How Risk Allocation Provisions Can Mitigate Risk

Risk allocation provisions help allocate risk between the client and CPA and can help manage the defense and cost of a claim.

By Sarah Beckett Ference, CPA
This article originally appeared in the November 2021 issue of the Journal of Accountancy. 

We have often advocated for the inclusion of risk allocation provisions in a CPA firm's engagement letters, but what are they?

Risk allocation provisions represent a means of sharing, or allocating, risk between the parties to an agreement. They are often included in a firm's standard terms and conditions addendum attached to engagement letters and incorporated by reference. See "Professional Liability Spotlight: Use Standard Terms to Build a Liability Shield," JofA, Oct. 2016, for more on how this approach helps manage risk consistently across a firm. Three specific provisions can be helpful in managing the defense and cost of a professional liability claim.

Loss Limitation

What is it?

Loss-limiting provisions typically address the following:

  • A limitation-of-liability provision caps the amount of the firm's liability for the services. It is typically expressed as a multiplier of the firm's professional fees for the engagement.
  • A limitation-of-damages provision restricts the type of damages a plaintiff may seek to direct damages and expressly prohibits indirect damages such as lost profits and punitive or consequential damages.

How does this help?

As noted in "Professional Liability Spotlight: Early Warning Signs of a Large Malpractice Claim," JofA, Sept. 2020, large claim amounts may result when the size of the alleged loss is substantial. Often, the alleged loss includes indirect damages, thus inflating its size. Loss-limiting provisions can, thus, help mitigate this risk.

Addressing client concerns

A client may balk at a provision that limits the firm's liability to one times fees, believing that the firm is not standing behind its work. Would the client be more comfortable with a higher multiplier of fees or a specified dollar amount? This may satisfy the client and still limit the firm's liability.

What if the client takes an intractable position and refuses to limit the amount of damages? If the client will not agree to a damage cap, perhaps a broader limitation would be acceptable. Appeal to the client's sense of fairness and request, at a minimum, the inclusion of a limitation-of-damages provision. If the CPA makes an error, shouldn't the responsibility be limited solely to those damages directly caused by the error?

Indemnification of the CPA Firm

What is it?

To indemnify another party is to compensate that party for losses incurred related to a specified incident. The nature of the CPA firm's request for the client's indemnification differs by service.

  • For attest services, the CPA may request indemnification for claims arising from the client's knowing misrepresentations to the firm or the intentional withholding or concealment of information from the firm.
  • For nonattest services, the CPA may request indemnification for any claim made by third parties against the firm, regardless of the nature of the claim.
How does this help?

The ability of the CPA to rely upon management's representations in an attest engagement is fundamental to the service. Thus, requesting an attest client's indemnification as outlined above is not unreasonable. The "Indemnification of a Covered Member" interpretation (ET §1.228.010) of the AICPA Code of Professional Conduct (the Code) indicates that this type of indemnification does not impair independence.

A nonattest engagement work product, be it a tax return or consulting report, is typically solely for the client's use. The CPA firm should not be responsible for claims arising from use by unintended third parties. Therefore, if a third party brings a claim against the firm related to its reliance on the firm's work product, which has been inappropriately provided by the client, the client should indemnify the CPA for such.

Addressing client concerns

Explain the rationale for the firm's request. Tell the client that whether such a clause is triggered rests, by and large, in their hands. An attest client need only be honest and forthright with their CPA. A nonattest client can understand that the use of the firm's work product is limited and comply with those limitations.

As a quid pro quo, a client may request the firm's indemnification. It is notappropriate for the CPA firm to agree to indemnify the client, and such provisions are usually fraught with risk. Depending upon how the clauses are written, agreeing to indemnify a client may impair independence, trigger an exclusion in the firm's professional liability policy, and/or lead to unnecessary exposure and cost to the firm. Read "Professional Liability Spotlight: Deflecting Clients' Defense and Indemnity Requests," JofA, April 2017, for more on this topic.


What is it?

Many engagement letters specify alternative dispute resolution to resolve disputes related to the engagement. Mediation is the preferred alternative dispute resolution method and involves a skilled facilitator to assist the parties in attempting to reach a mutually acceptable resolution to their dispute.

How does this help?

Mediation can be an effective and efficient means of resolving disputes that would otherwise result in complex, expensive, and protracted litigation.

Addressing client concerns

Agreeing to mediate disputes is generally accepted by clients, as the cost savings can benefit both the client and the firm. In addition, mediation is confidential and not binding. If a resolution is not reached in mediation, the parties may litigate, if they so choose.

Be mindful of dispute resolution provisions that award attorney's fees or other costs to the prevailing party. In many jurisdictions, these amounts are not typically considered recoverable damages. Agreeing to award these amounts may be considered acceptance of liability that did not otherwise exist, raising a professional liability coverage concern.

What About Independence?

Except when prohibited by applicable laws, regulations, or ethics rules, loss-limiting clauses and provisions indemnifying the CPA firm from misrepresentations by management generally do not impair independence. The SEC, federal banking regulators, and many state insurance departments prohibit indemnification or limitation-of-liability arrangements between the regulated attest clients and the CPA firm. As a result, before including indemnification and liability-limiting clauses in an audit or other attest engagement letter of a regulated entity, first review the governing regulatory rules and ethics requirements and consult with legal counsel regarding their application.

Are Risk Allocation Provisions Enforceable?

Specific requirements or case law regarding the enforceability of risk allocation provisions vary by jurisdiction. In Warren Averett, LLC v. Landcastle Acquisition Corp., 825 S.E.2d 864 (Ga. Ct. App. 2019), the Georgia Court of Appeals provided insight into the factors it considered when evaluating the enforceability of a limitation-of-liability or other exculpatory clause. As a result, it is recommended that loss-limiting contract provisions follow this guidance:

  • The font should not be the same as the other font used throughout the contract and should be capitalized, italicized, or set in bold type foremphasis.
  • The clause should be set off in a separate section with a prominent and specific heading.
  • The clause should be placed in a prominent location within the contract to emphasize its importance, such as being adjacent to similar provisions or next to the signature block.

Other actions that may help thwart a client's assertion that they did not understand the contents of the engagement letter include:

  • Discussing the engagement letter with the client to ensure understanding of the provisions contained therein.
  • Requiring the client to initial specific provisions.
  • While sometimes an arduous process, negotiating engagement letter terms with the client helps demonstrate that the client was informed, understood, and freely entered into the final agreement.

At a minimum, inclusion of risk allocation provisions in engagement letters provides the CPA's defense team another tool in the professional liability defense toolkit. In addition to other available defenses, the defense team may be able to leverage these provisions when resolving claims and participating in settlement discussions.

Sarah Beckett Ference, CPA is a risk control director at CNA. For more information about this article, contact

How Helpful Was This Article?


Related Content

Moments That Matter

Related Products

This information is produced and presented by CNA, which is solely responsible for its content. Continental Casualty Company, a member of the CNA group of insurance companies, is the underwriter of the AICPA Professional Liability Insurance Program.
The purpose of this article is to provide information, rather than advice or opinion. It is accurate to the best of the authors’ knowledge as of the date of the article. Accordingly, this article should not be viewed as a substitute for the guidance and recommendations of a retained professional. In addition, CNA does not endorse any coverages, systems, processes or protocols addressed herein unless they are produced or created by CNA.
Any references to non-CNA Web sites are provided solely for convenience, and CNA disclaims any responsibility with respect to such websites.
Examples are for illustrative purposes only and not intended to establish any standards of care, serve as legal advice, or acknowledge any given factual situation is covered under any CNA insurance policy. The relevant insurance policy provides actual terms, coverages, amounts, conditions, and exclusions for an insured. All products and services may not be available in all states and may be subject to change without notice.
“CNA” is a registered trademark of CNA Financial Corporation. Certain CNA Financial Corporation subsidiaries use the “CNA” trademark in connection with insurance underwriting and claims activities.
Copyright © 2021 CNA. All rights reserved