CPA engagement letter liability caps - what's reasonable and enforceable?

We're hiring a new CPA firm for audit work. Their engagement letter has a liability cap limiting their liability to "the fees paid for the engagement." We're paying them $45,000 for the audit.

If they screw up our financials and we have SEC issues or investor lawsuits, their max exposure is $45K? That seems absurdly low. Our company could face millions in damages from a negligent audit.

Is this standard? Is it even enforceable? Should I push back?

I'm a CPA with my own practice, so I'll give you the accountant's perspective.

Yes, liability caps are standard in engagement letters. The AICPA actually provides sample engagement letters with liability limitation provisions. Reasons we include them:

• Malpractice insurance is expensive and has limits
• Accountant liability has expanded dramatically over the decades
• We can be sued by third parties we never worked with (investors, lenders)
• Damages in financial cases can be massive relative to our fees

That said, "fees paid for engagement" is on the aggressive end. More common is a multiple of fees (2-3x) or capped at malpractice insurance limits.

I handle professional liability cases. Here's the legal landscape on liability caps:

Generally enforceable: Courts in most states will uphold reasonable liability caps in professional services contracts between sophisticated parties. Key word: reasonable.

What makes a cap enforceable:

• Both parties are sophisticated (business entities, not consumers)
• There was actual negotiation opportunity
• The cap bears some relationship to the risks and fees
• It's clearly written and conspicuous

What can void a cap:

• Gross negligence or willful misconduct (most caps have carve-outs)
• Fraud - you can never contractually limit liability for fraud
• Unconscionability - cap is so one-sided it shocks the conscience
• Public policy violations in some states

A cap at 1x fees isn't necessarily unenforceable, but it's definitely negotiable. I'd push for 3-5x or their insurance limits, whichever is higher.

One thing to consider: ask about their malpractice insurance coverage. A $45K cap is meaningless if they have $2M in coverage and the cap gets thrown out anyway.

Questions to ask your CPA firm:

• What are your malpractice insurance limits?
• Is the coverage per-claim or aggregate?
• Does the policy cover our specific engagement type?
• Will you provide a certificate of insurance?

Many clients negotiate to cap liability at the insurance limits rather than fee amounts. The CPA should agree since they're covered anyway.

Thanks for the insights. Their engagement letter also has a mandatory arbitration clause. Is that standard too?

The clause says any dispute must go to binding arbitration under AAA rules, no class actions, and we waive jury trial rights. I've heard arbitration tends to favor the service provider.

Arbitration clauses are increasingly common in professional services agreements. Whether it's "good" for you depends on the situation:

Potential advantages of arbitration:

• Faster than court (typically 6-12 months vs 2-3 years)
• More confidential - no public court filings
• Can select arbitrators with accounting expertise
• Lower costs in some cases

Potential disadvantages:

• Limited discovery - harder to get documents/depositions
• Very limited appeal rights
• Arbitrator fees can be expensive ($1000+/day each)
• Some studies show repeat-player advantage (firms that arbitrate often do better)

Regarding state board rules for accountants - some state boards have ethics rules about engagement letters. Check your state. California, for example, has specific requirements under the Board of Accountancy regulations that limit certain provisions.

I'm in-house counsel at a tech company. We deal with these engagement letters all the time. Here's what we typically negotiate:

Liability cap: We push for 3x fees or $1M, whichever is greater. For audit work specifically, we push higher because audit opinions are relied on by third parties.

Carve-outs: Make sure the cap doesn't apply to gross negligence, willful misconduct, breach of confidentiality, or violation of professional standards.

Arbitration: We often accept it but modify the clause - we want to select one arbitrator jointly rather than each side picking one. We also add that the arbitrator must follow the law (some clauses let them ignore it).

Indemnification: Many engagement letters have the client indemnifying the CPA. Push back hard on this - they should carry their own insurance.

Don't be afraid to redline the engagement letter. Reputable firms expect negotiation from sophisticated clients.

@GC_TechCo makes good points. Adding some context from the CPA side on what we typically accept in negotiations:

Will usually accept:

• Raising cap to 2-3x fees
• Carve-outs for gross negligence, fraud, willful misconduct
• Matching cap to our insurance limits
• Modifying arbitration selection procedures

Will push back on:

• Removing liability caps entirely (our insurer may not cover)
• Unlimited consequential damages
• Liability to third parties who aren't party to the engagement

The third-party liability piece is big. We can be held liable by investors, lenders, and others who rely on our work but weren't our client. Engagement letters try to limit that exposure. Some states (like NY with Ultramares doctrine) already limit it by law.

Jumping in with a cautionary tale. My previous company had an engagement letter with a liability cap. Our CPA firm missed a major revenue recognition issue. When the restatement came out, our stock dropped 40% and we faced an SEC investigation.

We tried to sue the CPA firm. They pointed to the liability cap ($60K - their fees). Our lawyers said we had a gross negligence argument that might void the cap, but it would be expensive litigation with uncertain outcome.

We settled for their insurance policy limits ($2M) which was way less than our damages but way more than the $60K cap. The cap created leverage for them in negotiations even though it might not have held up in court.

Moral: The cap matters even if it's potentially unenforceable because it affects settlement dynamics.

Really helpful thread. Here's what I'm going to propose in our redlined engagement letter:

1. Liability cap at 3x fees ($135K) or their malpractice insurance per-claim limit, whichever is higher
2. Carve-out for gross negligence, willful misconduct, fraud, and breach of confidentiality
3. Accept arbitration but require single arbitrator selected jointly, must follow applicable law
4. Remove the indemnification language (we're not indemnifying them)
5. Request certificate of insurance showing $2M+ coverage

Thanks everyone. Will report back on what they accept.

I work in regulatory compliance and deal with CPA engagement letters from the client side. One issue that has not been mentioned yet is the scope limitation clause, which is just as important as the liability cap.

Most engagement letters narrowly define the scope of the engagement — for example, “audit of financial statements for the fiscal year ending December 31, 2025.” If the CPA misses something outside that narrow scope (like a tax compliance issue they noticed but did not flag because it was “outside scope”), the liability cap may not even matter because they will argue they had no duty to catch it.

What you should push for: a clause that requires the CPA to notify you in writing of any material issues they become aware of during the engagement, even if those issues fall outside the defined scope. This does not make them liable for a full investigation, but it creates a duty to alert you. The AICPA standards (AU-C Section 250) actually support this — auditors are required to communicate certain matters to those charged with governance regardless of scope.

Also, pay attention to the survival clause. How long do the engagement letter terms survive after the engagement is completed? Some letters limit claims to 12 months after delivery of the final report. If you discover an error 14 months later, you may be contractually barred from making a claim even if the statute of limitations has not expired. Push for the survival period to match your state’s statute of limitations for professional malpractice (typically 2-4 years).

@CFO_Startup_Mike — your redline list looks solid. I would add the scope notification clause and extend the survival period to at least 3 years.