How Social and Digital Media Can be a #MajorRisk

This article originally appeared in the March 2016 issue of the Journal of Accountancy. Advice provided in this article has been reviewed and remains current.
 
Apart from the time-honored holiday newsletter, when was the last time you wrote a letter or received one in the mail? When was the last time you talked on a landline phone? Other than the rare family reunion, how many of us stay in touch with distant friends and family outside of social media?
 
Electronic communication has substantially replaced regular mail and, to a lesser extent, the telephone, as the basic mode of communication. Whether it is sending an email, texting, instant messaging, or simply communicating on social media, electronic communication has revolutionized how we communicate with friends, family, and business colleagues. With the advent of modern technology, our thoughts and feelings can be instantly transcribed and transmitted to the world.
 
The evolution of electronic communication has similarly affected the accounting profession. A CPA firm can market its practice and promote its brand through a well-designed website or social media outlet at minimal expense. Electronic communication also permits a free flow of ideas, industry trends, and practice tips; it connects CPAs with thought leaders in specific areas of practice and client industries. Billings can be transmitted electronically to clients for expeditious receipt, review, and, hopefully, payment.
 
Nevertheless, electronic communication can be fraught with peril for the unwary professional. CPAs who become over-reliant on this form of communication confront increased professional liability risk. This column explores some of the more common risks CPAs may encounter with electronic communication and discusses how a professional can make appropriate use of the media while avoiding potential liability exposure.
 

What are the risks?

Increased risk for breach of confidential client information
CPAs are in the unique position of having access to a variety of personal information, such as Social Security numbers, Forms W-2, tax returns, credit/debit card data, financial account information, intellectual property, and even protected health information. As a result, a CPA can inadvertently breach client confidentiality or disseminate protected information online by merely pushing a button through casual and indiscreet use of technology.
 
Boasting can threaten credibility
CPAs, like other professionals, may exaggerate their accomplishments and capabilities on social media websites, such as LinkedIn, or on the firm's website, in an effort to bolster the practice. When a plaintiff's attorney is in the process of investigating a claim by an irate client, he or she will likely peruse online resources to obtain inexpensive and informal discovery and see how a CPA firm presents itself to the general public. A relatively defensible case on its merits may become less defensible if a CPA's credibility is called into question due to a potentially inflated online post.
 

Questions of Objectivity

 
Objectivity is required by the "Integrity and Objectivity Rule" [1.100.001] of the AICPA Code of Professional Conduct for all services CPA firms provide. Moreover, independence is required for attest services. In a professional liability claim, plaintiff attorneys will use a variety of mechanisms to discredit the CPA and demonstrate that the CPA failed to maintain objectivity or, where required, independence. With electronic communications, appearance and perception are often equated with reality. Thus, the informal nature of texting, email, and social posts can seriously undermine the defensibility of a professional liability claim. The following scenario, based on an actual claim, is instructive:
 
Example: A CPA firm was engaged to perform audits for a company. The audit partner and the company CFO were fans of two college basketball teams that had a long-standing and heated rivalry. Each year in the week leading up to the big game, the two would engage in friendly email banter and wager on the outcome.
 
During the course of the engagement, it was discovered that the CFO had embezzled in excess of $1 million from the company over several years. The embezzlement scheme was so intricate that it was virtually impossible to discover the fraud, and the amount of the fraud in any given year was below the CPA firm's materiality threshold. Nonetheless, the company's attorney asserted that the audit partner's independence was compromised and that, as a result, he overlooked certain red flags demonstrating weaknesses in its internal controls. The emails between the audit partner and the CFO became a centerpiece of the company's case. While most of the emails were innocuous in substance, when the messages were taken out of context, the company's attorney compiled demonstrative evidence to assert a lack of independence.
 

Can I delete?

The Delete button is not an all-powerful eraser that wipes the slate clean. Individual recipients of electronic communication may have retained a copy of a deleted correspondence, or someone may have taken an electronic snapshot of a social media post before it was deleted. In addition, businesses often retain deleted communications for several years in accordance with document retention policies. Thus, when confronted with a request for the production of deleted communications, a CPA firm or its online service provider will probably be able to retrieve most deleted emails.
 
Even if an electronic communication cannot be retrieved, a CPA may still encounter problems. In some jurisdictions, if a court finds that an individual intentionally deleted a message relevant to an issue in the case, the jury will be told that it can draw an adverse inference from the act. A CPA also may be liable for reasonable attorneys' fees incurred by an opponent or other sanctions due to the destruction of evidence.
 

Risk Management Recommendations

Based on the experience of the AICPA Professional Liability Insurance Program, consider the following guidance when using electronic communications:
 

• Establish a policy for the use of electronic communications at the firm. Train all personnel on this policy, underscoring the importance of professionalism.
• Have an open dialogue with employees about the appropriate use of electronic communication and the firm's expectations and best practices regarding usage.
• Manage the use of social media, emails, and other forms of electronic communications to avoid "shooting from the hip" or presenting impulsive comments regarding work, services, clients, and other topics. When in doubt, wait an hour before sending a message and reread it with a clear mind before hitting the Send button.
• Maintain separate accounts for personal and professional electronic communications.
• Self-monitor email communication—maintain a professional tone, watch language usage, double-check spelling, and use standard grammar to build credibility.
• Learn about privacy settings and set them accordingly.
• "Un-tag" yourself from social media posts if you notice something inappropriate.
• Stay positive. Negative comments about work or clients are inappropriate and can harm the firm's professional reputation.

 

Questions to Ask Before Pressing Enter

CPAs should embrace the revolution in electronic communication and be able to realize the many benefits it offers in communication, education, and presentation of the firm's practice in a positive and enterprising manner. However, as professionals, be careful. Think before sending electronic communications or posting on social media. Consider, "What would my clients think if they read this?" "Is this something a client would want disseminated?" "Is this something I would say in a formal letter?" If all else fails, picture yourself sitting on the witness stand at trial being confronted by an aggressive plaintiff attorney brandishing an enlarged copy of your electronic communication and ask, "Is this something that I am proud to have written?"
 
_{Sarah Beckett Ference is a risk control director at CNA. Stanley D. Sterna is a vice president of claims at Aon Insurance Services. For more information about this article, contact specialtyriskcontrol@cna.com.
 
This information is produced and presented by CNA, which is solely responsible for its content. Continental Casualty Company, a member of the CNA group of insurance companies, is the underwriter of the AICPA Professional Liability Insurance Program.
 
The purpose of this article is to provide information, rather than advice or opinion. It is accurate to the best of the authors’ knowledge as of the date of the article. Accordingly, this article should not be viewed as a substitute for the guidance and recommendations of a retained professional. In addition, CNA does not endorse any coverages, systems, processes or protocols addressed herein unless they are produced or created by CNA.
 
Any references to non-CNA Web sites are provided solely for convenience, and CNA disclaims any responsibility with respect to such websites.
 
Examples are for illustrative purposes only and not intended to establish any standards of care, serve as legal advice, or acknowledge any given factual situation is covered under any CNA insurance policy. The relevant insurance policy provides actual terms, coverages, amounts, conditions, and exclusions for an insured. All products and services may not be available in all states and may be subject to change without notice.
 
“CNA” is a registered trademark of CNA Financial Corporation. Certain CNA Financial Corporation subsidiaries use the “CNA” trademark in connection with insurance underwriting and claims activities.
 
Copyright © 2021 CNA. All rights reserved}