Jan 19, 2022

In 2022 Keep Your Eye on the Firm Risks Inherited from 2021

Mark ThomasKen MackunisStan SternaBy Mark Thomas, CLU, ChFC, Ken Mackunis, and Stan Sterna, JD

For CPAs and their firms, 2021 was a year of challenges and opportunity … and both produced new risks for the profession. The outlook for 2022 is not a lot different: accelerated change and emerging issues will impact how accountants approach the services they provide. Here are three key areas of risk that CPAs must keep in mind as they tackle unexpected challenges, serve their clients in new ways, and look to grow their firms.

CPA at desk in danger of stepping in a bear trapProfessional Liability Risk

One of today’s biggest professional liability risks may be somewhat unexpected: relationship building. CPAs understand that fulfilling their clients’ needs is a crucial part of a successful, collaborative relationship. However, many CPAs struggle to stay on the same page as their clients amid ever-changing markets, revised laws, an evolving economy, and the growing remote work environment. You may have had a client for years, but odds are they are not the same as they were a year ago. Maybe the business concerns have changed, or they have taken on a new job recently. But here is the rub: their expectations of you as their trusted financial adviser hasn’t changed, but it has grown immensely.

CPA firms of all sizes are adopting new technologies, such as virtual communication platforms, secure file exchanges, cloud-based applications, and artificial intelligence tools. In 2022, CPAs will have to pay particularly close attention to the relationships they have with third-party software vendors. Firm leaders should rethink how they manage these relationships and the liability risks inherent with them. After all, sharing sensitive financial data with an outside party is a risk in itself. As such, CPAs should conduct vigorous due diligence when vetting vendors. Additionally, make sure service agreements require vendors to maintain privacy-breach as well as professional-liability coverage and language that they agree to defend, indemnify, and hold the firm harmless for any breach or error/omission on their watch.

CPA Retention and Talent Acquisition

We are just now beginning to get our heads around 2021’s Great Resignation. Staffing issues nationwide are at critical levels, and CPA firms are no exception. In November 2021 alone, more than 4 million Americans quit their jobs. It’s a trend that has been ongoing for months, leaving businesses scrambling to attract and retain talent. CPA firms are feeling this shift acutely, with a significant number of accountants taking their careers in a different direction, to other firms, or into retirement.

If there is any silver lining to COVID-19, more flexible work options such as hybrid and remote work have significantly widened the job market for individual CPAs. One can now consider openings in a neighboring state or across the country without having to physically relocate. Firm leaders who continue to struggle to retain talent and fill their teams will need to rethink their current firm culture and structure.

In 2022, retaining talent will continue as a firm risk, forcing leaders to take a closer look at their team building and engagement staffing plans. That said, CPA firms should be able to take advantage of the broader employment landscape just as individual CPAs are doing. For example, firms with the right mindset will be able to recruit from outside their geographical area and will find greater access to high-qualified candidates. Likewise, executive teams will need to evaluate their current team members and take necessary steps to retain quality personnel by beefing up benefits packages, increasing salaries, or investing in upskilling programs.

Cybersecurity Risks

With the explosion of off-site work since the onset of the COVID-19 pandemic, CPA firms have become more vulnerable to privacy breaches than ever before. No one is immune when it comes to a cyberattack. As aggregators of all sorts of financial and personal data, CPAs have become prime targets for cybercriminals. But don’t make the mistake of thinking this is just a problem for the big guys. Small firms are just as vulnerable, if not more so. After all, cybercriminals tend to target those with weak data security protocols; often these are the smaller firms with fewer resources to invest in cybersecurity.

As the frequency and severity of both professional liability and cybersecurity risks continue to climb, firm leaders should revisit their quality control and data security protocols. They should ensure that engagement letters are in place for all services and – among other things – clearly define the scope of work, the responsibilities of the respective parties to the agreement, and the limits to their liability. In essence, CPA firms should be as thorough as they can when it comes to managing risk.

Mark Thomas, CLU, ChFC, is senior vice president for Aon Affinity in Fort Washington, Pa. He can be reached at
Ken Mackunis is executive vice president, professional firms, for Aon Affinity in Hatfield, Pa. He can be reached at
Stan Sterna, JD, is vice president of Aon Insurance Services in Chicago. He can be reached at

If you missed PICPA's Accounting & Auditing Conference this past December, you have one more chance to join in. Sign up today for the Feb. 16, 2022, online replay of the conference. This conference is tailored to practitioners who perform audit, attest, and assurance services and corporate accountants. If this describes you, don't miss it again!

Sign up for weekly professional and technical updates from PICPA's blogs, podcasts, and discussion board topics by completing this form.  

Leave a comment

Thousands of CPE Courses  

With the highest quality CPE and thousands of options for online, self-study, and in-person learning, PICPA's CPE meets all of your professional education needs.

Search Courses
PICPA Staff Contributors
Statements of fact and opinion are the authors’ responsibility alone and do not imply an opinion on the part of PICPA officers or members. The information contained in herein does not constitute accounting, legal, or professional advice. For professional advice, please engage or consult a qualified professional.
Follow @PaCPAs on Twitter