The trouble with nondisclosure agreements in attest engagements

Agreeing to keep certain items confidential may result in a breach of professional standards.
By Ben Allen, J.D.

Nondisclosure agreements
Photo by Hyejin Kang/iStock

Client requests for confidentiality agreements or nondisclosure agreements (NDAs) are becoming common in the accounting profession. CPAs receive NDA requests in connection with both exploratory discussions about future business relationships and as part of actual service agreements for clients. The issue for accounting firms is that many NDAs contain boilerplate provisions that may conflict with professional standards and public accounting statutes.

The AICPA Code of Professional Conduct (the Code) already states (ET §1.700.001) that a member in public practice shall not disclose confidential information without the consent of the client, so an NDA with clients may be either redundant or in conflict with professional standards. For this reason, firms may wish to consider pushing back when asked to sign an NDA. While the preservation of confidential information is nothing new for an accounting firm, the typical NDA routinely presents the following three challenges:

  • "As is" clauses and warranty disclaimers.
  • Return-of-information or destruction-of-information clauses.
  • Prohibitions on disclosure to third parties.

These clauses may pose problems for accounting firms, including false client expectations, unnecessary liability, and conflicts with professional standards.


"As is" clauses and warranty disclaimers are commonly found in NDAs but are inconsistent with elements of certain attestation engagements. These provisions may seek to prohibit an accounting firm from relying on information provided by the client and are counter to the fundamental requirement that the auditor obtain, and management provide, certain representations in connection with the audit.

It is good practice to delete these provisions and replace them with appropriate management representations. Making this revision helps clients understand their obligation in connection with the attestation engagement. If this is not established on the front end, your client may have unrealistic expectations about the work you are going to perform, and you may not receive the information necessary to complete the engagement in accordance with professional standards.


A typical return-of-information or destruction-of-information clause requires the accounting firm to promptly return all confidential information and information derived therefrom to the client or to destroy the information upon the client's request or completion of the audit. Unwittingly agreeing to such a provision could have unintended consequences.

For example, state statutes, such as Section 473.318, Florida Statutes, provide that working papers are the property of the accounting firm in the absence of an express agreement with the client to the contrary. If an accounting firm agrees to return this type of information pursuant to the NDA, that firm may be stuck without the working papers required to comply with peer review and professional standards. Also, the "Records Requests" interpretation in the AICPA Code (ET §1.400.200) has specific provisions regarding the return of client documents as well as on member-prepared records, members' work products, and working papers. It may make sense to modify any provisions in an NDA that are inconsistent with the applicable AICPA Code or other requirements so there is no misunderstanding with the client down the road.


NDAs also typically prohibit disclosure by the client's vendor to third parties. This type of provision may be acceptable to vendors that are not subject to professional standards, but CPAs may be obligated to disclose working papers to an unaffiliated third party, for example, in connection with peer review. It is therefore good practice to add an exception to this type of provision that allows the accounting firm to share its working papers for peer review purposes or in response to a legal process, such as a subpoena. Setting client expectations on this obligation at the front end of an engagement avoids unnecessary conflict later.


Accounting firm clients are increasingly requiring NDAs before an engagement commences. However, the typical form NDA has not been drafted with the accountant-client relationship in mind and, therefore, may create mistaken client expectations and unexpected conflicts with professional standards and statutory requirements. Accordingly, accounting firms must be vigilant when reviewing boilerplate NDAs or service agreements containing nondisclosure provisions. While it may be acceptable to use a boilerplate NDA for discussions regarding a potential future business relationship between the parties, the terms of such a "prospecting" NDA should terminate prior to entering into a definitive service agreement. At that point, accounting firms should pay close attention to the three issues above. When in doubt, seek legal counsel that is aware of the unique issues that CPAs face.

About the author

Ben Allen ( is general counsel for ­Schellman & Company LLC, an integrated compliance provider. 

To comment on this article or to suggest an idea for another article, contact Ken Tysiac, a JofA editorial director, at ­ or 919-402-2112.

AICPA resources


CPE self-study

  • Ethics: Nonattest Service, Integrity, and Objectivity (#159421, online access; #GT-SETH-001, group pricing)

For more information or to make a purchase, go to or call the Institute at 888-777-7077.

Where to find June’s flipbook issue

The Journal of Accountancy is now completely digital. 





Leases standard: Tackling implementation — and beyond

The new accounting standard provides greater transparency but requires wide-ranging data gathering. Learn more by downloading this comprehensive report.