Information, Articles, Tools, and Useful LinksCommittee Listings, Member Forums, and Find a CITPInformation on AICPA Tech. Conference, Seminars, Webcasts, and ConferencesIT Section Membership Information, CITP Credential Information, Members Only Tools and Communications, and MorePublications, CPE, Conferences, and Webcasts
 
Search
 

Search Options
Infotech Home > Resources > Privacy > Federal, State and Other Professional Regulations > AICPA Code of Professional Conduct

AICPA Code of Professional Conduct

Because of the requirements of federal law, it is important for practitioners to be aware of their continuing obligations to safeguard client data. In this regard, it would be advisable—indeed likely necessary—to perform due diligence before disclosing information to a third-party provider to ensure the provider is capable of adequately protecting nonpublic information. This seems particularly imperative where the provider is located in an unfamiliar location, or where enforcement of privacy laws and the prosecution of those who misappropriate private information may be more difficult. Thus, the contract between the practitioner and the third-party provider should contain appropriate provisions for the protection of consumer privacy. While Ethics Ruling no. 1, under the AICPA Code of Professional Conduct, Rule 301, Computer Processing of Client Returns (ET section 391.001–.002) deals with using outside services to process tax returns, it also would apply to any use of third-party providers. The ruling advises that members "must take all necessary precautions to be sure the use of outside services does not result in the release of confidential information."

The Code of Professional Conduct states that a member remains responsible for ensuring the accuracy and completeness of the services provided by the third-party provider. Specifically, it requires all professional services to be performed with professional competence and due professional care (see Rule 201, General Standards [ET section 201.01]). Accordingly, using third-party providers to assist in performing services for clients does not in any way excuse practitioners from these or other responsibilities under the code. At its October 28-29, 2004 meeting, the AICPA Professional Ethics Executive Committee adopted two new and one revised ethics rulings that address a member's responsibilities when outsourcing services to third-party service providers.  Learn more about these revised rulings by reading Professional Ethics Executive Committee Adopts New Ethics Rulings on Outsourcing.