Considerations Before Sending Client Information to Third Parties

By CPABC
Last Revision: 7/1/2017

As entities look for cost-effective options in meeting their reporting obligations, practitioners need to be diligent in their engagement acceptance procedures. This includes assessing the request, such as the applicable level of assurance being sought and performing the engagement in accordance with the appropriate professional standards. 

The assurance and related services standards in the CPA Canada Handbook – Assurance provide a great degree of flexibility for practitioners. However, many of these standards are relatively new and practitioners might need to become familiar with them first.

A few examples of third party requests for information upon which the practitioner has prepared, signed, or otherwise reported on are: 

Information Requested

Example

Third party generated forms

Accountant’s Reports for the Law Society of BC and the Real Estate Council of BC

Schedules or forms summarizing financial information

Financial reporting framework for BC Housing

Copy of information provided to management

Management letters

Verification of terms or conditions

Report on compliance with terms of a common area cost or rental agreement

Confirmation that specific conditions are met

Private company shares as qualified investment for RRSP

Financial information

Budget or cash flow supporting a business loan

 
Applicable standards

For engagements other than the provision of an audit or review of the information, practitioners might consider the applicability of:

  • CSRS 2400 Reports on Supplementary Matters Arising from an Audit or a Review Engagement;
  • Section 9100 Reports on the Results of Applying Specified Auditing Procedures to Financial Information Other than Financial Statements; or
  • Assurance and related services guideline 16 Compilation of a Financial Forecast or Projection.

Appropriate Communication

A third party might place reliance on the information that was never intended when deliverables are provided to clients without a communication identifying the scope of services provided. If you have performed one of the above engagements and your client has inappropriately used your communication or firm’s name for a purpose that was not anticipated or intended when you accepted the engagement, you will need to consider Canadian Standard on Association (CSOA 5000). The practitioner’s response will depend on whether the information has been released:

  • Before distribution: The practitioner is required to request the entity to correct the inappropriate use of the practitioner’s communication or name.
  • After distribution: The practitioner is required to discuss what action the entity intends to take to inform appropriate parties of the inappropriate use of the practitioner’s communication or name.

Points to Keep in Mind

For all engagements, practitioners should consider the following steps:

  1. Prior to accepting any engagement, obtain sufficient information about the entity and their needs in order to identify all deliverables, intended users, and uses of the reports.
  2. Consider all relevant professional standards (including the CPA Canada Handbook – Assurance and the CPABC Code of Professional Conduct) to ensure the appropriateness of acceptance. This might include assessing whether you have the sufficient competence in performing the engagement or the required independence.   
  3. Agree to all relevant terms in the engagement letter, specifically identifying all deliverables and considering any applicable restrictions of use.
  4. Ensure all deliverables have the appropriate engagement report or communication to clarify the limited nature and scope to the original purpose of the engagement.

On a related topic, see Considerations When Issuing Management Letters.