All Articles Finance Modern Money Q&A: Engagement letters, proactive measures reduce CPAs' professional-liability risk

Q&A: Engagement letters, proactive measures reduce CPAs’ professional-liability risk

4 min read

Modern Money

Certified public accountants face a range of risks that can lead to professional liability claims. Aon Affinity Executive Vice President Ken Mackunis and Senior Vice President Dave Sukert discuss how firms can mitigate their potential for liability. (Aon Affinity is the administrator of personal and business insurance benefits for members of the American Institute of Certified Public Accountants.)

Have technology and cybersecurity-related issues raised the risk of professional liability claims?

Mackunis: In the course of delivering professional services to clients, CPAs are ultimately responsible for the tools and technology necessary to complete their engagements, so if they lose or misplace their laptop or tablet, there is potential for claims from both clients and third parties. Additionally, accounting professionals have a duty to protect personally identifiable information, in compliance with HIPAA privacy laws, among others. A failure to maintain and protect private information, in contravention of laws or regulations, could result in greater risks of claims being brought against a practitioner.

It is paramount that CPAs engage with a risk professional at an early stage to understand what risks their professional liability policy covers and to ensure they have the right coverage in place to minimize their risk.

Does an accounting firm’s exposure to liability claims increase when it reports an error?

Sukert: No — in fact, the earlier a CPA reports an error, the quicker and easier it is for the CPA to control the issue. Sometimes the right “early intervention” can help resolve an issue and preclude an actual claim. There are more pre-claim assistance options available to the CPA if the error is reported immediately.

Are there particular areas where firms should ensure they are adequately testing controls, etc. to avoid liability claims?

Mackunis: There are many areas firms should focus on testing controls to avoid liability claims. Properly responding to comfort letter requests and ensuring that engagements are properly documented are two of the top areas on which the AICPA Professional Liability Insurance Program focuses on providing its advice and counsel. Other items on which the program regularly provides guidance and risk-control advice to CPAs include client acceptance and termination considerations, controlling your risk in accounts receivable/billing/collection practices, and what to do if fraud or employee dishonesty is identified.

What are some key steps that firms can take to reduce professional liability?


  • Issue an annual, signed engagement letter for all services, regardless of the type, and be sure to clarify the limitations of service.
  • Follow up on red flags or items that appear incorrect, inconsistent or otherwise unsatisfactory.
  • Clearly document work performed to support delivery of services, as described in the engagement letter.
  • Monitor and manage “scope creep.” Ensure the scope of work to be performed is clear and understood by all team members and the client.

Are there any aspects of business where firms commonly underestimate the potential for professional liability?

Sukert: Managing longtime clients, lack of expertise and engagement letters are just three of the many aspects where firms tend to underestimate the potential for liability.

Longtime clients may be friends or even family members. A good question to ask is, “Did the CPA get an updated engagement letter?” As the scope of services broadens through the years, the risk broadens as well. CPAs shouldn’t be afraid to ask a client for an updated engagement letter. It not only manages risk, but it also helps set expectations both by and for the client.

Manage your practice from the perspective of “expect the unexpected.” CPAs should apply professional skepticism to all aspects of an engagement. Having another partner review the work — one who may have a different sensitivity to red flags — may help limit a firm’s liability.

CPAs should recognize when they don’t have the expertise in a particular line of service. They should bring in a colleague that does have the right experience and be transparent with the client, in letting them know they are bringing in another colleague to handle the engagement and why. Historical claims data strongly suggests that CPA firms which rarely perform a service in a specialized area are more likely to experience a claim in that area of practice.

Firms underestimate the value of good documentation. Engagement-letter documentation is the first line of defense for CPA firms if a claim is filed. We cannot stress enough the importance of documenting every conversation, interaction, etc. a CPA has with a client.