Editor: Stephen P. Valenti, CPA
The AICPA’s Statements on Standards for Tax Services (SSTSs) are enforceable standards that apply to all AICPA members providing tax services. Certain states also incorporate the SSTSs as part of their professional rules of conduct for CPAs.
The SSTSs, based on the AICPA Statements on Responsibilities in Tax Practice (SRTPs) that were originally issued between 1964 and 1977, were first adopted by the AICPA Tax Executive Committee (TEC) in August 2000, and the most recent significant updates to the SSTSs were made Jan. 1, 2010. In October 2018, the TEC approved formation of an SSTS Revision Task Force to update the SSTSs. On Jan. 26, 2022, the TEC voted to expose the standards to the AICPA membership, with comments due Dec. 31, 2022, and an effective date of Jan. 1, 2024.
The task force was composed of AICPA Tax Section members representing diverse interests including small and sole practitioner tax firms, the Private Companies Practice Section (PCPS), medium and large CPA firms, and academia (see the sidebar, “SSTS Revision Tax Force Members”). The task force held numerous meetings to identify and develop both updates to the current SSTSs and entirely new standards. As part of those efforts, the task force:
■ Reorganized the SSTSs by type of tax work performed;
■ Reviewed and revised the existing SSTSs to reflect the current state of the profession and the emerging needs of today’s members; and
■ Promulgated three new standards not previously addressed by the SSTSs regarding data protection, reliance on tools, and the representation of tax clients before taxing authorities.
This column briefly summarizes the three new standards and explores how they will apply to all CPAs providing tax services. As chair of the task force, the author encourages all members to carefully consider these new standards and provide their comments, both favorable and unfavorable. Open discussion and consideration of these standards is a vital component of the self-regulation process that will drive the profession forward. Members may view and download from the AICPA website a combined document that includes revisions to the existing standards, the three new standards, and an Invitation to Comment on the subject of quality management in tax.
This column is not an authoritative interpretation of the SSTSs but reflects the opinions of the author. Members should use their professional judgment in applying this discussion to their own particular facts and circumstances.
SSTS 1.3., Data Protection
Section 1.3.4. A member should make reasonable efforts to safeguard taxpayer data, including data transmitted or stored electronically.
Section 1.3.5. A member should consider applicable privacy laws when collecting and storing taxpayer data.
CPAs involved in tax return preparation have access to significant amounts of confidential financial and personal information. As the role of technology in accessing that confidential data increases, the risk to taxpayer data also increases, as demonstrated by an increase of more than 80% in data breaches reported by CPA firms between 2014 and 2020 (Shinn and Jorgensen, “Cybersecurity: An Urgent Priority for CPA Firms,” 51 The Tax Adviser 276 (April 2020)). Therefore, the task force believed it was important to implement a standard that ensures members adopt reasonable safeguards to protect taxpayer data, both electronic and otherwise.
However, the task force also recognized that continuous advances in technology make it challenging to identify any one set of standards with broad applicability across all tax practices. Therefore, instead of defining required elements for a data security plan, the task force drafted a standard requiring members to make “reasonable efforts” to safeguard taxpayer data. The standard’s accompanying explanation does give examples of possible data security plan components, such as the use of virtual private networks (VPNs), strong password policies, and firewalls, but all members are ultimately expected to customize their data protection efforts based on their particular facts and circumstances. The standard also calls out the vital role training should have in a data protection plan, especially for nonmember personnel.
Members of the task force believe most AICPA member tax practices already take appropriate efforts to safeguard taxpayer data. This belief is supported by the relatively small number of data theft reports to the IRS across all tax preparers, not just CPAs: 211 in 2020 and 222 in 2021 though June 30 (IRS, “Boost Security Immunity: Fight Against Identity Theft”). However, even one data breach is too many, and cybercriminals continue to increase their efforts. The task force therefore wanted to put in place a sensible standard that would be supported by continuing education efforts around data protection.
A CPA firm planning to apply the new standard first must consider whether the firm’s existing data protection efforts are reasonable. As explained in SSTS Section 1.3.6., factors including the impact of continuing technological developments, member-specific factors such as the type of service being provided, and firm size are taken into account when considering whether a plan is reasonable. For example, a sole practitioner would not be expected to have a plan as complex as that of a 100-member firm but would be expected to take basic steps to protect taxpayer data, which might include installing and using virus-scanning software, using VPN software, and securing computers with a password. Also note that the Gramm-Leach-Bliley Act, P.L. 106-102, establishes a requirement for tax preparers to implement an information security plan. The AICPA has developed a sample template available to Tax Section members.
Once members have verified they have taken reasonable efforts to protect taxpayer data, they should consider whether additional steps are advisable. For example, members may choose to put in place a plan to ensure unnecessary client data is not maintained, mask personally identifiable information where permissible, and/or establish a training program around data protection measures.
SSTS 1.4., Reliance on Tools
Section 1.4.3. A member should exercise appropriate professional judgement and professional care when relying on a tool.
Section 1.4.4. A member may reasonably rely on tools used in providing tax services to a taxpayer. Use of the tool does not absolve the member of his or her professional obligations under AICPA or other applicable ethical standards.
CPAs rely on technology to provide services more today than at any point in history. That trend will likely continue with the introduction of artificial intelligence, data science, quantum computers, and other developing technologies. However, tax professionals do not have written standards allowing them to place a degree of reliance on these tools when providing services. The task force identified the need for a standard that protects members by defining when they may reasonably rely on tools used in the performance of tax services.
SSTS Section 1.4. applies to a broad range of tools including but not limited to tax preparation software, tax calculation tools, and tax research tools. Members are allowed to reasonably rely on tools as long they use appropriate professional judgment and professional care in selecting and using that tool. For example, it would generally not be reasonable for a member to assume a tax return prepared using a standard tax compliance software package was complete without reviewing the prepared tax return itself. The member should also employ a normal tax return review process, taking steps such as confirming that taxable income computed by the tax return software matches the expected taxable income from the taxpayer’s trial balance.
In the case of tools used for tax research, the member may not be able to confirm the accuracy of a specific source as directly. Instead, the member should consider the source of the research. For example, documentation obtained from a prominent subscription-based tax research software vendor may have more weight than opinion articles from independent internet sources. The standard does not, however, prevent a member from using an opinion article in developing a position; a member should use professional judgment to apply sound tax principles in applying the opinion put forward in that article.
The task force believes the majority of members already follow the proposed standard, exercising diligence both in the selection of tax tools and their use. This standard will assist those members when working through an issue arising from software errors. Although reliance on software alone will not constitute an adequate defense, the task force believes this standard establishing principles for the reliance on tools will be overwhelmingly beneficial to members (see, e.g., Smalley, “Reliance on Tax Software Does Not Let Taxpayer Off the Hook,” Tax Insider (Aug. 3, 2017), discussing a Tax Court case where the taxpayer was denied relief when asserting reliance on personal tax preparation software).
To implement this standard, firms should review their current tool selection process to ensure it meets the essence of the standard. For many widely available and relied-upon tax software packages, members may find that a basic review of a new software vendor’s offerings is sufficient to demonstrate that reliance on the tool is appropriate. However, members should also remember that use of a tool does not absolve the member of professional obligations under AICPA or other applicable ethical standards. Therefore, members should consider implementing a general technical review process to ensure work product is accurate.
SSTS 4, Standards for Members Providing Tax Representation Services
Section 4.1.3. The member, and any individuals working with or for the member, should have or take steps to obtain technical competence in the subject matter involved. This includes competence in the technical tax area involved as well as the tax practice and procedures of the taxing authority. For this purpose, competence follows the definition established in Section 10.35 of [Treasury] Circular 230 [Regulations Governing Practice Before the Internal Revenue Service (31 C.F.R. Part 10)].
Section 4.1.4. The member should take appropriate steps to ensure compliance with all relevant professional and regulatory obligations when representing a taxpayer.
Section 4.1.5. The member should act with integrity and professionalism in all dealings with the taxing authority. This includes not unduly delaying or impeding the taxing authority.
Section 4.1.6. Information requested by the taxing authority should, with taxpayer approval, be provided by the member on a timely basis unless there is a good-faith belief that the information is privileged.
Section 4.1.7. The member should consider if the taxpayer’s conduct may be fraudulent or criminal in nature. If so, the member should advise the taxpayer to retain legal counsel and refrain from further representation.
Section 4.1.8. Upon completion of the examination by the taxing authority, the member should review any documents or computations detailing the results of the examination for correctness and discuss with the taxpayer the consequences of agreeing to these conclusions.
The SRTPs, predecessors to the SSTSs, were drafted at a time when tax practices primarily only prepared tax returns. Since then, tax practices have expanded to provide a wide variety of services including tax representation services. The task force believed the continuing growth in the number of CPA firms providing tax representation services obligated the development of a standard.
In the course of developing the standard, both the task force and others raised the question of whether a separate standard was necessary, given the breadth of guidance provided by Circular 230. Upon discussion of the issue, the task force agreed that Circular 230 does provide significant guidance to anyone involved in the representation of a taxpayer before a taxing authority. However, that guidance applies only to the representation of federal tax clients. Task force members therefore felt it important to develop one overall set of standards that would apply to all members providing tax services, regardless of tax jurisdiction. SSTS 4 is not intended to override other regulatory standards but rather to supplement existing standards and serve as basic standards where a lower or no standard otherwise exists.
SSTS 4 does generally follow familiar concepts for experienced tax practitioners. First, members can represent taxpayers in an issue they do not have direct experience with, but they are expected to take steps to obtain technical competence as part of that representation engagement. Second, members are expected to comply with all other relevant professional and regulatory obligations in providing representation services, such as Circular 230 and the AICPA Code of Professional Conduct (the AICPA Code). Third, members are expected to maintain integrity and professionalism in dealing with tax authority representatives. Fourth, members are expected to, with taxpayer approval, respond timely to tax authority requests for information. Fifth, members are advised to refer any situations in which there may be fraudulent or criminal taxpayer activity to legal counsel and withdraw from further representation. And sixth, members are expected to review documents or computations from an examination for correctness, discussing the results with the taxpayer.
Application of this standard will generally require little action for most members who already are aware of and abide by Circular 230 and the AICPA Code. It is recommended that members read through and familiarize themselves with the new standard, identify any parts of their practice to which the standard is relevant, and ensure current practice is in line with the new standard.
Invitation to comment
One of the aims of the AICPA Code is to protect the public interest. Paragraph .01 of “The Public Interest” interpretation (ET §0.300.030) states: “Members should accept the obligation to act in a way that will serve the public interest, honor the public trust, and demonstrate a commitment to professionalism.” Members are expected to provide quality services in a manner that demonstrates a level of professionalism consistent with those goals.
As part of the process to update the SSTSs, the task force held extensive discussions around the importance of additional concepts with the potential to significantly impact the tax practice of the future. A resonating theme emerged in many discussions related to quality management in tax, defined as a proactive, risk-based, scalable approach to ensure that an individual firm possesses the necessary competence to practice. Based on the discussions, members agreed that quality is a key market differentiator in their practices; however, its implementation is inconsistent, and the environment in which members operate is dynamic.
Therefore, the AICPA is inviting members and stakeholders to comment on the questions raised in an Invitation to Comment. The task force and the TEC will consider all comments in determining the best approach to address quality within the tax function.
As this is the first major update to the SSTSs in more than 10 years, the AICPA realizes many members will have questions and concerns. For this reason, the standards are being exposed for an extended period through Dec. 31, 2022, to allow as many comments and questions as possible to be addressed. Please send any comments and questions on the revisions to the SSTSs and the Invitation to Comment using our online form. Alternatively, members may email their submission to SSTScomments@aicpa-cima.com. All comments received will be considered. Thank you for your attention to this important change for tax practitioners.
SSTS Revision Task Force members
■ David J. Holets (chair), Crowe LLP, Indianapolis
■ Lea A. Fletcher, KPMG LLP, Charlotte, N.C.
■ Nicholas M. Preusch, YHB CPAs & Consultants, Fredericksburg, Va.
■ Thomas J. Purcell III, Creighton University, Omaha, Neb.
■ Heidi A. Ridgeway, Grant Thornton LLP, Chicago
■ Stephanie S. Saunders, Saunders & Saunders PC, Virginia Beach, Va.
■ Gerard H. Schreiber Jr., Schreiber & Schreiber CPAs, Metairie, La.
■ Norma J. Schrock, Ernst & Young LLP, Washington, D.C.
■ Joseph J. Tapajna, University of Notre Dame, Notre Dame, Ind.
■ Christopher J. Wittich, Boyum Barenscheer PLLP, Bloomington, Minn.
■ Henry J. Grzes (staff liaison), AICPA, Durham, N.C.
David J. Holets, CPA, is a partner and leader of tax quality control functions at Crowe LLP in Indianapolis. Stephen P. Valenti, CPA, is professor emeritus of accounting at New York University. Mr. Holets is chair of the AICPA Tax Practice Responsibilities Committee and the SSTS Revision Tax Force, and Mr. Valenti is a member of the AICPA Tax Practice Responsibilities Committee. For more information on this column, contact email@example.com.