McGowanPRO Professional Liability Blog / Resources / Articles

Many accounting firms have been receiving emails that reference their possible involvement in unlawful income tax activity and include the AICPA logo.  The AICPA has confirmed these emails are not from their office.  They further confirmed that after an extensive check, they are confident their systems have not been compromised.

These emails may be received by CPA’s, non-CPA’s, and members of the general public.

If you receive one of these emails do not open the attachments as they may contain viruses.  For more information, visit the AICPA website

It can be confusing to a client when they are informed that their insurance coverage is offered on a non-admitted (aka Excess & Surplus) basis.  The initial reaction may be that a policy that is non-admitted is inferior to an admitted policy.  This is not true, and as with all insurance, the policy should be judged on the actual policy wording, as well as, the financial strength of the insurance carrier. 

In addition, most states require insured’s who are placed with a non-admitted carrier to sign a form acknowledging that they are purchasing coverage on a non-admitted basis.  These forms can be intimidating and add to the concern and confusion.

Read our Frequently Asked Questions (FAQ's) to help clarify the difference between admitted and non-admitted insurance.

Concern about how long engagement files should be retained is a common issue among Accounting firms.  There is frequently a conflict between the desire to discard older files to free up storage space, and the inherent reluctance to discard documents which contain a detailed record of the work which you have performed. 

There are very few rules established in law for file retention by accountants.  However, this information is intended to help provide some guidance in developing internal record retention standards for your firm.

Read More - Including Sample File Retention Policy and Receipt for Client Records

File Retention - FAQ's

If you act as, or provide services as, a trustee it is important to understand your potential liability and relevant insurance coverage available to you.  Some Professional Liability policies include coverage for services as a trustee.  However, how these services are provided may influence such coverage.  Some questions you should consider?

1. How are your trustee services invoiced?  By your firm? or, by you individually?  If the latter, you should discuss with your agent.
2. Are there exclusions in your policy that may impact coverage for your trustee services?  Are you a beneficiary of the trust?

The IRS has introduced new rules for taxation of business and personal use of employer-provided cell phones.  Under the new rules, effective retroactive to January 1, 2010, the cell phone must be provided for non-compensatory business reasons.  The personal use of the cell phone is then nontaxable as a working-condition fringe benefit.

In addition, if an employer requires employees to maintain and use personal cell phones for business purposes, reimbursement of their monthly charges is also tax free.

Example:  Employee pays $39.99/month for an unlimited usage cell phone plan.  Employer requires employees to use their cell phone to contact clients outside of normal office hours.  The employer can reimburse the full $39.99/month and not include this amount in the employee’s income because it is tax free.

The IRS defines non-compensatory business purposes as those that have a substantial business-related reason including, but not limited to:

• The need to contact the employee at all times for work-related emergencies;
• A requirement that an employee be available to speak with clients when the employee is away from the office; and
• The need to speak with clients located in other time zones at times outside of the employee’s normal work day.

Examples of usage that would not be tax free would include excessive charges for international calls when the company has only US based clients.

When evaluating the potential cost of a data breach we have previously referenced the direct first party costs incurred by a firm as $5 to $50 per client.

Further information provided by the Ponemon Institute estimate this cost to likely be closer to $214 per record.  The Ponemon Institute conducts independent research on privacy, data protection and information security policy. 

Their research estimates direct costs of $73 per record.  Direct costs may include forensic, notification, call center, credit monitoring, victim assistance, legal defense costs, and breach consulting.

However, they further consider the indirect costs of diminished customer trust as approximately $141 per record.  This creates a total potential cost for a data breach of approximately $214 per record, not factoring any potential Errors & Omissions claims related to to the breach. 

According to a recent report by the Georgia Tech Information Security Center, Emerging Cyber Threats Report 2012, Cyber threats against personal information [data] continues to evolve.  We will see advances in the sophistication and implementation of attacks in the near future.

As a professional who maintains personally identifiable information (PII) of your clients it is essential to be aware of these new and emerging threats, and take possible steps to safeguard your data.

Some of the areas cited in the report include:

• Mobile Phones / browsers. 

There are currently four billion mobile phones in use around the world and mobile Internet is expected to outpace desktop Internet usage by 2014 (http://www.digitalbuzzblog.com/2011-mobile-statistics-stats-facts-marketing-infographic/ ).  Characteristics of mobile browsers create a new platform to introduce threats to data, as well as, potentially bypass existing firewalls and other security measures.

•  Botnets

Botnets have been around for a long time but they continue to evolve.  PII is big business and this means increasingly sophisticated processes to access information.  Botnets have gone from targeting small pieces of data to creating complex demographic models that can potentially be sold into legitimate markets.

• Online Information

We live in the digital world and more business and personal interaction is transacted online than ever before.  Marketers continue to expand the way our personal information is utilized to “control” our online experiences.  In addition, attackers are now capitalizing on search engine optimization (SEO) to increase rankings and, therefore, credibility.

• Technology Advances

Advances in technology that enhance the way we conduct business also increase our potential exposure.  Cloud computing creates new exposures that were previously addressed through physical servers.  However, human error, education, and weak passwords continue to create the most vulnerability.

You can read the whole report here.  It is not necessarily possible to understand all of the exposures created through enhancements in technology.  However, broader education creates awareness to avoid potential disasters.

If you have not already, download NAPLIA’s recent White Paper on Information Security: Essential Steps to Protecting your Practice.

The question is often raised, what constitutes a “reportable incident” to my insurance carrier?  To answer this one should review the specific language in your professional liability (aka. errors & omissions) policy. 

Each insurance policy is different.  Only your specific policy can provide you with the conditions, definitions, and provisions relevant to your scenario.  The policy wording used here is for illustrative purposes only.

Your professional liability policy is a legal contract between you and your insurance carrier.  As such, it is essential to pay close attention to your policy definitions and conditions, and follow them closely.  Failure to follow the conditions of your specific policy could result in a denial of a claim.

Most professional liability policies have wording relevant to the reporting of a potential claim.

If, during the policy period, you become aware of a wrongful act or any facts or other circumstance that occurred on or after the retroactive date but prior to the end of the policy period which may reasonably be expected to subsequently give rise to a claim or regulatory proceeding against you, you must give  us written notice as soon as practicable of the  potential claim or  regulatory proceeding, but in any event not later than the end of the policy period or any extended reporting period, if applicable.

The wording here that is open to interpretation is “reasonably be expected”.  In general, courts will go by the “reasonable professional” rule to determine if other professionals in your situation would have acted similarly. 

When in question, contact your agent and/or carrier hotline to discuss the scenario for a second opinion.  The concern is, if a claim arises out of a situation that you were previously aware of and did not report, the carrier can potentially deny the claim for “prior knowledge”. 

The key date for determination is the expiration of your policy.  If you are aware of a potential claim, you want to make sure to report that incident prior to the expiration and renewal of your policy. 

How you report a potential incident is also very important.  Providing a vague statement to the carrier or your agent is typically not sufficient to be considered adequate reporting .  Again, read your policy on the specifics for reporting a potential incident.

Such written notice to us shall include:

1      Reasons for your decision to report this as a potential Claim; and

2      Details with dates of the alleged Covered Act; and

3      Potential amount of injuries or Damages arising from the Covered Act; and

4      The names of potential claimants; and

5      The manner in which you first became aware of the specific Covered Act.

When reporting a potential incident you should follow the specific conditions of your policy and provide all requested information, in the requested format, and reported to the appropriate contact.

This does not imply that every potential issue you face needs to be reported to your insurance carrier.  However, should a scenario arise you should discuss with your agent and ask yourself:

-          Is this directly related to the professional services covered under my policy?

-          Do I reasonably expect this to arise into a claim?

-          When does our professional liability policy come up for renewal?

And, then if reporting the incident:

-          Have I provided all of the details requested in my policy and reported in the appropriate manner?

You may also consider that some professional liability policies contain incentives in the form of deductible reduction for the early reporting and settlement of claims.  Review your policy to understand these features.

Your professional liability policy is intended to protect your practice from errors and omissions in the delivery of your professional services.  Do not miss out on the protection you purchased for failure to understand and follow the conditions of your policy.

If you receive a subpoena or summons related to a potential incident, read our White Paper on: Responding to Subpoenas & Summonses: An Accountants Guide to Understanding & Response.

NAPLIA is pleased to introduce our newest White Paper:

Responding to Subpoenas and Summonses: An Accountants Guide for Understanding & Response

A claim of malpractice is not the only exposure faced by accounting firms.  The nature of accounting services creates several scenarios where accounting firms are consistently engaged with the judicial system because of the lawsuits and investigations that confront their clients.

The intent of this White Paper is to:

• Distinguish between "simple" and "complex" subpoenas.
• Provide a framework to understand the subpoena process and create an appropriate internal process for response.
• Identify "Complicating Factors" that may impact the response process.
• Understand when to retain counsel, and when a subpoena is likely to evolve into a claim.

Download NAPLIA's White Paper on Responding to Subpoenas and Summonses Now.