While CPAs may view themselves as innocent victims in a malpractice lawsuit, juries do not. They typically side with plaintiffs in suits brought against accountants.

And being a defendant is never a pleasant experience, where your money and reputation are at stake.

Moreover, CPA liability has risen dramatically, according to Bill Thompson, president of CPA Mutual Insurance Co. of America RRG. His advice? “First and foremost, if you don’t already have coverage, buy it! With today’s ever-changing Tax Code and penalties for failure to report certain items, liability has expanded quite a bit over the past several years.”

“Second, if you don’t already have cyber-coverage, buy it! And make sure it not only covers the basics like client notification and credit monitoring,” he said. “You also need coverage for the post-breach forensics, cyber-extortion and terrorism, multimedia liability, and [Payment Card Industry Data Security Standard] assessment coverage. Also make sure your limits are adequate.”

(Click here to see our annual Malpractice Liability Insurance Buyers Guide.) (Note: An earlier version of the guide included incorrect information for Camico.)

“When looking for a program to be a good match, it is important to look for a partner that is staying current with the changes and complexities that are being faced by today’s CPA,” said Suzanne Holl, senior vice president of loss prevention services at Camico. “We’re seeing accounting firms of all sizes evolving to meet changes in the complexity of the regulatory environment and the standards being promulgated. The key for us is to help our accountants with the practice management side of how they go about communicating, educating and documenting issues with their clients. We believe that good client service equals good risk management. Good client service goes back to being competent to render the services, and also to being sensitive to communicate, educate and document with their clients.”

“You have to look for continuity and experience in the insurance program you work with,” said Rickard Jorgensen, president and chief underwriter for Jorgensen & Co. “Having an insurer with substantial resources is key.”

“It is becoming more commonplace for firms to purchase cyber-liability coverage, whether as an extension to a professional liability policy, or as an independent policy in its own right,” he said. “We’ve seen a number of claims from wire transfers and system hacking which have resulted in a loss of client records which might be later used to file fraudulent tax returns.”

It is very likely that, at one point or another, an accounting firm’s computer and data storage system will be hacked, Jorgensen indicated. “One of our clients was hacked by an Eastern European group,” he commented. “They took data of over 3,000 individuals, and filed returns on one half of his clients. They got into the system and took 2010 records because he was less likely to notice. In fact, the first time the CPA became aware of it was when he attempted to file legitimate returns electronically and they were rejected. He first became aware of the size of the crime when he was visited by Homeland Security, FBI and local law enforcement officials one sunny Monday morning. They thought that he was a party to a criminal act.”

“It cost us about $70,000 to undertake a forensic analysis of the policyholder’s records, since he was faced with a grand jury subpoena,” he added. “Moreover, it was emotionally devastating to him — he had up-to-date firewalls, built-in redundancies, and adhered to every reasonable security protocol that a CPA might want for their system, but the hackers are clever and they’ll find a way.”



Most professional liability programs tout the use of engagement letters as the most effective way to mitigate claims. Since there’s no universal agreement on the definition of what an accountant does in an average engagement, getting an understanding at the outset of the engagement is vitally important, according to Alvin Fennell, vice president at Aon, and Jeffery Day, vice president at CNA. Aon is the program manager, and CNA is the underwriter of the AICPA’s Professional Liability Insurance Program.

“The engagement letter is an extremely important way to minimize client disputes, between what is expected and what is actually done, whether it’s for a fee or a service,” said Day.

“It may also slow the client down in regard to making a claim, since it can clear things up if there’s an issue,” observed Fennell. “That’s one of the largest inquiries for which we provide support.”

Because the lack of an engagement letter can lead to a broader interpretation of the scope of services than the accountant actually performs, it is important for all engagements to be structured in terms of an engagement letter. Nevertheless, when analyzing who uses engagement letters, “The size of the firm matters,” said Fennell. “The larger firms have a greater leaning to internal controls and documentation, whereas the sole practitioner and smaller firms rely more on relationships and are a little less structured regarding engagement letters.”

It is important to be aware of engagement letter drift, according to Fennell and Day. If the scope of the engagement changes, it should be restated in a signed engagement letter. “Under most engagements, the CPA is not being hired to detect theft or fraud, so these should be included in a paragraph on the limitations of the engagement,” noted Fennell. “If a dispute arises, the accountant can go back to the engagement letter and say, ‘This is not what I was hired for.’”



“An engagement letter will help, but it doesn’t protect you from being stupid or not doing your job or failing to follow the standard of care you’re required to under AICPA standards,” said Ralph Summerford, CPA, CFE, president of Forensic Strategic Solutions Inc.

“If you fail to follow standards and fraud is uncovered, you will be sued,” he said. “In at least 90 percent of cases, the CPA will be sued for not discovering fraud in an audit, review or compilation engagement. Even in tax work, the CPA will be blamed. Everybody is looking for somebody else to blame it on. When litigation does begin, the CPA should get out of it fast — CPAs do not make good litigants, unless they work in the forensic area. It becomes a very personal matter with them because someone is questioning their integrity, ability and knowledge.”

That said, most malpractice cases do not go to the jury, Summerford indicated. “Most get settled before trial. It might be just on the eve of trial, but most get settled.”

He cited the case of a city employee in Illinois who stole $52 million over a ten-year period. “The CPA firm didn’t discover it, they got sued and were blamed in the media and by local government and the prosecutors for not discovering it,” he said.

“In most cases we investigate, they should have discovered the fraud. They either didn’t follow the procedures they established beforehand, or they didn’t follow procedures they had prescribed for themselves, or they followed the procedures but the procedures were not adequate to meet the standard of care,” he said.

Register or login for access to this item and much more

All Accounting Today content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access