naplia risk management presentation 2014

www.naplia.comCopyright 2012

Risk ManagementRisk Management

John Raspante, CPA

NAPLIA

www.naplia.comCopyright 2012 Copyright 2012

Important Disclaimers• The content of this presentation and these slides is intended solely for

general educational purposes, to give accounting/tax professionals a broad outline of the laws, legal concepts, and professional standards discussed herein.

• It is not intended for the purpose of providing specific legal, accounting, or other professional advice to any particular recipient for use in the recipient’s practice or in advising the recipient’s clients, or with respect to any particular jurisdiction.

• The author /presenter of said content (1) makes no representations, warranties, or guarantees as to its technical accuracy or compliance with any law (federal, state, or local) or professional standard; and, (2) assumes no responsibility to any recipient of the content to correct or update it for any reason, including changes in any law or professional standard.

• Recipients should not rely on the content of this presentation and these slides. Rather, before taking any action in connection with the laws, legal concepts, and professional standards discussed herein, recipients should consult the actual text of those provisions, and obtain specific legal and/or accounting advice.

• No warranties as to merchantability or fitness for a particular purpose are expressed or implied. Application and use of the laws, legal concepts, and professional standards discussed herein, and these slides, is solely the responsibility of the reader.


Objectives of Risk Management

• Gain Control:– Over risks in practice environment– Not to eliminate those risks

• Claims:– Prevent them– Make them more defensible


The Risk EnvironmentThe Risk Environment


Percentage of Total Claims(By Service)


Percentage of Total Dollar Losses(By Service)


Percentage of Tax Claims(By Type of Client)


Percentage of Audit Claims(By Source of Claim)


Fraud detectionDetection of Occupational Fraud

0% 5% 10% 15% 20% 25% 30% 35%

Police

External Audit

Internal Controls

Internal Audit

Accident

TipD

etec

tion

Met

hod

Percent of cases

34.2%

25.4%

20.2%

19.2%

12.0%

3.8%

*The sum of percentages in this chart exceeds 100% because in some casesrespondents identified more than one detection method.


Defending Claims:Defending Claims:The BasicsThe Basics


Statutes of Limitation( Varies By State )

• Malpractice limitation period

• Discovery rule

• Action

• Reliance

• Injury


Principal Exposures

• Exposure to clients:– Civil suits for damages– Complaints to State Board

• Exposure to third parties:– Civil suits for reliance damages– Government investigations


Exposure to ClientsExposure to Clients


Theories of Liability

• Negligence– Errors– Omissions

• Violation of professional ethics– Conflict of interest– Breach of confidentiality– Withholding client documents

• Breach of contract– Fee dispute– Failure to render agreed services

• Violation of consumer protection statute– Breach of fiduciary duty– Fraud– Other egregious behavior


Negligence(Elements of Claims)

• Client must prove:– Liability—Existence of negligence

• Duty—Standard of care• Breach of duty

– Damages• Actual harm suffered by client

– Causation• Sufficient connection between negligence and

harm • Failure to prove any one element will defeat claim


Standard of Care—Duty

• Reasonableness standard

• What would the reasonably prudent accountant have done under similar circumstances?

• Objective standard—Expert testimony needed

• Compliance with professional standards does not insulate the firm from liability


A&A Services—Negligence(Most Common Complaint)

• Failure to detect:– Actual embezzlement– Risk of embezzlement:

• Control environment:– Significant deficiencies– Material weaknesses

• Range of engagements:– From audit to write-up services– Management advisory services

• Resulting in loss to client


Who Commits Fraud

0

10

20

30

40

50

60Percent

Employees Management Owners

Position in the Organization


Who Commits Fraud

0

100

200

300

400

500

600

700

800

900


Median Loss by Position


Types of Occupational Fraud

Category Description Examples % of cases

Median Loss

Asset Misappropriation

Theft or misuse of organizations assets

-Fraudulent invoicing-Payroll fraud-Skimming revenues

91.5% $150,000

Corruption Influence in business transaction or obtain unauthorized benefit

-Accepting or paying bribe

-Undisclosed conflict of interest

30.8% $538,000

Fraudulent Statements

Falsification of financial statements

-fictitious sales

-recording expenses in wrong period

10.6% $2,000,000

*The sum of percentages in this chart exceeds 100% because several cases involved schemes that fell into more than one category.

ACFE 2006 Report to the Nation on Occupational Fraud & Abuse www.acfe.org


Employee Fraud(Motive)

• High personal debts• Unusual financial losses• Inadequate income• Lives beyond means• Extensive investment speculation• Excessive gambling• Substance abuse• Extra-marital involvement• Job frustration/resentment of superiors


Employee Fraud(Opportunity)

• Experienced employee– Knowledge of business/systems– Trusted by management

• Lack of segregation of duties– Multiple inconsistent tasks– Broad computer system access

• Uninterrupted service– Annual vacations not required

• Weak management oversight– Understaffed at management level– Lack of management continuity/Excessive turnover– Overburdened/Crisis-mode environment


Managing Risk—During Engagement(“Failure-to-Detect” Claims)

• At the client-selection stage– Clients with healthy organizations– Document—Engagement letter

• At the planning stage– Be observant, inquisitive– Focus on internal controls– Document—Forms, checklists, memos

• During performance stage– Be thorough, objective, skeptical– Confront clients when needed– Document—Work papers, correspondence

• At conclusion– Document—Management letters


Defending the Claim(Failure-to-Detect Embezzlement)

• Limited scope of engagement

• Reasonableness:– Compliance with professional standards


Case Study--Embezzlement

ABCMoving

ABCMoving

ABCMoving

ABCMoving

ABCMoving

Bookkeeper

Opportunity $3 Million


Exposure to Third Exposure to Third PartiesParties


Theories of Liability

• Negligent misrepresentation– Errors– Omissions

• Violation of professional ethics– Conflict of interest

• Violation of statutes/regulations– Fraud


Negligent Misrepresentation (Elements of Claims)

• Third party must prove that you:– Made false statement of fact– Had no reasonable basis to believe it to be true– Intended to induce third party to rely on it

• Third party must prove that it:– Believed statement and reasonable relied on it– Suffered harm flowing from that reliance

• Failure to prove any one element will defeat the claim• Third party must also have standing to bring claim


Standard of Care

• Reasonableness:– After exercising reasonable prudence– Would another accountant– Under similar circumstances– Believe statement to be true?

• Objective standard– Expert testimony usually required


Negligent Misrepresentation(Most Common Complaint)

• Failure to detect:– Errors– Fraud– Illegal acts– Internal control issues:

• Significant deficiencies• Material weaknesses

• Resulting in material misstatements


Managing Risk—During Engagement(Failure-to-Detect Claims)

• At the client-selection stage– Clients with integrity– Firm has sufficient expertise– Document—Engagement letter

• At the planning stage– Be thorough, objective, skeptical– Document—Forms, checklists, memos

• During performance stage– Be thorough, objective, skeptical– Confront clients when needed– Document—Work papers, correspondence

• At conclusion– Additional layer of review– Document—Management letters


Case Study(Confrontation and Communication)

Accountant

Partner #1 was taking money out of the partnership without the knowledge of the other partners.

Partnership Tax Return

3 Partners


Who Commits Fraud?

0

10

20

30

40

50

60Percent


Position in the Organization


Who Commits Fraud?

0

100

200

300

400

500

600

700

800

900


Median Loss by Position


Management Fraud(Motives)

• Unfavorable economic conditions• Heavy investments or losses• Insufficient working capital• High debt/credit problems• Unusually heavy competition• Profit “squeeze”• Need to cover up a bad situation


Management Fraud(Opportunity)

• Related party transactions• Ineffective or no internal audit staff• Frequent changes in auditors• Use of several auditors simultaneously• Reluctance to provide requested data• Last minute provision of data• Numerous adjusting entries


Defending the Claim(Negligent Misrepresentation)

• Limited scope of engagement• Compliance with professional standards• Proportionate responsibility

– Demonstrating plaintiff’s fault• Unreasonable reliance• Lack of due diligence

• No causation– Plaintiff’s harm caused by other factors

• Plaintiff’s lack of standing


Standing to Bring Claim(Three Doctrines)

• Privity– Most restrictive to third parties– Need agreement/close contact with accountant– Old majority—No longer

• Restatement– Middle ground– Plaintiff—member of class expected to rely– Majority rule—Trend is in this direction

• Foreseeability– Least restrictive to third parties– Plaintiff must only be foreseeable user of work product– Minority rule—Once very popular – Only MS and WI appear to still follow this doctrine


Lenders’ Requests for Assurance (Example Response—Part One)

• Firm has client’s consent • Firm prepared client’s returns for specified tax years• Returns included ___________ • Firm’s services based on documents and information

provided by client• Firm did not audit, review, or otherwise verify

documents or information• Firm expresses no opinion and gives no form of

assurance


Lenders’ Requests for Assurance(Example Response—Part Two)

• Response doesn’t establish relationship with lender • Lender should not rely on response• Lender should perform due diligence• Lender solely responsible for use of response• Firm has no continuing obligation to

correct/supplement response• Lender acknowledges terms


Client Risk Client Risk AssessmentAssessment


Client-Risk Assessment• First Line of defense

– Whether to accept prospect or continue with client

• New-client acceptance forms– Prepare for all prospective clients– Prepare before decision is made

• Predecessor accountants– Contact before decision is made

• Background checks– Outside investigator– On-line investigation


Client-Risk Assessment(Continued)

• Risk assessment committee– Centralized approval

• New prospects• Further services for existing clients

– Monitoring of high-risk engagements– Disengagement:

• Decisions• Letters

• Must be willing to reject prospects and terminate existing clients


Engagement LettersEngagement Letters


Engagement Letters

• Second line of defense

• Comprehensive contract– Not just a fee agreement

• Purposes:– Define scope of engagement– Mutual responsibilities– Provide for contingencies– Prevent differing expectations


Case Study(Dangers of Differing Expectations)

Accountant Operating Account Escrow Account

Busy Lawyer Real Estate Clients Office Manager


Engagement Letter Policies

• Develop standardized templates for firm-wide use• Obtain for all services• Don’t commence services without signature

– Negative assurance OK for 1040s• Be willing to negotiate with client over provisions

– Will make letter more enforceable• Carefully identify client

– Consider need for multiple letters– Multiple entities– Entities and individuals

• When performing multiple services for client:– Include comprehensive language for each service– Consider using multiple letters


Engagement Letter Contingencies• Suspension/disengagement

– As consequences– Scope limitation, non-cooperation, non-payment, etc.

• Claims– Mediation– Venue/choice of law– Statute of limitations– Liquidated damages

• Document issues– Ownership of files– Firm’s procedure for granting access to its files– Retention policy

• Subpoenas– Compensation for time/out-of-pocket expenses

• Communications– Contact person for business client– Communicating with joint clients


Engagement Letters(Provisions Bearing on Independence)

• Indemnity

• Mediation

• Liquidated damages

• Statute of limitations


Disengagement Letters• Send immediately

• Keep it brief and unambiguous

• Address it carefully– Who is the client?– Need for multiple letters?

• Components:– When is disengagement effective?– What services are involved?– Why is disengagement necessary?– Caution client of impending deadlines– Documents to be returned to client– Cooperation with successor– Fees outstanding must still be paid


Files & ConfidentialityFiles & Confidentiality


File Retention—Content of Files• Client records

– Originals– Copies

• Work papers• Work product

– Attest reports– Tax returns– Consulting reports– Research materials

• Other– Correspondence– Email– Review notes


File Retention—Ownership

• File contents are firm’s property

• Except:– Original client records– Work product that client has paid for

• Must honor reasonable client request for:– Original client records– Work product– Work papers that are deemed client records

• May make/retain copies of client records


File Retention—Outline of Policy• Scan original client records—return to client• Purge review notes when cleared• Set policy for emails with clients/third parties• Save important emails when sent/received• Purge general emails after 90 or 120 days• Scan/retain originals of key signed documents

– Engagement letters– Management representation letters– Lawyers’ letters

• Destroy/purge files after 7 years• Exceptions:

– Permanent files– Files governed by special provision – Files related to:

• Claims/potential claims against firm• Board action against firm• Client involved in litigation/investigation


AICPA Rule of Confidentiality

• No disclosure without client consent

• Four exceptions:– Professional reporting requirements– Subpoena, summons, statute, regulation– Peer review– AICPA or state investigation or proceeding

(AICPA Code of Professional Conduct Rule 301)


Government Government InvestigationsInvestigations


IRC §7216(And Revised Regulations)

• Applies to tax return information• Disclosure and use• Prior written consent of taxpayer required• Unless expressly excepted• Form of consent:

– Very strict for 1040-series returns– More flexibility for other returns

• Criminal and civil consequences for violation


No Consent Needed(Select categories of disclosure/use)

• To make disclosure to:– IRS– Others within preparer’s firm – Other preparers, auxiliary service providers, contractors– Related taxpayers—absent conflict or objection– Comply with court order or certain subpoenas– Preparer’s lawyer– Treasury Department—in investigation of preparer– Officer of court– Taxpayer’s fiduciary– Peer reviewer

• To use for purposes of:– Assisting taxpayer with other tax/accounting needs– Offering tax information to taxpayer– Offering additional tax return preparation services– Reporting commission of crime

(See 26 CFR 301.7216-2)


Requirements for All Consents

• Names of preparer and taxpayer• Intended purpose of disclosure• Specific recipient (s) of tax return information• Particular use authorized• Soliciting client (other products/services)

– Identify each specific type of product/service• Specific information to be disclosed/used• Signed and dated by taxpayer

(See 26 CFR 301.7216-3)


1040-Series Returns(Rev. Proc 2008-35)

• Separate written document • Paper consent• Electronic consent• Mandatory statements in the consent• Affirmative consent• Signature• Incomplete consents• Multiple disclosures/uses within single consent • Disclosure of entire return • Adequate data protection safeguard


Consequences(Violation of IRC §7216/Regulations)

• Criminal:– Fine—Not more than $1,000– Imprisonment—Not more than 1 year– Or both

• Civil:– Separate statute—IRC §6713(a)– $250 per disclosure and/or use– Not to exceed $10,000 in any calendar year


Security of Data

• Reasonableness standard• Safeguards:

– Servers/desktops– Laptops– Web-based storage/transmissions

• Response to breach– Reporting to police– Reporting to professional liability insurer– Notifying client(s)– Notifying state?

• Red flag rules– Do they apply to accounting professionals?


Claims & IncidentsClaims & Incidents


Claim/Incident Reporting

• Reportable Claim—two components:– Allegation of error/omission– Demand for compensation/indemnity

• Reportable Incident:– No claim yet asserted– You are aware of either:

• Error and likely harm to client/third party• Client/third party’s belief that you made harmful error


Thank youThank youJohn F. Raspante,CPA732-216-7552 [email protected]

Stephen Vono508-656-1330; [email protected]

naplia risk management presentation 2014

Business