#1 Following professional standards alone is enough to avoid a claim.MYTH!
Jurors rarely care as much about CPA professional standards as they do about CPAs getting it right, which often means advising and warning clients of all significant matters. If something looks irregular, it probably is — investigate it, document it, communicate it, and get it right. Professional standards for CPAs are merely the floor — juries hold CPAs to even higher standards, referred to as jury or claims standards. For more information read "The top 5 ways a CPA can invite a malpractice lawsuit."
#2 Complying with requests from banks and other lenders for assurances regarding clients' financial strength could put CPAs and their licenses at significant risk.FACT!
CPAs at times come under fire from banks and other lenders pressuring them to provide assurances regarding their clients’ financial strength. Tempting as it may be for CPAs to comply with such requests, providing the requested assurances could put CPAs and their licenses at significant risk.
First, CPAs may face the risk of falling below professional standards if they don't adhere to AICPA Professional Standards. Interpretation No. 1, “Responding to Requests for Reports on Matters Relating to Solvency,” of AT-C Section 105, Statements on Standards for Attestation Engagements (AICPA Professional Standards, AT-C §9105, ¶¶.01-.11), prohibits CPAs from providing any level of assurance that an entity is, or will continue to be, solvent.
Another risk is that lenders may allege that CPAs misrepresented their clients’ creditworthiness should their clients later default on the loans. In some claims situations, lenders have alleged that CPAs were negligent and misrepresented their clients’ self-employment status, financial condition, or creditworthiness. Click the following link to read some examples of requests and some ideas on how to traverse the delicate balance of mitigating your risks while managing client and third-party expectations — "CPA-to-Lender 'Comfort' Letters."
#3 One way to protect your firm against hacking or cyber-attacks is to implement the "least privilege" concept of user permissions.FACT!
Strictly define user permissions and restrictions so that users don’t have any more rights or access to a program or system than they need, also known as the “least privilege” concept. The same applies to administrators, who should not stay logged in as an administrator any longer than is strictly necessary. Excessive rights and activities can allow malware to do extra harm and lead to large losses of data. For more tips read "6 Tips on Cyber Security and Cyber Claims Trends."
#4 If the CPA provides "limited services," the CPA’s responsibility is also limited.MYTH!
The CPA’s responsibility is defined by: 1) the nature of the service, and 2) the length of time the CPA has provided the service. Five years of servicing a small business is enough for a jury to expect the CPA to have a profound understanding of the business, even if only tax returns and compilations were involved. For more information, read "Embezzlement and the ‘Classic’ Claims Scenario."
#5 Client consent must be obtained before complying with all subpoenas.MYTH!
Client consent must be obtained before complying with most subpoenas. In these cases, rules and regulations prohibit the accountant from complying with the subpoena unless the accountant has undertaken specific measures to protect client confidentiality, including obtaining the client’s consent. However, government subpoenas, and those signed by a judge, generally require compliance, even without client consent. CPAs should always contact their professional liability risk adviser or attorney before responding to a subpoena. For more information, read "How to respond to subpoenas."
#6 If you communicate with the client regarding your billing and collection policies, and include the policies and stop-work and/or disengagement provisions in your engagement letter, you will avoid fee collection problems.MYTH!
The first step in avoiding collection problems is to communicate with the client regarding your billing and collection policies, and to include the policies and stop-work and/or disengagement provisions in your engagement letter. However, such provisions must then be enforced if the client doesn’t pay you in accordance with the engagement letter. Otherwise, you may still end up completing too much work without receiving payment from the client.
A stop-work clause in the fees section of your engagement letter enables your firm to stop work in the event the client fails to pay in a timely manner. Stop-work clauses must be enforced in order to be effective. Learn more about how to "Proactively Manage Fee and Collection Issues."
#7 Using binding arbitration for all professional liability disputes is good risk management.MYTH!
Claims experience indicates that binding arbitration is advantageous to CPAs in successfully resolving disputes over fees, but it is NOT advantageous (and is often disadvantageous) to CPAs in high-dollar, complex accounting professional liability disputes, especially attest engagements involving banks and other third parties. Why? Because the best defenses (lack of reliance, lack of causation) available to CPAs often require extensive discovery, which is usually curtailed in arbitration.
Consequently, CAMICO has found that binding arbitration for all disputes often exposes firms to substantially greater risk. Best practice is to NOT give up your ability to litigate disputes that could be significant in nature and to limit the use of binding arbitration to fee disputes only. CAMICO recommends mediation for all disputes, and binding arbitration for fee disputes only. For more information, read "Alternative Dispute Resolution … When to Use Mediation and Arbitration."
#8 If the only way the client can access its complete records is through the CPA, the CPA’s independence is deemed impaired.FACT!
The new "Hosting Services" ethics interpretation in the AICPA's Code of Professional Conduct (ET §1.295.143) became effective July 1, 2019. Under this interpretation, a CPA's independence is impaired by taking responsibility for hosting a client's data or records, but “hosting services” are broader than most CPAs originally thought. Under the ethics interpretation, a CPA who maintains a client’s internal control over its data and records is providing hosting services.
Many tax practitioners are concerned that complying with the Interpretation will be difficult and burdensome and fear they could inadvertently impair the firm’s independence by mistakenly not providing or returning documents to clients, resulting in clients’ records being incomplete. For more information, read "Hosting Services’ Interpretation — Is Your Independence Impaired."
#9 If an email requesting a wire fund transfer looks legitimate and trustworthy, and it appears to be from someone you know, such as a long-term client of the firm, it’s ok to confirm the request via email.MYTH!
If the firm's protocol is to permit requests for wire transfers to be made via email, then have a procedure in place to confirm requests other than email and proceed with the wire only after confirming with the client that the request is legitimate. This includes, but is not limited to, confirming the dollar amounts, the name of the financial institution, and the actual bank account number. To verify the authenticity of the request, confirm information only known to the client (ask questions to which hackers would not know the answers).
Educate all employees about good cyber-hygiene and how to avoid phishing attempts that target them with social engineering techniques designed to install malware or to elicit confidential information. For more information, read "Be wary of requests made by email cyber-attacks."