We recently updated our systems. If something isn’t working quite right, please tell us about it.


Calculated risk

October 1, 2019  |  Faye Hayhurst, CPA

Calculated risk Who do business people call when they need help with calculating just about anything? Their CPA, of course! But when it comes to evaluating where their own risks lie, do CPAs fully understand the factors in the calculation?
In an interview with Accounting Today, Deb Rood, risk control consulting director at CNA (the underwriter of the AICPA's professional liability insurance program), and Stan Sterna, vice president at Aon (a broker and the national administrator of the AICPA's program), shared major emerging malpractice and liability concerns.

Top emerging risks for CPAs in public practice

Tax reform: The Tax Cuts and Jobs Act has implications in many areas. An example is how to best structure an organization. With the complexity, uncertainty, evolving regulations and interconnectedness with international tax rules, there is risk that a CPA’s advice could be challenged in retrospect.
Nexus: Wayfair changed the landscape for nexus and company responsibility to collect and remit sales tax. A client facing an unexpected liability may assert that their CPA didn’t adequately advise them regarding their responsibility.
A&A:  New standards, such as revenue recognition, are multifaceted and have some degree of subjectivity, which inherently increases the risk of a future challenge to a CPA’s technical assistance.
Consulting services: CPAs may be eager to move into this space that has a lot of opportunity for growth. But in some circumstances, new service = dabbling = lack of expertise = risk.
Cyber: With the explosion of cloud services and third-party platforms, cyber risk includes not only a firm’s own infrastructure but that of business partners not under their control. In addition, the nationwide patchwork of cyber laws and breach notification requirements increase the potential for unintended noncompliance and exposure to fines or penalties.

Biggest mistakes firms make

Engagement letters with unfavorable terms: Indemnification clauses are common, but CPAs should beware of clauses that amount to a blanket indemnification of the client and liquidated damages that limit the firm’s ability to adjust or negotiate the amount. This can result in an insurance coverage issue; most professional liability policies have contract clause exclusions related to assumption of a liability that the firm wouldn’t be liable for if they hadn’t signed the agreement. Agreeing to indemnify someone without a triggering event, such as an adjudication or arbitration decision, would be considered an assumption of a liability and may not be covered by professional liability insurance. Contractual agreement to pay attorneys’ fees is another potential liability assumption that insurance typically won’t cover.
Agreeing to serve as trustee: Agreeing to serve as a trustee for a long-time client may seem like a minor commitment. But when client is deceased, the trustee has to deal with beneficiaries with whom they have no previous relationship. The CPA may not understand the family dynamics and typically has not vetted the beneficiaries, who could end up being unexpectedly difficult. In addition, although most trust agreements provide for indemnification of the trustee in the event of lawsuits, courts have been known to require the trustee to submit any claim to their own professional liability insurer. The CPA may not have notified their insurer of the suit, assuming they were covered by the trust terms, and end up being not in compliance with notification provisions of their professional liability policy.
Scope creep: According to Rood and Sterna, CPAs do a great job at obtaining engagement letters for A&A work, a good job with engagement letters for consulting engagements, and have engagement letters for tax work about 50% of the time. But almost every firm has gotten caught with agreeing to additional “one-off” projects that aren’t covered by a letter. Lack of documentation of agreement = risk.
Inadequate client acceptance/vetting: The client acceptance process is ground zero in avoiding future litigation. Googling a new client and inquiring about why they parted ways with their prior CPA can be the ounce of prevention that prevents the need for the “pound of cure” of filing a professional liability claim.

Other recommendations

Maximize engagement letters: In addition to clearly defining the services to be provided, engagement letters can be used to insert beneficial terms such as damage caps, the venue for any disputes, and time limitations for bringing a course of action. But beware: Courts may look at the respective bargaining parity of the two parties to the letter and set aside onerous terms that benefit the party judged to have an unfair advantage. To offset that risk, highlight or bold the favorable contract terms to call them out, discuss those terms with the client, and document the discussion.
Billing: Ambiguity in billings from the CPA can lead to client claims that the CPA performed services outside the scope of the engagement letter. In a worst-case scenario, a client suffering a negative outcome from their own decision, may blame their CPA for advising them on the decision. A strong protection is for a CPA to clearly state in their bills the services provided, and reference, or even include a copy of, the pertinent engagement letter.
Cyber risk: Carry cyber liability insurance. But go further and ask third-party cloud providers about their own cyber insurance and/or SOC reports.
Looking at the universe of risks might seem overwhelming. But it’s only when the risks are understood that they can be mitigated. When it comes to calculating risk, remember this formula: Awareness + Preparation = Confidence and Peace of Mind.
Listen to the full podcast

Topics: Risk Management

Faye Hayhurst, CPA

Faye Hayhurst is the MNCPA director of finance and administration. She is committed to using numbers to tell relevant stories, although she also employs words, charts and occasionally clothing to communicate a message. While some have questioned her about the pressures of being the CPA for the MNCPA, Faye considers presenting financial information to fellow CPAs a dream job. Outside of storytelling with numbers, Faye enjoys directing her church's handbell choir, visiting national parks and other scenic places, and checking out the chocolate products at Trader Joe's. Faye can be reached at 952-885-5540 or fhayhurst@mncpa.org.

Posts by this author