TL;DR
On this page
If your E&O carrier flagged your engagement letter as too vague at the last renewal, the carrier is right. Most solo CPA engagement letters fail at one or more of nine specific load-bearing clauses. This post names each clause, cites the authoritative source, and explains why the vague version is a liability rather than a convenience.
The data justifies the discipline. Per Deb Rood, CPA, MST (CNA Risk Control Consulting Director) via AICPA & CIMA, tax services accounted for 77% of the claims asserted against CPA firms in AICPA's Professional Liability Insurance Program in 2024. Per The Tax Adviser citing the same program's 2023 data, over 50% of those tax-related claims involved no engagement letter at all.
"An engagement letter helps set the stage for success throughout the engagement."
Source: Sarah Beckett Ference, CPA, CNA Risk Control Director, in The Tax Adviser, November 2025.
That framing is mild. The harder truth is that the absence of an engagement letter shifts the burden of proof to the practitioner. The clauses below are what move the burden back.
The nine load-bearing clauses
1. Scope of services (specific deliverables, named exclusions)
The scope clause is where most disputes originate. Per Robert M. Moïse, CPA, of the AICPA Tax Practice Responsibilities Committee writing in the Journal of Accountancy, the scope must identify affiliated entities the engagement covers, the time frame (typically one year), who files the returns, and the services that are explicitly excluded.
Courts enforce narrow scope language when it is explicit. Tayebi v. KPMG (N.Y. 2008) is the cited authority that courts will uphold scope language like "we will not update our advice for subsequent changes to the law unless you specifically engage us to do so in writing." The inverse is also true: 1136 Tenants' Corp. v. Max Rothenberg & Co. established that ambiguous engagement terms create liability.
2. Out-of-scope exclusions and the change-order trigger
Per Sarah Beckett Ference at CPAI (CNA's CPA-targeted practice resource), the working clause language is: "if additional services are needed, written client approval will be required, and additional fees will be charged."
The cases Ference cites are scope-creep failures: independence impairment from drift into non-audit services, client expectations that an engagement included embezzlement detection it did not include, disputed tax advisory obligations where the client believed the CPA was monitoring legal changes beyond the engagement scope.
The fix is two-part: name the specific exclusions in the engagement letter, and require written approval before any out-of-scope work begins. "Written" means signed addendum, not a text message.
pro tip
The CAMICO no-absolutes rule. Per CAMICO via MICPA, December 2024, avoid eight specific words in scope language: all, every, any, complete, confirm, totally, validate, verify. A scope that promises "review all transactions" is unenforceable as written and indefensible if a transaction is missed. Replace with bounded language: "review transactions reflected in the bank statements you provide," "reconcile accounts based on documents you provide."
3. Limitation of liability (with the audit/attest carve-out)
The limitation-of-liability clause caps the practitioner's damages exposure. Per Stanley D. Sterna, J.D., CNA Claim Director, writing in Journal of Accountancy, courts generally uphold these clauses when the parties have equal bargaining power and the clause is clearly presented.
"Courts generally uphold limitation-of-liability provisions when the parties have equal bargaining power and the clause is clearly presented. However, audit and attest clients regulated by the SEC, state insurance commissions, or federal banking regulators cannot use limitation-of-liability provisions."
Source: Stanley D. Sterna, J.D., CNA Claim Director, in Journal of Accountancy, October 2015.
The defensible form, per Terms.Law's CPA engagement letter analysis, reads: "The liability of [CPA Firm] to Client for any claim arising out of this engagement shall not exceed the amount of fees paid by Client for the services that are the subject of the claim." Per Francine E. Love, Managing Attorney at LOVE LAW FIRM PLLC, the clause should also explicitly eliminate claims for special, consequential, and punitive damages.
The carve-out most CPAs miss. Per Sterna's Journal of Accountancy analysis, audit and attest clients regulated by the SEC, state insurance commissions, or federal banking regulators cannot use limitation-of-liability provisions. The clause is unenforceable for those engagements. If you do audit or attest work for any such client, the engagement letter must distinguish (and the limitation-of-liability clause applies only to the non-regulated portions).
California also requires the clause to be initialed. Separate initial line from the signature block. Other states are less prescriptive but the practice is defensive.
4. Section 7216 confidentiality (the individual-1040 trap)
The most-violated clause in solo CPA engagement letters is the IRS Section 7216 confidentiality consent. Per the IRS Section 7216 Information Center, Section 7216 is a criminal provision prohibiting disclosure or use of tax return information without client consent.
The rule that catches solo CPAs: for business entity clients, the 7216 consent can appear inside the engagement letter body. For individual 1040 filers, the consent must be a separate written document. Embedding the consent in the engagement letter body for an individual 1040 client is a 7216 violation. Penalty: up to $1,000 fine and one year imprisonment per violation.
The defensive practice: maintain two documents at engagement for any individual client, the engagement letter and a separately-signed 7216 consent. For entity clients, one document is sufficient.
5. Document retention period
Per Karen L. Jones (PwC) and Stephen P. Valenti (NYU) in The Tax Adviser, February 2023, the retention periods that govern CPA records are:
| Source | Period | Scope |
|---|---|---|
| IRC §6107(b) | 3 years | General tax preparer records, after close of return period |
| IRC §6112 | 7 years | Material adviser reportable transactions lists |
| PCAOB | 7 years | Audit documentation for public companies, from report release |
| State board | varies | Often 3-7 years for licensure compliance |
| AICPA best practice | 7 years | Catches every other minimum |
The clean clause: "CPA retains engagement-related records and workpapers for a period of seven (7) years following the conclusion of the engagement, after which records may be securely destroyed."
6. Termination
Per Francine E. Love's clause analysis, the termination clause governs more than how the engagement ends. It affects:
- The start date of any statute of limitations on malpractice claims
- The former-client conflict analysis (when does the client stop being a "current client" for conflict-of-interest purposes)
- Document return obligations
- Final fee acceleration triggers
The defensive form: "Either party may terminate this engagement upon written notice. Upon termination, Client agrees to pay for services rendered through the date of termination, and CPA will return all client-provided records within thirty (30) days."
7. Fee structure and late payment
Per Love Law Firm's clause guidance, the fee section should specify:
- Hourly rate or flat fee (with the explicit method)
- Advance retainer or deposit amount
- Late-payment fee schedule (typically 1.5% per month after Net 15 or Net 30)
- Credit-card dispute waiver (client agrees not to dispute chargebacks for paid services)
- Disorganized-client surcharge (which 75.1% of preparers already use, per the National Society of Accountants Income & Fees Survey cited in the freelance accountant rates report)
8. Mediation and arbitration
Per the CAMICO engagement letter guidance via MICPA, the recommended ADR (alternative dispute resolution) structure is split:
- Mediation for all disputes (mandatory, before any litigation)
- Arbitration for fee disputes only (binding, with an accounting-experienced arbitrator)
The reasoning, per Sterna's Journal of Accountancy analysis: full mandatory binding arbitration of all claims can backfire because juries sometimes return lower awards than arbitrators, especially when the practitioner has clean documentation. Mandating arbitration for all claims gives up the option to defend at trial. The split structure preserves both options.
CAMICO notes a related practice benefit: their underwritten policies offer deductible reductions for early mediation and for documented engagement letter use. The engagement letter is not just liability defense, it is direct insurance economics.
9. Stop-work clause and Circular 230 acknowledgment
Per CAMICO via MICPA, a stop-work clause is explicitly recommended: "CPA may suspend performance of services if Client fails to comply with the obligations set forth in this engagement letter, including timely payment of fees."
The Circular 230 acknowledgment is the lighter clause. Per IRS Circular 230 §10.33, best practices for practitioners include written engagement letters defining scope and fee structure. Add a one-line acknowledgment: "CPA is subject to IRS Circular 230 and complies with its provisions in this engagement."
The Circular 230 reference is a soft credibility signal more than a litigation defense, but it costs nothing to include and signals professional awareness.
The clauses NOT to add
The flip side of completeness is over-inclusion. Per Sterna's Journal of Accountancy analysis and Love Law Firm's clause guide, several clauses CPAs commonly add hurt more than help:
Clauses to remove or rewrite
The evergreen letter risk
A common practitioner shortcut is the "evergreen letter": a single engagement letter that auto-renews each year without re-execution. Per the CAMICO and AICPA guidance, this is a high-risk shortcut:
- Scope drift over time. Year-three services often diverge from year-one engagement terms.
- Section 7216 consent voids. Individual 1040 consents under §7216 have specific renewal requirements that evergreen letters do not satisfy.
- Stale fee terms. The fee schedule from three years ago does not match current rates, creating ambiguity in fee disputes.
- Termination-trigger ambiguity. Statute-of-limitations clocks for malpractice claims can run from "engagement termination," and an evergreen engagement has no clear termination.
Issue a fresh engagement letter annually, before commencing work for the year. Per AICPA & CIMA, the AICPA Annual Tax Compliance Kit (co-developed with CNA) provides 15+ engagement letter templates for individual, partnership, S-Corp, estate, tax consulting, projections, amended returns, and audit representation. Use the AICPA template family as the starting point; tailor the scope and exclusion clauses to the specific client.
The minimum-viable engagement letter (clause checklist)
For a solo CPA setting up a new client engagement, the minimum-viable letter is nine clauses plus a separate 7216 consent for individual clients:
Solo CPA engagement letter checklist
How this maps to FreelanceDesk
FreelanceDesk's proposal builder produces structured engagement letters with the clause architecture above, including the audit/attest carve-out toggle and the separate 7216 consent generation for individual clients. The cross-reference to the bookkeeper-side template is in the bookkeeper engagement letter and proposal template, which covers the parallel structure for the bookkeeping cluster.
The rates side, including the realized-rate math and tax-season surge pricing, is in the freelance accountant rates report. The lien doctrine for non-paying clients applies to CPAs identically to bookkeepers and is in the late payment and accountant's lien post.
The honest summary
The defensible solo CPA engagement letter is nine clauses, not boilerplate. Per the AICPA Professional Liability Insurance Program data, 77% of 2024 claims were tax-related and over half lacked an engagement letter. The math: the letter is the cheapest E&O premium reduction available, both in carrier-deductible terms and in claim-frequency terms. Use the AICPA Annual Tax Compliance Kit templates as the starting structure, tailor scope and exclusions, separate the 7216 consent for individual clients, apply the CAMICO no-absolutes rule throughout, and re-execute annually.
The carrier feedback that flagged your letter is the cheapest signal you will get. Tighten the language now, before a claim makes it expensive.
References
- Practitioner engagement letters: Strategies for increasing compliance, The Tax Adviser, November 2025.
- Say "I do" to engagement letters, AICPA & CIMA.
- Tax engagement letters, Journal of Accountancy, June 2015.
- Weighing strategies to limit litigation risk, Journal of Accountancy, October 2015.
- Engagement Letter Do's and Don'ts, MICPA / CAMICO, December 2024.
- 7 Must-Have Clauses for CPA Client Engagement Letters, Love Law Firm PLLC.
- Effective CPA Engagement Letter: Essential Clauses and Common Pitfalls, Terms.Law.
- Documentation and recordkeeping for tax practitioners, The Tax Adviser, February 2023.
- Section 7216 information center, IRS.
- Treasury Department Circular No. 230, IRS.
- Don't let scope creep lead you out of bounds, CPAI / CNA.