This post discusses CPAs providing fraud prevention services to compilation clients. If you haven’t done so in the past, it could be a new revenue stream for your firm.
The Greater Risk for Your Client
How many clients do you provide compilation services to? For most small- to medium-sized CPA firms, the answer is usually many. Now let me ask you another question.
What is the greater risk for your client?
- Financial statements are misstated or
- A trusted bookkeeper (or someone else) is stealing substantial sums of money from the business
You say, “But I’m not engaged to look for potential theft or prevent it.” Regarding compilation engagements, you are right. Notice, however, my question is about your client.
I find that most compiled financial statements are basically correct—often because of the CPA’s involvement. The risk of material misstatement is driven down, and obviously, this is a good thing, but what about the potential for theft?
It seems to me that CPAs seldom talk with their compilation clients about the potential of fraud, even though we know, for instance, that the client’s accounting staff consists of one bookkeeper. So, we are aware that the client’s accounting system lacks segregation of duties.
When fraud happens, clients will sometimes say, “my CPA is responsible”—even though compilations are not designed to prevent (or detect) fraud. Therefore, we must clearly define the services we are providing.
Defining Your Compilation Service
Here are two questions to consider in defining your compilation engagements when you are not providing fraud prevention services.
- Do you obtain a signed compilation engagement letter?
- Do you verbally explain the limits of your engagements (that you are not providing fraud prevention or detection services)?
These two actions lessen your risk.
If, however, you desire to provide fraud prevention services in addition to the compilation, then include appropriate language in your engagement letter to cover the additional service or use a separate engagement letter to address the fraud prevention work. More about this in a moment.
Fraud Prevention and Compilation Services
Do you ever suggest to your client that he or she have you (or someone else trained in fraud prevention) review the accounting system and make fraud prevention suggestions? Here is where I believe you can add value to the compilation service. I also believe it is largely an untapped source of revenue for small- to medium-sized CPA firms.
Obviously, you need to understand internal controls and fraud prevention prior to providing fraud prevention services. If you don’t have that knowledge, you can obtain it from organizations such as the Association of Certified Fraud Examiners.
If you provide fraud prevention services, you need to create an engagement letter that addresses the boundaries of your work. It is wise to say what you are providing and, more importantly, what you are not providing.
I normally state that I am providing the additional fraud prevention service to mitigate fraud risk and that the additional work does not provide absolute assurance. I go on to say that once the work is complete, “that fraud can still occur.” (Check with your insurance carrier for appropriate language.)
In other words, your engagement is to lessen fraud risk, not to eliminate it, a reasonable proposition. (The risk of fraud can seldom, if ever, be fully eliminated. And I tell my clients this.)
Fraud Prevention Services Create Risk
But doesn’t providing fraud prevention services create additional risks for the CPA?
Providing any additional service creates risk for the CPA. So this is ultimately a business decision for you and your firm. Additionally, contact your insurance company to see what they say.
If you desire to provide fraud prevention services, consider becoming a Certified Fraud Examiner (CFE) or obtain your Certified in Financial Forensics Credential. I became a CFE in 2004 and found the training eye-opening. Though I had been a CPA since 1987, I gained valuable knowledge about system design and fraud prevention.
Will providing fraud prevention services impair your independence? Under existing AICPA independence standards, the answer could be yes (because you are assisting with the design of the internal control system). But the independence issue depends on what you do. Making recommendations probably would not impair independence. Fully designing the internal control structure would impair independence.
If your independence is impaired, you need to say so in the compilation report. Independence is not required in compilations. Take a look at Definitive Guide to Compilation Engagements.
Agree or Disagree?
What do you think about offering fraud prevention services to compilation clients?
You can learn more about white-collar crime here.