Malpractice risks increase during difficult economic times
By Suzanne M. Holl, CPA
Economic conditions have long had a significant impact on CPA professional liability claims. In light of the current economic challenges, CPAs will need to be prepared and vigilant to minimize the potential for additional liability exposures.
Jury research shows that the public, including clients, perceive that a CPA’s fundamental job is to advise clients about opportunities and to warn them about risks. Juries believe the CPA’s “advising and warning” antennae should be hyper-sensitive during economic downturns. Some even believe “anyone can do a CPA’s job when times are good, but during difficult times — that’s when the CPA really needs to bear down.” In other words, expectations are elevated when economic times are challenging.
For example, when a business experiences a problem during difficult economic times, that client may perceive the CPA as having failed to provide crucial advice and warning. This could cause the client to misplace blame and deflect responsibility.
Also, looking at events in hindsight means history can be rewritten to benefit the client: “Why didn’t my CPA warn me about what was going to happen? I was relying on my CPA’s expertise for financial help.”
Professional skepticism must increase, not only to protect yourself and your client, but to protect other key stakeholders (e.g., the readers of the financial statements, lenders). History has proven that desperate times will cause some clients to take desperate measures, leading to deceit.
Loss prevention tip:
carry the burden of your client’s problems and permit yourself to become a victim of your clients. Loyalty to a client doesn’t take precedence over maintaining your professional standards of integrity, independence and objectivity. It is not worth jeopardizing your reputation or your own financial security in an attempt to mitigate or minimize client dilemmas.
Risk of fraud
Organizations in nearly every sector are cutting expenses and laying off workers. This can compromise existing internal controls and lead to fewer fraud prevention measures. CAMICO’s claims experience has shown that when people perceive an opportunity to commit fraud and get away with it, they are more inclined to defraud.
Fraud also can have a devastating impact on CPAs if firms fail to define the scope of their services and properly respond when fraud is identified or suspected. The public expects CPAs to have a nose for fraud, regardless of the limitations of the engagement. The expectation that CPAs will detect fraud is extremely difficult to meet, but the expectation to advise and warn is much less difficult. By advising and warning clients of their fraud/defalcation exposures and responsibilities, CPAs can minimize their liability.
Regardless of the services performed, CPAs cannot provide absolute assurance that fraud has not been committed.
CAMICO recommends that CPA firms address difficult economic times by:
- Identifying clients that may pose higher risk.
- Increasing the level of professional skepticism.
- Prioritizing defensive documentation, including the engagement letter and written memorialization of significant client meetings and conversations.
Social engineering scams/fraudulent wire transfers
CPAs continue to be at high risk of social engineering attempts due to the type of information firms gather and store, and CAMICO has observed an uptick in the frequency of these attempts. Phishing is one of the more common social engineering scams.
CAMICO has also observed a rise in fraudulent email requests for wire transfers. Fraudulent wire transfers frequently cause large dollar losses. If the fraudster controls the client’s and the firm’s email — commonly referred to as a “man in the middle” attack — and the fraudulent request mimics previous legitimate requests, it is very difficult for the firm to identify the request as illegitimate. When the fraud is discovered after the transfer, the funds are usually not recoverable.
Use your professional skepticism to avoid being lulled into a false sense of security. Any requests for money to be transferred to a bank account unfamiliar to you should be a red flag, especially if the new account is in another country. If the firm’s protocol with clients is to permit requests for wire transfers to be made via email, then establish and
follow procedures to confirm requests using a mechanism other than
email and proceed with the transfer only after confirming with the client (by phone or in person) that the request is legitimate. This includes, but is not limited to, confirming the dollar amounts, the name of the financial institution, and the bank account number. To validate the authenticity of the request, confirm information only known to the client; in other words, ask questions to which hackers would not know the answers.
Finally, here are some practical loss prevention tips to minimize fraudulent wire transfer exposure:
Suzanne M. Holl, CPA, is senior vice president of loss prevention services with CAMICO (www.camico.com). With almost 30 years of experience in accounting, she draws on her Big Four public accounting and private industry background to provide CAMICO’s policyholders with information on a wide variety of loss prevention and accounting issues.
- Slow down. Whether working in the office or remotely, take the time necessary to validate suspicious or unexpected email.
- Establish written protocols. The firm should establish written protocols with clients for handling client funds, especially as it relates to handling wire transfer requests. Consider establishing dollar thresholds above which verbal consent would be required if clients do not want to be “bothered” to approve each request. In addition, document who the authorized client representative(s) would be for providing such consent if/when the client is not available.
- Proceed with caution. With the increased number of claims related to fraudulent wire transfers, best practice in the absence of any written protocols to the contrary would be to verbally confirm all wire transfer requests with these clients to minimize risk.