The fundamental principles of risk management for CPAs have remained remarkably consistent over the years, despite the variety and complexity of changes that continue to take place in regulatory and professional standards. This constancy is mainly due to the high expectations the public has for CPAs. Their assumptions of how CPAs should conduct themselves affect the way CPAs are perceived in the world of professional liability, where jurors, judges and arbitrators generally have a limited understanding of the accounting profession.
Judgments and verdicts rendered in liability disputes create what are sometimes referred to as “jury” or “claims” standards, which have almost always been higher than the standards the profession has established for itself. CPAs who pay proper attention to their professional liability exposures will be gearing their risk management techniques not only to what the profession expects of them, but also to what the public expects of them.
Most liability problems are preventable, and they often arise when CPAs don’t follow basic risk management guidelines. Here are summaries of three main areas of concern:
1) Client screening. CPA firms should re-evaluate relationships with current clients on a regular basis—at least annually. Changes in a client’s business may lead the client in a direction that causes the firm to reconsider the relationship, especially if the firm is not interested in or qualified to perform the work. Claims data show that “dabbling” in work outside the firm’s primary area of expertise is dangerous.
What’s more, when the firm itself changes, its client base may also need to change. The loss of a partner with expertise that other partners don't possess will require a decision by the firm regarding continued service to the former partner’s clients.
Consider all client situations carefully in order to spot potential conflicts of interest, which may affect the firm’s objectivity or independence—even if it’s not engaged to do attestation work. Examine potential or actual conflicts of interest from a broad point of view, considering the client’s perspective, as well as those of other stakeholders such as owners, investors, partners, beneficiaries and spouses. Troublesome scenarios can include a partnership breakup, a failed investment, bankruptcy, a trust, merger, divorce or anything else that can create opposing or disappointed factions.
2) Engagement letters/documentation. CPAs must reach an understanding with the client about the engagement, and that understanding should be memorialized in writing with an engagement letter. At the very minimum, the letter should cover the nature of the work, the limitations of the work, the expectations the CPA has of the client and the work to be performed by other professionals.
CPAs should also document the engagement as it evolves and changes, indicating advice given and decisions made. In some engagements, an “informed consent” letter clarifies that the CPA will advise and inform, and the client then decides. With this letter, it is difficult for claimants to make it appear that the CPA made the decisions.
Firms should have a record retention policy in writing and apply it consistently to all clients. Claims experience shows that good documentation and record retention are crucial components of a firm’s defense against a lawsuit.
The engagement letter should also contain a stop-work clause. When enforced, it will prevent unpaid fees from building up to the point where the firm wants to sue for them, or where the firm is in financial distress. Such lawsuits tend to lead to the client suing the CPA for malpractice—and the resulting legal fees incurred and the billable time lost by the firm almost always exceed the amount of fees owed to the firm. Alternative dispute resolution clauses, such as a mediation clause for all disputes and an arbitration clause for fee disputes only, are quite helpful in resolving disputes without court intervention.
Document the firm’s advice and warnings to clients of their exposures to fraud and how to guard against it. If the firm is comfortable providing such a service, offer to help clients address their exposures. It is much more difficult to defend CPAs against claims when advice and warnings to the client about fraud have not been documented.
3) Disengagement. Proper client disengagement procedures should be used in order to avoid causing a loss for the client. When the firm decides to disengage, the relationship should be terminated professionally and formally, in writing. At a minimum, the disengagement letter should always contain—
- a clear statement that the firm is disengaging and the effective date of the disengagement;
- a description of any work that is in process or unfinished; and
- a statement of any due dates or filing deadlines with regard to the work, whether finished or unfinished.
Often, it is essential to provide ample lead time before a client’s deadlines so as to better protect the firm from a claim or from being forced to provide some crucial services before disengaging. A successful disengagement can leave the client believing that the firm acted in the best interests of both parties.
Effective communication is a key factor in any CPA–client relationship. When the firm stays informed and in control, it is better protected. In the end, good risk management is good practice management and will help the firm enhance its clientele and avoid liability.
Randy R. Werner, CPA, J.D., LL.M./Tax, is a loss prevention executive with Camico. She responds to Camico loss prevention hotline inquiries and speaks to CPA groups on various topics.
For information on the Camico program, call Camico directly at 800-652-1772, or contact: (Upstate) Reggie DeJean, Lawley Service, Inc., 716-849-8618, and (Downstate) Dan Hudson, Chesapeake Professional Liability Brokers, Inc., 410-757-1932.