How social and digital media can be a #majorrisk

Electronic communication can be fraught with peril for the unwary CPA.
By Sarah B. Ference, CPA, and Stanley D. Sterna, J.D.

Apart from the time-honored holiday newsletter, when was the last time you wrote a letter or received one in the mail? When was the last time you talked on a landline phone? Other than the rare family reunion, how many of us stay in touch with distant friends and family outside of social media?

Electronic communication has substantially replaced regular mail and, to a lesser extent, the telephone, as the basic mode of communication. Whether it is sending an email, texting, instant messaging, or simply communicating on social media, electronic communication has revolutionized how we communicate with friends, family, and business colleagues. With the advent of modern technology, our thoughts and feelings can be instantly transcribed and transmitted to the world.

The evolution of electronic communication has similarly affected the accounting profession. A CPA firm can market its practice and promote its brand through a well-designed website or social media outlet at minimal expense. Electronic communication also permits a free flow of ideas, industry trends, and practice tips; it connects CPAs with thought leaders in specific areas of practice and client industries. Billings can be transmitted electronically to clients for expeditious receipt, review, and, hopefully, payment.

Nevertheless, electronic communication can be fraught with peril for the unwary professional. CPAs who become over-reliant on this form of communication confront increased professional liability risk. This column explores some of the more common risks CPAs may encounter with electronic communication and discusses how a professional can make appropriate use of the media while avoiding potential liability exposure.


Increased risk for breach of confidential client information

CPAs are in the unique position of having access to a variety of personal information, such as Social Security numbers, Forms W-2, tax returns, credit/debit card data, financial account information, intellectual property, and even protected health information. As a result, a CPA can inadvertently breach client confidentiality or disseminate protected information online by merely pushing a button through casual and indiscreet use of technology.

Boasting can threaten credibility

CPAs, like other professionals, may exaggerate their accomplishments and capabilities on social media websites, such as LinkedIn, or on the firm's website, in an effort to bolster the practice. When a plaintiff's attorney is in the process of investigating a claim by an irate client, he or she will likely peruse online resources to obtain inexpensive and informal discovery and see how a CPA firm presents itself to the general public. A relatively defensible case on its merits may become less defensible if a CPA's credibility is called into question due to a potentially inflated online post.


Objectivity is required by the "Integrity and Objectivity Rule" [1.100.001] of the AICPA Code of Professional Conduct for all services CPA firms provide. Moreover, independence is required for attest services. In a professional liability claim, plaintiff attorneys will use a variety of mechanisms to discredit the CPA and demonstrate that the CPA failed to maintain objectivity or, where required, independence. With electronic communications, appearance and perception are often equated with reality. Thus, the informal nature of texting, email, and social posts can seriously undermine the defensibility of a professional liability claim. The following scenario, based on an actual claim, is instructive:

Example: A CPA firm was engaged to perform audits for a company. The audit partner and the company CFO were fans of two college basketball teams that had a long-standing and heated rivalry. Each year in the week leading up to the big game, the two would engage in friendly email banter and wager on the outcome.

During the course of the engagement, it was discovered that the CFO had embezzled in excess of $1 million from the company over several years. The embezzlement scheme was so intricate that it was virtually impossible to discover the fraud, and the amount of the fraud in any given year was below the CPA firm's materiality threshold. Nonetheless, the company's attorney asserted that the audit partner's independence was compromised and that, as a result, he overlooked certain red flags demonstrating weaknesses in its internal controls. The emails between the audit partner and the CFO became a centerpiece of the company's case. While most of the emails were innocuous in substance, when the messages were taken out of context, the company's attorney compiled demonstrative evidence to assert a lack of independence.


The Delete button is not an all-powerful eraser that wipes the slate clean. Individual recipients of electronic communication may have retained a copy of a deleted correspondence, or someone may have taken an electronic snapshot of a social media post before it was deleted. In addition, businesses often retain deleted communications for several years in accordance with document retention policies. Thus, when confronted with a request for the production of deleted communications, a CPA firm or its online service provider will probably be able to retrieve most deleted emails.

Even if an electronic communication cannot be retrieved, a CPA may still encounter problems. In some jurisdictions, if a court finds that an individual intentionally deleted a message relevant to an issue in the case, the jury will be told that it can draw an adverse inference from the act. A CPA also may be liable for reasonable attorneys' fees incurred by an opponent or other sanctions due to the destruction of evidence.


Based on the experience of the AICPA Professional Liability Insurance Program, consider the following guidance when using electronic communications:

  1. Establish a sound policy for the use of electronic communications at the firm. Train all personnel on this policy, underscoring the importance of professionalism.
  2. Create an open dialogue with employees about the appropriate use of electronic communication and the firm's expectations and best practices regarding usage.
  3. Manage the use of social media, emails, and other forms of electronic communications to avoid "shooting from the hip" or presenting impulsive comments regarding work, services, clients, and other topics. When in doubt, wait an hour before sending a message and reread it with a clear mind before hitting the Send button.
  4. Maintain separate accounts for personal and professional electronic communications.
  5. Self-police email communication—maintain a professional tone, watch language usage, double-check spelling, and use standard grammar to build credibility.
  6. Learn about privacy settings and set them accordingly.
  7. "Untag" yourself from social media posts if you notice something inappropriate.
  8. Stay positive. Negative comments about work or clients are inappropriate and can harm the firm's professional reputation.


CPAs should embrace the revolution in electronic communication and be able to realize the many benefits it offers in communication, education, and presentation of the firm's practice in a positive and enterprising manner. However, as professionals, be careful. Think before sending electronic communications or posting on social media. Consider, "What would my clients think if they read this?" "Is this something a client would want disseminated?" "Is this something I would say in a formal letter?" If all else fails, picture yourself sitting on the witness stand at trial being confronted by an aggressive plaintiff attorney brandishing an enlarged copy of your electronic communication and ask, "Is this something that I am proud to have written?"

Sarah B. Ference ( is a risk control director at CNA. Stanley D. Sterna ( is a vice president of claims at Aon Insurance Services.

Continental Casualty Co., one of the CNA insurance companies, is the underwriter of the AICPA Professional Liability Insurance Program. Aon Insurance Services, the National Program Administrator for the AICPA Professional Liability Program, is available at 800-221-3023 or visit

This article provides information, rather than advice or opinion. It is accurate to the best of the author's knowledge as of the article date. This article should not be viewed as a substitute for recommendations of a retained professional. Such consultation is recommended in applying this material in any particular factual situations.

Examples are for illustrative purposes only and not intended to establish any standards of care, serve as legal advice, or acknowledge any given factual situation is covered under any CNA insurance policy. The relevant insurance policy provides actual terms, coverages, amounts, conditions, and exclusions for an insured. All products and services may not be available in all states and may be subject to change without notice.


Year-end tax planning and what’s new for 2016

Practitioners need to consider several tax planning opportunities to review with their clients before the end of the year. This report offers strategies for individuals and businesses, as well as recent federal tax law changes affecting this year’s tax returns.


News quiz: Retirement planning, tax practice, and fraud risk

Recent reports focused on a survey that gauges the worries about retirement among CPA financial planners’ clients, a suit that affects tax practitioners, and a guide that offers advice on fraud risk. See how much you know with this short quiz.


Bolster your data defenses

As you weather the dog days of summer, it’s a good time to make sure your cybersecurity structure can stand up to the heat of external and internal threats. Here are six steps to help shore up your systems.