4 Emerging Risks for CPA Firms to Prioritize in 2026
As firms chart their 2026 priorities, leaders should focus on these four risks to protect their bottom lines and reputations.
By Stan Sterna, JD | Digital Exclusive – 2025
We’re entering a period where the risk landscape for certified public accounting (CPA) and advisory firms is evolving faster than ever. It’s not just about technical compliance—it’s about how firm culture, technology, and regulatory and economic dynamics intersect to shape firm liability exposure. These risks can affect everything from a firm’s bottom line to its reputation, making it critical for leaders to understand their exposures and proactively find ways to help mitigate them as part of their 2026 strategic planning.
While there are many risks CPA firms will face in the year ahead, these are the four issues that should be top of mind for firm leaders.
1. Audit Quality and Firm Culture
The Public Company Accounting Oversight Board (PCAOB) and AICPA are no longer just looking at the quality of an audit—they’re looking at the culture of the firm behind those services. For example, the new PCAOB and AICPA quality management standards are pushing attest firms to rethink how their leadership, tone at the top, and internal processes contribute to risk mitigation and compliance. If an attest firm’s culture tolerates dabbling, shortcuts, and/or a piecemeal approach toward audit risk management, that’s a potential liability risk for the firm.
To ensure audit quality and reduce liability risk, firms should (at least annually) share and review quality control practices and procedures with all employees, officers, shareholders, and partners, and highlight the importance of continued vigilance in following all procedures by sharing potential liability concerns for failures or violations. When discussing quality control procedures with employees, firms should also make the communication interactive to start a dialogue with staff and keep an open-door policy to address any questions employees may have about the procedures or their responsibilities.
2. Deepfake Technology
Deepfake technology is becoming a serious cyber threat to organizations everywhere. According to a report from Resemble AI, documented financial losses from deepfake-enabled fraud exceeded $200 million in the first quarter of 2025 alone. Instead of phishing emails, staff now receive realistic phone and video messages from bad actors pretending to be clients requesting urgent payment. These deepfake technology attacks often target junior staff, remote employees, or firms without a centralized approval process.
Deepfake technology also increases audit risk for firms. For example, an embezzler can use deepfake technology to forge financial documents and/or manipulate the audit trail to dupe an auditor.
To help mitigate these risks, firms need to thoroughly plan and carefully execute cybersecurity protocols. This means implementing a data security policy, educating employees about the risks and their roles in managing them, testing the staff’s ability to identify potential cybercrimes, and using secure methods to communicate with clients. Other mitigation efforts firms should implement include agreeing on payment protocols in advance, requiring clients to implement their own security measures, mandating dual authentication for all payments, involving more than one person in payments, and reminding staff to slow down and stop when in doubt.
3. Workforce Shifts and Generational Gaps
The changing workforce in the profession also affects risk. For instance, generational differences directly affect how firms hire, train, and retain new talent. Depending on the firm or the individual employee, remote or hybrid work policies may hinder development, training, and mentoring opportunities. Additionally, if new hires aren’t being onboarded and trained on the importance of compliance and firm quality control, it’s a real vulnerability that could lead to competency gaps, errors, and misjudgments.
The ongoing talent shortage also continues to strain firms, creating the potential for risk as fewer employees are being asked to do more for clients. However, in its recent “2025 Trends” report, the AICPA does offer a bright spot: While the data continues to show contraction in the supply of accounting graduates, that rate of decline has slowed year over year.
Overall, employee development and retention are critical to business growth in a professional services firm. Therefore, creating and implementing frameworks for key areas, like onboarding, professional development, and employee engagement, can help staff feel supported and more connected to the firm.
4. Economic and Regulatory Uncertainty
Trade tensions and shifting regulatory and governmental objectives make it that much harder for firms to provide reliable business or compliance advisory services. For example, changes in trade policy can adversely impact prior tax and supply chain optimization strategies, forcing firms to not only stay abreast of such sudden changes but require them to revise prior advice. If a firm misjudges the trade and regulatory environment, it may lead to a significant claim.
Regulatory changes will also continue to affect how firms do business, from the government’s move to stop issuing and accepting paper checks to pay equity laws and salary disclosure requirements.
Furthermore, economic volatility amplifies accounting and advisory firm risk. When markets tighten, clients scrutinize their professional service providers more aggressively. Investment losses, bankruptcies, and other financial stresses often correlate to an increase in both professional liability claim frequency and severity against accounting and advisory firms.
To combat these risks, firm leaders must constantly monitor economic news, as well as evolving local, state, and federal regulatory environments so they can take appropriate, timely action as needed.
As you can see, liability risk is no longer just about what you do—it’s also about how you lead and adapt to emerging risks. CPA firms that don’t evolve their risk management strategies are going to find themselves exposed in ways they might never have anticipated.
Stan Sterna, JD, is the senior vice president and risk control lead for the AICPA Member Insurance Programs. This article is provided for general informational purposes only and isn’t intended to provide individualized business or legal advice.
Related Content: