By Suzanne M. Holl, CPA
Economic conditions have long had a significant impact on CPA professional liability claims. In light of the current economic challenges, CPAs will need to be prepared and vigilant to minimize the potential of additional liability exposures.
Jury research shows that the public, including clients, perceive that the CPA’s fundamental job is to “advise and warn” — to advise clients of opportunities and to warn them about risks. Juries believe the CPA’s “advising and warning” antennae should be hyper-sensitive during economic downturns. Some even believe “anyone can do a CPA’s job when times are good, but during difficult times — that’s when the CPA really needs to bear down.” In other words, expectations are elevated when economic times are challenging.
For example, when something goes wrong with a business during difficult economic times, behaviors begin to change, sometimes to the point where clients will perceive the CPA as having failed to advise and warn. Clients may deflect blame and rationalize, “What occurred isn’t necessarily my fault … Is it possible someone else allowed this to happen? … Maybe I can blame someone else, and possibly recover our loss … Yeah, I think it was their fault.”
Also, looking at events in hindsight means history can be rewritten to benefit the client: “Why didn’t my CPA warn me about what was going to happen? I was relying on my CPA’s expertise for financial help.”
Professional skepticism must increase, not just to protect yourself and your client, but to protect other key stakeholders (e.g., the readers of the financial statements, lenders). History has proven that desperate times will cause some clients to take desperate measures, leading to deceit.
Loss prevention tip: Do not carry the burden of your client’s problems and permit yourself to become a victim for your clients. Loyalty to a client doesn’t take precedence over maintaining your professional standards of integrity, independence and objectivity. It is not worth jeopardizing your reputation or your own financial security in an attempt to mitigate or minimize client dilemmas.
Risk of Fraud
Financial strain increases pressure and rationalization for fraudulent behavior (e.g., “My line of credit has been canceled.” “My retirement funds shrank.” “I need this money.”) Understanding the gravity of these pressures is crucial to effective fraud prevention and detection.
For example, organizations in nearly every sector are cutting expenses and laying off workers. This can compromise existing internal controls and lead to fewer fraud prevention measures. CAMICO’s claims experience has shown that when people perceive an opportunity to commit fraud and get away with it, they are more inclined to defraud.
Fraud can have a devastating impact on CPAs as well if firms don’t embrace due professional care in defining the scope of their services and properly responding when fraud is identified or suspected. The public expects CPAs to have a “nose for fraud,” regardless of the limitations of the engagement. The expectation that CPAs will detect fraud is extremely difficult to meet, but the expectation to advise and warn is much less difficult. By advising and warning clients of their fraud/defalcation exposures and responsibilities, CPAs can minimize liability stemming from the expectation CPAs will detect fraud.
Regardless of the services performed, CPAs cannot provide absolute assurance that fraud has not been committed.
CAMICO recommends that CPA firms address difficult economic times by:
- identifying clients that may pose higher risk;
- increasing the level of professional skepticism; and
- prioritizing defensive documentation, including the engagement letter and written memorialization of significant client meetings and conversations.
Social Engineering Scams/Fraudulent Wire Transfers
CPAs continue to be at high risk of social engineering attempts due to the type of information firms gather and store, and CAMICO has observed an uptick in the frequency of these attempts. “Phishing” is one of the more common social engineering scams.
CAMICO has also observed a rise in fraudulent email requests for wire transfers. Fraudulent wire transfers frequently cause large dollar losses. If the fraudster controls the client’s and the firm’s email, commonly referred to as a “man in the middle” attack, and the fraudulent request mimics previous legitimate requests, it is very difficult for the firm to identify the request as illegitimate. When the fraud is discovered after the transfer, the funds are usually not recoverable.
Use your professional skepticism to avoid being lulled into a false sense of security. Any requests for money to be transferred to a bank account unfamiliar to you should be a red flag, especially if the new account is in another country. If the firm’s protocol with clients is to permit requests for wire transfers to be made via email, then establish and follow procedures to confirm requests using a mechanism other than email and proceed with the transfer only after confirming with the client (ideally by phone or in person) that the request is legitimate. This includes, but is not limited to, confirming the dollar amounts, the name of the financial institution, and the bank account number. To validate the authenticity of the request, confirm information only known to the client (ask questions to which hackers would not know the answers).
Practical loss prevention tips to minimize fraudulent wire transfer exposure:
• Slow down. Whether working in the office or remotely, take the time necessary to validate suspicious or unexpected email.
• Establish written protocols. The firm should establish written protocols with clients for handling client funds, especially as it relates to handling wire transfer requests. Consider establishing dollar thresholds above which verbal consent would be required if clients do not want to be “bothered” to approve each request. In addition, document who the authorized client representative(s) would be for providing such consent if/when the client is not available.
• Proceed with caution. With the increased number of claims related to fraudulent wire transfers, best practice in the absence of any written protocols to the contrary would be to verbally confirm all wire transfer requests with these clients to minimize risk.
Suzanne M. Holl, CPA, is senior vice president of loss prevention services with CAMICO (www.camico.com). With almost 30 years of experience in accounting, she draws on her Big Four public accounting and private industry background to provide CAMICO’s policyholders with information on a wide variety of loss prevention and accounting issues.