Providing Fraud Prevention Services to Compilation Clients
This post discusses CPAs providing fraud prevention services to compilation clients. If you havenโt done so in the past, it could be a new revenue stream for your firm.ย
The Greater Risk for Your Client
How many clients do you provide compilation services to? For most small- to medium-sized CPA firms, the answer is usually many. Now let me ask you another question.
What is the greater risk for your client?
- Financial statements are misstated or
- A trusted bookkeeper (or someone else) is stealing substantial sums of money from the business
You say, โBut Iโm not engaged to look for potential theft or prevent it.โ Regarding compilation engagements, you are right. Notice, however, my question is about your client.
I find that most compiled financial statements are basically correctโoften because of the CPAโs involvement. The risk of material misstatement is driven down, and obviously, this is a good thing, but what about the potential for theft?
It seems to me that CPAs seldom talk with their compilation clients about the potential of fraud, even though we know, for instance, that the clientโs accounting staff consists of one bookkeeper. So, we are aware that the clientโs accounting system lacks segregation of duties.
When fraudย happens, clients will sometimes say, โmy CPA is responsibleโโeven though compilations are not designed to prevent (or detect) fraud. Therefore, we must clearly define the services we are providing.
Defining Your Compilation Service
Here are two questions to consider in defining your compilation engagements when you are not providing fraud prevention services.
- Do you obtain aย signedย compilation engagement letter?
- Do you verbally explain the limits of your engagements (that you are not providing fraud prevention or detection services)?
These two actions lessen your risk.
If, however, you desire to provide fraud prevention services in addition to the compilation, then include appropriate language in your engagement letter to cover the additional service or use a separate engagement letter to address the fraud prevention work. More about this in a moment.ย
Fraud Prevention and Compilation Servicesย
Do you ever suggest to your client that he or she have you (or someone else trained in fraud prevention) review the accounting system and make fraud prevention suggestions? Here is whereย I believe you can add value to the compilation service. I also believe it is largely an untapped source of revenue for small- to medium-sized CPA firms.
Obviously, you need to understand internal controls and fraud prevention prior to providing fraud prevention services. If you donโt have that knowledge, you can obtain it from organizations such as the Association of Certified Fraud Examiners.ย
If you provide fraud prevention services, you need to create an engagement letter that addresses the boundaries of your work. It is wise to say what you are providing and, more importantly, what you are not providing.
I normally state that I am providing the additional fraud prevention service to mitigate fraud risk and that the additional work doesย not provide absolute assurance. I go on to say that once the work is complete, โthat fraud can still occur.โ (Check with your insurance carrier for appropriate language.)
In other words, your engagement is to lessen fraud risk, not to eliminate it,ย a reasonable proposition. (The risk of fraud can seldom, if ever, be fully eliminated. And I tell my clients this.)
Fraud Prevention Services Create Risk
But doesnโt providing fraud prevention services create additional risks for the CPA?
Yes.
Providing any additional service creates risk for the CPA. So this is ultimately a business decision for you and your firm. Additionally, contact your insurance company to see what they say.ย
If you desire to provide fraud prevention services, consider becoming a Certified Fraud Examinerย (CFE) or obtain your Certified in Financial Forensics Credential. I became a CFE in 2004 and found the training eye-opening. Though I had been a CPA since 1987, I gained valuable knowledge about system design and fraud prevention.
CPA Independence
Will providing fraud prevention services impair your independence? Under existing AICPA independence standards, the answer could beย yesย (because you are assisting with the design of the internal control system). But the independence issue depends on what you do. Making recommendations probably would not impair independence. Fully designing the internal control structure would impair independence.
If your independence is impaired, you need to say so in the compilation report. Independence is not required in compilations. Take a look atย Definitive Guide to Compilation Engagements.ย
Agree or Disagree?
What do you think about offering fraud prevention services to compilation clients?
You can learn more about white-collar crime here.
Related
In my engagements letters, I say that I am providing the fraud prevention assistance but that fraud can still occur–and that the theft can still be material. Verbally, I tell clients that there is no fail-proof system to prevent fraud (and there is not). While I can assist, I can’t make their system completely safe.
Marcus, good for you and your firm. Many CPAs are skittish about offering this service (and I respect that since there are legal liability implications), but, still, I think it’s a viable way to offer a valuable service to clients.
I can see this is an older article, but I totally agree with you that it is an untapped source of revenue. My firm is looking at starting to offer and actively market these services to our clients, and we started by offering a free one hour seminar in the locations where we provide services.
Do you have any suggestions for engagement letter language for a fraud prevention consultation engagement?