Indemnification — Understand Your Risks

Attempting to shift financial liability through contractual apportionment of risk is nothing new in certain lines of business, although it typically has not been common practice for the accounting profession. However, the tide seems to be changing, and CPA firms are now experiencing an uptick with clients trying to embed indemnification and/or hold harmless clauses in various agreements with the firm.

Indemnification and hold harmless clauses dictate the degree of liability of each party and the extent that each party takes on or shifts risk. Certain courts have found that hold harmless is not distinct and is the same as indemnification, while others have found the duty to hold harmless is broader than indemnification, as it also requires protection against liability.

For example, an indemnity clause typically states that one party agrees to "indemnify" the other party. To indemnify a party is to absorb the losses if something you (the "indemnitor") does, or fails to do, which causes the other party to experience loss, damages, or even a lawsuit from a third party. CPAs are being pressured more and more by their clients to take on the "indemnitor role" and agree to such language in engagement letters, non-disclosure agreements ("NDAs"), business associate agreements (“BAAs”) under the Health Insurance Portability and Accountability Act (HIPAA), and other agreements that may be executed between the CPA and their clients.

Most people would support and agree with the concept that if a mistake is made that results in damage to someone else, the party that made the mistake should be held responsible to "make it right." What "making it right" looks like, of course, will depend on the facts and circumstances of a particular situation.

How this translates to the CPA/client relationship can be troublesome, given that some of the indemnity and hold harmless clauses as written are extremely broad, and there may be many contributory components to the underlying facts and circumstances that should go into the assessment of determining actual "fault." For example, did the CPA solely contribute to the cause of the damage as a result of their negligence, or did the client or one of its representatives contribute, in part, to the underlying cause of the mistake?

Many of the indemnity and/or hold harmless clauses embedded in CPA/client agreements attempt to shift all liability from the entity to the CPA firm, and have broad language that extends the CPA firm’s responsibilities to more than just the professional services being performed. Such agreements/contracts, like NDAs, may be boilerplate agreements that clients use for all independent contractors. As such, they contain many legal conditions and caveats that are not necessarily appropriate with respect to the professional services being provided by the accounting firm. Refer to the excerpts below for some indemnity clauses that have been embedded in various agreements with CPA firms. As you can see by the broad nature of the clauses, they would be problematic for any CPA firm who agrees to such terms and conditions.

CAMICO strongly encourages CPAs to take great care in reviewing any contracts or agreements containing such language; consider the worse possible scenario under the agreement and determine the level of risk your firm would be taking on. It’s important, therefore, that before you contractually bind your firm to an arrangement of this significance, you take the time to understand all the implications of the legalese in the agreement in order to make an informed decision on terms and conditions that may pose a higher standard and/or greater liability to the firm than what would normally be anticipated. Make sure you are comfortable with the agreement and the expectations that will fall on your firm. Be prepared to reject the client opportunity if you cannot negotiate the terms to your satisfaction.

Risk Management Tips

Caveat: The specific indemnification language examples presented in this article are excerpts from contracts sent to CAMICO’s Loss Prevention department for review. The suggested edits to these clauses are for illustrative purposes only. Strikethrough text indicates deletions and bold indicates additions. Consult an attorney in your jurisdiction before agreeing to any indemnity clause.

Before signing these types of agreements/contracts, you should ensure that your firm has considered the following risk management steps and has adequately provided for the potential of additional liability risks:

  • Consult with CAMICO to review the agreement if you are unsure as to the exposure related to the indemnity language that may be included in an agreement.
  • Push back! You don’t have to accept the terms as they are written in an agreement, preprinted or not. For example:

    • Educate your client regarding the scope and limits of your engagement. This enhanced awareness may help to convince your client that the broad, all-encompassing indemnity clause like the following example is not appropriate, given the scope and limits of the engagement letter. From a risk management perspective, in this example, the only viable solution is to delete the clause entirely.

      Auditor shall indemnify and hold harmless Client against any and all claims, injury, demand or judgement based on tort or other grounds (including negligence) made or instituted against Client and arising out of any breach by Auditor of its obligations under this Agreement.

    • Limit any indemnity and hold harmless conditions in agreements you sign by incorporating the following three key items: (1) add language clarifying that any liability would need to be judicially determined by a court of competent jurisdiction; (2) specify that the firm is only responsible for claims that arise "solely" as a result of the firm's gross negligence or willful misconduct; and (3) confirm that the firm will assume no obligation or liability arising in whole, or in part, from the client's own negligence or intentional misrepresentations.

      See suggested modifications to an indemnity clause below that was included in a Business Associate Agreement:

      Indemnification by Business Associate. The Business Associate shall be solely responsible for, and shall indemnify and hold the Client harmless from any and all losses, liabilities, damages, claims and all related costs and expenses (including reasonable attorneys’ fees and costs of litigation, settlement, judgment, interest, fines and penalties ("Losses") ("Claims") judicially determined by a court of competent jurisdiction to be arising solely out of from or connected to the negligent acts or willful misconduct of the Business Associate or the Business Associate’s employees, agents, and subcontractors relating to failure to comply with the provisions of the HIPAA Rules and this Agreement; and the Business Associate will pay all Losses in connection with such Claims. Notwithstanding the foregoing, Client acknowledges and agrees that the Business Associate will assume no obligations under the terms of this Agreement to defend, indemnify or hold the Client harmless for any matters judicially determined to be caused in whole, or in part, by any negligence, intentional misrepresentations or failure to comply with the provisions of the HIPAA rules made by the Client, and its officers, directors, employees and agents. This Section shall survive the termination of this Agreement.

    • Understand the coverage implications of the indemnity clause as this type of provision may lead to significant costs to a CPA firm. Professional liability insurance policies typically have an exclusion for claims arising out of liability assumed by the firm under a contract, unless that liability would have been present regardless of the existence of the contract. Be wary of contractually binding your firm to this added significant exposure; indemnification can be costly, especially if the language is broadly worded and the clause has you paying for all claims, regardless of their merit.

    • Consult with an attorney in your state if you have questions regarding the efficacy and potential exposures to your firm of certain indemnification and hold harmless clauses before signing agreements containing such language.

As an aside, in addition to issues with indemnity and hold harmless clauses, CAMICO is also seeing a slight trend with clients trying to embed “as is” language in various agreements. The clause below is one such example, and it was included in a non-disclosure agreement with an audit client:

All information provided hereunder is provided “as is” without warranty of any kind, either expressed or implied, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose.

This language is not appropriate in any engagement with a CPA and would, as you know, conflict with the terms and conditions of an audit engagement since the firm would need to be able to rely on the accuracy and completeness of the information provided by management. As such, given the nature of the services the firm would be providing to the client, this language would need to be deleted in its entirety.

As always, CAMICO encourages policyholders to call 1.800.652.1772 or email the Loss Prevention department at for more information.

Share this post

Leave a comment

Filtered HTML

  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <blockquote> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.

Latest Articles