Whether they do it at the beginning of the year or after busy season, firms should periodically take time to review some of their policies and procedures and to assess risks to the firm.
Sarah Beckett Ference, CPA, a risk control director for CNA, offers five scenarios CPA firms may see that could put their business at risk, and how to mitigate them.
Many firms do a great job protecting their networks with increased cybersecurity controls, but cybercriminals are getting more sophisticated about their scams. Hackers are targeting people, who may be multitasking or stressed, and could be easier to manipulate than a firewall, Ference said.
As CPAs enter busy season, they are more likely to see increased phishing scams in their email inboxes. One common type of scam is a fictitious email that includes a link that, when clicked, can download and install malware onto the computer.
Another common scheme is an email that appears to be from a client and asks for a special payment request, such as a wire transfer to a new account. The request usually comes with a tight deadline and the "client" may indicate he or she will be unreachable to confirm, perhaps because he or she is about to get on a plane, Ference said.
"The firm employee, wanting to provide good client service, goes ahead and executes the request, and lo and behold, it wasn't really the client that made the request. By the time the scam is discovered, the client's funds are in an offshore bank account and can't be recovered," she said.
Firms should take extra measures to verify that any unusual requests are coming from an actual client, especially any that indicate a change to bank account or routing numbers or vendors.
"Pick up the phone and call your client — not from the number that's in the suspicious email. Have someone who knows the client's voice call a number that you know to be correct to confirm their request. Clients will appreciate this extra security measure because you're helping to protect their money."
Changing technical and regulatory professional standards
A lot of changes are on the horizon because of tax reform, new partnership audit procedures, and new rules for accounting for leases and revenue recognition, just to name a few, Ference said.
Auditors or anyone who helps clients with financial statements should be aware of pronouncements on lease accounting and revenue recognition from FASB outlining significant changes in financial reporting standards that take effect as early as this year, Ference said.
"If you have anything to do with financial statements, you're either going to have to help your clients prepare for those two major changes or you're going to need to be in a position to audit financial statements that have implemented those changes," she said. "Even though the effective dates for some of the new standards or for nonpublic companies are further on the horizon, planning for these changes in standards has to happen now."
On the tax front, tax reform created significant changes that will affect virtually every client. Changes to the partnership audit rules are now in effect. "Failure to think about and communicate how these changes may impact your tax clients can lead to a professional liability claim from a client alleging you failed to advise them," Ference said. "Inform your clients of relevant changes in tax laws and regulations through a client mailing or newsletter, and put the onus on the client to contact you to see how the changes affect their specific situation. Make sure your engagement letter limits the scope of service to tax return preparation only."
Firms can keep abreast of these issues with resources from the AICPA's Tax Section, which offers technical tools and alerts on tax reform news. For more information on changes to leases and revenue recognition, check the AICPA Financial Reporting Center and the Center for Plain English Accounting (available of members of the Private Companies Practice Section), Ference suggested.
Aging clients requesting trustee services
Increasingly, firms are being asked to serve as trustee for clients and may not understand the risk these services pose, Ference said.
"Claims related to this service can be really big," she said. "In addition, we are beginning to see a higher frequency of claims in this area as the population ages and wealth transfers from one generation to the next. We think we are going to continue to see a demand for CPAs acting as trustees."
Before offering trustee services, CPAs should understand the risk to their firms and ensure they can manage that risk and have sufficient knowledge and experience to deliver the service. As trustee, they could encounter assets that are difficult to value or manage and even feuding beneficiaries, a subject one of Ference's colleagues addressed in a related article.
"We see firms of all sizes accepting the role of trustee, typically for an individual tax client who has been with a CPA for 20 or 30 years," Ference said. "The CPA thinks it's an honor to be asked by their longtime client, but it's the beneficiaries that are going to be fighting over the trust assets, and they don't have that same degree of loyalty to the CPA."
Firms with limited or no experience in trustee services should consider whether offering the services and accepting that amount of risk is right for the firm, she said.
CPAs should always be focused on audit quality and continual improvement, learning from the findings of inspections, whether those findings are from the PCAOB, the U.S. Department of Labor, or peer review, Ference said.
"Think of the findings as opportunities to be better," Ference said. "Introduce new processes or modify existing ones in response."
More firms are using data analytics to analyze large amounts of data instead of statistical sampling, which is helping improve audit quality, she said. The Center for Audit Quality, which is affiliated with the AICPA, can also offer other tips and tools to improve audits.
Contracts with clients
A perennial way to mitigate risk is through the use of an engagement letter, Ference said. Out of all of the professional liability claims asserted against CPA firms in the AICPA Professional Liability Program in 2017, more than half lacked an engagement letter related to the service.
"This percentage has remained steady for the past several years, which presents a significant opportunity for improvement," Ference said. "When an engagement letter is in place, defending a claim can be much easier." Disputes over the scope of services or a client's lack of understanding regarding the limitation of the service are frequent issues that arise in claims.
"An engagement letter is a tool to help manage expectations — so many things could be prevented if we had better communication about expectations," she said.
Samiha Khanna is a freelance writer based in Durham, N.C. To comment on this article or to suggest an idea for another article, contact Chris Baysden, senior manager of newsletters at the Association of International Certified Professional Accountants.