Page 408 - JoFA_2022
P. 408
congenial working relationship can take an abrupt flags, such as key financial employees seeming
turn when fraud is discovered. When clients lose reluctant to take time off.
money, they often look for someone to blame. ■ Inform clients, in writing, of the risk of a lack
of segregation of duties. More often than not,
RISK MANAGEMENT TIPS embezzlements are perpetrated by someone with
CPAs can use several techniques to help protect unfettered or unmonitored access. Regardless of
themselves against risk exposures related to failure service and client size, consider a written com-
to detect theft and fraud. munication informing the client of the risk of
■ Regularly evaluate the risk of the client and a lack of segregation of duties. For small clients
the engagement. Regularly screen clients with limited personnel, suggested controls could
and consider the risks associated with both the include having the owner as well as the account
client and the services you are being engaged reconciler receive account statements directly
to perform. It should raise a red flag if a client from the financial institution and having the
dismisses internal control weaknesses brought to owner or another senior-level employee perform
their attention. Is this a situation where the cli- surprise reviews of account reconciliations and
ent has an unreasonable service expectation, or is account activity. If the control weakness persists,
it possibly one of questionable integrity? Either keep telling the client both orally and in writing
way, the CPA should take precautions. until the deficiency is addressed.
■ Use engagement letters on all engagements. ■ Apply professional skepticism to all en-
A well-crafted engagement letter can help gagements. This is particularly important on
reduce expectation gaps and can serve as key engagements with longtime clients, where a level
evidence in the defense of a professional liability of established comfort could threaten objectivity.
claim. The engagement letter should include Trust your instincts and inform the client, in
a clear and specific description of the scope writing, of matters that don’t seem quite right.
and limitation of services to be performed, ■ Document, document, document. Contem-
the responsibilities of both the client and the poraneous documentation represents critical
CPA, and, where applicable, a statement that evidence in the defense of professional liability
the engagement is not designed to detect theft claims. Strong documentation includes, at a
or fraud or deficiencies in the client’s internal minimum, a well-crafted and detailed engage-
controls. The engagement letter should also be ment letter, documentation regarding client
renewed and signed by the client annually. inquiries made and responses received, and
■ Stay within the scope of the engagement. communication of internal control matters or
An engagement letter is useful only if the CPA suspicious activities noted.
adheres to the defined scope in rendering the
professional services. Additional services, or Sarah Beckett Ference, CPA, is a risk control director at
modifications to agreed-upon services, should be CNA. For more information about this article, contact
memorialized in writing with the client, whether specialtyriskcontrol@cna.com. ■
it’s through email, a new engagement letter, or
an amendment to the existing engagement letter. Continental Casualty Company, one of the CNA insurance companies, is
the underwriter of the AICPA Professional Liability Insurance Program.
■ Be fraud aware. Train all firm personnel, not
Aon Insurance Services, the National Program Administrator for the
only auditors, about potential fraud risk factors AICPA Professional Liability Program, is available at 800-221-3023 or
and the “fraud risk triangle” (opportunity, visit cpai.com.
This article provides information, rather than advice or opinion. It
rationalization, and incentive/pressure). Learn
is accurate to the best of the author’s knowledge as of the article date. This ar-
about the risk factors associated with common ticle should not be viewed as a substitute for recommendations of a retained
frauds, such as embezzlement or asset misappro- professional. Such consultation is recommended in applying this material in
priation by an unmonitored bookkeeper, or use any particular factual situations.
Examples are for illustrative purposes only and not intended to
of business credit cards for personal expenses.
establish any standards of care, serve as legal advice, intended to constitute
Educate firm personnel about common internal a contract, or acknowledge any given factual situation is covered under any
control weaknesses that create an opportunity CNA insurance policy. The relevant insurance policy provides actual terms,
coverages, amounts, conditions, and exclusions for an insured. All products
for fraud to occur, such as a lack of segregation
and services may not be available in all states and may be subject to change
of duties or poor tone at the top, or potential red without notice.
journalofaccountancy.com October 2022 | 5
