The classic small-business embezzlement scenario has occurred so many times over the years that CAMICO Loss Prevention specialists have it memorized:
The client is a small business owner who is too busy running the business to supervise the bookkeeping and banking activities. On top of that, there aren’t enough employees for the separation of the cash and checking-related functions.
The duties of receiving and disbursing funds and reconciling the bank accounts are all handled by one trusted employee who uses an accounting software program to stay on top of a lot of financial activity.
The client somehow thinks that the off-the-shelf accounting program contains some safeguards to help protect the business from fraud, but the reality is just the opposite: the program enables one person to control all of the business’s funds and bank accounts, thereby facilitating the perpetration of fraud.
The client first engages a CPA to prepare tax returns and to compile financial statements, and when the CPA offers to perform bank reconciliations as well for a nominal fee, the client accepts the offer. The CPA’s engagement letter addresses the tax work and compilations but not the bank reconciliation services. The CPA performs standard bank reconciliations but does not do "proof of cash" or other internal-control type procedures.
The client then discovers an embezzlement by the trusted employee and is, of course, extremely disappointed that the CPA did not uncover the fraud as part of the bank reconciliations. Since the CPA’s engagement letter does not define the scope and limits of bank reconciliations, the client appears to be justified in the expectation that the CPA was examining the bookkeeping and bank records for fraud.
Jury studies show that most jurors will agree with such an expectation. Client, jury and public expectations of CPAs have increased in recent years to the point where CPAs are expected to: 1) always detect fraud; and 2) advise and warn clients about their fraud exposures.
The expectation to always detect fraud can be extremely difficult to meet, but the expectation to advise and warn is much less difficult. By advising and warning clients of their defalcation exposures, CPAs are able to minimize liability stemming from the expectation to detect fraud.
Loss Prevention ConceptsAdvice to clients about their exposures to defalcation is best provided in an advisory letter that: 1) warns about the general risks; 2) suggests the steps clients can take to reduce the risks; and 3) offers annual CPA services to help reduce the risks.
Clients also need to be notified of "loose ends" such as sloppy bookkeeping and late bank reconciliations. By offering additional services, CPAs can assist with client responsibilities to establish adequate internal controls.
Two-Tiered Bank Reconciliation Service OptionsCPAs who perform bank reconciliation services should consider offering two service options as a method of clearly separating the client’s responsibilities from the practitioner’s. As a model, consider the following two bank reconciliation service options to clients:
Option One — A standard monthly service in which the CPA performs bank reconciliations solely to compare the amount of Cash in Bank on the books with the amount of Cash in Bank shown on the statement. This service is not designed or intended to deter or discover fraud, and the engagement letter should clearly communicate that. CPAs can perform normal bank reconciliation services quickly and at lower cost.
Option Two — An expanded service that might be labeled "Bank Reconciliation Plus." The CPA must not guarantee that embezzlement or other irregularities will always be uncovered, but can state that the consistent and timely application of this expanded service can provide additional protection to the client. In this service, the CPA performs additional specific activities such as:
- examining individual checks, the signatures on each check, the payee on the check, and the signature cards on file with the bank; and
- providing the client with a written report detailing all checks posted against the account and appearing on the bank statement or the client’s books for the time period covered by the service.
Under Option Two, the CPA communicates that the client also has specific, clearly identified responsibilities and that the fees will be higher in order to cover the additional steps involved.
All engagements require an understanding between the CPA firm and the client, and the best way to document the understanding is with an engagement letter, signed by the client. Clearly spell out the nature of the work you and others will perform. Describe the limitations of the work, the client’s responsibilities, and what you expect from the client. If the client is unwilling or unable to meet its responsibilities, it may be time to disengage.
Ron Klein, J.D., is risk management counsel with CAMICO (www.camico.com). In his current role, he leverages his extensive knowledge and expertise of CPA professional liability issues to help policyholders practice sound risk management.
CAMICO, founded in 1986, is the nation’s largest CPA-owned and directed program of insurance and risk management for the accounting profession.