This post discusses CPAs providing fraud prevention services to compilation clients. If you haven’t done so in the past, it could be a new revenue stream for your firm.
How many clients do you provide compilation services to? For most small- to medium-sized CPA firms, the answer is usually many. Now let me ask you another question.
What is the greater risk for your client?
You say, “But I’m not engaged to look for potential theft or prevent it.” Regarding compilation engagements, you are right. Notice, however, my question is about your client.
I find that most compiled financial statements are basically correct—often because of the CPA’s involvement. The risk of material misstatement is driven down, and obviously, this is a good thing, but what about the potential for theft?
It seems to me that CPAs seldom talk with their compilation clients about the potential of fraud, even though we know, for instance, that the client’s accounting staff consists of one bookkeeper. So, we are aware that the client’s accounting system lacks segregation of duties.
When fraud happens, clients will sometimes say, “my CPA is responsible”—even though compilations are not designed to prevent (or detect) fraud. Therefore, we must clearly define the services we are providing.
Here are two questions to consider in defining your compilation engagements when you are not providing fraud prevention services.
These two actions lessen your risk.
If, however, you desire to provide fraud prevention services in addition to the compilation, then include appropriate language in your engagement letter to cover the additional service or use a separate engagement letter to address the fraud prevention work. More about this in a moment.
Do you ever suggest to your client that he or she have you (or someone else trained in fraud prevention) review the accounting system and make fraud prevention suggestions? Here is where I believe you can add value to the compilation service. I also believe it is largely an untapped source of revenue for small- to medium-sized CPA firms.
Obviously, you need to understand internal controls and fraud prevention prior to providing fraud prevention services. If you don’t have that knowledge, you can obtain it from organizations such as the Association of Certified Fraud Examiners.
If you provide fraud prevention services, you need to create an engagement letter that addresses the boundaries of your work. It is wise to say what you are providing and, more importantly, what you are not providing.
I normally state that I am providing the additional fraud prevention service to mitigate fraud risk and that the additional work does not provide absolute assurance. I go on to say that once the work is complete, “that fraud can still occur.” (Check with your insurance carrier for appropriate language.)
In other words, your engagement is to lessen fraud risk, not to eliminate it, a reasonable proposition. (The risk of fraud can seldom, if ever, be fully eliminated. And I tell my clients this.)
But doesn’t providing fraud prevention services create additional risks for the CPA?
Providing any additional service creates risk for the CPA. So this is ultimately a business decision for you and your firm. Additionally, contact your insurance company to see what they say.
If you desire to provide fraud prevention services, consider becoming a Certified Fraud Examiner (CFE) or obtain your Certified in Financial Forensics Credential. I became a CFE in 2004 and found the training eye-opening. Though I had been a CPA since 1987, I gained valuable knowledge about system design and fraud prevention.
Will providing fraud prevention services impair your independence? Under existing AICPA independence standards, the answer could be yes (because you are assisting with the design of the internal control system). But the independence issue depends on what you do. Making recommendations probably would not impair independence. Fully designing the internal control structure would impair independence.
If your independence is impaired, you need to say so in the compilation report. Independence is not required in compilations. Take a look at Definitive Guide to Compilation Engagements.
What do you think about offering fraud prevention services to compilation clients?
You can learn more about white-collar crime here.
Get my free accounting and auditing digest with the latest content.
Do you desire to increase your knowledge of fraud prevention and detection? This book will get you there quickly. Click the "buy now" button to see the book on Amazon.
Charles Hall is a practicing CPA and Certified Fraud Examiner. For the last thirty years, he has primarily audited governments, nonprofits, and small businesses. He is the author of The Little Book of Local Government Fraud Prevention and Preparation of Financial Statements & Compilation Engagements. He frequently speaks at continuing education events. Charles is the quality control partner for McNair, McLemore, Middlebrooks & Co. where he provides daily audit and accounting assistance to over 65 CPAs. In addition, he consults with other CPA firms, assisting them with auditing and accounting issues.
Please log in again. The login page will open in a new tab. After logging in you can close it and return to this page.
In my engagements letters, I say that I am providing the fraud prevention assistance but that fraud can still occur–and that the theft can still be material. Verbally, I tell clients that there is no fail-proof system to prevent fraud (and there is not). While I can assist, I can’t make their system completely safe.
Marcus, good for you and your firm. Many CPAs are skittish about offering this service (and I respect that since there are legal liability implications), but, still, I think it’s a viable way to offer a valuable service to clients.
I can see this is an older article, but I totally agree with you that it is an untapped source of revenue. My firm is looking at starting to offer and actively market these services to our clients, and we started by offering a free one hour seminar in the locations where we provide services.
Do you have any suggestions for engagement letter language for a fraud prevention consultation engagement?