Small actions, big fallout: Lessons from large claims

By Sarah Beckett Ference, CPA

Unfortunately, seemingly benign actions do not always turn out to be so. Even small decisions or quick conversations may have significant, and expensive, consequences. Consider these real-life claims asserted against CPAs in the AICPA Professional Liability Insurance Program and take note of lessons that were learned the hard way.


The case: A CPA prepared tax returns and provided bill-paying services for a client. When the client inherited a substantial amount of money, they asked the CPA to assist in managing this newfound wealth. The CPA agreed and invested approximately $2.5 million with an investment adviser who was recommended by another client of the CPA. Eventually, the invested funds were lost due to the adviser's alleged fraudulent activity. The client filed suit against the CPA for failure to exercise due diligence in selecting the adviser.

While the CPA's actions were taken in good faith and in the belief that they were in the client's best interests, the CPA did not perform any due diligence procedures related to the adviser, relying solely on the recommendation of the other client. A simple internet search, however, would have revealed that the investor was previously convicted of financial crimes.

The outcome: The case settled with defense costs and an indemnity payment of more than $500,000.

The lesson: While the depth and type of due diligence procedures vary based upon the situation and service to be provided, performing a basic internet search before accepting a new client, or making a recommendation to an existing one, is a quick and easy — but crucial — step for a CPA to take, even if the referral source is a trusted one.

The other lesson: Clients often seek a CPA's advice related to investments. However, providing incidental advice is fraught with risk, and the CPA may be blamed for poor investment performance. Avoid providing investment advice unless you have the requisite experience in the area, have been engaged via a separate engagement letter for the service, and follow the AICPA Statement on Standards in Personal Financial Planning Services.


The case: For decades, a CPA was engaged to provide tax compliance and compilation services to a medical practice with a history of declining revenues. After several years of providing services, the CPA eventually issued an engagement letter. A year later, the client terminated its controller and bookkeeping staff, accusing them of embezzling millions of dollars via a fictitious payroll scheme. The client, alleging that the CPA's engagement scope was much broader than what was included in the engagement letter, asserted that the CPA should have detected the embezzlement. Unfortunately, and despite what was reflected in the engagement letter for a prior period, the CPA's workpapers and client communications suggested a broader and poorly defined engagement scope. In addition, the CPA had copies of the client's payroll records showing client employees claiming hours far in excess of customary working hours (in some cases, claiming nearly 24 hours in a single day), which arguably should have been a red flag. Finally, the CPA's workpapers reflected knowledge of substantial weaknesses in the medical practice's internal controls, but the CPA never conveyed these concerns to the client.

The outcome: The case settled with defense costs and an indemnity payment of more than $900,000.

The lesson: Consistent use of annual engagement letters helps manage the client's expectations regarding the scope of services and the limitations of such services. If a client requests additional services, document the additional scope of work through a new engagement letter, an addendum to an existing engagement letter, or, at a minimum, an email with the client.

The other lesson: To help defend a claim asserting a failure to detect an embezzlement, regardless of service, inform the client, in writing, of improper segregation of duties or other internal control weaknesses, especially those related to cash handling. In addition, inspect documentation received and inform the client, in writing, of red flags or unusual items.


The case: A CPA's family friend asked for assistance with an IRS audit. The CPA appropriately requested an engagement letter and retainer from the friend but did not receive either. Despite this, the CPA began work on the engagement. When he ran into difficulties obtaining payment, he ceased services without notification to the friend and commenced a $10,000 fee collection action. In response, the friend filed a counterclaim against the CPA claiming damages of more than $10 million.

Although the friend failed to sign the engagement letter, pay the retainer, or provide documentation the CPA needed to respond to the IRS, an expert found multiple breaches of the CPA's standard of care, including the CPA's failure to accurately inform the client of the status of the IRS audit and that he had stopped working on the same. The CPA's failures resulted in the audit's closing without a response, despite numerous attempts by the IRS to contact the CPA.

The outcome: The case settled with defense costs and an indemnity payment of nearly $1 million.

The lesson: If providing services to family members and friends, follow the same protocols you would with any other client and treat them as such. This includes performing client acceptance procedures to ensure they are the right fit for your firm, obtaining a signed engagement letter before commencing work, and providing written notification to the client if ceasing or terminating services.

The other lesson: Fee suits almost never lead to positive outcomes. Instead, they often lead to retaliatory malpractice claims by the client to avoid payment. It is best to avoid the issue and stay in the black with good billing and collection practices.


The case: A CPA prepared tax returns for a married couple for a number of years until the couple informed the CPA of their impending divorce. During the couple's divorce proceedings, the CPA provided advice to the husband for a short time without first obtaining a waiver from or officially terminating the relationship with the wife. The wife claimed that within that period, the CPA wrongfully advised the husband that he could withdraw money held in joint bank accounts even though such withdrawals violated the couple's prenuptial agreement.

The CPA recalled telling the husband that he believed he would be entitled to half of the joint account but did not have the prenuptial agreement in hand. As such, he verbally advised the husband to consult with his divorce attorney on the issue. There was no documentation related to this discussion with the husband.

The outcome: The case settled with defense costs and an indemnity payment of approximately $1.5 million.

The lesson: Answering seemingly benign questions based on incomplete or partial information can have significant consequences. Avoiding answering these questions, while preferable, is not always possible or practical. Whenever advice is provided, follow up the discussion with a written communication, such as an email.

The other lesson: A conflict of interest, or even the appearance of an ethical violation, can greatly complicate the defense of a claim. Here, the defense expert opined that despite the short period during which the conflict existed, the case would be very difficult to defend, and the CPA should not have discussed the issues with the husband.


In all of these cases, the engagement letter was either nonexistent, as in the cases of "Failure to Search" and "Off-the-Cuff Advice," or inconsistent and ineffective, as in the cases of "Creeping Scope" and "Favor to a Friend." Had engagement letters been in place, the outcomes may have been different.

Where claims come from

Claims asserted against CPA firms in the AICPA Professional Liability Insurance Program in 2021 by area of practice:

  • Tax services, 73%
  • Accounting and bookkeeping services, 9%
  • Consulting services, 8%
  • Audit and attest services, 5%
  • Fiduciary services, 4%

Source: CNA Claim Database, underwritten by Continental Casualty Company Copyright © 2022. All rights reserved.

Sarah Beckett Ference, CPA, is a risk control director at CNA. For more information about this article, contact

Continental Casualty Company, one of the CNA insurance companies, is the underwriter of the AICPA Professional Liability Insurance Program. Aon Insurance Services, the National Program Administrator for the AICPA Professional Liability Program, is available at 800-221-3023 or visit

This article provides information, rather than advice or opinion. It is accurate to the best of the author's knowledge as of the article date. This article should not be viewed as a substitute for recommendations of a retained professional. Such consultation is recommended in applying this material in any particular factual situations.

Examples are for illustrative purposes only and not intended to establish any standards of care, serve as legal advice, or acknowledge any given factual situation is covered under any CNA insurance policy. The relevant insurance policy provides actual terms, coverages, amounts, conditions, and exclusions for an insured. All products and services may not be available in all states and may be subject to change withoutnotice.

Where to find June’s flipbook issue

The Journal of Accountancy is now completely digital. 





Leases standard: Tackling implementation — and beyond

The new accounting standard provides greater transparency but requires wide-ranging data gathering. Learn more by downloading this comprehensive report.