Providing Fraud Prevention Services to Compilation Clients

How many small businesses do you compile financial statements for? For most small- to medium-sized CPA firms, the answer is plenty. Now let me ask one more question (please).

What is the greater risk for such small businesses?

  • Financial statements are misstated or
  • The bookkeeper (or someone else) can steal substantial sums of money from the business

Courtesy of

You say, “I’m not engaged to look for potential theft.” In most cases, you probably aren’t. But notice my question is about your client (and your potential opportunity to provide a valuable service).

I find that most compiled small business financial statements are basically correct – often because of the CPA’s involvement. The risk of material misstatement is driven down, and obviously, this is a good thing, but what about the potential for theft?

It seems to me that CPAs seldom talk with their clients about the potential for theft, even though we know, for instance, that the client’s accounting staff consists solely of one bookkeeper.

Theft may occur prior to the CPA’s compilation work, but when theft occurs, bookkeeping clients will sometimes say things like, “surely my CPA is in some way responsible” – even though compilations are not designed to prevent (or detect) fraud.

Defining Your Compilation Service

Let me ask two questions at this juncture:

  1. Do you get compilation engagement letters signed?
  2. Do you verbally explain the limits of your engagement (that you are not providing fraud prevention or detection services)?

These two actions will mitigate your risk when you only provide compilation services.

Providing Fraud Prevention Services

Now let’s consider another service that you can add: fraud prevention.

Do you ever suggest to your client that he or she have you (or someone else trained in fraud prevention) review the accounting system and make fraud prevention suggestions? Here is where, I believe you can add value in addition to the compilation service. I also believe it is largely an untapped source of revenue for small- to medium-sized CPA firms.

If you provide fraud prevention services, you need to create an engagement letter that addresses the boundaries of your work. It is wise to say what you are providing and, more importantly, what you are not providing.

I normally will state that I am providing the additional fraud prevention service to mitigate fraud risk and that the additional work will not provide absolute assurance that fraud will not occur. I go on to say that once the work is complete, “fraud may still occur.” (Check with your insurance carrier for appropriate language.)

In other words, your engagement is to mitigate fraud risk, not eliminate it – a reasonable proposition. (The risk of fraud can seldom, if ever, be fully eliminated.)

Additional Risks for the CPA

But doesn’t providing fraud prevention services create additional risks for the CPA?


Providing any additional service creates additional risks for the CPA. So this is ultimately a business decision for you and your firm.


Will providing fraud prevention services impair your independence? Under existing AICPA independence standards, the answer is often “yes” (because you are assisting with the design of the internal control system). You can offer such a service to a compilation client, but you will need to state your lack of independence in the compilation report.

Agree or Disagree?

What do you think about offering fraud prevention services to compilation clients?