Engagement Letters: New Risks Addressed, Best Practices for Firms
That’s a conclusion you can draw from the number of CPA firm engagements that are conducted without one. It’s also supported by the number of engagements conducted in which the engagement letter does not accurately detail the scope of the engagement and key details, including the standards that the firm is going to follow, the limitations of the service, and the client responsibilities.
Engagement letters are incredibly important.
That’s the conclusion you’ll draw from analyzing data from claims filed against CPA firms or speaking with experts involved in handling claims, potential claims, and lawsuits against CPA firms. In 2018, nearly one-third of claims against CPA firms (31%) involved engagements with no engagement letter at all. I learned that when interviewing an expert on claims made against CPA firms for the Modernizing Your Practice podcast series.
There are also far too many times where the engagement letter is not doing the job of minimizing risks to the firm, and those risks include liability risk and reputation risk. While the client and firm may seem perfectly aligned during the pre-engagement meetings, things that were discussed but not recorded and included in the engagement letter become points of contention and add unnecessary risk. When there is a difference of opinion on the scope, client requirements, etc., perhaps the client will defer to the firm’s recollection and notes from those face-to-face meetings. Perhaps they won’t.
The good news is there are foundational best practices regarding engagement letters and there are risk liability experts willing to share their experiences, insights, and recommendations to help you and your firm mitigate professional liability risk. The better news is that my colleague Matt Towers captured all that in a recent interview with Stan Sterna, JD, a vice president at Aon Insurance Services, and Sarah Ference, CPA, risk control director of accountants professional liability at CNA.
There are also far too many times where the engagement letter is not doing the job of minimizing risks to the firm, and those risks include liability risk and reputation risk. While the client and firm may seem perfectly aligned during the pre-engagement meetings, things that were discussed but not recorded and included in the engagement letter become points of contention and add unnecessary risk. When there is a difference of opinion on the scope, client requirements, etc., perhaps the client will defer to the firm’s recollection and notes from those face-to-face meetings. Perhaps they won’t.
Key Elements to Capture
- Scope of Service: What you have been engaged to do, and exactly which services you are going to be delivering to the client
- Professional Standards: Detail the standards that the firm is going to follow when delivering the service (including the limitations of that service)
- Client's Responsibilities: Include what the client needs to provide (and by when), and if applicable lay out the fact that it is the client’s responsibility to make decisions and to implement or respond to any advice or recommendations provided by the firm
The three elements Sarah lays out above may seem both obvious and simple to capture but claims data and the experiences and examples she and Stan shared with Matt tell a different story. Consider an engagement letter stating the firm will prepare and file the client’s “tax return.” Does that include sales-and-use-tax calculation? Which jurisdiction? State and federal returns? A gift tax return? Months later is not when you want to be clarifying the scope, hastily doing unplanned work, or working with an attorney to defend against a claim.
In the assurance space, the risk liability can go way up. For example, Sarah brought up a common scenario where for the vast majority of services a CPA firm delivers, there may be no responsibility to detect theft or fraud at a client organization or to detect a weakness in the client’s internal controls. If that is the case for an engagement, she recommends you state it in the engagement letter or you’re taking on unnecessary risk. If fraud or another problem is later found at the client company, a claim or lawsuit against the CPA firm should not be a surprise. As Stan and Sarah shared, if the scope of the engagement is not clear and detailed, the client’s attorneys will make their own interpretation.
The claim, lawsuit, and payout data make it clear that a firm’s first line of defense when it comes to risk liability is the engagement letter. Stan, the lawyer in the discussion, also shared three key takeaways which I’ll summarize this way:
Three Takeaways/Process Recommendations for Firms
- Engagement Letter Process: Have a process that ensures every engagement has an engagement letter capturing key elements of the work anticipated for the client
- Annual Review: Review them annually, for each and every client
- Document and Amend All Changes: Whenever the scope of the services change, document that change and then either issue a new engagement letter or amend the existing letter accordingly
Another takeaway I’ll add is there are new tools and resources available to guide you and your staff when drafting engagement letters including, for example, OnPoint PCR and its unique engagement letter drafting tool for preparation, compilation and review engagements.
Finally, as you and your clients find ways to stay connected in this new era of remote working, and while you’re evolving the pre-engagement meetings, the engagement wrap-up meeting, and everything in-between, consider evolving your approach to engagement letters too. They’re incredibly important.
Listen to the full podcast episode: Engagement Letters: Foundational Best Practices
About the Author:
Steven A. Menges, Assurance Team and Modernizing Your Practice Lead, CPA.com
A business-to-business (B2B) innovator and products executive with 20 years’ progressive experience, Steven Menges is a frequent industry author and speaker on enterprise computing, data analytics, managed service providers (MSPs), IT Security, regulatory compliance, EdTech, and buyer’s journey-based engagement.