typically located outside
the United States. Consequently, the contractual relationship
between the CPA, the outsourcing service provider, and the
employees or subcontractors of the service provider may
become subject to interpretation and resolution under a
legal system other than that of the United States, despite
contractual agreements to the contrary.
staff of the outsourcing service provider are not employees
or even subcontractors of the CPA, and are not under the
control of nor directly supervised by the CPA. Although
representations are made to the CPA about the qualifications
and experience of the staff and about the technology the
service provider uses, as well as the controls used in the
outsourcing process, the CPA seldom has practical means
to confirm those representations or to monitor the outsourcing
service provider’s practices. Even when the CPA does,
there can be no assurance that the controls will remain
state and federal laws and regulations impose special obligations
on CPAs for controlling and safeguarding clients’
financial information. In addition to the Federal Privacy
Act, state laws impose substantial responsibility on the
holder of financial information. Consequently,
some consumer protections either may not be delegated or,
if delegated, may require informed consumer consent. At
least some CPAs probably use procedures or controls in addition
to those described.
transmissions and computer storage, even using the highest
available security measures, have some risk of being compromised.
Basic tax information will contain the name, address, and
Social Security or federal employer identification numbers
of clients and dependents. To the extent that transmitted
information includes scanned images of client documents,
it will typically contain additional information that identifies
the location of the client's assets or credit resources,
the account executive’s name and contact information,
financial account numbers, year-end balances, or usage histories.
Most modern general ledger software packages contain similar
information for third parties.
process of converting client data into a competently prepared
tax filing requires experience and the exercise of judgment.
Proper business accounting usually requires substantial
knowledge of the client’s business and operations
that foreign outsourcers are unlikely to possess.
professional standards related to outsourcing have been
interpreted to not require specific disclosures to clients.
Those professional standards, however, predate the Internet,
when a typical outsourcing engagement involved sending punch
cards or input sheets to a service bureau across town. Some
disclosures have been generic and without reference to the
foreign location or the related risks.
arguments can be made that outsourcing makes good business
sense, given the cost savings and the reported unavailability
of adequate competent staff in the U.S., the arguments against
the possible misuse of a client’s personal information
and the inability to pursue claims for any such misuse are
less easily made. These concerns are frequently swept aside
with arguments that transmitting client data to tax preparers
in India is not substantially different from transmitting
data via the Internet within the U.S. Proponents of outsourcing
often dismiss these concerns without adequately weighing
the current world political environment and trends in identity
the overriding issue concerns a professional relationship.
If a CPA is outsourcing work that the client would reasonably
expect to be done by the CPA, then the client has a right
to know that some other group has access to the client’s
information and will be preparing the tax return, even if
present standards can be interpreted to not require such
notice. Clients of a professional should also have the right
to opt out of having their information sent overseas. This
is an issue of doing what is right rather than what is required,
and it is what separates being a professional from being
theft is a large-scale and well-known problem. The type
of information disseminated in the outsourcing services
environment is an identity thief’s dream. Professionals
must be concerned for the potential misuse of this information,
whereas a businessperson would calculate the downside risks
and proceed if they were simply outweighed by the additional
profit potential. Whether the non-U.S. persons accessing
this information are incapable of removing it from their
work premises is not the real issue. The bigger question
is how the client, whose data is possibly being compromised,
will view this possibility.
well-publicized identity theft that is traced back to an
outsourcing arrangement will blow the lid off the perception
that this cannot happen. Will the damaged client, in pursuit
of justice, go looking for the identity thief abroad to
prosecute, or seek out the CPA who permitted this to occur?
While the CPA may in turn have a claim against the outsourcing
service provider abroad, what system of jurisprudence will
come into play to adjudicate the matter, and how long will
it take to rectify? Will whatever justice is wrought actually
satisfy the client, especially if he was unaware of the
CPA’s arrangement with the service provider?
consider that in response to fears of terrorism, the federal
government has raised the bar on U.S. businesses knowing
the parties with whom they do business abroad. Greater degrees
of information are being required by federal authorities
when payments of U.S. dollars flow from American businesses
to foreign accounts. The elements that would allow an identity
thief to steal from a client would also provide any terrorist
with an identity cloak to carry out acts of aggression.
This is an additional risk when evaluating the use of outsourcing
some will find reasons to dismiss each concern expressed
about what terrible things might be done with a client’s
information, they will be harder pressed to dismiss concerns
over such matters coming from a client who hears of this
practice from someone other than the CPA, after the fact.
The best professional course would be to let a client make
an informed decision about who handles personal information.
many businesses are sending less-detailed but sufficiently
rich personal information to enable an identity theft, for
processing or warehousing abroad, the professional nature
of the CPA-client relationship should be substantially different
from the banking (with credit card data) and insurance (with
medical data) industries.
moreover, have historically received a higher level of trust,
which has also allowed them to enjoy a financial premium
for their services. Will nondisclosure of outsourcing be
the next big black-eye that convinces the public that CPA
tax preparers should be controlled like any other business
rather than self-regulated like a profession?
outsourcing may offer substantial economic and staffing
advantages, the profession must examine this practice within
the context of current events. So far, the vast majority
of CPAs have not been directly tainted by the recent scandals,
and they still enjoy the trust and confidence of their clients.
Outsourcing with neither adequate disclosure nor the informed
consent of the client could damage the trust and confidence
CPAs have traditionally enjoyed.
code of ethics requires an unswerving commitment to honorable
behavior, even at the sacrifice of personal advantage. CPAs
that use outsourcing service providers abroad should make
a complete and thorough disclosure to their clients and
allow them to opt out of having their personal information
shared outside of the United States. (The California Board
of Accountancy is considering regulatory changes that would
require clear, written consent before client information
is sent outside the United States.)
to “do the right thing, as a professional” may
not result in its uniform adoption. Unless there is rapid
adoption of modernized professional standards that require
proper disclosure, using specific criteria, then at least
some CPAs will not make comprehensive disclosures out of
concern that their competitors are not. Therefore, while
the spirit of the Code of Professional Conduct may be the
guiding light, only professional and ethical guidance, applicable
to all CPAs, will produce appropriate disclosure and ethical
practice in the marketplace. Additionally,
professional guidance will likely provide a more effective
solution than one provided by governmental authorities,
which could even vary from state to state if not imposed
from the federal level. Professional guidance could cover
areas of contract provisions as well as quality control,
data security, or even the quality of the work product received
from outsourcing service providers.
B. Blackman, CFP, CPA/PFS, Mitchell Freedman, CPA/PFS,
and John Levy, CPA, are founding members