CPA Malpractice Insurance and Risk Management: What Every Solo Practitioner Must Know
Professional liability (malpractice) insurance is not optional for a licensed CPA — it is a professional and practical necessity. A single malpractice claim, even a frivolous one that you ultimately win, can cost $15,000–$50,000 in defense costs before it resolves. A claim where a client alleges material financial harm from your advice can escalate to $100,000+ in settlement costs with alarming speed. This guide covers what CPA malpractice insurance covers, what it doesn't, what policies cost in 2026, and the proactive risk management practices — engagement letters, data security, documentation — that dramatically reduce your claim probability regardless of your coverage level.
READY TO TAKE ACTION?
Use the free LaunchAdvisor checklist to track every step in this guide.
The Quick Answer
Every solo CPA in public practice should carry professional liability (E&O) insurance with minimum limits of $500,000 per occurrence/$1,000,000 aggregate. For a solo CPA practitioner, premiums from top providers run $800–$3,000/year depending on gross revenue, service mix (tax only vs. attest vs. financial advisory), and claims history. CAMICO (the AICPA-endorsed insurer) is the gold standard for CPA professional liability — it is staffed by CPAs who understand accounting malpractice claims specifically, provides proactive risk management resources, and prices competitively for AICPA members. Purchase your policy before your first client engagement — defense costs for a claim made before you had coverage are uninsured.
What CPA Malpractice Insurance Covers
Professional liability (E&O) insurance for CPAs covers claims arising from errors, omissions, or negligent acts in the performance of professional services. This includes: tax return preparation errors (miscalculated depreciation, missed elections, incorrect filing status), failure to advise a client of a tax-saving opportunity that a competent CPA would have identified, missed filing deadlines that result in penalties, negligent financial statement preparation, and breach of confidentiality claims. It also covers defense costs for covered claims even if the claim is ultimately dismissed — this is critical because defense attorneys in professional liability cases bill $350–$600/hour and even a simple case requires 50–100 hours of attorney time. What E&O insurance does NOT cover: intentional fraud or criminal acts, penalties and fines imposed on your firm (not on your client) by regulatory authorities, claims arising from services not disclosed in your policy application, and bodily injury or property damage (covered by general liability or BOP). Make sure your policy specifically lists all service types you provide during the application — failing to disclose CFO advisory services when your policy only covers tax preparation can result in a denied claim.
CPA Malpractice Insurance Providers: CAMICO, Hiscox, and Aon Compared
Three providers dominate the CPA professional liability market: CAMICO (camico.com) — the AICPA-endorsed insurer and the industry standard for CPA malpractice coverage. CAMICO is owned by and for CPAs; their claims staff includes CPAs who understand accounting practice nuances that a generalist insurer would miss. Solo CPA premiums: $800–$1,500/year for tax and accounting work with $500K/$1M limits; up to $2,500–$4,000/year for practices including attest services or financial advisory. CAMICO also provides extensive proactive risk management resources — sample engagement letters, practice management checklists, and risk consultation — that reduce your claim probability. AICPA membership provides access to CAMICO's member pricing. Hiscox (hiscox.com/small-business-insurance/accountants-professional-liability) — a generalist business insurer with competitive CPA E&O pricing. Premiums are often slightly lower than CAMICO ($700–$1,200/year for similar limits), but the claims handling experience is less CPA-specific. A viable option for practices that want competitive pricing and don't need CAMICO's specialized risk management resources. Aon (aon.com) — a global insurance broker that places professional liability coverage with multiple carriers. Aon is useful for larger practices (3+ CPAs) where customized coverage structures are needed. For a solo CPA launch, CAMICO is the right choice in most cases — the combination of CPA-specific expertise, risk management resources, and AICPA member pricing makes it the best value.
Average CPA Malpractice Claims: What You're Actually Insuring Against
Understanding the realistic claim landscape helps you appreciate why insurance is non-negotiable. According to CAMICO's annual claims data and industry research: The average CPA malpractice claim costs $60,000–$100,000 to resolve including defense costs. The most common claim types are: tax preparation errors (40% of claims), failure to advise or warn (25%), and business valuation errors (10%). The most expensive claims involve: financial fraud (where a CPA failed to detect or report theft — claims routinely exceed $500,000), missed tax elections (e.g., failing to file a timely S-corporation election — the tax cost can be retroactively large), and estate planning errors (missed steps that cost heirs significant estate tax exposure). Solo practitioners are disproportionately affected by claims because they lack the quality control review layers that multi-CPA firms provide. The solution is both insurance and proactive risk management: engagement letters, documentation, second reviews for complex returns, and clear written communication of limitations and exclusions.
Engagement Letters: Your First Line of Defense
A signed engagement letter for every client engagement is the single most effective malpractice risk reduction tool available to solo CPAs — more protective, in many respects, than the insurance policy itself because it prevents claims from arising in the first place. A comprehensive engagement letter defines: (1) Scope of services — exactly what you are preparing, reviewing, or advising on. 'This engagement covers the preparation of Form 1120-S and one state return for tax year 2025. It does not include bookkeeping, payroll tax returns, or financial planning advice.' Scope limitations prevent clients from claiming you should have caught something outside your defined engagement; (2) Client responsibilities — documents required, timeline for document delivery, client review of completed returns before signing; (3) Limitations of liability — most states permit CPAs to limit liability to the fees paid for the engagement; your state bar and state board of accountancy rules govern what limitations are enforceable; (4) Confidentiality provisions — addressing how you store and protect client data; (5) Dispute resolution — many CPAs include a mandatory mediation clause before arbitration, which reduces litigation cost. CAMICO provides sample engagement letter templates with their coverage, and the AICPA Practice Management Team publishes engagement letter guidance through the PCPS resource library.
Client Data Security: GLBA Compliance and Encryption Requirements
CPAs are subject to the Gramm-Leach-Bliley Act (GLBA), which requires financial service providers — including tax preparers and accountants — to implement reasonable security measures to protect client nonpublic personal information (NPI). The FTC Safeguards Rule, effective June 2023, strengthened GLBA requirements: CPA firms must develop a written information security program, designate a qualified individual responsible for security, conduct a risk assessment, and implement safeguards including access controls, encryption, and multi-factor authentication. Practical implementation for a solo virtual CPA: (1) Use a purpose-built secure client portal (TaxDome, SmartVault, or ShareFile) for all document exchange — never email unencrypted tax returns or financial documents; (2) Enable multi-factor authentication (MFA) on all professional software, email accounts, and cloud storage; (3) Use encrypted hard drives for any local data storage (BitLocker on Windows, FileVault on Mac); (4) Store your written information security program (WISP) — even a one-page document for a solo firm — and update it annually. The IRS also requires tax preparers to maintain a written data security plan under its Safeguards Program. Non-compliance with GLBA and IRS security requirements can result in regulatory action independently of any client malpractice claim.
IRS Power of Attorney (Form 2848) and Client Representation Procedures
When you represent clients before the IRS — responding to correspondence, attending examinations, or negotiating installment agreements — you must have a properly executed IRS Form 2848, Power of Attorney and Declaration of Representative, on file for each matter. As a CPA, you are automatically authorized to practice before the IRS as an enrolled practitioner — you do not need additional certification (unlike non-CPA tax preparers who must become Enrolled Agents to represent clients beyond correspondence). Best practices for Form 2848 management: obtain a signed Form 2848 for every client at the time of engagement (even if they don't currently have IRS issues) for the current and one prior tax year; store completed 2848s in your client portal with your other engagement documents; upload 2848s to the IRS's Tax Pro Account (irs.gov/tax-professionals/tax-pro-account) for immediate digital processing rather than mailing paper forms (mail processing takes 4–8 weeks). Unauthorized practice before the IRS — representing a client without a current 2848 — can result in sanctions from the IRS Office of Professional Responsibility (OPR) under Circular 230.
RECOMMENDED TOOLS
CAMICO
AICPA-endorsed professional liability insurance provider owned by and for CPAs. Specializes in CPA malpractice coverage with CPA-staffed claims handling and proactive risk management resources.
Hiscox
Competitive professional liability (E&O) insurance for accountants and CPAs with online quoting and flexible coverage limits. Solo CPA premiums starting around $700/year.
Some links above are affiliate links. We may earn a commission if you sign up — at no extra cost to you.
FREQUENTLY ASKED QUESTIONS
How much does CPA malpractice insurance cost for a solo practitioner?
Solo CPA professional liability (E&O) insurance costs $800–$3,000/year depending on gross revenue, service mix, and provider. Tax-only practices with revenue under $200,000 pay $800–$1,500/year with CAMICO or Hiscox for $500,000/$1,000,000 limits. Practices that include attest services (compilations, reviews, audits) or financial advisory services pay higher premiums — typically $1,500–$3,000/year — because these service lines carry higher claim risk. Get quotes from both CAMICO and Hiscox and compare coverage specifics, not just premiums.
Do I need an engagement letter for every client?
Yes — signed engagement letters are essential for every client and every distinct engagement type. A single client might have three separate engagement letters: one for bookkeeping, one for payroll, and one for tax preparation. Each engagement letter defines the scope of that specific service, preventing clients from claiming you should have caught something outside your agreed scope. CAMICO provides free engagement letter templates to policyholders. Never begin work without a signed letter — it's your strongest protection in a malpractice claim.
What is the IRS data security requirement for tax preparers?
The IRS requires all tax preparers to have a written information security plan under the Safeguards Program, which aligns with the FTC Safeguards Rule under GLBA. At minimum, your plan must address risk assessment, access controls for client data, encryption of data in transit and at rest, multi-factor authentication on professional accounts, and a data breach response procedure. The IRS publishes free guidance on creating a written information security plan at irs.gov/privacy-disclosure/safeguards-program.
What is IRS Form 2848 and when do I need it?
Form 2848 is the IRS Power of Attorney authorizing you to represent a client before the IRS. You need a signed Form 2848 for any IRS communication beyond mere information inquiry — including responding to CP notices, attending an audit, or negotiating payment plans. Get a signed 2848 from every client at engagement, covering the current and prior tax years. Upload 2848s digitally through your IRS Tax Pro Account for same-day processing rather than mailing paper forms, which takes 4–8 weeks.
Does CPA malpractice insurance cover IRS audit penalties?
No — professional liability insurance covers defense costs and settlements for malpractice claims made by clients against your firm. It does not pay IRS penalties or interest assessed on your client's account, even if the assessment resulted from your error. Your liability to the client for those penalties may be covered if they bring a malpractice claim against you, but the IRS assessment itself must be paid by the client. This is one reason engagement letters that define your liability limit to fees paid are valuable — they cap your exposure if an error results in client penalties.
Apply This in Your Checklist