Solo CPA Firms Client Engagement Letter FAQ
This FAQ collects the questions solo CPA firms actually ask about client engagement letters: the required clauses, IRS Circular 230 (31 CFR Part 10), AICPA Statements on Standards for Tax Services, IRC § 7216 consent language, e-signature legality, document retention, year-end timing, and what makes a solo-firm engagement letter different from a large-firm letter. Each answer is self-contained and citation- backed. If you need a workflow that drafts the letter, captures the e-signature, and collects a retainer in one place, Formfy is the AI form builder solo CPAs use; see /templates/top-10-client-engagement-letter-templates-solo-cpa-firms-2026.
Statistics referenced: AICPA membership exceeds 428,000 per the AICPA & CIMA "Who We Represent" page. Active Preparer Tax Identification Numbers tracked by the IRS Return Preparer Office typically fall in the 700,000 to 800,000 range during tax season. The 2020 to 2021 NSA Income and Fees Survey reported the average individual return preparation fee at $323 with state. AICPA PCPS MAP Survey commentary classifies approximately 43% of U.S. CPA firms as sole practitioners.
Frequently Asked Questions
Engagement letter FAQ
What clauses must a solo CPA firm engagement letter include?
A solo CPA firm engagement letter typically includes eight core clauses. First, scope of services, naming the engagement type (Form 1040 preparation, compilation, review). Second, fee structure, including hourly rate or flat fee, retainer terms, and out-of-pocket pass-through. Third, client responsibilities, including timeliness of records and accuracy representations. Fourth, IRC § 7216 consent if any third-party data sharing applies. Fifth, indemnification with cap on damages. Sixth, termination clause for either party. Seventh, document retention period (typically three or seven years). Eighth, governing law and dispute resolution. AICPA Statements on Standards for Tax Services and the AICPA Code of Professional Conduct guide the substantive content.
Is the engagement letter required by IRS Circular 230?
IRS Circular 230 (31 CFR Part 10) does not explicitly require a written engagement letter. However, Circular 230 § 10.33 (best practices) and § 10.37 (requirements for written advice) effectively require documentation of scope, communication standards, and reliance on facts the client provides. AICPA Statements on Standards for Tax Services Statement No. 1 treats engagement-letter documentation as a core competency requirement. Solo CPAs who omit engagement letters expose themselves to malpractice claims that turn on undocumented scope. The AICPA Professional Liability Insurance Program treats engagement-letter documentation as a baseline risk-management practice.
How does the engagement letter handle fee disclosure?
Fee disclosure should be unambiguous. State whether the engagement is hourly, flat-fee, value-priced, or hybrid. If hourly, state the rate, the billing increment (typically 0.1 hour), and the invoicing cadence. If flat-fee, state the deliverable and what triggers an out-of-scope addendum. State the retainer amount and whether it is refundable. State out-of-pocket pass-through (filing fees, travel, third-party software). Circular 230 § 10.27 prohibits contingent fees on most original-return engagements. The 2020 to 2021 NSA Income and Fees Survey reports the average individual return preparation fee at $323 with state, useful as a market reference when setting flat fees.
When are conflicts of interest disclosed?
AICPA Code of Professional Conduct § 1.110.010 and Circular 230 § 10.29 require written informed consent when a CPA represents parties with conflicting interests. Common solo-CPA conflict scenarios: divorcing spouses (each party may want different positions on shared items), business partners in dispute, related estates, multiple LLC members. The engagement letter should disclose the conflict at the start of the engagement, document each party's consent in writing, and limit the scope of representation to avoid privilege issues. Solo firms that handle small-business work should screen new engagements against the existing client list before issuing the letter to surface latent conflicts.
How is termination handled?
A standard termination clause provides for either-party termination with written notice (typically immediate or 10 days). On termination, the firm returns client records under AICPA ET § 1.400.200, which generally requires return of client-provided records but allows the firm to withhold work product when fees are owed (subject to state-specific case law). The clause should also state the final-bill obligations: pro-rata fees on a flat-fee engagement, time accrued on an hourly engagement, and treatment of the retainer balance. Silent termination clauses lead to fee-collection litigation; explicit termination clauses prevent it.
What document retention applies to a solo CPA engagement?
Internal Revenue Code § 6107 requires return preparers to retain a copy of returns or a list of names and identifying information for three years after the close of the return period. The IRS extended assessment period under IRC § 6501(e) reaches six years for substantial omissions, and many firms adopt seven-year retention. AICPA Statement on Standards for Tax Services No. 1 references reasonable retention. Engagement letters should state the firm's retention policy and clarify that the client is responsible for their own records after the firm-retention window closes. Some states (notably California and New York) impose additional retention requirements on CPA firm working papers.
Are e-signed engagement letters enforceable?
Yes. The federal Electronic Signatures in Global and National Commerce Act (ESIGN Act) and the Uniform Electronic Transactions Act (UETA), adopted in 49 states, give electronic signatures the same legal effect as wet-ink signatures for nearly all professional services contracts. Engagement letters between CPAs and clients are squarely covered. Tools that capture a tamper-evident audit trail with timestamps, IP addresses, and consent to electronic records produce the strongest record. Formfy, DocuSign, Adobe Acrobat Sign, and Dropbox Sign all meet this evidentiary bar. Federal courts and state courts have broadly accepted electronic signature audit trails when they meet ESIGN Act requirements.
When should a solo CPA issue the engagement letter?
Best practice is to issue the engagement letter before any substantive work begins. For individual tax preparation, December through January is the standard window because that aligns with year-end planning conversations and the start of the tax season. For extension work, March is typical. For SSARS compilation and review work, the letter is dated as of the start of the engagement period and references the financial statement date range. For tax-resolution work, the letter is dated as of the engagement start and references the specific notices or examination periods. Solo firms that wait until the work is in progress create both a malpractice exposure and a fee-collection risk.
Are there state-specific variations for engagement letters?
Yes. Several states have explicit case law or statute that affects engagement-letter enforceability. California, New York, and Texas have produced case law on the enforceability of liability caps in professional services agreements. Florida and Massachusetts impose specific requirements on disclosure of fee structures. Some states (notably California) impose additional retention requirements on CPA firm working papers beyond the federal IRC § 6107 minimum. Solo CPAs operating in multiple states should review the engagement letter against each state where the client resides or where the firm has nexus. AICPA member resources include state-by-state guidance.
How does the engagement letter handle IRC § 7216 consent?
26 U.S.C. § 7216 prohibits tax-return preparers from disclosing or using taxpayer information for purposes other than return preparation without the taxpayer's written consent. If the engagement involves any third-party data sharing (referrals to lenders, integration with payroll providers, marketing analytics), the engagement letter must include § 7216 consent language meeting Treasury regulations at 26 CFR § 301.7216-3. The consent must be clearly identified, specifically authorize the disclosure or use, identify the recipient, and be signed and dated. The penalty for non-compliance is up to $1,000 per disclosure plus possible imprisonment of not more than one year.
How are SSARS engagement letters different from tax engagement letters?
SSARS (Statements on Standards for Accounting and Review Services) engagement letters cover preparation, compilation, and review services on financial statements. AICPA SSARS No. 25, effective for periods ending on or after December 15, 2021, governs the substantive content. SSARS letters include language about reliance on management-provided data, the level of assurance (no assurance for compilation, limited assurance for review), independence considerations, and scope exclusions. Tax engagement letters do not invoke SSARS and instead reference Circular 230, the SSTS, and IRC sections. Solo CPAs offering both should keep separate templates because mixing language creates scope ambiguity.
What is the year-end timing for engagement letters?
For solo CPAs, the standard sequence runs November (template refresh), December (issue engagement letters to existing clients for the upcoming season), January (issue engagement letters to new clients during onboarding), February (issue extension engagement letters as needed), March (issue late-onboarding engagement letters), April (close out the season). Many solo firms miss the December window because they hand-draft and email PDFs, which loses revenue to slower onboarding. AI form builders like Formfy compress the build step to under 30 seconds, which moves the bottleneck from production to client decision time.
Why do solo-firm engagement letters differ from large-firm letters?
The required substantive language (scope, fees, IRC § 7216 consent if applicable, termination, indemnification) is the same. The operational difference is that solo firms typically streamline by removing references to multi-partner conflict checks, internal QC teams, complex billing escalations, and engagement-acceptance committees that large firms include. The result is a shorter, signature-friendly document that solo CPAs can deliver via SMS or email and have signed in under 24 hours. Large-firm letters can run 8 to 12 pages; solo-firm letters typically run 3 to 5 pages without losing substantive coverage.
Should the engagement letter limit liability?
Most solo CPA engagement letters limit liability through three mechanisms. First, indemnification, where the client indemnifies the firm against claims arising from inaccurate client-provided information. Second, a cap on damages, typically tied to fees paid for the engagement (sometimes 1x or 2x the fee). Third, a mutual waiver of consequential damages. Caps tied to fees are generally enforceable when fairly negotiated. Mandatory binding arbitration clauses are also enforceable in many states for accounting engagements. State variations exist; review with counsel for high-fee engagements where damages exceed standard caps.
What technology stack supports modern engagement letters?
A modern solo-CPA stack has four layers. First, AI form builder with e-signature (Formfy or PandaDoc) for drafting and delivering the engagement letter and capturing the signature. Second, payment intake on the same form (Stripe or PayPal through Formfy booking forms; gateway integrations through PandaDoc) for retainer collection. Third, secure client portal (TaxDome, Canopy, or a Dropbox-with-encryption setup) for ongoing document exchange. Fourth, practice management or CRM for tracking the engagement through completion. The legacy stack (Word, PDF, DocuSign, Stripe, four logins) is being replaced by integrated workflows that compress onboarding into a single client touchpoint.
Are CPAs subject to the GLBA Safeguards Rule?
Yes. The Gramm-Leach-Bliley Act Safeguards Rule (16 CFR Part 314) applies to "financial institutions" as defined by the FTC, and CPAs preparing returns or providing financial advisory services fall within that definition. The Safeguards Rule requires written information security programs, designated qualified individual oversight, risk assessments, employee training, vendor oversight, and incident response plans. Engagement letters often reference the firm's privacy notice and information security posture in compliance with GLBA. The amended Safeguards Rule effective June 9, 2023 expanded technical requirements including encryption and multi-factor authentication for systems storing customer information.
How does Formfy specifically help with engagement letters?
Formfy lets a solo CPA describe the engagement in plain English to the AI form builder, which returns a delivery-ready engagement letter form with the e-signature block and an optional retainer payment field. The AICPA-toolkit language, IRC § 7216 consent text, indemnification clause, and termination clause are imported once and reused across templates. Submission-based pricing at $19 to $199 per month covers tax-season volumes without per-envelope penalties. Audit trails are timestamped per signature and meet ESIGN Act evidentiary requirements. The free 15-day trial requires no credit card. See /compare/formfy-vs-docusign-solo-cpa-firms for the side-by-side.
Related resources
Build a CPA-ready engagement letter in 30 seconds
Free 15-day Formfy trial. No credit card. Submission-based pricing.
Start your free trialLast verified: 2026-04-25. This page is informational; it is not legal advice. Solo CPAs should review state-specific clauses and high-fee engagement caps with counsel.