February 9, 2010
 
About the AICPA
Member Service Center
Membership Information
AICPA Mission
Corporate Governance
Understanding the Organization
Frequently Asked Questions
Media Center
People and Places
Jobs at the AICPA
Vision Project
Legal Briefs
Professional Resources
Accounting and Auditing
Accounting and Auditing Technical Help
Accounting Standards
Audit and Attest Standards
Audit Committee Effectiveness Center
Authoritative Standards
Business Reporting Assurance & Advisory Services
Enhanced Business Reporting
FASB Accounting Standards Codification
IFRS
Private Company Financial Reporting
Sarbanes-Oxley Resources
SEC Regulations Committee
XBRL
Tax
Business, Industry, and Government
Financial Management Center
Audit Committee Effectiveness Center
Audit Committee Matching System
Public Accounting Firm Resources
Center for Audit Quality
Employee Benefit Plan Audit Quality Center
Governmental Audit Quality Center
PCPS Firm Practice Center
Small Firm Corner
Peer Review
AICPA Peer Review Program
Peer Review Public File
National Peer Review Committee
Peer Review Transparency
Professional Ethics/Code of Conduct
Code of Conduct
Disciplinary Actions
Professional Ethics
Personal Financial Planning
Forensic and Valuation Services
Information Technology
Antifraud Resource Center
Financial Literacy
Exposure Drafts
CPA Marketing Toolkit
Public Meeting Notices
Conferences, Publications, CPE & the AICPA Library
AICPA Conferences
CPE
Publications
AICPA Library
Magazines and Newsletters
The CPA Letter
Journal of Accountancy
Journal of Accountancy Classified Ads
Newsletters
The Tax Adviser
Weekly News Updates
Copyright Information
Becoming a CPA/Academic Resources
Accounting Education Center
Students and CPA Candidates
Minority Initiatives
Start Here. Go Places.
Career Development and Workplace Issues
What's New
Career Advice
Job Search Tools
Mentoring Guidelines
Women in the Profession
Work-Life Balance
Young CPA Network
Consumer Information
360 Degrees of Financial Literacy
Antifraud Resource Center
Audit Committee Effectiveness Center
Audit Committee Matching System
Disciplinary Actions
Find a CPA
Peer Review Firm Terminations
Peer Review Public File
Web Trust
Media Center and Video Library
Media Center
Video Library
Legislative Activities and State Licensing Issues
Congressional and Federal Affairs
Mobility and State Licensing Issues
State News and Info
   Home · Online Publications · The CPA Letter · February 2004 · AICPA Releases Guidelines on Outsourcing Engagements
 
  AICPA Releases Guidelines on Outsourcing Engagements
 

 


In response to member inquiries regarding outsourcing engagements to third parties, AICPA General Counsel Richard I. Miller and Senior Vice President — Member and Public Interests Alan Anderson have developed a paper to help guide members through the issues. The paper, which has been posted to the AICPA’s Web site, discusses the three subjects implicated by outsourcing: AICPA ethical standards, the Gramm-Leach-Bliley Act pertaining to privacy, and certain Internal Revenue Code provisions. Some of the main points are briefly outlined here.

On the first item, while Ethics Ruling 1, under the Code of Professional Conduct Rule 301 (Computer Processing of Client Returns), specifically deals with the use of outside services to process tax returns, the rule would apply to any use of third-party providers. The ruling advises that members "must take all necessary precautions to be sure that the use of outside services does not result in the release of confidential information." The Code also requires that a member and his/her firm remain responsible for ensuring the accuracy and completeness of the services performed by the third-party provider. Thus, professional services are to be performed with professional competence and due professional care, and the use of a third-party provider does not in any way alter a member’s responsibility in this regard.

In addition to a member’s responsibility under the Code to maintain confidentiality, the Gramm-Leach-Bliley Act must be considered. The Act includes protections that allow consumers to determine when personal financial information could be shared among financial service institutions. The Federal Trade Commission promulgated a set of rules to implement the Act’s privacy requirements governing the use of "consumer financial information" (available at www.ftc.gov/privacy/privacyinitiatives/financial_rule_lr.html).

As currently interpreted, the GLBA requires practitioners who provide, among other things, tax planning and tax preparation services to individual clients, to give notice of the practitioner’s policy regarding disclosure of private information at the start of an engagement, and annually thereafter. While these notices generally are required to disclose categories of nonaffiliated third parties to whom there is disclosure of non-public information, the GLBA does not require that a practitioner specifically disclose to a client that independent third-party providers are used in performing services to clients (i.e., if the third-party provider is connected to or involved in the provision or processing of the services offered by the practitioner, there is no requirement to disclose to the client that information is shared with that third-party provider).

On the third point, the Internal Revenue Code prohibits anyone involved in the preparation of tax returns from knowingly or recklessly disclosing or using the tax-related information provided other than in connection with the preparation of such returns. The regulations under Section 7216 provide an exemption from this law for tax return preparers who disclose taxpayer information to a third party for the purpose of having the third party process the return (note there is no requirement in Section 7216 or its regulations for a member to inform the client that a third-party provider is being used). In addition, Section 7525 provides a client with a privilege similar to an attorney-client privilege when they make certain tax-related disclosures to, among others, CPAs. Care must be taken to assure that a third-party provider does not do anything that adversely affects a client’s rights under this provision.

To summarize, whether derived from the Code or the GLBA, practitioners and their firms are responsible to maintain the security and confidentiality of information. In addition, in performing any services for clients, practitioners must do so with professional competence and due professional care, as well as be in compliance with all provisions of the Code. Once the practitioner is initially satisfied that a third-party provider is properly structured to ensure continued compliance with all laws and regulations and ethical requirements, the practitioner should establish monitoring procedures to ensure that the third-party provider’s procedures remain effective.

Practitioners and their firms should consult their own legal advisers for additional guidance on this subject.

www.aicpa.org/download/ethics/outsourcing.pdf

 

 

 

 

  
 
To ensure that you can receive email messages from the AICPA, remember to update your member profile. Also, add the AICPA's email domains ("aicpa.org" and "email.aicpa.org") to your Sender Safe List, or contact your IT administrator to update your firm's email software.

©2006-2010 The American Institute of Certified Public Accountants
AICPA Privacy Policy and Copyright Information | Jobs at the AICPA | Contact Us
AICPA, 1211 Avenue of the Americas, New York, NY 10036
Trusted Commerce