• How Social and Digital Media Can be a Major Risk to CPAs

    How Social and Digital Media Can be a Major Risk to CPAs March 28, 2016

    Electronic communication can be fraught with peril for the unwary CPA

    by Sarah Beckett Ference, CPA, and Stanley D. Sterna, J.D.

    Apart from the time-honored holiday newsletter, when was the last time you wrote a letter or received one in the mail? When was the last time you talked to someone on a landline phone? Other than the rare family reunion, how many of us stay in touch with distant friends and family outside of social media?

    Electronic communication has substantially replaced regular mail and, to a lesser extent, the telephone, as the basic mode of communication. Whether it is sending an email, texting, instant messaging, or simply communicating on social media, electronic communication has revolutionized how we communicate with friends, family, and business colleagues. With the advent of modern technology, our thoughts and feelings can be instantly transcribed and transmitted to the world.

    The evolution of electronic communication has similarly affected the accounting profession. A CPA firm can market its practice and promote its brand through a well-designed website or social media outlet at minimal expense. Electronic communication also permits a free flow of ideas, industry trends, and practice tips; it connects CPAs with thought leaders in specific areas of practice and client industries. Billings can be transmitted electronically to clients for expeditious receipt, review, and hopefully, payment.

    Nevertheless, electronic communication can be fraught with peril for the unwary professional. CPAs who become over-reliant on this form of communication confront increased professional liability risk. This column explores some of the more common risks CPAs may encounter with electronic communication and discusses how a professional can make appropriate use of the media while avoiding potential liability exposure.

    What are the risks?

    Increased risk for breach of confidential client information

    CPAs are in a unique position of having access to a variety of personal information, such as Social Security numbers, Forms W-2, tax returns, credit/debit card data, financial account information, intellectual property, and even protected health information. As a result, a CPA can inadvertently breach client confidentiality or disseminate protected information online by merely pushing a button through casual and indiscreet use of technology.

    Boasting can threaten credibility

    CPAs, like other professionals, may exaggerate their accomplishments and capabilities on social media websites, such as LinkedIn, or on the firm’s website, in an effort to bolster the practice. When a plaintiff’s attorney is in the process of investigating a claim by an irate client, they will likely peruse online resources to obtain inexpensive and informal discovery and see how a CPA firm presents itself to the general public. A relatively defensible case on its merit may become less defensible if a CPA’s credibility is called into question due to a potentially inflated online post.

    Questions of Objectivity

    Objectivity is required by the “Integrity and Objectivity Rule” [1.100.001] of the AICPA Code of Professional Conduct for all services CPA firms provide. Moreover, independence is required for attest services. In a professional liability claim, plaintiff attorneys will use a variety of mechanisms to discredit the CPA and demonstrate that the CPA failed to maintain objectivity or, where required, independence. With electronic communications, appearance and perception are often equated with reality. Thus, the informal nature of texting, email, and social posts can seriously undermine the defensibility of a professional liability claim. The following scenario, based on an actual claim, is instructive:

    Example: A CPA firm was engaged to perform audits for a company. The audit partner and the company CFO were fans of two college basketball teams that had a long-standing and heated rivalry. Each year in the week leading up to the big game, the two would engage in friendly email banter and wager the outcome.

    During the course of the engagement, it was discovered that the CFO had embezzled in excess of $1 million from the company over several years. The embezzlement scheme was so intricate that it was virtually impossible to discover the fraud, and the amount of the fraud in any given year was below the CPA firm’s materiality threshold. Nonetheless, the company’s attorney asserted that the audit partner’s independence was compromised and that, as a result, he overlooked certain red flags demonstrating weaknesses in its internal controls. The emails between the audit partner and the CFO became the centerpiece of the company’s case. While most of the emails were innocuous in substance, when the messages were taken out of context, the company’s attorney compiled demonstrative evidence to assert a lack of independence.

    Can I delete?

    The delete button is not an all-powerful eraser that wipes the slate clean. Individual recipients of electronic communication may have retained a copy of a deleted correspondence, or someone may have taken an electronic snapshot of a social media post before it was deleted. In addition, businesses often retain deleted communications for several years in accordance with document retention policies. This, when confronted with a request for the production of deleted communications, a CPA firm or its online service provider will probably be able to retrieve most deleted emails.

    Even if an electronic communication cannot be retrieved, a CPA may still encounter problems. In some jurisdictions, if a court finds that an individual intentionally deleted a message relevant to an issue in the case, the jury will be told that it can draw an adverse inference from the act. A CPA also may be liable for reasonable attorneys’ fees incurred by an opponent or other sanctions due to the destruction of evidence.

    Risk Management Recommendations

    Based on the experience of the AICPA Professional Liability Insurance Program, consider the following guidance when using electronic communications:

    1. Establish a sound policy for the use of electronic communications at the firm. Train all personnel on this policy, underscoring the importance of professionalism.
    2. Create an open dialogue with employees about the appropriate use of electronic communications and the firm’s expectations and best practices regarding usage.
    3. Manage the use of social media, emails, and other forms of electronic communications to avoid “shooting from the hip” or presenting impulsive comments regarding work, services, clients, and other topics. When in doubt, wait an hour before sending a message and reread it with a clear mind before hitting the Send button.
    4. Maintain separate accounts for personal and professional electronic communications.
    5. Self-police email communications—maintain a professional tone, watch language usage, double-check spelling, and use standard grammar to build credibility.
    6. Learn about privacy settings and set them accordingly.
    7. “Untag” yourself from social media posts if you notice something inappropriate.
    8. Stay positive. Negative comments about work or clients are inappropriate and can harm the firm’s professional reputation.

    Questions to ask before pressing enter

    CPAs should embrace the revolution in electronic communication and be able to realize the many benefits it offers in communication, education, and presentation of the firm’s practice in a positive and enterprising manner. However, as professionals, be careful. Think before sending electronic communications or posting on social media. Consider:

    • “What would my clients think if they read this?”
    • “Is this something a client would want disseminated?”
    • “Is this something I would say in a formal letter?”

    If all else fails, picture yourself sitting on the witness stand at trial being confronted by an aggressive plaintiff attorney brandishing an enlarged copy of your electronic communication and ask, “Is this something that I am proud to have written?”

    Brunswick Companies is the Territorial Administrator for the AICPA® CNA Sponsored Program and we proudly share their market insights.