Five legal risks your CPA firm should be focusing on

March 23, 2022 1:37 PM

A CPA firm, like any business, is subject to legal risks for the simple fact that it is a business that employs people, maintains vendor relationships, and owns or leases real estate, among other things. The day-to-day operations of any business involve some level of risk to manage. However, for a profession like accounting, those risks are compounded by the fact that accountants serve clients, handle their clients’ personal and business financial affairs, deal in complexity, and are subject to ethical rules.

As all of us in professional services come to learn, navigating risk is a big part of the job — not only on behalf of our clients but also in connection with running our own practices. The good news is that with some proactive steps, CPA firms can mitigate many possible risks before they turn into big problems.

In my legal practice, I deal with many business clients who run into trouble because they fail to think proactively about problems they may face down the road. Here are five of the most important issues CPA firms should be focusing on to limit risks that arise when running an accounting practice.

Engagement letters

No matter how small and seemingly insignificant an engagement may seem, it should only be undertaken after an engagement letter is signed by both parties. Engagement letters are critical because they detail the scope of an engagement and important details that could otherwise give rise to dispute, such as fees and client responsibilities. If there is a dispute, each parties’ respective rights and obligations under the engagement letter will govern it.

Cybersecurity

Since they handle sensitive financial information, including Social Security numbers and bank account details, among other things, CPA firms are natural targets for cyber criminals. And if firms don’t take steps to protect their clients’ information, they open themselves up to liability. And it’s not just — or even primarily — the large firms that are at risk.

Accordingly, it’s important for CPA firms of all sizes to take steps to guard against cyber attacks. These steps include having the right information technology systems, safeguards and protocols, including employee training, in place to ward off attacks, as well as a response plan in the event that a breach occurs. What happens in the wake of an attack, such as legally required notifications, can determine the extent of liability your firm may face.

Operating agreements

Your CPA practice may have grown, shrunk or otherwise evolved over the last few years. It’s undoubtedly experienced some change. Has its operating agreement (or equivalent governing document) changed with it?

Just as an individual should revisit and revise their estate planning from time to time because circumstances change — people get married, divorced, have children, their assets grow, etc. — a business should update its operating agreement. Members may come and go. State or federal law may change. Key provisions may need to be updated.

It’s a good idea to meet with legal counsel once a year to review whether your operating agreement needs to be amended to better reflect the current state, structure and needs of your firm. Failing to do so may lead to disputes between a CPA firm’s members that may have otherwise been avoided if an operating agreement had been updated in accordance with the firm’s changing circumstances.

Taking on the wrong work for the wrong clients

It’s always tempting to take on a paying client, but the risks of taking on the wrong client and/or wrong type of work almost always outweigh any potential benefit. Accountants can get sued by a disgruntled client even if they haven’t done anything wrong. Some of the red flags to look out for include a client who fired their previous accountant and/or is pushing their accountant to test the boundaries of accounting rules.

Employment matters

Running a business has never been easy, but the last two years have been particularly tough. And one of the biggest challenges has been navigating the myriad laws and regulations related to workers — from proper classification of employees versus independent contractors to COVID workplace rules — that can give rise to liability if not properly addressed.

CPA firms are essential in helping their clients avoid financial and tax risks. They also shouldn’t lose sight of the legal risks to their own businesses. By acting proactively, they can prevent a risk from becoming a big problem.