Page 99 - TaxAdviser_Jan_Apr23_Neat
P. 99
TAX PRACTICE RESPONSIBILITIES
foreign income is not reported. The IRS Keeping records secure c. Client-provided records are
can look back seven years relative to a Considering the increase in identity accounting or other records,
loss on worthless securities or a bad debt theft and ransomware cases, the data including hardcopy and electronic
deduction (Sec. 6511(d)(1)). While the a tax practitioner maintains can be an reproductions of such records,
length of the taxpayer’s statute of limita- enticing target. A tax practitioner has a belonging to the client that were
tion does not impose any requirement duty to maintain client confidentiality provided to the member by, or on
on the tax preparer to retain the records and the security of the client’s data. behalf of, the client.
for a similar period, it may be helpful Moreover, under the safeguards rule d. Member-prepared records are
to retain them longer than three years of the Gramm-Leach-Bliley Act, P.L. accounting or other records that
to assist clients should the need arise. 106-102, tax preparers must implement the member was not specifically
Additionally, states may have a different written security plans to protect client engaged to prepare and that are not
and possibly longer statute of limitation data. The AICPA provides a Security in the client’s books and records or
that should be taken into consideration Plan template to assist in document- are otherwise not available to the
when determining the appropriate re- ing a plan. It’s important to note that a client, thus rendering the client’s
tention period. security plan should apply not only to financial information incomplete.
A commonly mentioned retention the information being used to provide Examples include adjusting,
period for tax practitioners is seven years services currently but also to all the closing, combining, or consolidat-
and is suggested as a general guideline records the tax practitioner retains ing journal entries (including
in the AICPA resource Document from prior services performed with computations supporting such
Retention FAQs for Tax Practitioners. confidential client data. Therefore, the entries) and supporting schedules
Whatever period the tax practitioner ulti- tax practitioner needs to include in an and documents that the member
mately decides upon, it should be applied overall security plan how to keep the proposed or prepared as part of an
consistently to both paper-based and retained records secure so that only engagement (for example, an audit).
electronic records. people who have a “need to know” can e. Member’s work products are the
As a best practice, it is recommended access the data. If tax practitioners do deliverables set forth in the terms
that tax practitioners create and maintain not have an overall security plan, con- of the engagement, such as tax
a written document-retention policy. sider consulting the Best Practices for returns.
Each year, records should be reviewed Keeping Client Data Secure resource in f. Working papers are all other items
pursuant to the document-retention the AICPA resource section for some prepared solely for purposes of the
policy and appropriate records securely starting points. engagement and include items
destroyed if the retention period has It is important to also consider secu- prepared by the
expired. Tax practitioners may refer to the rity when disposing of the records once i. member, such as audit
AICPA Tax Section’s Document Reten- the retention period has lapsed. programs, analytical review
tion Policy Template for Tax Practitioners schedules, and statistical
for additional guidance. Client requests for records sampling results and
Tax practitioners should also consider Even though a practitioner has pro- analyses.
consulting with their liability insurance vided the deliverables to the client and ii. client at the request of the
provider and/or legal counsel about the returned the original client records, member and reflecting
retention period as well as the practitio- clients will often request records from testing or other work done
ner’s written document-retention policy. the tax practitioner. When responding by the member.
Additionally, if the practitioner or to a request for records from a client,
their firm also provides attest services, practitioners should consult the AICPA Upon receiving a client request for
consideration needs to be provided as to Code of Professional Conduct’s Revised records, a member is generally required to
whether hosting services are being pro- “Records Requests” interpretation (ET provide the client with client-provided re-
vided to the client. For instance, provid- §1.400.200) under the “Acts Discredit- cords, member-prepared records, and the
ing a client access to the tax practitioner’s able Rule” (ET §1.400.001), effective member’s work product (the first three
retained records via a client portal may July 31, 2021. definitions above). Member-prepared
be interpreted as hosting. A discussion of Four key definitions from paragraph records and the member’s work product
hosting services is beyond the scope of .01 of the “Records Requests” interpre- may be withheld in certain circumstances,
this column, but many resources are avail- tation are important to understand and such as if fees are due, as detailed further
able on the topic via the AICPA website. apply to the situation: on in the section. Client-provided records
44 February 2023 The Tax Adviser
