You will find a wealth of best practices and risk management resources at your fingertips on the CAMICO Members-Only Site. There are 5 main areas of important information and tools for accountants who are CAMICO policyholders.

1. Knowledge Tree:

Locate documents quickly in this searchable library with hundreds of relevant accounting and tax resources, including risk management tools and advisories, organized into folders by areas of risk exposure..

2. Resource Centers:
   1. Access a collection of risk and practice management tools and external resources on popular topics such as:
      1. Engagement Letters (with 90+ sample letters)
      2. Tax
      3. Ethics
      4. Accounting and Auditing
      5. Subpoena Services
      6. Fraud
      7. Identify Theft and Data Security

3. Education and Training:
   1. Obtain training and CPE credits through a number of free educational opportunities
      1. Webcasts
      2. In-firm presentations
      3. Speakers bureau
      4. Self-study courses
      5. Risk management conferences and boosters

4. eAlerts:
   1. Receive the latest eAlerts on recent developments that significantly impact CPAs and their risk exposures.

5. IMPACT:
   1. Gain access to current and archived IMPACT newsletters, war stories, selected claims, alerts, and more.

The Members-Only Site (MOS) also provides each user the ability to search the Knowledge Tree or the entire website (global search) using the site’s search function, providing access to content and documents at your fingertips.

Take advantage of these resources by becoming a CAMICO policyholder. CAMICO has a streamlined and user-friendly online application process for CPA firms with up to 3 CPA professionals. Receive an insurance quote

in less than 5 minutes!

The post 5 Key Resources on the Members-Only Site (MOS) for CAMICO Policyholders appeared first on CAMICO.

The AICPA’s Professional Ethics Executive Committee has revised existing ethics definitions and existing and adopted new interpretations. The

new and revised interpretations and guidance

include new definitions for “Attest client” (ET sec. 0.400.03) and “Client” (ET sec. 0.400.07) which could be an issue for accountants unaware of the change.

The revised definition of “Client” clarifies that when the engaging entity

is not the subject of the professional services (subject entity), accountants have two separate clients within one engagement and must treat them as separate clients.

The clarification of the definition of “Client” also impacts the application guidance for “Records Requests” (ET sec. 1.400.200) to clarify that accountants won’t violate the guidance (1) by returning the records to the person or entity that gave the records to the accountant, (2) when engaged by one party to benefit another party and provides the work products to the beneficiary (e.g., when engaged by a company to prepare its executives’ tax returns), and (3) unless there is an agreement that states otherwise when engaged to perform professional services with respect to an entity that is not intended to benefit from the professional services, and the accountant provides the work products to the engaging entity.

Accountants should be required to return client-provided records to parties who provided those records. So, if an engaging entity provided the accountant with records, then the accountant should return the records only to the engaging entity. And if the subject entity provided the records to the accountant, then the accountant should return the records to the subject entity and not to the engaging party.

The “Attest Client” definition has required accountants be independent of both the subject entity and the engaging entity, when the two are not the same entity. The clarified “Attest Client” definition no longer requires accountants to be independent of the engaging entity when engaged to perform an attest engagement on an entity when the engaging entity and the subject entity are not the same entity. Although accountants no longer need consider whether they are independent of the engaging entity in such instances, they should remain cognizant of potential threats to their objectivity (e.g., conflicts of interest) with regards to entities that engage the accountant to perform attest services for a subject entity client.

New Definition of Attest Client

.03 Attest client. A person or entity

with respect to which a member performs an attest engagement is performed. [No prior reference: new content.]

If the person or entity that engages a member or member’s firm (member) to perform professional services (engaging entity) is not also the attest client, the member should refer to the

“Client Affiliate”
“Integrity and Objectivity Rule”
“Conflicts of Interest for Members in Public Practice”

interpretation [1.224.010] to determine whether the engaging entity is an affiliate from which the member should be independent. However, because threats to the member’s compliance with the

[1.100.001] and the

interpretation [1.110.010] may still exist with respect to the engaging entity, members should comply with this rule and interpretation.

New Definition of Client

.07 Client.

Any person or entity, other than the member’s employer, that engages a member or member’s firm to perform professional services (engaging entity) and also, a person or entity with respect to which a member or member’s firm performs professional services (subject entity). When the engaging entity and the subject entity are different, while there is only one engagement, they are separate clients.

Text of Revised Definition of Client

(Additions are in boldface italic, and deletions are in strikethrough.)

.07 Client.(engaging entity)also,

Any person or entity, other than the member’s employer, that engages a member or member’s firm to perform professional services

and

if different, the

aa member or member’s firm performs(subject entity)

person or entity with respect to which

professional services

are performed

. When the engaging entity and the subject entity are different, while there is only one engagement, they are separate clients.

For purposes of this definition, the term employer does not include the following:

a. Person or entity engaged in public practice.
b. Federal, state, and local government or component unit thereof, provided that the member performing professional services with respect to the entity is
i. directly elected by voters of the government or component unit thereof with respect to which professional services are performed;
ii. an individual who is (1) appointed by a legislative body and (2) subject to removal by a legislative body; or
iii. appointed by someone other than the legislative body, so long as the appointment is confirmed by the legislative body and removal is subject to oversight or approval by the legislative body.

[Prior reference: paragraph .03 of ET section 92]

See paragraph .03 of the “Simultaneous Employment or Association With an Attest Client” interpretation [1.275.005] for independence guidance related to a member in a government audit organization that performs an attest engagement with respect to the government entity.

Text of Revised Definition of Attest Client

(Additions are in boldface italic, and deletions are in strikethrough.)

.03 Attest client.

A client that engages a member to perform an attest engagement or

A person or entity

  with respect to which a member performs an attest engagement is performed. [No prior reference: new content.]

If the person or entity that engages a member or member’s firm (member) to perform professional services (engaging entity) is not also the attest client, the member should refer to the

“Client Affiliate”
“Integrity and Objectivity Rule”“Conflicts of Interest for Members in Public Practice”

interpretation [1.224.010] to determine whether the engaging entity is an affiliate from which the member should be independent. However, because threats to the member’s compliance with the

[1.100.001] and the

interpretation [1.110.010] may still exist with respect to the engaging entity, members should comply with this rule and interpretation.

See paragraph .06 of the “Client Affiliates” interpretation [1.224.010] for acquisitions and business combinations that involve a financial statement attest client.

See paragraph .03 of the

“Simultaneous Employment or Association With an Attest Client” interpretation [1.275.005] for independence guidance related to a member in a government audit organization that performs an attest engagement with respect to the government entity.

Here is a link to other

recent AICPA definitions, interpretations, and guidance.

The post Changes to AICPA Interpretations and Definitions Pose Risks for Those Unaware appeared first on CAMICO.

Subject: Employee Embezzlement

Services: Write-up and accounting

Ever since 1989 IMPACT has brought its readers War Stories from the CAMICO claims files. The War Story tradition continues to this day and is one of the many distinguishing characteristics of CAMICO’s exemplary loss prevention services, designed to warn policyholders of the many pitfalls and risk exposures facing CPAs.

The result of this tradition is a collection of over 100 War Stories to date, covering a wide variety of subjects and services, available to CAMICO policyholders via the Members-only Site (mickey.camico.com) under “Knowledge Tree” and “CAMICO Publications.”

The following two CAMICO War Stories are from two different decades, one from 1989, and the other from more recent times. Both illustrate the dangers of one person having excessive control over an entity’s financial operations (lack of separation of duties).

War Story No. 1, the first ever published (in IMPACT 11), is still relevant today and illustrates the classic small business scenario in which one person takes advantage of an absence of adequate internal controls.

War Story No. 106 is based on a similar, more recent claim and has interesting parallels to No. 1.

Some CPA professional liability issues never change.

War Story No. 1

Subject: Employee fraud

Service: Write-up and accounting, including monthly issuance of income and expense statements and annual discussion of finances

Situation: The CPA’s client was a central California dentist with a small practice including one medical assistant and a nurse/office manager. The office manager handled most of the practice’s financial affairs, preparing checks for signatures, making entries on day sheets, and taking deposits to the bank. The office manager routinely presented the busy dentist with groups of blank checks for his signature. She then made some of the blank checks payable to her creditors including her credit card accounts, utility companies, car dealer, insurance firm and others. She sometimes forged the doctor’s signature. She then booked the expenditures under a variety of areas such as utilities and salaries. At first the office manager stole small amounts — $400 one month, then $800, then $1,200. In 12 months she had stolen almost $20,000. The amounts increased, as she became bolder. During the final nine months of the three-year fraud, she stole almost $54,000. In all, the office manager embezzled nearly $90,000 from her employer.

The CPA didn’t spot the defalcation. He provided write-up and accounting services to more than one hundred small businesses and practices, but delegated most of his work to his clerk/assistant. The clerk entered the information from the dentist’s “Post-at-Once” day sheets and mailed the statements to the dentist. The CPA did not review the income and expense statements, although such a review could have uncovered the fluctuations in salaries, utility payments and so on. He seldom, if ever, met with his client to discuss the monthly statements.

Complaint: The CPA’s client finally questioned the discrepancy between his increasing client base and decreasing income. He was angry that the CPA had not spotted the defalcation early in the scheme.

Results: The dentist, the dentist’s bank, and the CPA shared responsibility for the embezzled funds. CAMICO asserted that the bank had some responsibility for detecting the few forgeries. The dentist bore responsibility for signing blank checks — which were the primary vehicle for the theft — and not paying sufficient attention to the bookkeeping aspect of his practice. The CPA was in error for not reviewing the monthly statements. In the settlement the dentist received $13,000 from the bank, and $56,000 from CAMICO. As typically happens, nothing was recovered from the embezzler who is on probation. The dentist failed to recoup $21,000 of the $90,000 embezzled.

Loss Prevention Tips: CPAs can avoid this type of claim by heeding these tips:

• The engagement letter for this type of work should include a statement that the CPA is limited to making the entries and the client is responsible for reviewing them.
• You should attach a note to the statements requesting that the client sign and return the statements after reading them.
• You should routinely send a letter to all clients offering general advice about internal controls, including:
• Don’t sign blank checks
• Ensure that all lines on a check are filled in
• Don’t permit the same person who writes the checks to receive bank statements
• Reconcile accounts or permit the CPA to perform this service
• Screen job applicants thoroughly; check references (the office manager in the described claim was on parole for embezzlement and had used a false name and social security number when hired by the dentist)

In addition, you should take the time to review statements, comparing them with past statements. Scrutinize signatures on bank statements monthly, or at least quarterly. Finally, at least once a year you should meet with clients to review their business, discussing capital improvements and any other changes in the business or staffing.

War Story No. 106

Subject:
Controller embezzlement

Service:
Monthly and annual compilation, bookkeeping, write-up, tax compliance

Situation:
The client, an electronics parts manufacturer in the Midwest, hired a new controller without obtaining any credit checks or background investigations. The controller happened to be a veteran embezzler with multiple criminal convictions, including prison time, and he immediately set up a scheme for siphoning funds from the business to himself.
He moved the business’s bank accounts from one bank to another but left the old accounts open in the first bank. He began to regularly move funds from the new accounts to the old accounts, and after finding the electronic key for wiring funds out of the old accounts, wired himself money from the accounts. (The bank had not followed its own protocols by allowing one person to transfer funds in this manner.) Within a year, he had stolen about $1 million. The thefts were discovered when vendors and suppliers to the business quit shipping materials due to nonpayment.

The CPA had acquired the client several years earlier from a merger with another CPA firm and provided bookkeeping, write-ups, tax compliance, and monthly and annual compilations, relying on the information provided to him by the controller. An “evergreen” engagement letter had been signed 10 years earlier, before the merger. The letter warned the client that the services provided “are not designed to detect employee embezzlement,” but the client had signed the letter 10 years earlier and had probably not looked at it since then.

Consequently, the client was disappointed that the CPA did not detect the embezzlement as part of his monthly services, and the client’s attorney advised him to file a claim against the CPA for the $1 million in thefts. The case went into mediation, where the CPA’s defense attorney pointed out that the client: had not obtained a background check on the new controller before hiring him; had consequently hired a convicted felon; and had signed an evergreen engagement letter warning that the services were not designed to detect embezzlement. A settlement agreement was ultimately negotiated for about $200,000.

Loss Prevention Tips:

The longer a CPA has provided services, the greater the CPA’s responsibility in the eyes of a jury. Five years of servicing a small business is enough for a jury to expect the CPA to have a profound understanding of the business, even if only “low level” services such as tax compliance and compilations are provided.
Jury studies also show that juror, client and public expectations of CPAs have increased to the point where CPAs are expected to always detect fraud, and to advise and warn clients of their embezzlement/defalcation risk exposures. By advising and warning clients of their exposures, CPAs: 1) better prepare clients to address the exposures, and 2) are able to minimize liability stemming from the expectation to detect fraud.

Advice to clients about their exposures to defalcation is best provided in an advisory letter that: 1) warns about the general risks; 2) suggests steps clients can take to reduce the risks; and 3) offers annual CPA services to help address the risks. An informed client is better able to avoid defalcation. If a defalcation is later uncovered, the CPA has documented evidence of the warning. Clients should also be notified of “loose ends” such as sloppy bookkeeping and late bank reconciliations.

An engagement letter should be signed annually, as “evergreen” engagement letters will not be effective year after year, and can prolong the statute of limitations for filing a claim. The engagement letter allocates, in limiting language, the responsibilities of the engagement for the CPA and the client. A limitation of liability clause may also be effective, but the clause should be reviewed by a risk advisor or legal counsel for possible modification. If performing bank reconciliation services, an addendum to the letter should state that the services are limited in scope and are neither designed nor intended to deter or discover fraud, embezzlements or any other irregularities. Statement on Standards for Accounting and Review Services No. 21 (SSARS No. 21) now mandates CPA engagement letters be signed by their clients’ management.

Examples of internal control warning letters can be found in the Fraud Resource Center on the CAMICO Members-only Site under “Risk Management Tools and Engagement Letters.” Sample engagement letter language can be found in the Engagement Letters Resource Center on the Members-Only Site.

“War Stories,” drawn from CAMICO claims files, illustrate some of the dangers and pitfalls in the accounting profession. All names have been changed

The post War Stories No. 1 and No. 106 appeared first on CAMICO.

The U.S. Court of Appeals for the Ninth Circuit earlier this year affirmed a U.S. District Court ruling in favor of a CPA firm in the case Mosier v. Stonefield Josephson, filed Feb. 23, 2016. The appellate court’s decision is significant and breaks new ground in California’s laws governing claims against auditors (and other professionals).

One of the notable items is the affirmation that contractual provisions that prospectively release claims when there has been a misrepresentation to an auditor or other professional may be enforced. The appellate court cited the contractual engagement agreement between the firm and the client — an agreement that states that the CPA firm would not be responsible for any misrepresentations made by the client.

A fundamental expectation in most, if not all, engagements is that management understands and accepts full responsibility for the accuracy and completeness of the information and representations made to the firm during the course of rendering services. The Court of Appeals in this case gives credence to the use of engagement letter language that provides that if the client makes misrepresentations to the accountant in the course of their work, the client is waiving the ability to later assert a claim against the accountant related to those misrepresentations. This may sound like common sense, and certainly this is an argument that can be made and prevail in court even absent the contract language; but with the support of this appellate decision, CPAs are better positioned to use this language and afford themselves further protection. While the specific case involves audit services, the court’s decision would apply to engagement letter language pertaining to other professional services as well.

Below is some suggested engagement letter language for your reference.

In accordance with the terms and conditions of this agreement, [Client] shall be responsible for the accuracy and completeness of all data, information and representations provided to us for purposes of this engagement. Because of the importance of oral and written management representations to the effective performance of our services, [Client] releases and indemnifies our firm and its personnel from any and all claims, liabilities, costs and expenses attributable to any misrepresentation by management and its representatives.

If you have any questions, please contact CAMICO at 1.800.652.1772 or email the Loss Prevention Department at lp@camico.com.

To view the entire court decision, click: View the Document (PDF).

The post U.S. Court Upholds Engagement Letter Language on Misrepresentations appeared first on CAMICO.

By Emily Franchi

With the creation of the National Labor Relations Board (NLRB) and the passing of the National Labor Relations Act (the Act) in 1935, employees have enjoyed protection to speak freely with one another about their employer. This was commonly done over the office water cooler with office rumors and gossip being freely discussed. Fast forward 80 years, and the water cooler has been replaced with social media sites such as LinkedIn, Facebook and Twitter.

Those water cooler discussions were held in the confines of the office and therefore kept somewhat private. Social media has since opened a world-wide door to those discussions. Now that employee opinions of employers are available for the world to see, can an employer legally prohibit such commentary?

‘Protected concerted activity’

The overly broad answer is, “Yes and no.” Employee discussions of working conditions, safety issues, pay, etc., in social media are considered “protected concerted activity” under the National Labor Relations Act and therefore cannot be governed by the employer. This means that an employer may not discipline, demote or terminate an employee having those types of conversations over social media. Many employers hold the misconception that this policy applies only to union employees, but it applies to all employees, union or not.

However, if in that discussion an employee divulges proprietary information, violates the employer’s anti-harassment and discrimination policy, or is reckless, profane or threatening when referencing the employer, the employer may discipline the employee. The employee might be in violation of the policies of the employer and the social media site, though protection is decided on a case-by-case basis. Individual griping may not be protected, but sharing specific workplace concerns might be protected. Navigating the law can be like walking through a minefield.

In a recent Connecticut case, an employer was sued by an ex-employee who was fired after a social media posting in which she discussed her feelings about a supervisor as well as safety concerns.

‘Unlawfully fired’

“After a work-related incident, an employee criticized her supervisor in a post on Facebook, which prompted other employees to reply to the posting. The employee was suspended the next day and later fired. The NLRB issued a Complaint alleging the employee was unlawfully fired for engaging in protected concerted activity when she posted on Facebook. Prior to a hearing, the case settled.” Source: NLRB.gov

In another recent incident, an employee of the firm posted disparaging and threatening remarks about other employees of the firm. The “conversation” was threatening, slanderous and unproductive, which led to the social site removing the employee’s post and warning the employee of the violation of the site’s policies regarding postings. The employee was subsequently terminated.

In a 2012 case against Costco Wholesale Group, the NLRB held that the company violated employees’ rights by maintaining a policy prohibiting employees from electronically posting statements that “damage the company.” According to the NLRB, the broad statement in this policy violated the employee’s rights under the Act.

The first and easiest line of defense for the employer is to review all policies that may impact the legal rights of employees. Does your firm have an open-door policy that encourages employees to share concerns with management in an environment free from the fear of retaliation? Employees who feel they are heard by employers are less likely to post disparaging remarks on social media sites. However, the key is to ensure all of management is on board with being open to hearing employees’ suggestions and concerns. Equally important is including a social media policy in the employer’s handbook that outlines expectations relating to what can and can’t be shared on social media. Frequently hidden in a conduct policy are inappropriate requirements that also might infringe on employees’ rights.

Social media policy guidelines

As your firm works to sort out the good and bad of social media, be sure to institute a policy that includes a code of conduct which defines acceptable and unacceptable communications, and requires certain disclosures and disclaimers. A firm’s social media policy should include specific clauses requiring employees to:

• identify themselves when discussing their employer or employer-related matters (i.e., no pseudonyms or anonymous postings);
• be clear and write in first person; and
• make it clear that the employee is speaking for himself or herself alone and not on behalf of the employer.

A social media policy should also prohibit employees from:

• disclosing proprietary or confidential information, even peripherally;
• discussing vendors or clients;
• posting insults, slurs, or obscenities; and
• being disrespectful, bullying or picking fights.

Social media policies are usually presented within the context of the employee handbook and other policies governing professional and ethical conduct. Such policies provide a number of essential guidelines on issues such as protecting proprietary firm information, avoiding conflicts of interest and excessive material inducements, and contributing to a safe work environment free of discrimination, harassment and retaliation. Like all policies included in the employee handbook, the consequences for breaking the policy must be clearly spelled out.

Social media related to the workplace is a dynamic topic, and the laws are constantly evolving. To reduce the potential for a claim or lawsuit, CAMICO recommends having a human resources professional review policies relating to employee behavior and/or social media postings to consider whether they inhibit employees’ rights to discuss wages, hours and working conditions and thus violate rights under the Act.

Firms that have an Employment Practices Liability insurance policy with CAMICO have access to human resources consulting services and resources, unlimited telephone and email consulting services, online resources, available HR management policies, procedures and forms, employee handbooks, and educational opportunities on HR topics.

Emily Franchi is the loss prevention specialist for employment practices with CAMICO (mickey.camico.com). For CAMICO policyholders who have Employment Practices Liability coverage, she provides support on a variety of human resources management issues, focusing on employee relations and legislative compliance for the workplace. Franchi works with policyholders to reduce exposure to potential employment practices claims, and she provides education and assistance in creating professional work environments.

The post Social Media — the New Water Cooler appeared first on CAMICO.

Wigboldy joined CAMICO in October 2014 and is responsible for CAMICO claims operations. He has more than 30 years of insurance industry experience in various claims positions, most recently with The Hartford Financial Insurance Group, Inc., as regional vice president, general liability field claims, responsible for claims management in 29 states. He began his insurance career in products liability and general liability claims with Sentry Insurance, where he was promoted to senior commercial claims manager and then to regional auto claims director. After joining The Hartford as a claims manager, Wigboldy was promoted to director of property and auto field claims before becoming regional vice president. An alumnus of Calvin College in Grand Rapids, Mich., with a Bachelor of Science in economics and mathematics, he is a member of the Society of Chartered Property and Casualty Underwriters.

“Ken’s talents and experience contribute significantly to the CAMICO program, and his participation on our team further enhances the broad, effective support we provide our policyholders,” said Ric Rosario, CPA, CFE, CGMA, CAMICO CEO.

The post CAMICO Appoints VP of Claims appeared first on CAMICO.