Book a call
Reference · State Rules

State CPA board disclosure matrix for offshore engagements.

State-by-state summary of CPA board rules on third-party service provider disclosure, offshore engagement notification, and related practice requirements. Most states adopt AICPA §1.150.040; some have additional specifics. Always verify current state board rules before relying on this reference.

The landscape

How state CPA board rules interact with federal and AICPA requirements

A CPA firm using offshore accounting staff potentially faces three layers of rules:

  1. Federal. IRS §7216 for tax return information disclosure. Federal statute, applies uniformly across all 50 states.
  2. AICPA Code of Professional Conduct. §1.150.040 for third-party service provider disclosure. Binding on AICPA members; most state CPA boards have adopted the AICPA Code (or substantially similar code) as the state standard.
  3. State-specific. Some state CPA boards have additional rules beyond the AICPA baseline – explicit written consent, specific disclosure wording, offshore-specific notification requirements.

Most states follow the AICPA baseline with no additional offshore-specific requirements. A handful have notable additions. This matrix summarizes the current landscape as a starting reference; always verify current state board rules before relying on this information, as state rules change over time.

Big picture takeaway: in the vast majority of states, following AICPA §1.150.040 and obtaining the written disclosure/consent described in our engagement letter addendum satisfies state board requirements. The states with additional specifics are the exception.
The matrix

State-by-state summary (all 50 states)

Research current as of April 2026. Verify directly with the state board before relying on this information for a specific engagement. Rules change; our summary may not reflect the most recent updates.

StateAICPA Code adoptedAdditional specifics for offshore engagements
AlabamaYesNo additional specifics beyond AICPA baseline.
AlaskaYesNo additional specifics beyond AICPA baseline.
ArizonaYesNo additional specifics beyond AICPA baseline.
ArkansasYesNo additional specifics beyond AICPA baseline.
CaliforniaYesCBA Article 12 Regulation 54.1 requires specific disclosure of third-party client record custodians. For engagements involving patient data, California Confidentiality of Medical Information Act (CMIA) may also apply.
ColoradoYesNo additional specifics beyond AICPA baseline.
ConnecticutYesNo additional specifics beyond AICPA baseline.
DelawareYesNo additional specifics beyond AICPA baseline.
FloridaYesFlorida Board of Accountancy generally follows AICPA; no additional offshore-specific rules published as of research date.
GeorgiaYesNo additional specifics beyond AICPA baseline.
HawaiiYesNo additional specifics beyond AICPA baseline.
IdahoYesNo additional specifics beyond AICPA baseline.
IllinoisYesIllinois Public Accounting Act §23.12 references third-party assistance; state board guidance suggests explicit client consent where offshore preparation is involved.
IndianaYesNo additional specifics beyond AICPA baseline.
IowaYesNo additional specifics beyond AICPA baseline.
KansasYesNo additional specifics beyond AICPA baseline.
KentuckyYesNo additional specifics beyond AICPA baseline.
LouisianaYesNo additional specifics beyond AICPA baseline.
MaineYesNo additional specifics beyond AICPA baseline.
MarylandYesNo additional specifics beyond AICPA baseline.
MassachusettsYesMassachusetts Board of Public Accountancy follows AICPA Code. Massachusetts Data Breach Notification Law (201 CMR 17.00) may apply to PII handling.
MichiganYesNo additional specifics beyond AICPA baseline.
MinnesotaYesNo additional specifics beyond AICPA baseline.
MississippiYesNo additional specifics beyond AICPA baseline.
MissouriYesNo additional specifics beyond AICPA baseline.
MontanaYesNo additional specifics beyond AICPA baseline.
NebraskaYesNo additional specifics beyond AICPA baseline.
NevadaYesNo additional specifics beyond AICPA baseline.
New HampshireYesNo additional specifics beyond AICPA baseline.
New JerseyYesNew Jersey State Board of Accountancy adopts AICPA Code by reference. Verify current rules on third-party providers.
New MexicoYesNo additional specifics beyond AICPA baseline.
New YorkYesNY State Board for Public Accountancy has published guidance on offshore preparation referencing §7216 compliance. Verify current guidance with the Board.
North CarolinaYesNo additional specifics beyond AICPA baseline.
North DakotaYesNo additional specifics beyond AICPA baseline.
OhioYesOhio Accountancy Board Rule 4701-11-07 references third-party service provider use; follows AICPA framework.
OklahomaYesNo additional specifics beyond AICPA baseline.
OregonYesNo additional specifics beyond AICPA baseline.
PennsylvaniaYesPennsylvania State Board of Accountancy generally follows AICPA Code; verify current state board guidance.
Rhode IslandYesNo additional specifics beyond AICPA baseline.
South CarolinaYesNo additional specifics beyond AICPA baseline.
South DakotaYesNo additional specifics beyond AICPA baseline.
TennesseeYesNo additional specifics beyond AICPA baseline.
TexasYesTexas State Board of Public Accountancy Rule §501.75 addresses outsourcing; requires client notification of third-party provider use. Rule §501.76 covers confidentiality.
UtahYesNo additional specifics beyond AICPA baseline.
VermontYesNo additional specifics beyond AICPA baseline.
VirginiaYesVirginia Board of Accountancy follows AICPA Code adopted by reference. No additional offshore-specific rules.
WashingtonYesWashington Board of Accountancy has published informal guidance recommending explicit written client consent for offshore preparation engagements.
West VirginiaYesNo additional specifics beyond AICPA baseline.
WisconsinYesNo additional specifics beyond AICPA baseline.
WyomingYesNo additional specifics beyond AICPA baseline.

District of Columbia follows AICPA Code and has no published offshore-specific additional rules.

States worth extra attention

The five states most often cited for extra offshore rules

If your firm operates in one of the following states, or has clients in them, pay extra attention to state-specific guidance:

  • California. CBA Article 12 Regulation 54.1 requires specific disclosure of third-party record custodians. CMIA adds additional health data considerations for medical practice engagements.
  • Texas. Texas State Board Rule §501.75 addresses outsourcing specifically and requires client notification. Rule §501.76 covers confidentiality obligations.
  • New York. NY State Board has published informal guidance on offshore preparation referencing §7216. Some firms prefer explicit standalone consent beyond the engagement letter.
  • Illinois. Illinois Public Accounting Act §23.12 references third-party assistance; suggests explicit client consent for offshore engagements.
  • Washington. Informal state board guidance recommends explicit written consent for offshore preparation engagements.

What to do when state rules are unclear

If your state's offshore-specific rules are unclear or you're operating in multiple states, the defensible approach is: (1) always obtain written client consent following the AICPA baseline, (2) use the most conservative disclosure language from any state where you operate, and (3) document the consent carefully in your engagement records. This satisfies §7216 federally, §1.150.040 ethically, and provides a reasonable defense against any state-specific challenge.

Disclaimer: This matrix is for general reference only and does not constitute legal advice. State CPA board rules are subject to change; the information above reflects research as of the date of publication and may not be current. Always verify with the relevant state board of accountancy and consult qualified counsel before relying on this information.

Related

Related resources

Template

AICPA §1.150.040

The baseline federal ethical rule that most state boards have adopted.
Template

IRS §7216

The federal statute on tax return information disclosure.
Template

Engagement Letter Addendum

Combined language covering §7216 + §1.150.040 in one document.

State compliance layer sorted – ready to start the engagement.

Book my call →