Many CPAs fondly remember toy wooden blocks of their early childhood, colorfully displaying the letters of the alphabet. As children, future CPAs may have spent more playtime counting and organizing the blocks, rather than spelling with them. Regardless, those toy alphabet blocks helped develop a foundation for future learning and growth. Similarly, there are fundamental risk management practices CPA firms can follow to establish a foundation for quality and growth.
A is for acceptance (and continuance)
A CPA firm’s first opportunity to develop a commitment to quality and good risk management, rests with the client and engagement acceptance process. Before ever receiving a request for services or proposing on an engagement, a CPA firm first has to determine its appetite for risk and the services it will provide. Based upon these factors, which may encompass specific areas of expertise, industry or service niches, the firm can develop an ideal client profile, against which all prospective clients and engagements may be evaluated.
Some clients may clearly be a good fit for the firm. Some clients may stray far from the ideal client profile and present too high of a risk to accept. Other clients may require a thoughtful acceptance decision to understand and identify risks. In such situations, the firm could implement procedures to manage identified risks. For example, a retainer could be collected for an accepted client that has a risk of non-payment of fees. The client acceptance process should, at a minimum, involve consideration of the following:
-
Client integrity;
-
Client financial stability;
-
Independence, where required;
-
Potential conflicts of interest; and
-
Alignment of client and firm’s expectations of the services to be provided.
Client and engagement acceptance procedures should be consistently applied across the firm. Acceptance decisions related to higher risk clients and prospective clients, such as high net worth individuals, public companies, financial institutions, or companies with negative cash flow indicators, may need to be elevated for additional consultation or approval.
The client continuance process is simply an extension of the client acceptance process. The firm addresses many of the same questions with the added benefit of additional information about the client. All clients should be subjected to a continuance analysis, or re-accepted, at least annually and more frequently if there has been a significant change at the client or firm. Clients or engagements with identified risks should receive additional focus to ensure continuation of quality services or be considered for termination.
B is for billing practices
Many CPAs dread the billing process, perceiving it as an administrative task that diverts time and resources away from the performance of client services, rather than getting paid for a job well done. However, when it comes to risk management, billing practices have more value than just collecting fees.
In the event of a professional liability claim, billing records can provide important support for the scope and timing of services performed. For example, billing a client for the services outlined in an engagement letter helps support the defined scope of the engagement. Further, billing practices can be a preventative risk management tool. Billing and collecting at regular intervals can help identify cost overruns which may be a sign of scope creep. Discussing a bill with the client could identify a client’s dissatisfaction with service while there is time for correction.
Consider implementing the following tips in your billing practices:
-
Use retainers to manage collection risks;
-
Monitor outstanding receivables and suspend work for non-payment;
-
Bill early and often; and
-
Attach a copy of the engagement letter to support the billing narrative.
C is for communication
Client communication is essential to the success of a CPA firm. Through oral, written and electronic communication, CPAs gather, analyze and report on information to the client. A breakdown in communication between the client and CPA could lead to differing service expectations or, potentially, to errors in a deliverable.
Clear, concise and professional communication can do a great deal to help reduce professional liability risk. The reverse concept is true of unprofessional or vague communications. In the event of a professional liability claim, such communications could call the CPA’s independence or objectivity into question or argue that the CPA did not meet service expectations.
Important tips for appropriate communication with clients include:
-
Maintenance of regular communications throughout the engagement;
-
Elevation of issues to the client without hesitation;
-
Documentation of oral discussions in a memo to the file or follow-up e-mail to the client; and
-
Limiting, or, better yet, avoiding, communications with third parties.
Policies governing appropriate communication with clients, including use of e-mail, text messaging and social media, can assist firm personnel in navigating this sensitive component of practice management. If properly addressed, communication can create strong, long-term client relationships and further enhance a firm’s reputation for quality.
D is for documentation
Documentation is a vital component of any engagement, whether it be an attest, tax or consulting engagement. It is so engrained in the profession that it is specifically addressed in multiple professional standards. Despite this prominent position in the profession, the level of documentation often falls short.
Weak or inadequate documentation can be detrimental in the event of a professional liability claim. If it is not documented, it did not happen. Conversely, strong documentation may reduce the likelihood of a client dispute rising to the level of a claim. For example, an e-mail reminding a client of their responsibility to provide supporting documents by a certain date in order to complete services by a deadline could be useful if the deadline was missed due to the client’s procrastination.
Good documentation should include:
-
nature, timing and extent of procedures (when applicable);
-
assumptions, whether made by the client or CPA;
-
important client conversations;
-
departures from engagement parameters;
-
items for client follow-up; and
-
conclusions reached.
Documentation is a CPA’s ally and should be a primary focus of any engagement. Good documentation and quality services go hand in hand.
D does double duty and is also for data security
CPA firms are at risk of a cyber-attack in light of the abundance of confidential and sensitive client data received, used and stored. As such, it is essential that CPA firms implement sound data security protocols to help prevent, detect, and contain a data security incident. This starts with practicing good data hygiene which includes understanding:
-
How data is received by the firm;
-
What data is received;
-
What protections are required by law or regulation;
-
Where data is stored;
-
How long data is stored; and
-
How data is disposed.
Security measures should be implemented wherever sensitive data is stored, and unnecessary or outdated client data should be moved or purged in accordance with the firm’s document retention policy. The risk of a data security incident, and the cost of responding to such, can increase significantly if a firm has not implemented appropriate data management processes.
E is for engagement letters
The significance of having an engagement letter for every engagement should not be underestimated. This document memorializes the agreement between a CPA firm and its client, defines the parameters of the service to be performed and guides the engagement from beginning to end.
An engagement letter helps align firm and client expectations, demonstrate compliance with professional standards, provides for the efficient resolution of client disagreements, or may even identify opportunities to provide a client with additional services. Consider a tax preparation client that requests assistance planning for the following tax year. Without a clearly defined scope of services, limiting the engagement to tax compliance only, fees for a tax consulting work could have been lost as part of the existing tax preparation service. When services expand beyond the scope of the original engagement, an amended or a new engagement letter should be issued.
CPA firms can reduce the administrative time to draft engagement letters by maintaining engagement letter templates to be customized for each engagement. Sample templates are available from your professional liability insurer, the AICPA or paid providers, and can help get you started. A well drafted engagement letter should, at a minimum, include:
-
A detailed scope of services;
-
The client’s and CPA’s respective responsibilities;
-
Any limitations of services;
-
A description of the deliverable or work product and any limitations on its use;
-
The timing of the engagement; and
-
The fee for services.
Additional engagement letter provisions, such as alternative dispute resolution or limitation of liability, where permitted, can be included to allocate risk between the CPA and client.
Now we know our ABCs…
Public accounting is a complex and evolving profession that requires continuous improvement to meet challenges. Yet every firm, whether new or well established, can focus on the fundamentals and learn their ABCs (and Ds and Es) of risk management, helping to blaze a path to success.
By Accountants Professional Liability Risk Control, CNA, 151 North Franklin Street, 16th Floor, Chicago, IL 60606.