Opening an Accounting or Audit Firm in Singapore: Full Insurance Checklist

The Answer in 60 Seconds

A Singapore accounting or audit firm has insurance requirements that are partly mandatory by professional regulation and partly commercial. Public accountants conducting statutory audits must register with the Accounting and Corporate Regulatory Authority (ACRA) — Public Accountants Oversight Committee (PAOC) under the Accountants Act 2004 and mandatory PI insurance is a registration condition for public accountants and accounting entities. Beyond the mandatory PI: Public Liability for office, WICA for staff, Cyber Liability with attention to client financial data sensitivity (audit firms hold some of the most commercially sensitive data of any service business), Property/Fire for office, D&O as practice scales, and Crime / Fidelity Guarantee for client trust funds where applicable. For firms providing tax advice, restructuring, insolvency, or specialist advisory work, additional PI considerations apply. Verify current PI minimums and registration requirements directly on the ACRA portal before launching.

The Sourced Detail

Singapore's accounting profession is regulated through ACRA's Public Accountants Oversight Committee (PAOC) for statutory audit work, and through the Institute of Singapore Chartered Accountants (ISCA) as the professional body. The insurance build varies between firms providing:

• Statutory audit (PAOC-registered Public Accountants required)
• Compilation, review, and other assurance services (less prescriptive)
• Tax advisory (different regulatory touchpoints)
• Outsourced accounting/bookkeeping (commercial only)
• Corporate secretarial / corporate services
• Insolvency and restructuring (specific licensing and exposure)
• Forensic accounting (specialist exposure)

For founder-practitioners deciding the firm's scope, this affects both regulatory positioning and insurance build.

The PAOC framework for statutory audit

Per the Accountants Act 2004, only Public Accountants registered with PAOC may perform statutory audits. Registration requirements include:

Individual Public Accountant registration:

• Singapore citizen or permanent resident (or as permitted by exception)
• Approved professional qualification (e.g. ISCA CA designation, or recognised foreign equivalent)
• Practical experience (minimum specified hours of audit experience)
• Approved audit training programme completion
• Practising Certificate from ISCA
• Mandatory PI insurance
• Continuing Professional Education compliance

Accounting entity registration:

• Approved structure (sole proprietorship, partnership, LLP, or accounting corporation)
• At least one Public Accountant as principal
• Mandatory PI insurance for the entity
• Compliance with Accountants (Public Accountants) Rules and Code of Professional Conduct and Ethics

The mandatory PI layer

Professional indemnity for Public Accountants is mandatory under the PAOC framework. Specific minimums and structure are set by PAOC; verify current requirements at ACRA's Public Accountants page before placing cover.

What mandatory PI typically covers:

• Negligent audit, review, or compilation work
• Tax compliance work errors
• Client advice errors
• Defamation arising from professional services
• Loss of documents

What it doesn't cover:

• Fraudulent or dishonest acts (subject to specific scheme provisions)
• Bodily injury (PL)
• Employment disputes (EPL)
• Specific carve-outs per wording

Top-up PI:

Many firms — particularly those auditing larger entities, public-interest entities, or specialist work — purchase top-up PI above the mandatory minimum. The top-up structure typically:

• Sits above the mandatory cover
• Provides higher per-claim and aggregate limits
• May offer broader wording on specific exposures

The audit-specific risk profile

1. Long-tail latency. Audit issues may not surface for years. The Limitation Act 1959 6-year period typically applies, with potential extensions for fraud-related claims. Latent damage 15-year long-stop relevant in some scenarios. See Article 75.

2. Multi-stakeholder exposure. Audit reports are relied on by:

• The audited entity (direct client)
• Shareholders
• Lenders
• Regulators (MAS for financial sector, ACRA for general)
• Acquirers and investors in M&A
• Tax authorities

Each potential reliance creates potential exposure if the audit was negligent.

3. Public-interest entity audits. Auditing listed companies, financial institutions, and specified other entities carries enhanced regulatory scrutiny including ACRA's Practice Monitoring Programme and possible disciplinary action.

4. Concurrent regulatory and civil exposure. A material audit failure can trigger:

• ACRA / PAOC disciplinary action
• ISCA disciplinary action
• Civil claims by client and third parties
• Potentially criminal exposure for serious misconduct

5. Cybersecurity and data sensitivity. Audit firms hold:

• Comprehensive financial data of clients
• Strategic information (M&A processes, restructuring plans)
• Personal data of client employees
• Banking and transaction records
• Tax information

This is among the most commercially sensitive data sets any SME service business handles.

Cyber Liability for accounting/audit firms

Cyber Liability for accounting/audit firms must address:

1. PDPA exposure — see Article 98.

2. Client confidentiality breach — separate from PDPA but commercially material.

3. Business Email Compromise — accounting firms are major BEC targets:

• Fake CFO emails requesting urgent transfers
• Fake supplier emails with new bank details
• Fraudster intercepts client-firm communications

4. Ransomware and operational disruption — audit deadlines and tax filings are time-sensitive; operational disruption has cascade effects.

5. Cross-border data flows — for clients with overseas operations.

Recommended Cyber stack:

• Standalone Cyber with appropriate limits (S$3M–S$10M+ for material practice)
• BEC / Social Engineering Fraud cover
• BI for system/operational disruption
• PDPA Section 26D notification cover
• Forensic and breach counsel panel

D&O for accounting firms

Accounting firm structures:

• Sole proprietorship (no D&O typically)
• Partnership (potentially relevant)
• Limited Liability Partnership (LLP) (D&O may be appropriate)
• Accounting corporation (D&O standard)

For LLPs and accounting corporations, D&O addresses governance-related claims that PI doesn't cover.

Specific service line considerations

Statutory audit:

• Mandatory PAOC PI
• Highest exposure category
• Top-up PI typical for larger client base
• Specific wording for audit-related exposures

Tax advisory:

• Long-tail exposure (tax assessments years after advice)
• IRAS investigation interaction
• Specific PI considerations
• Cross-border tax exposure for some practices

Insolvency and restructuring:

• Specific regulatory framework
• Fiduciary exposure
• Higher PI limits warranted
• Specialist insurer panel

Forensic accounting:

• Litigation support work
• Court testimony exposure
• Client confidentiality across multiple matters

Outsourced accounting / bookkeeping:

• Commercial PI sufficient (no PAOC requirement for non-audit work)
• Crime/Fidelity Guarantee for fund-handling exposure
• Cyber for client data sensitivity

Corporate secretarial:

• Specific PI for corporate services
• ACRA filing-related exposure
• AML compliance for corporate services providers

Crime / Fidelity Guarantee considerations

For firms handling:

• Client trust funds (less common in pure accounting, more in some advisory work)
• Payroll administration on behalf of clients
• Tax payment processing
• Specialised escrow arrangements

Fidelity Guarantee covering employee dishonesty is appropriate. See Article 48 and Article 91.

The ISCA framework

The Institute of Singapore Chartered Accountants is the professional body for accountants. ISCA:

• Awards CA Singapore designation
• Administers Practising Certificate for some categories
• Sets professional standards
• Provides Continuing Professional Education
• Has disciplinary jurisdiction over members

ISCA membership and Practising Certificate requirements differ from PAOC public accountant registration; some practitioners hold both, others hold ISCA without PAOC registration (e.g. those not performing statutory audits).

Stage-by-stage insurance build

Pre-launch:

• ACRA business registration
• For audit work: PAOC registration application
• ISCA membership consideration
• Mandatory PI in place
• Other commercial insurance procured

Year 1 (small firm, 1–5 staff):

• Mandatory PI (for audit work)
• Top-up PI if practice warrants
• Public Liability
• WICA
• Property/Fire
• Group Medical / Group PA
• Cyber Liability
• D&O if incorporated

Years 2–5:

• Higher PI limits as client base scales
• EPL as headcount grows
• Specialist extensions

Mature firm:

• Comprehensive programme
• Possibly multi-jurisdictional considerations for clients with overseas operations
• Coordinated multi-line approach

Premium considerations

For typical Singapore accounting/audit firms:

Small firm (1–5 partners/staff, mostly compilation/tax/SME audits):

• Mandatory PI: per scheme calculation
• Top-up PI: optional
• Other commercial insurance: S$8,000–S$25,000
• Total annual insurance budget typically S$15,000–S$50,000+

Mid-size firm (10–25 staff, mix of audit/tax/advisory):

• Higher PI limits
• Comprehensive other lines: S$20,000–S$60,000
• Cyber with BEC cover: S$10,000–S$30,000
• Total: S$50,000–S$150,000+

Larger firm (specialist, public-interest entity audits, etc.):

• Comprehensive programme
• Top-up PI at substantial limits
• Total scales materially with practice scale

Operational risk management

Insurers underwrite accounting firms on operational standards:

Engagement discipline:

• Documented engagement letters
• Scope clearly defined
• Limitation of liability clauses (where permitted)
• Specific terms for non-engagement work

Quality control:

• ACRA and ISCA quality standards
• Firm-level quality review
• Engagement-level review
• Independence and objectivity protocols

Cyber discipline:

• MFA on all email and systems
• Documented BEC awareness training
• Encryption for client data transmission
• Backup and recovery
• Specific protocols for client portal access

Documentation:

• Engagement letters and renewals
• Working papers per professional standards
• Client communications retained
• Decisions and judgments documented

Common Mistakes / What Goes Wrong

1. Performing statutory audit without PAOC registration.
2. Mandatory PI minimum only without top-up assessment. Inadequate for material practice.
3. No Cyber Liability for client financial data sensitivity. Major exposure point.
4. No BEC / Social Engineering Fraud cover. Accounting firms are major targets.
5. D&O omitted for incorporated structures. Governance gap.
6. Limitation of liability clauses without insurance backing. Both needed; one without other inadequate.
7. At lawyer-style firm-level PI only, missing individual practitioner cover at transition. Departing practitioners need run-off coordination.
8. Cross-border client work without territorial extension. International incident uninsured.

What This Means for Your Business

For founders setting up a Singapore accounting or audit firm:

1. Decide the service mix deliberately. Statutory audit vs other services has different regulatory and insurance implications.

2. For statutory audit work, complete PAOC registration before commencing. Mandatory.

3. Match PI limits to client portfolio. Auditing large entities warrants higher limits.

4. Invest in Cyber Liability with BEC cover. Accounting firms are targeted; cover is essential.

5. Maintain quality control discipline. ACRA Practice Monitoring Programme is active; quality matters legally and commercially.

6. Document engagement scope discipline. Clear engagement letters with appropriate limitation of liability.

7. Plan PI continuity at practitioner transitions. Joining or leaving partners need run-off / retroactive coordination.

8. Annual review with broker familiar with professional indemnity. Not all brokers serve this category well.

The accounting profession has long-tail liability and significant cybersecurity exposure that combine to make robust insurance essential. The cost is meaningful but proportionate to the professional indemnity exposure of audit and advisory practice.

Questions to Ask Your Adviser

1. For my service mix (audit vs tax vs advisory vs outsourced accounting), what mandatory and top-up PI structure is appropriate?
2. Does my Cyber Liability address BEC, ransomware, and PDPA Section 26D notification specifically?
3. How does my D&O coordinate with PI for matters that span multiple coverage areas?
4. At practitioner joining or leaving, what PI run-off / retroactive coordination is needed?
5. As the firm scales (more practitioners, larger clients, public-interest entities), what insurance milestones should I plan for?

Related Information

• Opening a Law Firm in Singapore: Full Insurance Checklist
• Standalone Cyber Insurance vs Cyber Sub-Limit Under PAR: What's the Difference?
• The Limitation Act 1959 6-Year Clock: Why It Matters for Insurance Claims

Published 5 May 2026. Source verified 5 May 2026. COVA is an introducer under MAS Notice FAA-N02. We do not recommend insurance products. We provide factual information sourced from primary regulators and route you to a licensed IFA who can match a policy to your specific situation.