Practice Management
CPABC Code of Conduct

Rescinding Access to Client Information

By CPABC
Published: 01/20/2025
rescinding-access-to-client-information

There may come a time when an employee of a CPA firm decides, or is asked, to leave and in such instances CPA firms should have procedures to ensure that the former employee’s access to all client and firm information has been rescinded.

Ordinarily, as part of a CPA firm discharging their engagement responsibilities, an employee may be granted access to a client’s CRA online services. As part of the exit process for former employees, it is important that a firm includes a process to ensure that this CRA access is revoked. CPA firms, as well as former employees, are reminded that all the provisions of the Code of Professional Conduct are to be followed. Specifically, the firm may have breached the following rules in a situation where a former employee retains access to client information:

  • Rule 201 Maintenance of the good reputation of the profession:
    The reputation of the profession may be damaged in the event that a former employee, or any individual outside the firm, gains access to a client’s information. The damage is due to the fact that CPAs are seen to be trusted advisors and expected to act in the best interest of their clients.
  • Rule 202 Integrity and due care and objectivity:
    CPAs are reminded that as part of discharging their professional responsibilities, they are expected to do so with integrity, due care and objectivity. Failing to revoke a former employee’s access to client information is not in line with these principles.
  • Rule 208 Confidentiality of information:
    CPAs are expected to ensure they maintain the confidentiality of client information. If access to client information is not rescinded once an employee has left the firm, the CPA/firm may be subject to legal action. Firms are also reminded that they have a responsibility to comply with provincial legislation as it relates to privacy legislation.
  • Rule 501 and 502 Policies and procedures for the conduct of a practice:
    CPA firms are reminded of their responsibilities as noted in Rules 501 and 502 of the Code of Professional Conduct that deal with compliance with policies and procedures as it relates to professional standards and the conduct of a practice.

Further Questions?

Should you have further questions about the above please contact the Member Advisory Services team at professionaladvisory@bccpa.ca for additional guidance.

Rate this Entry

Was this entry helpful for you?

Current rating: 0 yes votes, 0 no votes