When Client Funds Disappear: Preventing Theft in High-Risk Engagements

By:
Ron Klein, J.D., CFE
Published Date:
Jun 8, 2015

With certain CPA firm engagements, there is a higher risk that a client’s funds may be misused, especially if internal controls are not strong enough to prevent staff from abusing signatory authority that has been entrusted to them. The engagements in question can range from basic bookkeeping and bill paying on behalf of clients, to business management engagements in which the firm has broad control over the client’s financial affairs. Executor/trustee engagements are also prone to the misuse of client funds.

The public perceives CPAs as experts in tracking financial activity and setting up effective internal controls for preventing and detecting fraud. If a CPA firm has neglected to set up adequate controls within its own business and client funds are lost, the client will be more inclined to litigate the matter, knowing that a jury will have high expectations of the CPA’s responsibilities to prevent fraud.

To begin putting appropriate safeguards in place, take the following steps: 

Determine whether the firm has any engagements in which it is controlling client funds. Do any of the firm’s CPAs or their staffs have signatory or check-writing authority over client funds? Who is signing the checks? For what purpose are the checks being signed? 

Find out whether there are any procedures in place for accepting new engagements in which the firm’s CPAs or their staffs have signatory authority over client funds. Who can accept those types of engagements? There should be clear, centralized control over the acceptance process. 

Gain a detailed understanding of those engagements and establish a combination of controls that will prevent the misuse of client funds. The following are examples of good controls:

-Performing a background check on employees who work in check preparation and signing
-Segregating duties (ideally, check preparation, check signing and bank reconciliation should be performed by different individuals)
-Having someone other than the check preparer open bank statements and review them
-Requiring staff in cash disbursement services to take time off
-Having a partner review or perform check preparation and signing (do not be predictable in this process)
-Having a two-signature requirement for all checks in excess of a certain amount (pre-agreed with the client)
-Requiring written authorization for all disbursements
-Requiring the client to review and sign a list of recurring expenditures on a quarterly basis
-Presenting a list of checks disbursed for the client’s review and written approval
-Providing a second partner review of staff and partner activity
-Cross-training employees to review each other’s work
-Restricting access to check registers and statements. 

Utilize screening processes and background checks for employees and partners with signatory authority over significant client funds.

Ensure that there is an engagement letter describing the services being provided, as well as their limitations, and that it has been signed.

 
Executor/trustee engagements

CPAs who act as executors or trustees may have signatory authority over client or trust funds. While executor engagements are generally for a short period of time, trust engagements can last for an indefinite period, depending on the trust agreement. The agreement will appoint the CPA as trustee and will list his or her power and authority. 

The firm should find out whether any of its CPAs are serving as executors or trustees, and whether there are any procedures in place for accepting and monitoring such engagements. Trust engagements tend to be performed by senior members of a firm with little or no oversight from others. 

Claims from trusteeships have been severe over the years, particularly claims involving the misuse of client funds. The most significant internal control over CPA executor/trustee activities is oversight by the partner group, managing partner or a senior member of the firm. 

Additional controls may include requiring—

-quarterly or annual reporting to all interested parties (the grantor if living, other trustees, beneficiaries, attorneys, etc.),
-a file maintained in a normal file system,
-annual review of the engagement,
-two signatures if a co-trustee/executor exists,
-controls established for a co-trustee,
-errors and omissions (E&O) insurance for a co-trustee, and
-the area of responsibility for each trustee to be in writing. 

Another consideration: If the clients are elderly or senior citizens, laws designed to protect elders from fraud may be invoked in order to impose punitive damages and recovery of attorneys’ fees. Furthermore, jurors tend to support strict punishment of financial advisers who defraud the elderly—all the more reason to be sure that the firm has established adequate controls. 

Ron Klein, J.D., CFE, is risk management counsel for CAMICO. He applies his extensive knowledge and expertise of CPA professional liability issues to help CAMICO policyholders practice sound risk management. 

For information on the Camico program, call Camico directly at 800-652-1772, or contact: (Upstate) Reggie DeJean, Lawley Service, Inc., 716-849-8618, and (Downstate) Dan Hudson, Chesapeake Professional Liability Brokers, Inc., 410-757-1932.  

 

Click here to see more of the latest news from the NYSSCPA.