Contact Us
 Search

Start risk management with employee onboarding

Incorporate risk management training into new employee onboarding to help establish their risk management mindset from Day 1.

By Kevin Hayes, CPA

We have all been there before — the first day at a new job. Both the new employee and their employer want to get everything off to a great start. Considerable time, effort, and resources were expended to reach “Day 1,” and now the effort shifts from finding a quality candidate to guiding and molding them into a quality employee. Incorporating risk management into the onboarding process — the true first impression of a firm outside of the interview process — can help build the foundation for a culture that understands and embodies the risk management mindset. Instilling risk awareness as an innate characteristic of a firm’s culture, ingrained into its professionals’ approach from Day 1, can help mitigate the firm’s risk of a professional liability claim.

An accounting orchestra

Everyone in a firm has a role to play in risk management. Think of an accounting firm as like an orchestra. In an orchestra, a wide variety of musicians and instruments work in harmony to create something greater than any soloist could achieve. The different sections — e.g., brass, percussion, woodwinds, and strings — are similar to different practice areas in an accounting firm — e.g., attest, tax, consulting, and administrative support. One out-of-tune or offbeat musician can ruin a symphony, just as one employee’s actions can create unintended professional liability exposure for the firm as a whole. Consider these examples:

  • Two junior members of an engagement team exchanged instant messages during fieldwork, complaining that their manager was “never around” to answer questions. One jokingly remarked that they could just “make it up as they went along.” A dispute arose, and the firm’s communications were produced in response to a subpoena. Needless to say, these casual comments reflected poorly on the firm’s review and oversight processes.
  • A manager and senior associate were having lunch at a restaurant near the client site, openly talking about the engagement. Unbeknownst to them, the client’s CEO was at a table nearby and fired the firm for their indiscretion and failure to protect the confidentiality of the client’s information.
  • Excited about his new job, a new hire shared the news on LinkedIn, naming his future accounting firm and his role in the post. The new hire received an email, purportedly from Human Resources, shortly after his start date, asking him to submit his employee credentials and bank information for “special handling” related to his first paycheck. Unfortunately, the new hire’s first lesson at the firm was how to spot a phishing attack.

Incorporate risk management into new hire training

New hires have a lot of information to absorb during onboarding: HR policies, independence and conflict-of-interest rules, and area-of-practice training. Unfortunately, a new employee’s role in professional liability risk management is often excluded. However, because anyone can expose the firm to risk starting on Day 1, firms would be wise to consider prioritizing certain risk management topics that may have an immediate impact, such as:

  • Risk management mindset: New employees, especially those who are just beginning their careers, may have a difficult time understanding the important role they play in risk management. Regardless of their area of practice, introduce all new employees to the concept of professional skepticism. Asking oneself, “What could go wrong here?” followed by “What can I do to mitigate that?” can help them bring risk awareness in their day-to-day activities.
  • Communication protocols: Emphasize the importance of professionalism in all forms of written communications, such as emails, text messages, instant messages, social media posts, etc. Underscore that any documentation may be subject to discovery.
  • Client confidentiality: Stress the need to protect client information at all times, especially in public settings and when using third-party applications and tools such as ChatGPT.
  • Documentation protocols: Documentation is not only critical for performing professional services, it’s crucial in the defense of professional liability claims. Train new hires on the firm’s documentation protocols, including when, what, and where to document.
  • Cybersecurity awareness: CPA firm and client records are compelling targets to cybercriminals, and anyone at the firm can be the target of a phishing scam. Communicate the importance of constant vigilance, how to recognize potential scams, and the need to confirm the validity of a sender or caller before acting upon a request for information or action.
  • How and when to escalate matters: One commonality in any business is that new hires will have plenty of questions. Some will be as innocuous as, “Where is the printer?” while others may be more impactful, such as, “Does this look correct to you?” Advise new hires on how questions or issues should be escalated for both engagement and firm matters. Tie this back to the risk management mindset so new hires can understand when and why matters may need to be escalated. Most importantly, stress the importance of consultation and collaboration to help ensure new hires feel comfortable raising issues when needed.

‘If you can’t explain it simply, you don’t understand it well enough’

This quote, widely attributed to Albert Einstein, has application to a firm’s new hire training. If the firm does not understand its own risk appetite, how it is enacted through its risk management protocols, and whether its current employees understand their role in risk management, how can they teach it to a new hire? Firms should understand their overall tolerance for risk and, as the practice and industry evolve, periodically review the firm’s risk protocols for alignment with the firm’s risk appetite. Once the firm establishes risk management protocols, they should communicate expectations to all employees to help with consistency and successful implementation.

The continuous conversation

Everyone has a part to play in risk management, and those closest to the delivery of client service may offer a unique perspective. Consider reverse mentoring to help elevate new ideas related to the firm’s risk management processes. Reverse mentorship pairs junior staff members with more senior and established firm members, with the twist that the junior staff mentors the senior leadership. While unconventional, this method offers different viewpoints on areas and shines a light on potential blind spots such as new or changing risks stemming from the evolution of how services are delivered.

Risk management training isn’t just for new hires and doesn’t end with on-boarding. Effective risk management is a continuous process, one that requires full participation from all firm personnel, constant training to help ensure the expectations are kept top of mind, and implementation consistency across all engagements and practice areas.

42%
The percentage of public accounting firms seeing an increase in turnover rates, according to a 2023 survey conducted by the Illinois CPA Society.

Kevin Hayes, CPA, is a risk control consultant at CNA. For more information about this article, contact [email protected].
 
A version of this article originally appeared in the Journal of Accountancy.

Share:

Print:

Print Friendly and PDF

How Helpful Was This Article?

 

Related Content

Risk management mantras to add to your daily practice
Risk management mantras to add to your daily practice
Certain catchphrase responses are more common than others when navigating tricky and challenging client situations. Consider adding our risk management mantras to your daily practice.
Risk management creates more soft landings
Risk management creates more soft landings
Rogue behavior: Risks your CPA firm should avoid
Rogue behavior: Risks your CPA firm should avoid
Unintentional rogue conduct or failing to do what one is expected to do is a risk that can lead to professional liability claims for a CPA firm.

Related Products

Professional Liability Program for CPA Firms
Professional Liability
Learn More

Assistance with the associated legal and defense fees in the event of a lawsuit for errors and omissions.

Specialty Coverage for AICPA Member Firms
Specialty Coverage
Learn More
Protect your firm and your employees from errors and omissions in the performance of your professional services.

This information is produced and presented by CNA, which is solely responsible for its content. Continental Casualty Company, a member of the CNA group of insurance companies, is the underwriter of the AICPA Professional Liability Insurance Program.

The purpose of this article is to provide information, rather than advice or opinion. It is accurate to the best of the author’s knowledge as of the date of the article. Accordingly, this article should not be viewed as a substitute for the guidance and recommendations of a retained professional. In addition, CNA does not endorse any coverages, systems, processes or protocols addressed herein unless they are produced or created by CNA.

Any references to non-CNA websites are provided solely for convenience, and CNA disclaims any responsibility with respect to such websites.

Examples are for illustrative purposes only and not intended to establish any standards of care, serve as legal advice, or acknowledge any given factual situation is covered under any CNA insurance policy. The relevant insurance policy provides actual terms, coverages, amounts, conditions, and exclusions for an insured. All products and services may not be available in all states and may be subject to change without notice.

“CNA” is a registered trademark of CNA Financial Corporation. Certain CNA Financial Corporation subsidiaries use the “CNA” trademark in connection with insurance underwriting and claim activities.

Copyright © 2025 CNA. All rights reserved.

AICPA Member Insurance Programs
1100 Virginia Drive, Suite 250
Fort Washington, PA 19034

Plans

Education + Resources

Legal

Quick Links