The AICPA Statements on Quality Control Standards (SQCS) require firms to establish policies and procedures for the acceptance and continuance of client relationships and specific engagements. These apply to a CPA firm’s accounting and auditing practice, as well as any other service. Acceptance process can vary from firm to firm where Solo practitioners can proceed with a single peer while Mid-size firms can discuss prospective clients as a partner group. Large-size firms normally use a client acceptance committee.
Professional liability risk is borne by the entire firm (not only by the partner) where consistency in client evaluation is required and is a critical parameter for firm’s level of risk tolerance. It is hence strongly advisable to document the firm’s client acceptance criteria and evaluation process, including additional approvals that may be required.
The checklist includes:
- Assessing background information, including those available on digital media, corresponding to the client and key members of client management.
- Verifying the referral source and/or the client’s other professional advisors
- Understanding the client’s history with its former CPA(S) and reason for change
- A discussion with the client’s former CPA(s) and check the client’s comfort level in facilitating the same (in case the client may display lack of interest, this could possibly indicate an integrity issue)
- Assessing management’s experience, financial knowledge, credentials, appreciation of internal control, and acceptance of their responsibilities that are applicable to the service to be rendered
- Understanding any changes in ownership, management, and governance
- Performing a credit check to assess the client’s ability or willingness to pay timely invoices
- Ensuring personal with prospective clients for an upfront understanding and relationship building
- Verifying pending or past lawsuits of a client and understanding its propensity to sue its professional advisors (supporting processes can be inquiries, internet searches, and review of public records)
- Reviewing the client’s financial ratings
- Reviewing prior financial statements of the client to ascertain specific delays (if any) in issuance or restatements
- Reviewing previous tax returns, recent tax return audit results, and other pending tax issues
- Going by instinct in client validation
Response Mechanism to Identified Risks
Efficient risk management practices are required to mitigate the risk to an acceptable level for the CPA firm. Such Risk management practices include:
- Retainer adaptation preceding servicing, billing and payment terms in the engagement letter
- Inclusion of risk allocation provisions, such as dispute resolution, limitation of liability and damages, and indemnification, in engagement letters wherever permissible
- Assigning an experienced engagement team for service delivery
- On-boarding a secondary-senior level reviewer on the engagement team
- Mutual review of the engagement letter contents with the client, including each party’s responsibilities and expectations of their role in the engagement
- Performing frequent and continuous evaluations to monitor client risk and ensure that it does not exceed the initially accepted risk level
In case of integrity concerns noted in above procedure, it is best advisable to decline the client opportunity as identification of an efficient risk management practice, or its combination becomes difficult for such clients at a later stage.
Economic Considerations influencing Risk Acceptance
When the economy is lopsided, CPA firms may be more inclined to take up certain risks, which they would not ideally be considering in utopian conditions. This can cause accepting a client engagement out of the firm’s standard operating boundaries, expertise or acceptance criteria.
Continuing with Client Evaluation
Since definition of ‘Risk’ for the client and ‘Risk tolerance’ for a CPA firm may keep changing with times, consistent client evaluation is mandatory keeping the Client Acceptance criteria intact. In case issues are figured out at a later stage, it should be a best practice to cut the umbilical cord with such a client.