Professional liability risk resolutions for 2017

By Sarah Beckett Ference, CPA

Welcome to the new year—a time to reflect on the past, a time to anticipate the year ahead, and a time for resolutions. As you contemplate what 2017 has in store for you and your CPA firm, we suggest adding these resolutions to the top of your list.


Audit quality is important for many reasons: the firm's reputation, user reliance on audit opinions, the profession's mission to protect the public, peer reviews, and regulatory scrutiny, among others. Consequently, audit services present a potential area of professional liability risk for a CPA firm. The combination of the level of assurance provided and the expectation gap between auditors and users regarding responsibilities for fraud and error detection can lead to expensive claims.

Regulators have scrutinized the quality of broker-dealer audits (see the PCAOB's 2016 Annual Report on the Interim Inspection Program Related to Audits of Brokers and Dealers, available at, employee benefit plan audits (U.S. Department of Labor, Assessing the Quality of Employee Benefit Plan Audits, May 2015, available at, and compliance audits of entities that receive and expend federal funds above a certain threshold, commonly referred to as single audits (Office of Management and Budget (OMB), Report on National Single Audit Sampling Project, June 2007, available at The OMB is expected to conduct an additional quality study of single audits beginning in 2018 or at some other interval as determined by OMB.

Even if your firm does not perform the types of audits highlighted above, challenges in those areas have contributed to additional focus on audit quality in general. For example, all CPA firms performing attest services will experience the changes to the AICPA Standards for Performing and Reporting on Peer Reviews (see "A Step Up in Standards for Peer Reviewers," JofA, Dec. 2015). The enhanced peer review process is expected to result in a more rigorous examination of audit quality.

Re-familiarize yourself with the importance of audit quality by reading the article "There's No Substitute for Quality" (The Practicing CPA, June 30, 2015). Review how your firm can support audit quality by reading the AICPA's Enhancing Audit Quality: A 6-Point Plan to Improve Audits, available at


Tax and fiduciary services

Baby Boomers are expected to transfer an estimated $30 trillion to their families and other beneficiaries over the next few decades. As a result, CPAs may be asked to help structure tax-efficient methods for transferring this wealth. Longtime clients may also ask their trusted CPA to serve as executor or trustee upon their death.

With so much money at stake, CPAs should be mindful of managing their firm's professional liability risk exposure. Defending and resolving claims related to estate planning, preparation of estate tax returns, and fiduciary services can be extremely expensive. The personal nature and feelings of aggrieved beneficiaries add to claim complexity. CPA firms should assess whether they have the knowledge and experience to deliver the service before accepting an engagement in this area. (Learn more about risks related to fiduciary services in "Professional Liability Spotlight: The Unexpected Risks of Trustee Services," JofA, July 2016, and why accepting an engagement in an unfamiliar area may not be the best decision in "Professional Liability Spotlight: The Dangers of Dabbling," JofA, Nov. 2015.)

CPA firm mergers and acquisitions

CPA Boomers who are solo practitioners or owners of small CPA firms may wish to trade their green visor for sunglasses and seek to sell or merge their practice into another firm. To manage professional liability risk for both firms, several items should be considered.

The retiring practitioner, or seller, should obtain consent before disclosing client confidential information, including tax return information, to the buyer. In addition, as claims can arise after the retired practitioner has closed the firm's doors, the seller should retain his or her own workpapers, separate from the workpapers of the buyer, for at least as long as the longest applicable statute-of-limitation period during which a client can file a claim. Finally, since professional liability insurance policies are typically written on a claims-made basis, the seller should, in consultation with an insurance agent or broker, consider purchasing extended reporting period coverage. This type of policy, commonly referred to as a "tail," covers claims that may arise after the firm has ceased operations.

Purchasing a firm or client portfolio is not without professional liability risk. Robust client acceptance procedures for acquired clients are critical. (Read more about professional liability risks related to CPA firm mergers and acquisitions in "Professional Liability Spotlight: Managing Risk in a CPA Firm Merger or Acquisition," JofA, May 2014, and "Professional Liability Spotlight: Managing Liability Risk After a Merger or Acquisition," JofA, Feb. 2016.)


The greatest number of claims experienced by CPA firms in the AICPA Professional Liability Insurance Program has always related to the delivery of tax services. While these are usually low in dollar impact, the frequency of these claims is high.

One of the most common assertions made in tax claims is the failure to advise the taxpayer of something, whether it be a tax planning strategy, a state or local tax obligation, or a filing requirement related to foreign assets. When faced with interest, penalties, and unexpected tax obligations, clients will quickly direct blame at their unsuspecting CPA, indicating the CPA should have "told them so." This risk can easily be mitigated through the use of a carefully crafted engagement letter that clearly delineates the scope of the service, effectively putting a box around the CPA's responsibilities.

Claims that assert a "failure to advise" are infinitely more difficult to defend in the absence of an engagement letter, boiling the argument down to a battle of "your word against mine." In 2015, only half of the claims made against CPA firms in the AICPA Professional Liability Insurance Program had an engagement letter related to the service subject to the claim. Of course, an engagement letter is only effective if the services delivered are in accordance with the scope outlined in the letter. (Read more about how to efficiently implement engagement letters in your practice in "Professional Liability Spotlight: Buckle Up: The Importance of Engagement Letters," JofA, Dec. 2014, and how to manage scope creep in "Professional Liability Spotlight: Don't Let Scope Creep Lead You Out of Bounds," JofA, Sept. 2015.)

A similar assertion made in tax claims is the failure to provide correct advice. This usually manifests itself in an allegation that the CPA missed a deduction, an election, or a filing deadline, or that the CPA misinterpreted the applicable tax law. This risk can be managed by not accepting an engagement involving an area in which you have little or no experience. While most tax practitioners can read and interpret the applicable tax law, even in areas where they do not normally practice, the nuances of certain types of returns, tax rules, or a specific jurisdiction can be overwhelming and lead to an increased likelihood of error for CPAs unfamiliar with these nuances. (Read more about this risk in "Professional Liability Spotlight: The Dangers of Dabbling," JofA, Nov. 2015.)


By now, CPA firms should be well aware of the need to protect confidential client data and that data security incidents can happen to their firm. Increasingly, CPA firms have been targets of ransomware and social engineering attacks by cybercriminals seeking financial gain. This trend is not expected to subside. Vigilance by all is necessary to help protect the firm from a data security incident. (Learn more about data security controls in "Professional Liability Spotlight: Controlling Your Data," JofA, Aug. 2016. If your firm has suffered a data security incident, learn about your responsibilities in "Professional Liability Spotlight: A Breach of Client Data: Risks to CPA Firms," JofA, Aug. 2013.)

Liability claims breakdown

Claims made against CPA firms in the AICPA Professional Liability Insurance Program open as of Oct. 17, 2016, related to the following services:

Tax services: 60%

Audit and attest services: 18%

Consulting and other services: 11%

Fiduciary services: 6%

Accounting services: 5%

Source: CNA Claim Database, underwritten by Continental Casualty Co. Copyright © 2016. All rights reserved.

Sarah Beckett Ference ( is a risk control director at CNA.

Continental Casualty Co., one of the CNA insurance companies, is the underwriter of the AICPA Professional Liability Insurance Program. Aon Insurance Services, the National Program Administrator for the AICPA Professional Liability Program, is available at 800-221-3023, or visit

This article provides information, rather than advice or opinion. It is accurate to the best of the authors' knowledge as of the article date. This article should not be viewed as a substitute for recommendations of a retained professional. Such consultation is recommended in applying this material in any particular factual situations.

Examples are for illustrative purposes only and not intended to establish any standards of care, serve as legal advice, or acknowledge any given factual situation is covered under any CNA insurance policy. The relevant insurance policy provides actual terms, coverages, amounts, conditions, and exclusions for an insured. All products and services may not be available in all states and may be subject to change without notice.

Where to find June’s flipbook issue

The Journal of Accountancy is now completely digital. 





Better decision-making with data analytics

Data analytics has become a hot topic, but many organizations have not yet managed to understand its potential, let alone put it to work. This report will take a deep-dive on how to best introduce or enhance the use of data in decision-making.