• News & Resources
• Technical Resources
  • Tax
    • American Rescue Plan Act Conformity Guide (2021)
    • CCH Online Tax Research
    • SALT Resources
    • Tax Podcasts
    • CCH Tax Deadline Calendar
    • Tax Communities
  • Audit
    • Single Audit Resources
  • Beneficial Ownership Information
  • Cannabis
  • Lease Accounting
  • QM Standards
• Business Resources
  • Human Resources
    • HR Hotline
    • HR Webinar Archive
    • HR Assessment
    • HR Articles
    • Sample HR Documents
    • Return to Work Resources
  • Disaster and Pandemic Planning
  • Data Privacy and Protection
• Accounting Firm Management
  • Small Firm Special Interest Section
  • Client Letters
  • Engagement Letters
  • Client Record Retention Guidelines
  • MAP Survey
    • Download Results
  • Customized CPE Training
  • Career Center
• Publications
  • Footnote
    • Issue Archive
    • Regular Columns
    • Articles by Topic
    • Write for the MNCPA
  • eNewsletters
    • This Just In
    • Legislative Digest
    • Firm Administrator Bulletin
    • Accounting Educator
    • Student eNews
  • CPA Stories
  • MNCPA Perspectives
    • Topics
    • Authors
    • Archive
  • Tax Podcasts
    • Archive
• Areas of Interest
  • Focus Features
    • Cybersecurity
    • Emerging Technologies
    • Cannabis
    • Automation
• Wellness Resources
  • Step Challenge
    • Step Challenge FAQs
  • Wellness Webinars
• Knowledge Hub
• Webinar Archive
• Rules & CPA Certification
  • CPE Log
  • CPE Rules
  • CPA Certificate Information
    • Applying for Your Certificate
    • First Year Requirements
    • Certificate Renewal
    • 2020 CPE deadline extension
  • Certificate Status
    • Active vs. inactive: What's the Difference?
    • Convert to Active CPA
    • Love Your CPA Letters?
    • Retired CPA Status
    • Videos
  • Firm Requirements
    • Firm Permit Renewal
    • Firm Name Changes
  • MNCPA and BOA Differences
  • Preparing for the CPA Exam
    • Educational Requirements
    • Experience Requirements
    • Applying to Take the Exam
    • Becoming a CPA FAQ
  • FAQ
• Peer Review
  • PRIMA info
  • Review Process
  • Fees
  • Pay Peer Review Invoice
  • Find a Reviewer
  • Become a Peer Reviewer
  • AICPA Resources
  • FAQ
• Press Room
  • MNCPA Overview
    • About the MNCPA
    • Leadership Bios
      • Board Chair
      • President and CEO
    • About Minnesota CPAs
  • MNCPA in the News
  • Connect with a Media Spokesperson
  • MNCPA Logo Usage
• Professional Ethics
  • Ask an Ethics Question
  • Filing an Ethics Complaint
  • Responding to an Ethics Complaint
  • Professional Ethics Resources

Managing the known risks

In a time of uncertainty, tackle what is for certain

Faye Hayhurst, MNCPA director of finance and administration | May 2020 Footnote

Editor's note: Updated April 30, 2020

The year 2020 has been about dealing with the unexpected and adjusting to accommodate circumstances beyond our control. But, even though that focus is warranted, CPAs would do well not to forget about managing risks that, for the most part, they can control or, at least, mitigate in large part.

What are those professional risks CPAs should actively manage? In an interview with Accounting Today, Deb Rood, risk control consulting director at CNA (the underwriter of the AICPA’s professional liability insurance program), and Stan Sterna, vice president at Aon (a broker and the national administrator of the AICPA’s program), shared major emerging malpractice and liability concerns. Let’s look at some of those, as well as other considerations.

Top emerging risks for CPAs in public practice

• Tax reform. The Tax Cuts and Jobs Act has implications in many areas. An example is how to best structure an organization. With the complexity, uncertainty, evolving regulations and interconnectedness with international tax rules, there is risk that a CPA’s advice could be challenged in retrospect.
• Nexus. Wayfair changed the landscape for nexus and company responsibility to collect and remit sales tax. A client facing an unexpected liability may assert that their CPA didn’t adequately advise them regarding their responsibility.
• A&A. New standards, such as revenue recognition, are multifaceted and have some degree of subjectivity, which inherently increases the risk of a future challenge to a CPA’s technical assistance.
• Consulting services. CPAs may be eager to move into this space that has a lot of opportunity for growth. But in some circumstances, new service = dabbling = lack of expertise = risk.
• Cyber. With the explosion of cloud services and third-party platforms, cyber risk includes not only a firm’s own infrastructure but that of business partners not under their control. In addition, the nationwide patchwork of cyber laws and breach notification requirements increase the potential for unintended noncompliance and exposure to fines or penalties.

Biggest mistakes firms make

• Engagement letters with unfavorable terms. Indemnification clauses are common, but CPAs should beware of clauses that amount to a blanket indemnification of the client and liquidated damages that limit the firm’s ability to adjust or negotiate the amount. This can result in an insurance coverage issue; most professional liability policies have contract clause exclusions related to assumption of a liability that the firm wouldn’t be liable for if they hadn’t signed the agreement. Agreeing to indemnify someone without a triggering event, such as an adjudication or arbitration decision, would be considered an assumption of a liability and may not be covered by professional liability insurance. Contractual agreement to pay attorneys’ fees is another potential liability assumption that insurance typically won’t cover.
• Agreeing to serve as trustee. Agreeing to serve as a trustee for a long-time client may seem like a minor commitment. But when a client is deceased, the trustee may have to deal with beneficiaries with whom they have no previous relationship. The CPA may not understand the family dynamics and typically has not vetted the beneficiaries, who could end up being unexpectedly difficult. In addition, although most trust agreements provide for indemnification of the trustee in the event of lawsuits, courts have been known to require the trustee to submit any claim to their own professional liability insurer. The CPA may not have notified their insurer of the suit, assuming they were covered by the trust terms, and end up not being in compliance with notification provisions of their professional liability policy.
• Scope creep. According to Rood and Sterna, CPAs do a great job at obtaining engagement letters for A&A work, a good job with engagement letters for consulting engagements, and have engagement letters for tax work about 50% of the time. But almost every firm has gotten caught with agreeing to additional “one-off” projects that aren’t covered by a letter. Lack of documentation of agreement = risk.
• Inadequate client acceptance/vetting. The client acceptance process is ground zero in avoiding future litigation. Googling a new client and inquiring about why they parted ways with their prior CPA can be the ounce of prevention that prevents the need for the “pound of cure” of filing a professional liability claim.

Other recommendations

• Maximize engagement letters. In addition to clearly defining the services to be provided, engagement letters can be used to insert beneficial terms such as damage caps, the venue for any disputes, and time limitations for bringing a course of action. But beware: Courts may look at the respective bargaining parity of the two parties to the letter and set aside onerous terms that benefit the party judged to have an unfair advantage. To offset that risk, highlight or bold the favorable contract terms to call them out, discuss those terms with the client and document the discussion.
• Billing. Ambiguity in billings from the CPA can lead to client claims that the CPA performed services outside the scope of the engagement letter. In a worst-case scenario, a client suffering a negative outcome from their own decision may blame their CPA for advising them on the decision. A strong protection is for a CPA to clearly state in their bills the services provided and reference, or even include a copy of, the pertinent engagement letter.
• Cyber risk. Carry cyber liability insurance. But go further and ask third-party cloud providers about their own cyber insurance and/or SOC reports.
• Don’t confuse “pro bono” with “no standards required.” Volunteering to help others is good, but expertise is still required. An audit performed pro bono is subject to the same audit standards, reporting requirements and peer review program as paid engagements. Helping businesses deal with COVID-19 ramifications is laudable, so long as the CPA is qualified to provide the professional services rendered. Unless performed under the umbrella of an organization that assumes liability, services provided at no charge can still lead to a claim against a CPA, especially if there is no engagement letter.

Manage what you can, when you can

Looking at the universe of risks might seem overwhelming. But it is only when the risks are understood that they can be mitigated. When it comes to calculating risk, remember this formula: Awareness + preparation = confidence and peace of mind.

Faye Hayhurst is the MNCPA director of finance and administration. She is committed to using numbers to tell relevant stories, although she also employs words, charts and occasionally clothing to communicate a message. You may reach her at 952-885-5540 or fhayhurst@mncpa.org.