Claims Archives - CAMICO

Claim Chronicles 127-B

Amber — Tue, 18 Nov 2025 16:24:49 +0000

Topic: Employee Discrimination / Termination

In September 2021, Lindsay Johnson began working as an accountant for Brown Jones & Williams CPA firm. A year later, when her mom was diagnosed with cancer, she informed the company’s Human Resources (HR) director of the diagnosis and said that she would need to take a leave of absence to care for her mom while she underwent treatment. HR approved her request; however, Johnson alleged that managing partner at the firm, Matt Williams, retaliated against her by giving her a heavier workload and refusing to communicate with her. Johnson said she was a high performer at the company and received a pay increase in October 2022 because of her work performance (the firm claimed that all employees received a raise at that time and that it wasn’t related to her performance). Two weeks later, when Johnson informed Williams that she needed time off on October 22 to attend her mother’s treatment session, Johnson claimed that Williams scheduled a meeting with her that day and made a sarcastic comment about her not being in the office when she joined the meeting remotely. A few days later, the firm involuntarily terminated Johnson’s employment, citing poor work performance that culminated in an act of dishonesty as the basis for her dismissal. Williams stated that after he discovered multiple errors in a tax return that Johnson was responsible for reviewing and submitting, she admitted that she had not reviewed it. Following her termination, Johnson filed a claim against the company with a pre-litigation demand of $980,000 for reasons that included: associational discrimination in violation of the Fair Employment and Housing Act (FEHA), FEHA retaliation, intentional infliction of emotional distress, wrongful termination of employment in violation of public policy, and failure to provide reasonable accommodation. Instead of proceeding to trial, the case was settled during mediation for $150,000.

Select the answer that is the correct response:

1. What is the biggest factor regarding the claim above?
a. The amount of time off that Johnson (the employee) requested to care for her mother during treatment.
b. Substantial documentation the CPA firm had regarding issues related to Johnson’s work performance before and after she disclosed her mother’s cancer diagnosis to the company.
c. What Williams (partner at the CPA firm) specifically said to Johnson when he made a sarcastic comment during their meeting.

2. What would have been the primary challenge for the CPA firm if the case had proceeded to trial?
a. The number of claims that Johnson was making against the company.
b. The firm’s ability to disprove Johnson’s allegations in court.
c. The amount of money Johnson was demanding along with defense costs that the firm would be required to cover.

Correct Answers:
1. b. The firm had documentation showing its frustration with Johnson’s work performance; however, the documentation came after she disclosed her mother’s cancer diagnosis. And even if the firm had earlier documentation, Johnson wasn’t terminated for poor work performance, she was primarily terminated for dishonesty, which came after she made the firm aware of the diagnosis. Given the lack of documentation of work performance issues before the cancer disclosure (Johnson also received a pay raise right before her termination), the firm would have had a hard time disposing the claim of associational discrimination under FEHA on summary judgment. This case illustrates how proper documentation and timing can significantly impact employee termination and potential litigation.

2. c. Johnson was demanding $980,000 and the CPA firm only had a $250,000 burning limits policy. If the firm chose to fight the case in litigation, most likely the company would have burned through the policy in defense costs and possibly left exposed to an adverse verdict award that the firm would not have been able to cover. Also, it was unlikely that the case would have been disposed before trial due to factual disputes about requests for leave and the proximity of termination in relation to the cancer diagnosis.

The “Claim Chronicles” are drawn from CAMICO claims files and illustrate some of the risks and pitfalls in the accounting profession. All names were changed.

The post Claim Chronicles 127-B appeared first on CAMICO.

How Your Story Will Be Told to a Jury

ssAdmin — Wed, 05 Nov 2025 20:16:18 +0000

By Ron Klein, J.D.

Among its many roles, CAMICO acts as a gathering and disseminating agent for CPA liability experiences across the nation. For nearly 40 years, we have gathered hundreds of thousands of CPA experiences and distilled the learnings those experiences provided so that we could tell CPAs about the real-world risk implications to their firms.

A perspective that is important for CPAs to reflect on is how their actions – for which they are getting sued – will be portrayed to the jury. The gap between the experienced reality and the story told at trial can be significant and is illustrative of what CPAs need to do today to minimize risk tomorrow.

When looking at a situation in hindsight, it is important to note that history can sometimes be “rewritten” to benefit the client: “Why didn’t my CPA warn me about what was going to happen? I was relying on my CPA’s expertise for financial help.” The good news, however, is that CAMICO’s vast experience and research help to inform us as to what factors and preconceived notions sway jurors. As such, the advice and guidance you will find in this article are designed to raise your awareness and help you to recognize (before the “milk is spilled” and a claim occurs) what the triggers are that may sway jurors, as well as proactive risk management steps you can take to improve your chances of having history favorably rewritten with a jury to your benefit.

For example, let’s take a “garden variety” embezzlement claim. As the CPA experiences it, it goes something like this:

For the past six years, the CPA has been providing tax preparation services as well as occasional assistance to the sole accounting employee, including closing the books at the end of the year. During this period, the CPA meets face-to-face with the client/owner less than a dozen times, visits the client’s office another dozen times, and communicates by email and phone several times a month, usually with accounting. While helping to close the books at the end of year six, the CPA finds a number of vendor payments in a suspense account. When the CPA asks the owner about the payments, the owner does not recognize any of the vendors. And the embezzlement quickly unravels. It turns out that the accounting employee had embezzled over $275,000 over the past ten years, having begun four years before the CPA even obtained the client.

After a few years of litigation, including over 700 written interrogatories, 80 hours of depositions and 90,000 documents, the attorneys on both sides now have a better understanding of what occurred than any of the participants, including the CPA. What does the jury hear? Given the necessary compaction of time, each attorney, for the plaintiff and the defendant, will focus their cases. Each of them will select four or five key documents and some testimony each feel is particularly impactful (usually from an expert and one or two eyewitnesses). The jury will have no sense of the actual expectations of the client/plaintiff before the discovery of the embezzlement. Juries most often place little weight on the professional standards that guided the CPA.

From the testimony, evidence and argument, each juror will decide. From jury research and many previous embezzlement claims, CAMICO knows that juries will likely decide based upon:

Whether the jury believes the CPA “warned the client of risk and advised the client of opportunity” in financial and tax matters. In embezzlement cases, this burden is increased because juries believe CPAs are the fraud police and embezzlements are common. Most juries believe that the CPA’s “advising and warning” antennae should be hyper-sensitive during difficult economic periods. Some even believe “anyone can do a CPA’s job when times are good, but when we really need the CPA — that’s when the CPA should really be tuned in.” In other words, expectations are elevated when economic times are challenging.
Written documentation (“in plain English and not legalese-speak”) to support the scope and limits of the services the client engaged the CPA to render. It is ideal to have a signed engagement letter that is current and specifically mentions that the services contracted for are not designed to detect fraud. Second, a written communication informing the small business client of embezzlement risk, which needs to include ways the client can manage embezzlement risk, including the importance of timely bank reconciliations, requiring substantiation for each check, and monthly review of the bank statement by the owner. This written communication allows the CPA’s attorney to make the argument that the CPA warned the client of the risk of embezzlement and advised the client of actions to take that will reduce the risk to client. With the good evidence described above, the CPA attorney will be able to turn the tables on the client, forcing the jury to consider whether the client met his obligations to protect himself. The best offense is a good defense.

Is it necessary to have the engagement letter signed and current, and the communications in writing? Absolutely. Jurors do not like to rely upon verbal communications. Verbal communications are always disputed. Further, the jury expects the party with the power and knowledge (CPA) to have the burden of documentation. This is especially true of CPAs because juries view CPAs’ job as documenting everything significant.

What happens at trial if the CPA did not fully meet the expectations of the jury to warn and advise? Without a good written warning communication about small business risks of embezzlement, instead of the CPA’s attorney arguing that the CPA warned about embezzlement risk and that the client failed to do what was necessary, the client’s attorney will argue that the CPA left the financially unsophisticated client unaware of the risk and unprepared to deal with it. It is not unusual for clients who signed blank checks (for convenience) to argue that their CPA never advised them not to sign blank checks. Thus, rather than the jury’s focus being on how well the CPA warned the client and whether the client took appropriate defensive action, their attention is turned to how and how often the CPA had a chance to catch the embezzlement but failed.

Did the CPA know that bank reconciliations were months behind, or how vendor payments were processed at the client’s office? A jury’s expectations are that the CPA, after six years of service to the client, will have a profound knowledge of how the business works, even with limited services. The CPA’s duty expands with time, in the jury’s mind.

Just as it is the CPA’s job to inform the client of embezzlement risk, it is CAMICO’s job to inform the CPA of embezzlement risk as well. So, it is highly recommended that you consider our guidance, especially for small businesses:

Have a signed and current engagement letter that specifically addresses embezzlement and fraud, and warns that the services requested are not designed to detect them.
Send an initial written warning letter informing the client about embezzlement risk, the appropriate way to process payments, bank reconciliations, and monthly review of the bank statements and checks by the owner.
Be aware of the importance of timely bank reconciliations. If the client is more than two months behind with bank recs, that is an embezzlement alert, likely requiring at least a written communication with the client.

A struggling economy exacerbates the potential for embezzlement claims, as many businesses and individuals are under growing financial strain. Increased financial need will likely increase pressure and rationalization for fraudulent behavior (e.g., “My line of credit has been canceled.” “My retirement funds shrank.” “I need this money.”) Understanding the gravity of these pressures is crucial to effective fraud prevention and detection. Public perception is that CPAs are expected to have a “nose for fraud,” regardless of the limitations of the engagement. The expectation that CPAs will detect fraud is extremely difficult to meet, but the expectation to advise and warn is much less difficult. By advising and warning clients of their fraud/defalcation exposures and responsibilities, CPAs can minimize liability stemming from the expectation CPAs will detect fraud.

The best thing about our recommendations above is that, if followed, not only will they provide you with the best defense should you get sued, but there is also a very good chance that they will prevent or discover embezzlements. In which case, that will make the CPA a hero to the client rather than a target – the best win-win of all.

Ron Klein, J.D., is Risk Management Counsel with CAMICO. He has been with CAMICO since its inception in 1986 and managed the claims department for 25 years.

The post How Your Story Will Be Told to a Jury appeared first on CAMICO.

Claim Chronicles 126-A

Amber — Thu, 26 Jun 2025 21:01:17 +0000

First-party damages: refers to losses directly suffered by the policyholder (or insured) firm in response to a firm’s data breach or other covered cyber event.

Topic: First-Party Cyber Attack

CAMICO policyholder Mary Davis had just signed on to her computer one morning when she received an email from a “potential client” named “Tim,” who was requesting her services. In the email, “Tim” stated that he would pay Mary $7,500 upfront and an additional $300 for processing fees. “The client” asked Mary to invoice him via QuickBooks and so she did. QuickBooks fronted the $7,800 prior to any verification that there were funds in “Tim’s” account to cover the invoice. Four days later, “Tim” sent another email stating that he included an additional $11,000 because he wanted Mary to purchase computers for his daughters and ship them to him. The next day, Mary noticed a credit to her account for $20,000. Later that evening, she received another email from “Tim” saying that he had changed his mind about the computers and asked her to issue him a refund for $11,000 and so she did. “Tim,” (the fraudster) then cancelled the original transaction, causing Mary to lose $11,000 plus the $7,500 that QuickBooks fronted. This is because it turned out that there wasn’t any money in “Tim’s” account to cover the thousands of dollars. Mary contacted the police and her bank to notify them of the fraud and on the same day, she received a notification from Intuit (QuickBooks) that the initial transaction for $20,000 had been charged back. The police came to Mary’s residence and took a report but the damage was done. Mary was now a victim of fraud through her own business and the funds were not recovered.

Select the answer that is the correct response:

1. What kind of cyber attack occurred in this claim?
a. Ransomware
b. Phishing
c. Password attack

2. Was this first-party claim covered by the policyholder’s coverage with CAMICO?
a. Yes
b. No

3. Does CAMICO’s claims department see more first-party or third-party claims?
a. First-party claims
b. Third-party claims

Correct Answers:

1. b. Phishing is a variation of spoofing, which occurs when an attacker attempts to obtain personal or financial information from the victim using fraudulent means, most often by impersonating as another user or organization.

2. b. No. It was not covered because it was financial loss by the policyholder, which is not included in the CyberCPA endorsement, the Accountants Professional Liability policy, a Business Owner’s Policy (BOP) or theft policy. For a higher level of coverage, such as a stand-alone cyber policy, contact CAMICO for more information at 1.800.652.1772.

3. a and b. Both, and this is why: For every first-party claim that is reported, there is the risk of a third-party claim developing due to stolen information. CAMICO’s claims department investigates every claim with both first-party and third-party damages in mind. Third-party damages, if discovered, are handled under the Accountants Professional Liability (APL) policy. Therefore, if a first-party claim is reported, a third-party potential claim is also opened to lock in coverage should third-party damages occur. But in most cases, a third-party claim doesn’t arise because most policyholders become aware of their system being attacked prior to damages being able to occur. Many policyholders have their own IT team who can shut down the system and start a forensic investigation on what was taken and to notify people as soon as possible.

The “Claim Chronicles” are drawn from CAMICO claims files and illustrate some of the dangers and pitfalls in the accounting profession. All names were changed.

The post Claim Chronicles 126-A appeared first on CAMICO.

Claim Chronicles 126-B

Amber — Thu, 26 Jun 2025 20:53:03 +0000

Third-party damages: refers to damages alleged by clients or other third parties that the negligence of the CPA firm contributed in whole or in part to the third party’s cyber-related loss.

Topic: Third-Party Cyber Attack

CAMICO policyholders Michael Jones and Tom Smith of Jones & Smith Accounting Services were out of the office during the week of May 19-23. On May 20, their office received a call from a fraudster who claimed to work for Wells Fargo. Leslie Johnson, a current employee of the accounting firm, was the individual who answered the call and shared the requested information with the attacker. A day later, the scammer initiated multiple fraudulent transactions. While Jones was traveling back to the office on May 26, he received a call from Matthew Patterson, a client relationship manager with Wells Fargo. Patterson advised that a transaction for $224,528 was requested, along with a $175,000 ACH (Automated Clearing House) electronic payment. Jones explained that they were fraudulent transactions, and both were stopped and deleted. Alarmed by the fraud, Jones called the fraud department later that evening to discuss his concerns. He learned that three transactions for $153,000, $193,000, and $175,000 were moved into a fraudulent account and were deleted and reversed on May 23. Four days later, a lump sum for $525,000 was transferred out of the client’s account into a different fraudulent account, however, the funds were not reversed. Wells Fargo was able to stop three transactions, but not the largest one of $525,000. Fortunately for Jones, some of the money was recovered through Wells Fargo’s cyber carrier (after a forensic investigation was conducted).

Select the answer that is the correct response:

1. What was the accounting firm’s breach/ key mistake?
a. Not implementing multiple security tools to detect and block cyber threats
b. Not installing robust security software and maintaining it with the latest security updates
c. Human error; lack of proper training and strict adherence to firm-wide protocols

2. Was this third-party claim covered by the policyholder’s coverage with CAMICO?
a. Yes
b. No

3. Are most third-party claims covered under a policy with CAMICO?
a. Yes
b. No

Correct Answers:

1. c. Leslie Johnson, an employee at the accounting firm, gave the attacker sensitive information without proper verification and company protocol. Firms can and should consider their people as the first line of defense against cyber threats. Human error remains a significant threat to cybersecurity, with a wide range of activities such as weak password practices, falling for phishing attacks, and the mishandling of sensitive information contributing to security breaches. Refer to The Cyber Saga Continues… Protect Your Firm from First-Party and Third-Party Cyber Exposures article in this IMPACT for risk management tips on this topic.

2. a. Yes. It was fully covered under the policyholder’s Accountants Professional Liability (APL) policy because they engaged to do a professional service and their office gave the attacker information that resulted in the fraudulent transactions, so the insuring agreement was met. CAMICO’s APL insurance is designed to cover losses by third parties that CAMICO’s policyholder is responsible for due to negligence. This claim is an example of a vishing cyber attack, or voice phishing, where fraudulent phone calls are made to trick individuals into revealing personal information or money. These scams often involve attackers impersonating trusted entities like banks, government agencies, or tech support to gain the victim’s trust and exploit them.

3. a. Yes. As long as a claim fits the insuring agreement and no exclusions apply, most third-party cyber damages that are a result of the professional services that the policyholder engaged to do are covered. How liability is assessed: Was the policyholder liable for allowing the fraudulent activity to occur? What duties did the policyholder owe? What duties did the policyholder breach? What damages were sustained and are those damages a result of the breached duties?

The “Claim Chronicles” are drawn from CAMICO claims files and illustrate some of the dangers and pitfalls in the accounting profession. All names were changed.

The post Claim Chronicles 126-B appeared first on CAMICO.

Top 10 Loss Prevention and Claims Trends

Amber — Wed, 09 Oct 2024 19:59:50 +0000

CAMICO’s Loss Prevention and Claims departments work with CPA policyholder firms every day on difficult risk management issues. The following Q&A covers 10 questions and trends that our specialists hear about most frequently from our policyholders.

Top Loss Prevention Trends

Q: What are some of the risks and general guidelines for our firm if we choose to use generative artificial intelligence (“AI”)?

A: Let’s face it: Generative AI is no longer just a buzzword. Before ChatGPT, CAMICO didn’t receive many inquiries about AI. However, after the release of ChatGPT, inquiries have steadily increased, and with good reason. The technological advancement generative AI promises to provide in the near term is significant. It has the potential to reshape how you provide professional services, communicate with clients, and even how you manage your firm. Most of the changes should improve efficiency and other important metrics; however, AI adoption comes with significant risks. CAMICO recommends addressing the risks sooner rather than later with a clear and concise firm policy and communicating the policy to all your employees.

A crucial thing to know about generative AI is that it is not infallible. Whether you’re thinking about using it for automating calculations, crafting emails, or explaining the tax code, be on alert for its inaccuracies. Often, AI-generated information is outdated, misleading, or even fabricated (technically called “hallucinations” in AI-speak). Therefore, all AI-generated outputs must be reviewed to ensure accuracy and reliability. A proper review will also help mitigate the risk of inappropriate, discriminatory, or otherwise harmful content leaving your firm.

Another source of risk is inadvertently compromising the confidentiality of data. Before using a generative AI provider, we recommend performing due diligence on the AI provider to ensure their system complies with professional standards and regulations. When doing your due diligence, we also recommend researching the AI provider’s reputation to see if they have a history of inappropriately training their AI models on unauthorized data.

Along the lines of maintaining confidentiality is ensuring data privacy and mitigating security risks. Firms should prioritize data encryption, implement access controls, and adhere to data protection regulations. Please remember that it may be necessary to consult with qualified legal counsel and update, if needed, the firm’s Privacy Policy to ensure transparency about the categories of sensitive information collected, the sources of that information, the purposes for the collection, and how the firm stores and shares such information.

As you explore the opportunities afforded by generative AI, CAMICO recommends considering the risks and countervailing safeguards. Successful integration of generative AI requires a well-crafted implementation plan which should include, among other things, appropriate education and training to ensure responsible use. CAMICO believes a clear and concise generative AI policy to document your firm’s authorized usage is paramount in achieving your goals using AI. Please see CAMICO’s generative AI policy template available on CAMICO’s Members-Only Site, which you can modify to fit your firm’s requirements. As always, we recommend working with your firm’s legal counsel and IT specialists, as appropriate, as you develop and implement your generative AI strategy and related usage policy.

— Jason “Zev” Jankovic, Loss Prevention Specialist II

Q: My client has asked our firm to initiate wire transfers. What risks are associated with agreeing to initiate wire transfers and what protocols should our firm consider?

A: CPA firms continue to be at high risk of social engineering attempts due to the type of information firms gather and store. If the firm and/or a client’s email is hacked, a wire transfer request could come from a fraudster/hacker. As fraudulent wire transfers frequently cause large dollar losses, firms need to be hyper-vigilant in their efforts to protect the firm and clients against wire transfer fraud.

If the fraudster controls the client’s and the firm’s email, commonly referred to as a “man in the middle” attack, the fraudulent request may mimic previous legitimate requests, which can make it very difficult for a firm to identify the request as illegitimate. When the fraud is discovered after the transfer, the funds are usually not recoverable. Domestic banks are often not helpful in preventing fraudulent transfers, as laws tend to limit their risk exposure and enable them to deny responsibility.

Given the increasingly sophisticated phishing and spoofing scams, CAMICO strongly encourages firms to have written protocols in place with clients who need such services that outline the protocols to be followed when executing wire transfer requests. Certainly, best practice would be to verbally verify the authenticity of all wire transfer requests that are received by the firm via email correspondence, but for those clients who may wish to limit the requirement for your firm to verbally verify each wire transfer, the client should specify in writing those limits (e.g., by dollar threshold, business purpose, etc.) as well as acknowledge their responsibility for the added risks associated with this limited verbal verification process. We recommend including as part of the verification process specific questions to which only your client would know the answer.

CAMICO has developed an Addendum for illustrative purposes that can be used in conjunction with an engagement letter to highlight best practices for such a communication. You can access CAMICO’s “Addendum to Engagement Letter – Protocols for Executing Wire Transfers” on the CAMICO Members-Only Site under the Cyber/Data Security Resource Center.

– June Thornton, Senior Loss Prevention Specialist/Team Lead

Q: My firm has a Written Information Security Plan (“WISP”), but it hasn’t been updated since early 2023. How often should we be reviewing/updating our WISP? And have there been any significant changes to the regulatory guidance related to physical, technical, and/or administrative safeguards a CPA firm is required to have in place to protect its confidential client data from potential breaches and cyberattacks?

A: CAMICO strongly encourages firms to keep their Written Information Security Plan (“WISP”) relevant and updated to showcase the firm’s ongoing efforts to ensure compliance with the spirit and intent of Gramm-Leach-Bliley Act’s (“GLBA”) Safeguards Rule. To that end, CPA firms should periodically review the effectiveness of their security program as detailed in their WISP and reassess the risk factors as well as any material changes to the firm’s operations and make changes to the plan as necessary. Firms need to consider the appropriate frequency of this review based on the firm’s size, complexity, identified risk factors, and any updated guidance promulgated by the Internal Revenue Service (“IRS”) or other regulatory bodies. Refer to CAMICO’s article Compliance with the Federal Trade Commission “Safeguards Rule,” published in CAMICO’s July 2023 IMPACT 123 newsletter.

Now would be a good time to consider reviewing and updating the firm’s WISP given the IRS’s August 13, 2024 announcement regarding the availability of an updated WISP template to help tax professionals, especially smaller practices, protect against continuing threats from identity thieves and data risks. (IR-2024-208). The updated WISP, contained in IRS Publication 5708, Creating a Written Information Security Plan for Your Tax & Accounting Practice, is available at: www.irs.gov/pub/irs-pdf/p5708.pdf.

The IRS’s guidance includes best practices for implementing multi-factor authentication for any individual accessing any information system (refer to: Multi-factor authentication: Key protection to tax professionals’ security arsenal now required | Internal Revenue Service (irs.gov), as well as a new requirement to report a security event affecting 500 or more people to the Federal Trade Commission (FTC) as soon as possible, but no later than 30 days from the date of discovery.

Remember that maintaining an information security program is not a one-size-fits-all approach as every firm will need to ensure that they have the required safeguards in place for their size, complexity, and the nature and scope of the services they render. As such, a CPA firm’s efforts to comply with the Safeguards Rule is organization-specific and CAMICO recommends that each firm work with their IT/cyber specialists and legal counsel to modify and tailor their WISP to ensure the firm’s compliance with the GLBA’s Safeguards Rule and other applicable laws.

For more risk management guidance and information on cyber and data security issues, which includes CAMICO’s illustrative Written Information Security Plan template, access CAMICO’s Cyber/Data Security Resource Center on our Members-Only Site.

– Anthony Cooper, J.D., MBT, Tax Analyst, Loss Prevention

Q: We are having difficulty managing one of our top performers who is frequently short and rude to his coworkers to the point where now they no longer want to work with him. If he is not violating any firm policies such as Anti-Harassment or Anti-Bullying, do we have to counsel him? He is such an asset to the firm, and we are concerned about losing him.

A: Behavior does not have to rise to the level of violating firm policy to negatively impact the firm by creating a toxic work environment. An employee who is chronically rude, brash, and short can singlehandedly disrupt the work environment. Toxicity in the workplace will spread and lead to low morale, decreased productivity, increased disruption and employee stress.

Toxicity can flourish when those firm rainmakers with poor interpersonal skills demonstrate entitlement and belittle others without consequence; or when those in the office who demonstrate microaggression, or what we call death by a thousand small cuts, are ignored. There are also those employees who enjoy gossiping and spreading rumors which creates its own toxicity.

Oftentimes the firm will turn a blind eye to the behavior because it might not necessarily rise to the level of violating firm policy, but first and foremost, firms should follow their own policy language and ensure that the firm’s values and mission statement are also being reflected in the workplace. Core values should drive organizational behavior and when core values and organizational behavior are misaligned, employees lose their trust in management.

Firm management can support employees by responding timely to any display of toxic work behavior; broaden policy language to focus on the bigger picture, and not narrowly define harassment and bullying; and most importantly, walk the talk themselves. Studies have shown that employees who feel surrounded by psychological safety in the workplace will be more productive and engaged, and the firm will recognize a lower turnover rate due to a more positive work environment.

As it relates specifically to counseling an employee for unacceptable behaviors that are creating a toxic work environment for others, CAMICO recommends reaching out to your employment practices risk advisor and/or legal counsel to discuss appropriate steps to take to minimize the potential risks of a claim or lawsuit.

For additional information on how to create a more positive workplace, refer to CAMICO’s article Create a Workplace Where Your Employees Will Thrive, published in CAMICO’s IMPACT 124 newsletter issued in February 2024.

-Emily Franchi, Loss Prevention Supervisor, Employment Practices

Q: Our firm is starting to prepare for the new Quality Management Standards, which become effective December 15, 2025, and we were wondering if CAMICO has any risk management tips for us as we begin the process?

A: CAMICO encourages firms to not over-complicate the transition process or try to address every potential risk as they seek to adopt the new Statements on Quality Management Standards (“SQMS”). Instead, focus on the quality risks that are material, relevant, or of higher risk to your firm; the types of industries, businesses, and organizations you serve; and the services you offer. A system of quality management is an evolving, iterative, dynamic process. Don’t let “perfect be the enemy of good.” If unchecked, this aphorism can create crippling inertia in the development of your quality management process.

As the SQMS’s risk-based approach requires custom-fitting to your firm’s conditions and circumstances, you may wish to seek your peer reviewer’s guidance regarding the transition. Your peer reviewer’s familiarity with your quality control system and understanding of the new standards can be instrumental in assisting your firm with designing your system of quality management. Ideally, you can obtain your peer reviewer’s insight and tips specific to your unique needs. However, be cautious not to rely too heavily on your peer reviewer (unless willing to secure the services of another reviewer) as doing so could threaten your peer reviewer’s independence.

As the SQMS are risk-based, requiring firm leadership to proactively manage quality by designing, implementing, and operating a customized system of quality management scalable to fit your firm’s accounting and auditing practice, it is important to give the person(s) agreeing to assume the system of quality management leadership role(s) in your firm sufficient time and resources to implement the standard.

Consider adopting a two-phased approach to brainstorming sessions led by a senior member of your system of quality management development team. During the initial phase, the discussion leader should encourage and reinforce that this phase is exclusively for the generation of ideas, and should not include evaluation or criticism of ideas raised (to avoid squelching voices). Care should be taken to record every suggestion. Only during the second phase should the team evaluate or constructively critique aspects of the initial brainstorming phase. This two-phase approach will encourage team members to offer more and nuanced suggestions which might otherwise not be captured and considered in the development of your system of quality management. Each system of quality management must address the eight components and the SQMS prescribes specific quality objectives for each of the components. While your firm may establish additional quality objectives, be certain that each of the prescribed component-specific quality objectives are addressed.

As with the extant quality control standards, the SQMS requires you to document your system of quality management. As with its predecessor, this documentation may be used by your peer reviewer to assess whether your firm has complied with the standards. If documentation indicates your firm will perform procedures exceeding those required by professional standards, those elevated requirements will be the benchmark used to assess your compliance. Be diligent in documenting your firm’s quality objectives, quality risks, your responses to those risks, and ultimately your system of quality management to identify those responsible and accountable for your system.

And lastly, CAMICO strongly encourages firms to take advantage of resources developed and shared by the AICPA. Explore the following list and pay particular attention to the two practice aids and sample risk assessment Microsoft Excel template. Each is extremely helpful with focusing attention on the development and enhancement of your firm’s system of quality management.

AICPA Resources

Quality Management Resource Center
Quality Management Practice Aids [One for Sole Practitioners, another for Small and Medium-Sized Firms, and an illustrative risk assessment MS Excel Template]
Crosswalk from SQCS to SQMS
QM Standards Checklist
Journal of Accountancy Content
- Podcast: Tips for firms implementing quality management standards – June 7, 2022
- Quality management standards: How to perform a root cause analysis – August 31, 2023
- Quiz: Test your knowledge of the new quality management standards – September 22, 2022
- QM standards: Overview of the monitoring and remediation process – September 28, 2023
- How to implement the risk-based quality management standards – October 1, 2023
- QM is approaching faster than you think — get ready – November 1, 2023
- QM standards: How to perform a root cause analysis – December 1, 2023

– Duncan B. Will, CPA/ABV/CFF, CFE, Loss Prevention Director/ Accounting & Auditing Specialist

Top Claims Trends

Q: With most tax returns being e-filed, has CAMICO seen any trends in e-filings that don’t go through? If so, what advice do you have for policyholders to prevent or mitigate these situations?

A: We have seen a trend of e-returns not going through or being fraudulently e-filed. A few tips we can give policyholders would be to consider having an internal process in place, along with certain checks and balances to ensure that the e-filings go through. As the IRS provides an online tool to check the status of returns, it is helpful if the policyholder advises their clients to follow up on the status of their returns after they have been e-filed, to ensure that they have been accepted and processed. Rather than waiting for months to receive an update on the return, it is helpful if the client checks on the status after a couple of weeks to ensure that there aren’t any errors. Also, following up with clients to ensure that they received their refunds could help mitigate any potential damages early on. Another helpful tip is to review the returns one final time before submitting, to ensure that all the information on the return is correct, including the social security number and the firm’s Taxpayer Identification Number (TIN).

– Ines Adams, Claims Specialist

Q: Do CPAs often get brought into family disputes related to inheritance?

A: When dealing with family disputes, especially when it comes to money, emotions will run high, and these matters can become very contentious with CPAs getting pulled in and stuck in the middle. While these situations may be unavoidable, there are steps that can be taken for policyholders to protect themselves from exposure. Documentation and communication are key. Everything pertaining to the CPA’s work should be memorialized in writing and the CPA should ensure that both they and the client understand the decisions and actions that will be taken. If a CPA advises a client to take a specific course of action, written proof of the advice should be preserved. Engagement letters can also be a vital tool in protecting the CPA’s interests. The letter should spell out precisely the work that will be performed for the client and should be updated as the engagement changes. Finally, if the appearance of a conflict arises, the CPA should consider whether disengagement is the appropriate action. If the CPA decides to disengage, the disengagement should be clear (and in writing), and a copy should be preserved.

– Jill Cavenaile, Claims Executive

Q: What are the liability issues if clients withhold information about large sums of cash that they have?

A: In situations where the accountant has been made aware of clients hoarding large amounts of cash, we advise the accountant that there are several reasons to disengage from this type of client. Historically a reason for this action by the client relates to the 1929 stock market crash where the money was forever lost to the client. However, hoarding thousands of dollars is seen as a way of hiding taxable income from the government. In this situation, there are several issues with going forward with this client. 1) When the client informs the policyholder that they have decided to use this money for an investment or make a high-cost purchase, we cannot expect that they have receipts and can properly account for when and where the money came into their possession; 2) The client’s prior tax returns for as long as they have been hoarding the cash are wrong and need to be amended; 3) It is very likely that there will be a tax investigation and possibly a criminal investigation; 4) the CPA will be subpoenaed and will likely be questioned about how they advised the client after learning of the hoarding; and 5) in the investigation, the authorities will be looking at the accountant to determine if based on the information in their possession they should have known that the client was hoarding large amounts of cash. Something to remember in most situations where there is an accountant providing assistance to a taxpayer, if there is anyway a “bad situation” can be blamed on advice (or lacking advice) provided by the accountant, it will be blamed on the accountant.

– Gerard Mack, Claims Specialist

Q: Has CAMICO seen Employment Practices Liability claims related to accounting professionals being mandated to return to work (post-pandemic)?

A: The biggest issue with return-to-office claims, after COVID-19 restrictions were lifted, involves employees who are permitted to work from home and those who are being called to return to the office. Many professionals (bookkeepers, CPAs and even executive assistants who bill for their time) have been allowed to continue their remote roles as they are able to work within their role remotely. These employees have a desktop phone, laptops, and can perform their job duties via email, phone, or video conference. Allegations have emerged from staff who were hired specifically for in-office roles, such as firms’ administrative staff. Their job description typically includes some sort of client facing role, such as a receptionist, or duties that include maintaining the office, checking and ordering office supplies or copying client files. Employees who were allowed to work remotely, either due to COVID-19 or another medical accommodation, have challenged the call to return to the office. When the employee was moved to a temporary remote role, policyholders usually needed to shift the administrative employee’s duties to someone who was present at the office or reduce the administrative employee’s duties. There have been instances in which the remote employee was given the opportunity to learn new skills, such as payroll or bookkeeping, which can be completed remotely. In those instances, where the remote administrative employee was unable to learn new skills or completed those skills at an unsatisfactory level, the policyholder has made the decision to terminate the employee due to the lack of work that the administrative employee can complete away from the office. A termination of this nature has led to allegations of discrimination or wrongful termination.

– Katjana Roelz, Claims Specialist

Q: What does CAMICO recommend when a client passes away and there is a new point of contact for the engagement?

A: We recently had a situation where an accountant prepared tax returns and did bookkeeping for the matriarch of a family for many years. Upon her passing, the client’s daughter became the point of contact. The daughter said she was going to engage a new CPA to prepare taxes and was going to take over the bookkeeping duties herself. The policyholder did not confirm the conversation in writing and did nothing further. A couple years later, the daughter was surprised to find that the tax returns had not been prepared and filed. A claim was brought against the CPA for the penalties that were imposed by the IRS.

An engagement with a client is fundamentally a relationship. As with all relationships, there should be an understanding between the parties as to what they should expect. Many times, people make assumptions about what the other person will do or not do. These assumptions are often different than what the other person expects will happen in the relationship. An engagement letter is the best way to develop an understanding with the client about what they should expect from the accountant and what the accountant expects of them. There may be conversations between the parties about what they expect to happen, but perceptions may differ, and memories will fade. When an accountant uses a well-drafted engagement letter or disengagement letter, both parties know exactly what to expect of the other. If the client were to later make an unwarranted assertion about the relationship, the accountant can refer to the letter to justify his or her action or inaction. This is especially important in the confusion surrounding the death of a client. Engagement letters also enhance the accountant’s professionalism and make it easier for their actions to be defended in any later dispute.

Engagement letter templates can be found in the Engagement Letter Resource Center, located on CAMICO’s Members-Only Site.

-Mark Rooks, Claims Specialist

The post Top 10 Loss Prevention and Claims Trends appeared first on CAMICO.

Why It’s Important to Maintain Prior Acts Coverage

ssAdmin — Thu, 25 Jul 2024 17:29:24 +0000

Do Not Lose Coverage for Your Prior Acts!

Most Accountants Professional Liability insurance policies are “claims made and reported” policies. Two important features of claims made and reported policies include:

The insurance applies only to claims that are first made and reported to the insurance company during the policy period.
The insurance provides coverage for professional services performed from the Retroactive Date (or “Prior Acts Date” or “Initial Effective Date”) to the expiration date of the policy as stated in the Declarations.

The Retroactive Date is the earliest date from which the policy provides coverage for an act, error or omission from which a claim for damages arises. Claims arising from professional services performed prior to the policy’s Retroactive Date are not covered. The Retroactive Date is normally first established at the onset of the firm’s first policy and continues to follow the renewal of that policy for as long as the policy is continuously renewed without any lapses in coverage.

A firm that is changing from one insurance carrier to another must make the change seamlessly to avoid losing the Retroactive Date. If a lapse occurs and that continuity is broken (i.e., the policy not renewed continuously), the initial Retroactive Date is lost, and a new policy will most likely have a new Retroactive Date that is advanced to the inception date of the new policy.

The advancement of the Retroactive Date causes the firm to lose the coverage that it had with an older Retroactive Date, and past professional services that were previously covered would no longer be covered. Firms should always maintain “seamless” coverage, with no lapses in the policy along the way, to ensure coverage for professional services performed back to the original Retroactive Date.

We encourage you to return your application(s) as early as possible to avoid any gaps in coverage. In any event, return your application(s) before your current coverage expires.

Do not assume that insurers will ignore a late-returned application(s) and backdate coverage to allow you to maintain your Prior Acts Coverage, as they are in no obligation to do so. Please contact your underwriter or agent with any questions or requests for additional information.

Disclaimer: This information is provided as a general overview and is not intended to be a complete description of all applicable terms and conditions of coverage. The precise coverage afforded by any insurer is subject to the actual terms and conditions of the policies as issued.

The post Why It’s Important to Maintain Prior Acts Coverage appeared first on CAMICO.