Printer Friendly

AICPA releases guidelines on outsourcing engagements.

In response to member inquiries regarding outsourcing engagements to third parties, AICPA General Counsel Richard I. Miller and Senior Vice President--Member and Public Interests Alan Anderson have developed a paper to help guide members through the issues. The paper, which has been posted to the AICPA's Web site, discusses the three subjects implicated by outsourcing: AICPA ethical standards, the Gramm-Leach-Bliley Act pertaining to privacy, and certain Internal Revenue Code provisions. Some of the main points are briefly outlined here.

On the first item, while Ethics Ruling 1, under the Code of Professional Conduct Rule 301 (Computer Processing of Client Returns), specifically deals with the use of outside services to process tax returns, the rule would apply to any use of third-party providers. The ruling advises that members "must take all necessary precautions to be sure that the use of outside services does not result in the release of confidential information." The Code also requires that a member and his/her firm remain responsible for ensuring the accuracy and completeness of the services performed by the third-party provider. Thus, professional services are to be performed with professional competence and due professional care, and the use of a third-party provider does not in any way alter a member's responsibility in this regard.

In addition to a member's responsibility under the Code to maintain confidentiality, the Gramm-Leach-Bliley Act must be considered. The Act includes protections that allow consumers to determine when personal financial information could be shared among financial service institutions. The Federal Trade Commission promulgated a set of rules to implement the Act's privacy requirements governing the use of "consumer financial information" (available at financial_rule_lr.html). As currently interpreted, the GLBA requires practitioners who provide, among other things, tax planning and tax preparation services to individual clients, to give notice of the practitioner's policy regarding disclosure of private information at the start of an engagement, and annually thereafter. While these notices generally are required to disclose categories of nonaffiliated third parties to whom there is disclosure of non-public information, the GLBA does not require that a practitioner specifically disclose to a client that independent third-party providers are used in performing services to clients (i.e., if the third-party provider is connected to or involved in the provision or processing of the services offered by the practitioner, there is no requirement to disclose to the client that information is shared with that third-party provider).

On the third point, the Internal Revenue Code prohibits anyone involved in the preparation of tax returns from knowingly or recklessly disclosing or using the tax-related information provided other than in connection with the preparation of such returns. The regulations under Section 7216 provide an exemption from this law for tax return preparers who disclose taxpayer information to a third party for the purpose of having the third party process the return (note there is no requirement in Section 7216 or its regulations for a member to inform the client that a third-party provider is being used). In addition, Section 7525 provides a client with a privilege similar to an attorney-client privilege when they make certain tax-related disclosures to, among others, CPAs. Care must be taken to assure that a third-party provider does not do anything that adversely affects a client's rights under this provision.

To summarize, whether derived from the Code or the GLBA, practitioners and their firms are responsible to maintain the security and confidentiality of information. In addition, in performing any services for clients, practitioners must do so with professional competence and due professional care, as well as be in compliance with all provisions of the Code. Once the practitioner is initially satisfied that a third-party provider is properly structured to ensure continued compliance with all laws and regulations and ethical requirements, the practitioner should establish monitoring procedures to ensure that the third-party provider's procedures remain effective.

Practitioners and their firms should consult their own legal advisers for additional guidance on this subject. ethics/outsourcing.pdf
COPYRIGHT 2004 American Institute of CPA's
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 2004, Gale Group. All rights reserved. Gale Group is a Thomson Corporation Company.

Article Details
Printer friendly Cite/link Email Feedback
Title Annotation:American Institute of Certified Public Accountants; Code of Professional Conduct
Publication:CPA Letter
Geographic Code:1USA
Date:Feb 1, 2004
Previous Article:New CPA exam candidate booklet available; February webcast to explain computer-based test.
Next Article:DOL issues frequently asked questions on small pension plan audit waiver regulation.

Related Articles
Council approves non-CPA ownership, accreditation proposals.
Doing the right thing: case studies give tips on how CPAs can remain within ethical boundaries.
SEC Proposes Sweeping Rules; Ripple Effect Could Impact Firms that Audit Private Companies.
disciplinary actions.
Exposure drafts outstanding.
AICPA considers additional outsourcing guidance.
Exposure drafts outstanding.
Disciplinary actions.
AICPA provides guidance on outsourcing.
AICPA provides Department of Labor with comments on auditor independence rules.

Terms of use | Privacy policy | Copyright © 2021 Farlex, Inc. | Feedback | For webmasters |