Tax software: Ethical, legal, and professional liability risks


Software is an essential tool for driving efficiencies and profitability in a CPA firm tax practice. Practitioners select software based on various factors, including price, ease of use, scalability to practice size, technology features, and technical support (see “2014 Tax Software Survey,” page 26). Software users also should be aware of maintenance requirements and risks of use. This column addresses a CPA’s professional liability exposures as well as ethical and legal obligations related to the use of tax software.


Input Errors and Inadequate Review
Consider the following claim scenario in which a sole practitioner prepared the federal and state income tax returns for a longtime client in Florida. The client filed a California return to report income from an investment in a partnership. Reviewing the nonresident California return, the CPA realized that all of the client’s income was being taxed by California, not just the small amount included on the partnership Schedule K-1. Upon further review, the CPA realized that this had been occurring for 10 years because the CPA had not properly identified California income in the tax software. While the CPA filed amended returns for years open under California’s statute of limitation, the client sued the CPA for the tax paid to California that could not be refunded.

Incorrectly inputting information and failing to review returns prior to filing are key risks associated with tax software. Many software providers include online training with a subscription. Larger firms should consider requesting live training in the provider contract, particularly when changing vendors and in years with substantial tax law changes. Discussing how the software is used among different staff members may lead to greater efficiencies.

Tax returns should be thoroughly reviewed by a practitioner who knows applicable tax law. Understanding the output from tax software helps identify errors before filing.

Software Sharing Arrangements
Software applications can be costly. As a result, small CPA firms sometimes arrange to share software with another practitioner. This is typically a violation of the software license agreement and raises professional liability risks as well. Allowing another practitioner to use your software, electronic filing identification number (EFIN), preparer tax identification number (PTIN), or similar state registration numbers to file returns can expose your firm to professional liability claims associated with those returns and can lead to civil and criminal penalties as well as disciplinary actions. Additionally, using the software application may expose confidential client information to the other practitioner.

Using Software to Prepare Nonclient Returns
In another claim scenario, a tax manager prepared the tax return for her boyfriend’s parents. Unfortunately, she omitted foreign income and did not file FinCEN Form 114, Report of Foreign Bank and Financial Accounts (FBAR), due in part to her lack of familiarity with the family’s personal affairs. The return was electronically filed, listing the CPA firm as the preparer. Several years later, after the manager moved to another firm, the CPA firm was sued for the omissions.

Many firms allow employees, including non-CPAs, to use firm software to prepare returns for family members and friends. While firms may consider this a low-risk, no-cost employee perk, as the registered user, the firm may be considered responsible for return preparation. This risk is heightened when returns are filed under the firm’s EFIN. All tax returns prepared using firm tax software should be subject to the firm’s existing quality-control policies and procedures. A firm should obtain a signed engagement letter and Form 8879, IRS e-file Signature Authorization, and ensure the employee has and uses his or her own PTIN for filing.

Sending Electronic Client Files to a Successor CPA
When clients leave a practice, it is common for the client or successor CPA to request a download of the client’s tax software file. Interpretation 501-1, “Response to Requests by Clients and Former Clients for Records,” of the AICPA Code of Professional Conduct indicates a member should generally provide copies of client-provided records, member-prepared records, and a member’s work product upon request by a client. A member is not required to provide copies of a firm’s workpapers. In addition, state boards of accountancy and other regulatory bodies may have rules or guidance that the CPA firm must consider.

Practitioners should be cautious in responding to such requests. Electronic files may include firm workpapers containing metadata that can be used to trace work performed through forensic analysis. However, Interpretation 501-1 (and other applicable statutes, rules, and regulations) does say that if the request is made for an electronic format and the record is available in that format, the client’s request should be honored.

Due to the complexities involved in responding to requests for records, practitioners should review Interpretation 501-1 and other relevant guidance before providing copies of records required by this section, regardless of the format that is requested.


Use of Third-Party Service Providers
One feature of many cloud-based tax software applications is that they can store confidential client information. Two relevant ethics rulings included in the AICPA Code of Professional Conduct and their related ethics rulings address the use of third-party service providers for administrative support:

  • Rule 102, Integrity and Objectivity, requires a member to be honest and candid. A related ethics ruling, 112 (by ET Section 191, Ruling 112, Use of a Third-Party Service Provider to Assist a Member in Providing Professional Services), indicates a member is not required to inform the client regarding use of a third-party service provider for administrative support, such as software application hosting.
  • Rule 301, Confidential Client Information, prohibits a member from disclosing confidential client information without specific consent of the client. A related ethics ruling, 1 (ET Section 391, Ruling 1, Use of a Third-Party Service Provider to Provide Professional Services to Clients or Administrative Support Services to the Member), indicates a member is not prohibited from disclosing confidential client information to third-party service providers for administrative support purposes. However, the ethics ruling further indicates that the member should enter into a contractual agreement with the provider to maintain confidentiality and be reasonably assured the provider has appropriate procedures in place to prevent the unauthorized release of confidential information to others. Additionally, if the member does not enter into a confidentiality agreement with the provider, specific client consent should be obtained before disclosing confidential information to the provider.

From a risk management perspective, annual disclosure of the use of third-party service providers is recommended, either through the engagement letter or a separate mailing. The following is a sample engagement letter a firm can use for this purpose:

In the interest of maintaining service quality and timeliness, we may use a third-party service provider to assist us in the preparation of your tax return(s). This provider has established procedures and controls designed to protect client confidentiality and maintain data security. As the paid provider of professional services, our firm remains responsible for exercising reasonable care in providing such service(s), and our work product will be subjected to our firm’s normal quality-control procedures. If you have any questions or concerns about this arrangement, please contact our office.

Deborah K. Rood ( ) is a risk control consulting director at CNA.

Continental Casualty Co., one of the CNA insurance companies, is the underwriter of the AICPA Professional Liability Insurance Program. Aon Insurance Services, the National Program Administrator for the AICPA Professional Liability Program, is available at 800-221-3023 or visit

This article provides information, rather than advice or opinion. It is accurate to the best of the author’s knowledge as of the article date. This article should not be viewed as a substitute for recommendations of a retained professional. Such consultation is recommended in applying this material in any particular factual situations.

Examples are for illustrative purposes only and not intended to establish any standards of care, serve as legal advice, or acknowledge any given factual situation is covered under any CNA insurance policy. The relevant insurance policy provides actual terms, coverages, amounts, conditions, and exclusions for an insured. All products and services may not be available in all states and may be subject to change without notice.


Year-end tax planning and what’s new for 2016

Practitioners need to consider several tax planning opportunities to review with their clients before the end of the year. This report offers strategies for individuals and businesses, as well as recent federal tax law changes affecting this year’s tax returns.


News quiz: Retirement planning, tax practice, and fraud risk

Recent reports focused on a survey that gauges the worries about retirement among CPA financial planners’ clients, a suit that affects tax practitioners, and a guide that offers advice on fraud risk. See how much you know with this short quiz.


Bolster your data defenses

As you weather the dog days of summer, it’s a good time to make sure your cybersecurity structure can stand up to the heat of external and internal threats. Here are six steps to help shore up your systems.