For example, state laws, such as Section 473.318, Laws of Florida, provide that working papers are the property of the accounting firm, unless otherwise expressly agreed with the client. If an accounting firm agrees to return this type of information in accordance with the NDA, it may get stuck without the working papers necessary to comply with professional and peer-reviewed standards. The interpretation “Requests for documents” in the AICPA code (ET §1.400.200) also contains specific provisions for the return of client documents as well as for files prepared by members, results of members` work and working documents. It may be useful to amend the provisions of a confidentiality agreement that are inconsistent with the applicable AICPA code or other requirements so that there are no misunderstandings with the customer later. A typical clause regarding the return of information or destruction of information requires the accounting firm to promptly return to the client all confidential information and information derived therefrom or destroy the information at the request or at the end of the audit by the client. Involuntary consent to such a provision could have unintended consequences. On Tuesday, an anonymous observer who volunteered to participate in the manual counting of ballots sent ABC15 a copy of an agreement that they say now requires all observers to sign. The agreement does not explain what information could be considered confidential. Clients of accounting firms increasingly need non-disclosure agreements before the engagement begins. However, the typical NDA form has not been designed with the accounting-client relationship in mind and can therefore lead to false customer expectations and unexpected conflicts with professional standards and legal requirements. Therefore, accounting firms should be vigilant when reviewing standard non-disclosure agreements or service agreements with non-disclosure provisions. While it may be acceptable to use a standard confidentiality agreement for discussions about a possible future business relationship between the parties, the terms of such a “prospecting” agreement should be terminated before entering into a definitive service contract. At this point, accounting firms should pay close attention to the three topics mentioned above.
When in doubt, look for a lawyer who is aware of the unique issues THAT CPAs face. Many companies make far too little effort to enter into appropriate non-disclosure agreements during software audits. Some companies even completely neglect NDAs during the audit process, believing that they have no leverage to demand adequate protection of the information that auditors will ask them to provide. This is a mistake that can cost a company millions. It`s not news that software audits are becoming more frequent and aggressive. In fact, at MetrixData360, we`ve been beating this drum for years. One of the trends we`ve seen is that different vendors are using external auditors to set the licensing position. These external auditors can be audit firms or simply partners of the software provider. In both cases, it is important that you enter into specific non-disclosure agreements to protect yourself, as in many cases they provide an incentive to fill a license gap. The non-disclosure agreement states that observers must agree to retain information that details what they saw and experienced when they showed up, unless the company has given permission. The most important thing you want to achieve in this non-disclosure agreement is to make sure that you (the external auditor) cannot share data with the organization that commissioned the audit without your consent. It may sound simple, but in our experience, without a non-disclosure agreement, these external auditors will often exchange data before it has been signed by your team.
The result is that the provider sees the first incorrect versions of the ELP. This can include development and test environments, out-of-scope products, and more. This often causes them to predict purchases for you based on incorrect data, and it`s harder to get them to accept the right data when they`re done. Non-disclosure agreements proposed by auditors often contain no restrictions on the confidential information they are allowed to disclose to their customers, the software manufacturers. Audited companies must ensure that the audit information that can be reported in the NDA is defined in such a way as to comply with the terms of the control license agreements. Non-disclosure agreements in a software audit are one of the most important things you need to do when you are audited. As more and more software vendors use external auditors to compile actual audits and create the Effective License Position (ELP), it is imperative to have a non-disclosure agreement. “As is” and disclaimers are often found in NDAs, but contradict certain elements of certain certification obligations. These provisions may be intended to prohibit an accounting firm from relying on the information provided by the client and are contrary to the essential requirement that the statutory auditor must obtain certain audit statements and provide management. It is important to remember that these external auditors work for the supplier and are also paid by them.
In most cases, we understand that they are rewarded for deficiencies in their driver`s license. They run their scripts, ask you for various deployment data, and present you with an ELP that compares your permissions to your deployments and identifies licensing gaps. It is important to note that the first PELs they present to you are imperfect and contain false assumptions. They will then present evidence and work to ensure that it is correct. In our experience, these first ELPs lean strongly in favour of the supplier. You don`t want them to assume that these first PELs are representative of your true licensing position. This is where the non-disclosure agreement comes into play. “I agree that, except with written permission from Cyber Ninjas, Inc. and the Arizona State Senate, I will not disclose confidential information to anyone not conducting the audit. In addition, I agree not to make any public statements, social media posts, or similar public disclosures about the audit or its results during the audit until the results of the audit are made public. An NDA is often the only way to close the scope of a software audit.
Many software vendors and their hired auditors may refuse to consider full pre-audit agreements. However, most generally agree to negotiate non-disclosure agreements to control the processing of audit data. An audited entity must make the most of this opportunity by ensuring that the data to be disclosed is relevant to the type of questions it is allowed to ask. Here are some important points to keep in mind: Client requests for confidentiality agreements or non-disclosure agreements (NDAs) are becoming common in accounting. CPAs receive requests for confidentiality agreements both as part of exploratory discussions on future business relationships and in the context of actual service agreements for clients. The problem for accounting firms is that many NDAs contain standard provisions that may conflict with professional standards and public accountancy laws. The auditor signs a confidentiality agreement and forwards it to IBM only for the period under investigation, which are due and payable. Non-disclosure agreements also generally prohibit disclosure by the customer`s supplier to third parties. This type of provision may be acceptable to suppliers who are not subject to professional standards, but CPAs may be required to share working papers with an unaffiliated third party, for example as part of a peer review. It is therefore good practice to add an exception to this type of provision that allows the accounting firm to share its working papers for peer review or in response to legal proceedings, such as a subpoena.B. Setting client expectations for this engagement at the beginning of an engagement avoids unnecessary conflicts later on. “Having a non-disclosure agreement is exactly the opposite of what the core of an observation program is supposed to fix,” she added.