Given that many firms have relied on home-working for almost two years, regulators and courts are now expecting accountants to formalise their risk management practices for remote workers.
The working world is more virtual than ever, and it seems this is unlikely to change even post-Covid. Accountants face new risks as a result, and identifying and minimising them is key to preventing claims and complaints.
There are several key areas that firms need to pay particular attention to when it comes to managing their risks post-Covid, most of which relate to communications. This article explores these, and presents new ways of mitigating exposures through precise risk management and robust systems.
Terms and conditions
It is important that any initial communications a firm has with clients should clearly define the scope of work. This applies whether it's a letter of engagement or any other document containing contractual terms and conditions of the client relationship.
Now more than ever, firms will need to regularly review any standard T&Cs to ensure they remain fit for purpose. Standard terms that suggest where, or how, work is to be done may need to be reviewed and updated in light of legal developments (e.g. data protection), and more recently, to acknowledge that most professionals are now working from home to some degree. More than ever before, T&Cs or letters of engagement should be revisited regularly during the course of a job to avoid “mission creep”.
Where possible, T&Cs should specify an upper limit for any exposure to compensation in the event of a claim. It is important that this limit reflects the nature and value of the work being undertaken, as well as the limit your insurers will pay in the event of a successful claim.
Even where a professional has properly defined the scope of work and appropriately capped liability at the outset, “mission creep” can undermine all the groundwork laid. This can occur when work undertaken is outside the original scope, for which new T&Cs should have been provided.
Finally in relation to T&Cs, it's important to consider whether third parties might seek, or be entitled, to rely on advice that the professional has given. If this is likely, special provision should be made regarding their ability to do so. This is particularly important in relation to multi-party projects, and should be considered at the time of engagement and regularly thereafter.
As more employees work from home, firms need to put greater focus on record keeping, ensuring that conversations, decisions and instructions are properly noted. Wherever possible, advice given verbally to a client should be repeated in writing. Putting forward a defence to a claim or complaint is always more challenging when having to rely on what the accountant can remember of what happened, or what their usual practice would have been. Reminding colleagues about the importance of keeping good records and confirming instructions always has been, but increasingly will be, key to defending the firm later on should a claim arise.
Supervision and training
Where working practices are changing dramatically, firms should consider whether their systems of supervision and training are appropriate. While working from home, junior colleagues will need to be appropriately trained and supervised.
In the majority of workplaces, junior colleagues may be missing out on “in person” checks and training, as well as the opportunities to receive “training by osmosis” by simply observing more experienced colleagues at work. Additional training, more effective systems of work and more deliberate supervision may be needed to minimise risks at work and at home.
All professional services firms should adopt and follow robust systems for diarising dates and supervision of colleagues, fit for the conditions in which we now find ourselves. The checks which were in place in the physical office must be reviewed, updated and properly adapted to the virtual working environment. Additional training and more effective systems of supervision may need to be put in place to minimise these risks. Failure could lead to potentially serious and expensive claims.
Data breaches and fraud
Cybercrime, fraud and data breaches have been on the rise for accountants over the last 18 months, largely due to increased home-working. This trend is set to continue, as professional fraudsters seek to take advantage of any potentially vulnerable systems. Firms should have effective systems in place to help prevent data breaches or fraud, such as a robust and multi-step central process for checking bank details for money transfers.
Firms should re-examine IT systems to identify data risks and guard against deliberate attacks. They should also conduct training and establish work systems to minimise the risk of accidental data breaches through incorrect email recipients, for example. Courts and regulators are increasingly unmoved by excuses of Covid-19 and remote working. If a business has insufficient protections in place to alert it to fraud or data breaches at an early stage, it will have difficulty in defending a claim for resulting losses.
Although most professionals will likely return to a more “normal” office working environment in the coming months, it is inevitable that remote working will remain part of the picture for many. Devising and adopting efficient and adaptable systems to manage new and existing risks is vital to manage client relationships, training and supervision for junior colleagues' development. In doing so, firms will be better able to prevent and defend against claims and complaints.