Five everyday risk management issues for accounting practices

This article was current at the time of publication.

Accountants are highly in tune with the multiple risks their clients face. Unfortunately, in pursuing excellent customer service, some may ignore risks to their practice. 

CPA Australia has identified the five most common of these, which are outlined below.

Risk 1: Terms of engagement letter

These letters provide a prescriptive statement of what you plan to do for a client in the engagement. 

They set out the expectations of you and the client by clarifying the legal and operational scope.  Importantly, the terms of engagement should also define what you won’t do for a client. 

The letter needs to be updated for long-standing clients if the scope of your service to the client changes.  

Consider reissuing the letter when:

• There are significant changes in the scope of the engagement
• Indications that the client has misunderstood the scope of objectives of the engagement
• Change of management for a corporate client
• Your engagement with the client is irregular.

Notably, these letters can (and likely will) be used in legal proceedings if the client claims against you. CPA Australia provides this example. Visit the page for engagements related to tax.

Risk 2: Cyber security

A cyber security attack is now the highest risk to your business. In the last financial year, the Australian Cyber Security Centre received more than 67,500 cybercrime reports. This equates to approximately one incident every eight minutes. 

Once your identity has been stolen it cannot be “unstolen” and will affect operations for the life of the client. 

Reports to CPA Australia indicate that cybercriminals have used the identity of an accountant to try to lodge fraudulent business activity (BAS) statements. Should the Australian Taxation Office (ATO) deem there is a cyber security breach, it may apply protective measures to one, some, or all of your clients. This may mean:

• A need for additional proof of identity obligations – e.g., having to verify identity with every engagement with the ATO
• Additional monitoring processes, leading to delays in processing tax returns and other forms
• Additional security measures, such as being unable to use myGovID to verify identity, having to manually ask for BAS, and possible suspension of digital identity during the investigative process.

CPA Australia has resources to help with your cybersecurity strategy, including a checklist and MY FIRM. MY FUTURE. e-learning modules.

Risk 3: Acting as a shadow director

Section 9 of the Corporations Act 2001 (the Act) defines an officer of a corporation but does not mean you are required to be a named director of that corporation.  

A person can be deemed an officer if that person participates in substantive decision-making of the business of the company, can affect the company’s financial standing, or potentially influence directors of the company who are inclined to act based on his or her instructions or wishes.  

However, the Act does provide an exclusion of the provision of advice given in the proper performance and function of that person’s professional capacity. 

It is very risky in this situation for accountants to start making decisions for the company or provide advice without adequately ensuring the client understands the advice. 

Often in circumstances where a company fails, the director will say that they didn’t understand the advice being provided and just did what the accountant told them to. This is where a robust terms of engagement letter is important. 

It’s something that can be relied on should the accountant be accused of stepping over the line. 

Being deemed an officer of a company can open civil and criminal offences under the Act, such as director duties, insolvent trading and other voidable transactions.

Risk 4: Conflicts of interest

The Australian Professional & Ethical Standards Board (APESB) has issued APES 110 Code of Ethics for Professional Accountants (including Independence Standards) that addresses conflicts of interest requirements for members in public practice in Australia. 

Conflicts of interest create threats to compliance with fundamental principles, including objectivity, confidentiality, and professional behaviour.

A conflict may arise via business interests (such as being seated on the board of directors of a client or being a shareholder) or relationships with clients and/or third parties (such as being related to or friends with a client or senior employees).

Conflicts of interest create a threat to your ability to perform your duties. Once a threat is identified, you will need to take steps to eliminate the risk or reduce it to an acceptable level. If the threat cannot be eliminated or reduced, you must not accept the engagement, or resign from the engagement.  

Risk 5: Accountant’s letters and certificates of financial advice

Accountant’s letters are a transfer of risk to you by a lender for a client’s non-compliance under the terms of a loan.  

This means in the event of default by a client, the lender may sue you to cover the shortfall. A client may ask you to sign this document quickly because they need access to finance. It will ask you to verify the future liquidity of a client, which you cannot do.  

Because of the risk transfer, CPA Australia strongly advises members against signing these letters.  

Further, if the request is connected to consumer credit, you may not be adequately licensed to sign the document.  

CPA Australia has issued guidance on this issue and a podcast on the topic. 

Kristen Beadle CPA is the former Manager Public Practice and SME – Professional Standards and Business Support at CPA Australia.