Accounting Today - May 2011

coverstories

clearly described.”
For example, Jorgensen recently reviewed
a file where a CPA became involved with
litigation concerning a complex investment
strategy promoted by the client’s law firm.
“The CPA firm merely provided limited tax
preparation services and was not involved
in promoting or evaluating the investment
strategy,” said Jorgensen. “The IRS ultimately
denied the validity of the strategy and the cli-
ent was faced with fines and penalties. The
client sued the CPA and contended that he
should have known that the strategy was
flawed. Due to the fact that no engagement
letter existed evidencing the limited services
provided by the CPA, the CPA could not de-
velop an adequate defense and the insurer
settled for over $100,000.”

Defense
FROM PAGE 1
SPELLED OUT

“Quite simply, the key to a successful defense is ensuring that the client knows what the CPA is not doing, as much as what the CPA is doing,” he said.

Suzanne Holl, vice president of loss pre-
vention at Camico, agreed, noting that the
engagement letter book Camico issued years
ago is still a top seller. “So much of mitigat-
ing risk in an accounting firm is about having
really good client communication, establish-
ing the expectation between your firm and
the client,” she said. “It’s important to estab-
lish the scope of your services and make sure
the client understands the limitation of those
services, as well as what their responsibilities
are to provide you with information.”
One of the things that has changed, she
noted, is the importance of defensive docu-
mentation. “In addition to the engagement
letter, we encourage CPAs to remind their cli-
ents by periodically sending letters to them
highlighting the importance of steps they
should take in monitoring activities in dif-
ferent areas. For example, one of the most fre-
quent calls we receive today is on things like
fraud — what is the exposure of the CPA, and
how can they help their client without put-
ting themselves at risk. Either they uncover
the fraud, or the client has brought it to their
attention. Defensive documentation helps
mitigate potential exposure to risk by helping
the client think through the potential threats
and implement specific safeguards.”

WATCH WHAT YOU TWEET
Another emerging issue is social networking.
“We get a lot of calls on this,” said Holl. “Social
networking can be a wonderful resource for a
firm, but it’s also a source of potential expo-
sure. The rule of thumb when dealing in this
environment is to make sure that everything
you put down is something you would want
everyone and their mother to see. Once it’s
out there, you can’t retrieve it. So we encour-
age firms to educate their employees to con-
sider, before they type in Facebook or Twitter,
whether they would feel comfortable seeing
their words in a statement to the jury.”
Fee suits, especially when trying to collect
from financially troubled entities, can often
lead to professional liability counterclaims
from the client, noted Holl. “This is not new,”
she observed. “The first newsletter Camico
published in 1987 featured when it is appro-
priate to sue for fees. We stress the impor-
tance of retainers and staying in communica-
tion with potentially troubled clients.”
Data security is an increasingly important
issue, Holl said. “The potential for identity
theft has grown, along with a barrage of state
and federal regulations on safeguarding cli-
ent information,” she said. “Secure client por-
tals are one way to avoid sending data back
and forth in e-mails. However, the CPA firm
should make sure they have defensive docu-
mentation that addresses that they have done
their due diligence in evaluating the firm that
implements the portal.”
Tom Hennell, chief marketing officer at
NAPLIA (North American Professional Li-
ability Insurance Agency), likewise believes
that CPA firms are increasingly vulnerable to
data security issues. “Information security is
the largest trend we see in terms of protecting
firms,” he said. “CPAs need to be educated on
their state data security laws, and start pro-
tecting themselves.”
In one cautionary case, a CPA firm hired an
outside IT consultant to provide service for
the safeguarding of confidential information,
including the latest firewalls, virus protection
and computer security, Hennell said.

AN E&O POLICY ANALYSIS

“The most important thing for accountants
to do is analyze their E&O [errors and omis-
sions, or malpractice] policy to make sure it
covers all the services they render to clients,”
said Lilia Rocha, vice president at Momen-
tous Insurance Brokerage. “If a CPA policy
says it covers accounting services, are there
other services the firm provides? Some might
fall outside that definition. In that case, the
firm should have the policy wording modi-
fied so it protects them.”
Rocha said that she normally writes a pol-
icy covering “business management services,”
as opposed to just “accounting services.”
As the economy declined over the past sev-
eral years, fraud and embezzlement claims
rose, noted Melissa Thomas, assistant vice
president of claims at CNA, underwriter of
the AICPA Professional Liability Program. “As
the economy gets worse, there are more op-
portunities for people to steal from their em-
ployers and more reasons to commit fraud,”
she said. “CPAs need to be aware that claims
for failure to detect fraud are sometimes
brought by clients who received non-audit
services, such as tax, accounting and finan-
cial statement services.”
“The first thing to consider is client accep-
tance and continuance,” added Ellen Van-
DeLaarschot, risk control director at CNA.
“A client with poor internal controls creates
an opportunity for someone to steal. There
can be a fine line as to how to communicate
such weaknesses to the client. For example,
even if you’re only providing tax compliance
services, if it’s obvious that the client has poor
internal controls, you should bring it to the
attention of the client but emphasize that ad-
vice on internal control is not part of the tax
compliance engagement.”
““You also have to be careful of engage-
ment creep,” she noted. “For example, a firm
that originally was hired to do tax compliance
services might end up doing additional work
outside the scope of the original engagement
agreement. If that happens, you should issue
an additional engagement letter. CPAs tend
to be very helpful, but we’ve seen good inten-
tions result in claims against the CPA.” AT