Contact Us
 Search

Building Blocks To Quality – The ABCs of Risk Management

By CNA Accountants Risk Control

Many CPAs fondly remember toy wooden blocks of their early childhood, colorfully displaying the letters of the alphabet. As children, future CPAs may have spent more playtime counting and organizing the blocks, rather than spelling with them. Regardless, those toy alphabet blocks helped develop a foundation for future learning and growth. Similarly, there are fundamental risk management practices CPA firms can follow to establish a foundation for quality and growth.
  

A is for acceptance (and continuance)

A CPA firm’s first opportunity to develop a commitment to quality and good risk management, rests with the client and engagement acceptance process. Before ever receiving a request for services or proposing on an engagement, a CPA firm first has to determine its appetite for risk and the services it will provide. Based upon these factors, which may encompass specific areas of expertise, industry or service niches, the firm can develop an ideal client profile, against which all prospective clients and engagements may be evaluated.
 
Some clients may clearly be a good fit for the firm. Some clients may stray far from the ideal client profile and present too high of a risk to accept. Other clients may require a thoughtful acceptance decision to understand and identify risks. In such situations, the firm could implement procedures to manage identified risks. For example, a retainer could be collected for an accepted client that has a risk of non-payment of fees. The client acceptance process should, at a minimum, involve consideration of the following:

  • Client integrity;
     

  • Client financial stability;
     

  • Independence, where required;
     

  • Potential conflicts of interest; and
     

  • Alignment of client and firm’s expectations of the services to be provided.

 
Client and engagement acceptance procedures should be consistently applied across the firm. Acceptance decisions related to higher risk clients and prospective clients, such as high net worth individuals, public companies, financial institutions, or companies with negative cash flow indicators, may need to be elevated for additional consultation or approval.
 
The client continuance process is simply an extension of the client acceptance process. The firm addresses many of the same questions with the added benefit of additional information about the client. All clients should be subjected to a continuance analysis, or re-accepted, at least annually and more frequently if there has been a significant change at the client or firm. Clients or engagements with identified risks should receive additional focus to ensure continuation of quality services or be considered for termination.
 

B is for billing practices

Many CPAs dread the billing process, perceiving it as an administrative task that diverts time and resources away from the performance of client services, rather than getting paid for a job well done. However, when it comes to risk management, billing practices have more value than just collecting fees.
 
In the event of a professional liability claim, billing records can provide important support for the scope and timing of services performed. For example, billing a client for the services outlined in an engagement letter helps support the defined scope of the engagement. Further, billing practices can be a preventative risk management tool. Billing and collecting at regular intervals can help identify cost overruns which may be a sign of scope creep. Discussing a bill with the client could identify a client’s dissatisfaction with service while there is time for correction.
 
Consider implementing the following tips in your billing practices:

  • Use retainers to manage collection risks;
     

  • Monitor outstanding receivables and suspend work for non-payment;
     

  • Bill early and often; and
     

  • Attach a copy of the engagement letter to support the billing narrative.

 

C is for communication

Client communication is essential to the success of a CPA firm. Through oral, written and electronic communication, CPAs gather, analyze and report on information to the client. A breakdown in communication between the client and CPA could lead to differing service expectations or, potentially, to errors in a deliverable.
 
Clear, concise and professional communication can do a great deal to help reduce professional liability risk. The reverse concept is true of unprofessional or vague communications. In the event of a professional liability claim, such communications could call the CPA’s independence or objectivity into question or argue that the CPA did not meet service expectations.
 
Important tips for appropriate communication with clients include:
 

  • Maintenance of regular communications throughout the engagement;
     

  • Elevation of issues to the client without hesitation;
     

  • Documentation of oral discussions in a memo to the file or follow-up e-mail to the client; and
     

  • Limiting, or, better yet, avoiding, communications with third parties.
     

 
Policies governing appropriate communication with clients, including use of e-mail, text messaging and social media, can assist firm personnel in navigating this sensitive component of practice management. If properly addressed, communication can create strong, long-term client relationships and further enhance a firm’s reputation for quality.
 

D is for documentation

Documentation is a vital component of any engagement, whether it be an attest, tax or consulting engagement. It is so engrained in the profession that it is specifically addressed in multiple professional standards. Despite this prominent position in the profession, the level of documentation often falls short.
 
Weak or inadequate documentation can be detrimental in the event of a professional liability claim. If it is not documented, it did not happen. Conversely, strong documentation may reduce the likelihood of a client dispute rising to the level of a claim. For example, an e-mail reminding a client of their responsibility to provide supporting documents by a certain date in order to complete services by a deadline could be useful if the deadline was missed due to the client’s procrastination.
 
Good documentation should include:

  • nature, timing and extent of procedures (when applicable);
     

  • assumptions, whether made by the client or CPA;
     

  • important client conversations;
     

  • departures from engagement parameters;
     

  • items for client follow-up; and
     

  • conclusions reached.

 
Documentation is a CPA’s ally and should be a primary focus of any engagement. Good documentation and quality services go hand in hand.
 

D does double duty and is also for data security

CPA firms are at risk of a cyber-attack in light of the abundance of confidential and sensitive client data received, used and stored. As such, it is essential that CPA firms implement sound data security protocols to help prevent, detect, and contain a data security incident. This starts with practicing good data hygiene which includes understanding:

  • How data is received by the firm;
     

  • What data is received;
     

  • What protections are required by law or regulation;
     

  • Where data is stored;
     

  • How long data is stored; and
     

  • How data is disposed.

 
Security measures should be implemented wherever sensitive data is stored, and unnecessary or outdated client data should be moved or purged in accordance with the firm’s document retention policy. The risk of a data security incident, and the cost of responding to such, can increase significantly if a firm has not implemented appropriate data management processes.
 

E is for engagement letters

The significance of having an engagement letter for every engagement should not be underestimated. This document memorializes the agreement between a CPA firm and its client, defines the parameters of the service to be performed and guides the engagement from beginning to end.

 
An engagement letter helps align firm and client expectations, demonstrate compliance with professional standards, provides for the efficient resolution of client disagreements, or may even identify opportunities to provide a client with additional services. Consider a tax preparation client that requests assistance planning for the following tax year. Without a clearly defined scope of services, limiting the engagement to tax compliance only, fees for a tax consulting work could have been lost as part of the existing tax preparation service. When services expand beyond the scope of the original engagement, an amended or a new engagement letter should be issued.
 
CPA firms can reduce the administrative time to draft engagement letters by maintaining engagement letter templates to be customized for each engagement. Sample templates are available from your professional liability insurer, the AICPA or paid providers, and can help get you started. A well drafted engagement letter should, at a minimum, include:

  • A detailed scope of services;
     

  • The client’s and CPA’s respective responsibilities;
     

  • Any limitations of services;
     

  • A description of the deliverable or work product and any limitations on its use;
     

  • The timing of the engagement; and
     

  • The fee for services.

 
Additional engagement letter provisions, such as alternative dispute resolution or limitation of liability, where permitted, can be included to allocate risk between the CPA and client.
 

Now we know our ABCs…

Public accounting is a complex and evolving profession that requires continuous improvement to meet challenges. Yet every firm, whether new or well established, can focus on the fundamentals and learn their ABCs (and Ds and Es) of risk management, helping to blaze a path to success.
 
By Accountants Professional Liability Risk Control, CNA, 151 North Franklin Street, 16th Floor, Chicago, IL 60606.

Share:

Print:

Print Friendly and PDF

How Helpful Was This Article?

 

Related Content

Client acceptance: A liability gatekeeper
Client acceptance: A liability gatekeeper
While there are many factors a CPA firm may evaluate when deciding to take on a new client, there are three that can make a significant difference to the firm's professional liability risk.
Sample Engagement Letters
Sample Engagement Letters
Sample engagement letters for over 30 services and a terms and conditions document are available to CNA professional liability policyholders.
Keep or toss? A guide to CPA firm record retention
Keep or toss? A guide to CPA firm record retention
Good record retention practices are crucial for a CPA firm. This article discusses considerations when creating and implementing a record retention policy.

Moments That Matter

Significant Growth
Significant Growth
Year-to-year steady growth is one thing for your firm, but significant growth is another.
Starting your own CPA firm
Starting your own CPA firm
Is your firm considering opening a new office now or in the near future? Doing so often presents unique issues that may catch you off guard.

Related Products

Professional Liability Program for CPA Firms
Professional Liability
Learn More

Assistance with the associated legal and defense fees in the event of a lawsuit for errors and omissions.

Cyber Liability
Cyber Liability
Learn More

Replace lost income and cover expenses caused by data breaches involving sensitive customer data.

Specialty Coverage for AICPA Member Firms
Specialty Coverage
Learn More
Protect your firm and your employees from errors and omissions in the performance of your professional services.
This information is produced and presented by CNA, which is solely responsible for its content.

The purpose of this article is to provide information, rather than advice or opinion. It is accurate to the best of the authors’ knowledge as of the date of the article. Accordingly, this article should not be viewed as a substitute for the guidance and recommendations of a retained professional. In addition, CNA does not endorse any coverages, systems, processes or protocols addressed herein unless they are produced or created by CNA. CNA recommends consultation with competent legal counsel and/or other professional advisors before applying this material in any particular factual situations.

Any references to non-CNA Web sites are provided solely for convenience, and CNA disclaims any responsibility with respect to such Web sites.

To the extent this article contains any examples, please note that they are for illustrative purposes only and any similarity to actual individuals, entities, places or situations is unintentional and purely coincidental. In addition, any examples are not intended to establish any standards of care, to serve as legal advice appropriate for any particular factual situations, or to provide an acknowledgement that any given factual situation is covered under any CNA insurance policy. The material presented is not intended to constitute a binding contract.

Please remember that only the relevant insurance policy can provide the actual terms, coverages, amounts, conditions and exclusions for an insured. All CNA products and services may not be available in all states and may be subject to change without notice.

Continental Casualty Company, one of the CNA insurance companies, is the underwriter of the AICPA Professional Liability Insurance Program.

“CNA" is a registered trademark of CNA Financial Corporation. Certain CNA Financial Corporation subsidiaries use the "CNA" trademark in connection with insurance underwriting and claims activities. Copyright © 2022 CNA. All rights reserved.

AICPA Member Insurance Programs
1100 Virginia Drive, Suite 250
Fort Washington, PA 19034

Plans

Education + Resources

Legal

Quick Links