Disappearing Client Funds

If your firm is responsible for controlling client funds, then your internal controls should be robust enough to prevent the misuse of funds. The types of engagements providing this service range from basic bookkeeping and bill-paying on behalf of clients to business management engagements in which the firm controls the client’s day-to-day financial affairs. Other high-risk engagements prone to misappropriation include executor and trustee engagements.

Hacker Attacks on Email Systems and Tax Files

CAMICO's cyber-related claims experience reveals that hacker attacks on CPA firm email systems were the most frequent cause of cyber-losses for firms. These cyber-attacks accounted for almost two-thirds of cyber-related claims.

Many claims are also related to tax return preparation. A trend appears to involve waiting until just before a tax return deadline (e.g., late March and early April) to launch an attack that encrypts all of the firm's tax files. A demand is then made for ransom in exchange for access to the files. Ransom demands have ranged from about $1,000 to $20,000.

Pages

Latest Articles

  • 19 Aug

    Do You Believe You Will Never Be Sued?

    Some CPAs believe that they will never be sued and therefore believe they do not need professional liability or other forms of insurance. The reasons for this position vary, but some common ones include, "I don't make mistakes," "All of my clients are friends," or "I do tax work only." The... read more

  • 27 Jul

    Exclusive Policyholder Benefits

    Risk management services and resources to help you with today's practice challenges

    CAMICO knows that insurance alone is not a solution for reducing risks. That's why you have access to CAMICO’s proven approaches that have helped numerous CPA firms manage risk and avoid claims.... read more

  • 27 Jul

    War Story 117 - Ransomware Attack

    A staff member of a mid-size CPA firm logged into a public wi-fi network at a coffee shop and spent the morning working on firm files while on the public network. A few days later the employee received an email message from a hacker stating that a ransomware attack had encrypted all of the... read more