The American Institute of CPAs (AICPA) is seeking comments on a proposed ethics rule that would allow members to perform a quality review of a member’s practice authorized by the AICPA, state CPA society or Board of Accountancy without getting clients’ consent to disclose information revealed in the review.
The AICPA’s Professional Ethics Executive Committee asks that comments regarding “Disclosing Client Information in Connection With a Quality Review” be submitted by Aug. 20 to the Professional Ethics Division at [email protected]. If adopted, the new rule would be codified in ET Sec. 1.700.110.
The existing rule allows peer reviews and reviews pertaining to acquiring a practice. For tax professionals, a quality review is a review of the member’s tax practice and includes “voluntary tax practice reviews,” according to AICPA guidelines.
However, it was not clear to members or the public whether quality reviews were included in those exceptions to obtaining specific client consent,” according to the AICPA’s notice about the proposal. “Specifically, a quality review is not for purposes of acquisition and is not required by any state board or state society to provide tax services.”
The proposed rule would apply to any member obtaining or performing a quality review of a tax practice. The ethics committee reviewed existing exceptions for third-party reviews of a member’s practice and agreed that the proposal meets the existing approaches to reviews of a practice.
But members who perform quality reviews cannot use “to their advantage” or disclose any information learned during the review, the AICPA notice states.
Members who obtain such reviews also should be satisfied that the disclosure requirements of Treas. Reg. 7216, which addresses confidential information provided or obtained during a quality review, are met at a minimum and apply additional safeguards as the member considers necessary.
The AICPA notes that Treas. Reg. 7216 requirements regarding information disclosures during quality reviews aren’t less restrictive than the organization’s Confidential Client Information Rule and are adequate protections against prohibited disclosures.
If threats still aren’t at an acceptable level, the member should take added precautions, including a confidentiality agreement or removing identifiable information.