Connect with us

Accounting

Liability insurance experts examine the current landscape of risk.

Published

on

CPA firms continue to face unique challenges as they navigate some of the current liability issues and trends facing the profession, including beneficial ownership information filing under the Corporate Transparency Act, artificial intelligence, and cyberthreats.

“We strongly encourage firms to proactively prepare for risk by following some basic best practices,” advised Suzanne Holl, a CPA and executive vice president at insurance company Camico.

These best practices include:

  • Set the right “tone from the top.” Encourage and reward a culture of transparency within the firm hierarchy to identify and communicate risk issues to help minimize potential exposures and enable the firm to early report liability concerns to their professional liability carrier and benefit from any proactive risk management guidance and support that may be available.
  • Prioritize performing the right services for the right clients, as not every client is a good fit for every firm. Evaluating the firm’s client base has become even more important as firms face staffing constraints.
  • Close the expectation gap. Proactively manage and document client expectations to minimize the risks associated with potential gaps between what they expect and what you’re offering.

Corporate Transparency Act risks

The new beneficial ownership reporting requirements under the CTA took effect on Jan. 1, 2024, and months later, the small-business community remains woefully unprepared for compliance with this complex reporting regime. As many small businesses look to their CPA for guidance and assistance, this poses potential added risks to firms.

One of the overarching concerns is whether CTA-BOI advisory services would be deemed the unauthorized practice of law for CPAs and nonattorney tax professionals. Given that each state has its own definitions of what services are considered UPL, this is a complex and nuanced risk requiring firms to stay current on the UPL issue in the states where they are licensed, as well as the states in which clients reside.

John Raspante, director of risk management at McGowanPro, sees the CTA as a source of controversy.

Umbrella insurance risk concept

Pixelbliss – stock.adobe.com

“It hasn’t caused a claim yet, but we’ve received more than 1,000 calls regarding beneficial ownership reporting requirements,” he said. “The forms have to be filed by the end of the year for existing entities, with FinCEN. The questions revolve around whether CPAs are allowed to do this work, and if they do it, will they be covered under their policy. It’s more than likely that claims will be forthcoming on this issue. Once the form is filed, there has to be continual monitoring since modifications to the form have to be filed as well. If the accounting firm is sold, if the filer or a beneficial owner changes their residence, or the business adds an additional owner, it all has to be reported.”

Camico continues to advise CPAs to be vigilant and prepared to minimize the potential of additional liability exposures by following risk management best practices, which at a minimum should include:

Informing and advising clients in writing regarding the new beneficial ownership reporting requirements under the CTA, and recommending that they seek legal guidance.

Modifying traditional tax and financial statement engagement letters to include language that specifically disclaims the firm’s involvement in assisting clients with CTA compliance under the terms of that agreement.

Using standalone engagement letters if the firm is rendering CTA-related services to clients that specify the limited nature of the services the firm is providing, such as the filing of the initial BOI report or the filing of a corrected or updated BOI report, and that contain appropriate disclaimer language for such limited services.

Preparing your own firm for compliance if you are deemed to be a “reporting company” under current CTA guidance.

Generative AI

“Generative AI is no longer just a buzzword,” said Holl. “The technological advancements that generative AI promises have the potential to reshape how firms provide professional services, communicate with clients, and even how leaders manage their firm.”

Although generative AI solutions can provide benefits for CPA firms, she said, “From a liability perspective, there are critical risks associated with generative AI that should be vetted by firms and mitigation strategies implemented to minimize potential exposures.”

Among those risks are concerns with accuracy and quality control, confidentiality, privacy, security, and ethical issues. Successful integration of generative AI requires a well-crafted implementation plan that should include, among other things, appropriate education and training to ensure responsible use.

“We believe a clear and concise generative AI policy to document a firm’s authorized usage is paramount in minimizing risk and achieving firm goals using AI,” Holl said.

Cyber exposures

Cyber exposures have become increasingly problematic as cyber criminals are targeting CPA firms and tax professionals due to the type of information they gather and store. If the criminals are successful in gaining access to the firm’s information, costly measures may need to be taken including, but not limited to, hiring IT forensic experts to determine the extent of a potential breach, consulting with attorneys specializing in data breach laws and notification obligations, and providing credit monitoring to those impacted by a breach.

A far-too-common scenario is when a fraudster controls the client’s and the firm’s email, commonly referred to as a “man in the middle” attack. In these situations, the fraudulent request may mimic previous legitimate requests, which can make it very difficult for a firm to identify the request as illegitimate. As fraudulent wire transfers frequently cause large dollar losses, firms need to be hypervigilant in their efforts to protect the firm and clients against wire transfer fraud.

Insurance experts strongly recommend that firms have written protocols in place with clients who need such services that outline the protocols to be followed when executing wire transfer requests.

Preparing defenses

It’s important to have a “meeting of the minds” at the outset of a client relationship, according to Sarah Ference, risk control director for the Accountants Professional Liability Program at CNA, the underwriter for the AICPA Professional Liability Insurance Program. An engagement letter is the tool that not only helps achieve this, but is also a first line of defense if a relationship sours.

“An engagement letter helps set the stage for success throughout the engagement. That kind of understanding really aids in mitigating risk and resolving issues that might arise, or may even prevent them from arising. Yet CPAs tend to shy away from using engagement letters,” she said.

“We continue to see areas of practice like tax which lack engagement letters,” Ference noted. “Of the claims asserted in 2023 against CPA firms in the AICPA Professional Liability Insurance Program, about 75% stemmed from tax services. Of those, over 50% didn’t have an engagement letter, which puts the CPA in a difficult position to defend the claim. We have seen similar percentages in prior years. Intuitively, if there was an engagement letter that spelled out what you’ve agreed to do, what a client’s responsibility was, and limitations of your responsibility, a claim may never arise. In that case, a client disagreement wouldn’t appear on our radar because the disagreement would have already been resolved before it turned into a claim.”

Anytime a CPA is delivering a service, they should consider an engagement letter, according to Ference: “Engagement letters are critical when doing any kind of consulting. The more specific, the better. Make sure that the letter is structured in such a way that there is no ambiguity. Ambiguity opens the door to broad interpretations and makes it difficult to align expectations between the CPA and the client.”

“It’s all about relationships,” according to Alvin Fennell, vice president and senior risk advisor at Aon, manager of the AICPA Professional Liability program. “CPAs are extremely customer-sensitive. Where they have a longtime client, they hate to request an engagement letter. I tell them: ‘Blame it on your insurance carrier. They require me to get an engagement letter!'”

“The most prevalent current risk is changes in regulations and accounting standards,” he said.

The lack of talent coming into the profession is a problem. “A lot of individuals are coming out of college and going into industry rather than accounting firms, causing more competition for talent in firms now. Big firms are acquiring smaller firms just to get at the talent they need,” Fennell said.

Finally, Raspante noted that, while accountants may not have handled a lot of Employee Retention Credits, many were confronted with the need to amend the business tax return to include the proceeds of an ERC.

“If the underpinnings of the ERC were incorrect, it can cause issues with us,” he said. “The voluntary disclosure program will create more claims. If an accountant didn’t tell us about the voluntary disclosure, it can cause a lot of damage.”

Continue Reading

Accounting

IAASB tweaks standards on working with outside experts

Published

on

The International Auditing and Assurance Standards Board is proposing to tailor some of its standards to align with recent additions to the International Ethics Standards Board for Accountants’ International Code of Ethics for Professional Accountants when it comes to using the work of an external expert.

The proposed narrow-scope amendments involve minor changes to several IAASB standards:

  • ISA 620, Using the Work of an Auditor’s Expert;
  • ISRE 2400 (Revised), Engagements to Review Historical Financial Statements;
  • ISAE 3000 (Revised), Assurance Engagements Other than Audits or Reviews of Historical Financial Information;
  • ISRS 4400 (Revised), Agreed-upon Procedures Engagements.

The IAASB is asking for comments via a digital response template that can be found on the IAASB website by July 24, 2025.

In December 2023, the IESBA approved an exposure draft for proposed revisions to the IESBA’s Code of Ethics related to using the work of an external expert. The proposals included three new sections to the Code of Ethics, including provisions for professional accountants in public practice; professional accountants in business and sustainability assurance practitioners. The IESBA approved the provisions on using the work of an external expert at its December 2024 meeting, establishing an ethical framework to guide accountants and sustainability assurance practitioners in evaluating whether an external expert has the necessary competence, capabilities and objectivity to use their work, as well as provisions on applying the Ethics Code’s conceptual framework when using the work of an outside expert.  

Continue Reading

Accounting

Tariffs will hit low-income Americans harder than richest, report says

Published

on

President Donald Trump’s tariffs would effectively cause a tax increase for low-income families that is more than three times higher than what wealthier Americans would pay, according to an analysis from the Institute on Taxation and Economic Policy.

The report from the progressive think tank outlined the outcomes for Americans of all backgrounds if the tariffs currently in effect remain in place next year. Those making $28,600 or less would have to spend 6.2% more of their income due to higher prices, while the richest Americans with income of at least $914,900 are expected to spend 1.7% more. Middle-income families making between $55,100 and $94,100 would pay 5% more of their earnings. 

Trump has imposed the steepest U.S. duties in more than a century, including a 145% tariff on many products from China, a 25% rate on most imports from Canada and Mexico, duties on some sectors such as steel and aluminum and a baseline 10% tariff on the rest of the country’s trading partners. He suspended higher, customized tariffs on most countries for 90 days.

Economists have warned that costs from tariff increases would ultimately be passed on to U.S. consumers. And while prices will rise for everyone, lower-income families are expected to lose a larger portion of their budgets because they tend to spend more of their earnings on goods, including food and other necessities, compared to wealthier individuals.

Food prices could rise by 2.6% in the short run due to tariffs, according to an estimate from the Yale Budget Lab. Among all goods impacted, consumers are expected to face the steepest price hikes for clothing at 64%, the report showed. 

The Yale Budget Lab projected that the tariffs would result in a loss of $4,700 a year on average for American households.

Continue Reading

Accounting

At Schellman, AI reshapes a firm’s staffing needs

Published

on

Artificial intelligence is just getting started in the accounting world, but it is already helping firms like technology specialist Schellman do more things with fewer people, allowing the firm to scale back hiring and reduce headcount in certain areas through natural attrition. 

Schellman CEO Avani Desai said there have definitely been some shifts in headcount at the Top 100 Firm, though she stressed it was nothing dramatic, as it mostly reflects natural attrition combined with being more selective with hiring. She said the firm has already made an internal decision to not reduce headcount in force, as that just indicates they didn’t hire properly the first time. 

“It hasn’t been about reducing roles but evolving how we do work, so there wasn’t one specific date where we ‘started’ the reduction. It’s been more case by case. We’ve held back on refilling certain roles when we saw opportunities to streamline, especially with the use of new technologies like AI,” she said. 

One area where the firm has found such opportunities has been in the testing of certain cybersecurity controls, particularly within the SOC framework. The firm examined all the controls it tests on the service side and asked which ones require human judgment or deep expertise. The answer was a lot of them. But for the ones that don’t, AI algorithms have been able to significantly lighten the load. 

“[If] we don’t refill a role, it’s because the need actually has changed, or the process has improved so significantly [that] the workload is lighter or shared across the smarter system. So that’s what’s happening,” said Desai. 

Outside of client services like SOC control testing and reporting, the firm has found efficiencies in administrative functions as well as certain internal operational processes. On the latter point, Desai noted that Schellman’s engineers, including the chief information officer, have been using AI to help develop code, which means they’re not relying as much on outside expertise on the internal service delivery side of things. There are still people in the development process, but their roles are changing: They’re writing less code, and doing more reviewing of code before it gets pushed into production, saving time and creating efficiencies. 

“The best way for me to say this is, to us, this has been intentional. We paused hiring in a few areas where we saw overlaps, where technology was really working,” said Desai.

However, even in an age awash with AI, Schellman acknowledges there are certain jobs that need a human, at least for now. For example, the firm does assessments for the FedRAMP program, which is needed for cloud service providers to contract with certain government agencies. These assessments, even in the most stable of times, can be long and complex engagements, to say nothing of the less predictable nature of the current government. As such, it does not make as much sense to reduce human staff in this area. 

“The way it is right now for us to do FedRAMP engagements, it’s a very manual process. There’s a lot of back and forth between us and a third party, the government, and we don’t see a lot of overall application or technology help… We’re in the federal space and you can imagine, [with] what’s going on right now, there’s a big changing market condition for clients and their pricing pressure,” said Desai. 

As Schellman reduces staff levels in some places, it is increasing them in others. Desai said the firm is actively hiring in certain areas. In particular, it’s adding staff in technical cybersecurity (e.g., penetration testers), the aforementioned FedRAMP engagements, AI assessment (in line with recently becoming an ISO 42001 certification body) and in some client-facing roles like marketing and sales. 

“So, to me, this isn’t about doing more with less … It’s about doing more of the right things with the right people,” said Desai. 

While these moves have resulted in savings, she said that was never really the point, so whatever the firm has saved from staffing efficiencies it has reinvested in its tech stack to build its service line further. When asked for an example, she said the firm would like to focus more on penetration testing by building a SaaS tool for it. While Schellman has a proof of concept developed, she noted it would take a lot of money and time to deploy a full solution — both of which the firm now has more of because of its efficiency moves. 

“What is the ‘why’ behind these decisions? The ‘why’ for us isn’t what I think you traditionally see, which is ‘We need to get profitability high. We need to have less people do more things.’ That’s not what it is like,” said Desai. “I want to be able to focus on quality. And the only way I think I can focus on quality is if my people are not focusing on things that don’t matter … I feel like I’m in a much better place because the smart people that I’ve hired are working on the riskiest and most complicated things.”

Continue Reading

Trending