CPA Resource May 11, 2026 7 min read

The CPA's Guide to Spotting a Bad Client NDA in 5 Minutes

A field guide for accountants who get NDA questions from their small business clients — and don't want to send everyone to a lawyer.

If you've been a CPA for more than five minutes, you've gotten this question:

"Hey — a contractor we're working with sent over an NDA. Can you take a look before I sign?"

You're not their lawyer. You shouldn't be reviewing legal documents. But the client trusts you, and "send it to a lawyer" usually means a $500 bill plus a two-week wait that the client will not absorb gracefully.

So here's a middle path: a 5-minute structural review you can do yourself, before deciding whether the document needs to go to an attorney or whether it's clean enough to sign.

This isn't legal advice. It's pattern-recognition. The same way you can eyeball a P&L and tell whether the gross margin looks off, you can eyeball an NDA and tell whether it's structurally sound — without becoming a lawyer to do it.

The 5 things every NDA must include

If any of these five elements are missing, vague, or buried, the document is structurally weak. That's the moment to send it to a lawyer (or to a professional document service that will redraft it cleanly). If all five are present and clear, the document is at least defensible — and your client can sign with confidence.

1. A clear definition of "Confidential Information"

This is where most bad NDAs fail. The document says something like:

"Confidential Information shall mean any and all information disclosed by the Disclosing Party..."

That sentence sounds reasonable. It is also useless. "Any and all information" can't be enforced because courts won't protect information that wasn't actually treated as confidential when it was shared.

A good NDA defines confidential information specifically. It will list categories — financial information, customer lists, technical specifications, business plans. It will state how the information must be marked or treated. And it will carve out exceptions: information that's public, information the recipient already knew, information independently developed.

What to look for in 5 seconds: Does the definition list specific types of information, or does it just say "any and all"? If it's the latter, the document is weak.

2. A defined time period

Every NDA needs an end date. "Indefinitely" sounds protective but is rarely enforceable. A typical NDA runs 2 to 5 years. Trade secrets specifically can be perpetual, but everything else has a clock.

If the document says "the obligations of this Agreement shall continue indefinitely" without distinguishing between trade secrets and regular confidential information, it's been written by someone in a hurry — or someone who doesn't know what they're doing.

What to look for in 5 seconds: Is there a clear duration? Is it reasonable (typically 2 to 5 years for general info, longer for trade secrets)?

3. A specified jurisdiction and venue

Where would a dispute be litigated? What state's law governs? If the NDA is silent on this, both parties are exposed to forum-shopping risk if things go sideways.

A good NDA will specify both: "This Agreement shall be governed by the laws of the State of [X], and any dispute arising hereunder shall be litigated in the courts of [County, State]."

If your client is in North Carolina and the NDA specifies California law and venue, that's a problem worth flagging. It means any enforcement action requires hiring California counsel and showing up in California court. That's expensive.

What to look for in 5 seconds: Search the document for "governed by" or "jurisdiction." If the answer is somewhere your client doesn't operate, push back.

Get the free 5-point NDA Checklist →
The same five-question framework, as a one-page PDF your clients can use.

4. Mutual obligations — or a justified reason for one-way

Most NDAs are presented as one-way: the recipient promises confidentiality, the disclosing party promises nothing. That's fine in some contexts (a job interview, an investor pitch). It's not fine in many others.

If your client is going into a partnership, a vendor relationship, or any context where information is going to flow both directions, the NDA should be mutual. If it's been drafted as one-way and your client is the recipient only, your client is taking on all the risk.

What to look for in 5 seconds: Does it say "mutual" or "bilateral" anywhere? Or does it talk only about "the Recipient's obligations"?

5. Clear remedies for breach

What happens if someone breaks the NDA? A weak document just says "the Disclosing Party reserves all rights and remedies available at law." A strong document spells it out: injunctive relief is available, attorneys' fees go to the prevailing party, and there may be liquidated damages for specific kinds of breaches.

This matters because it's the deterrent. An NDA that doesn't make the consequences clear is a polite request rather than a legal instrument.

What to look for in 5 seconds: Is there a specific remedies section? Does it mention injunctive relief and attorneys' fees?

The 5-minute review in practice

Here's how a CPA can run this in real time when a client emails over an NDA:

Open the document. Use Cmd+F (or Ctrl+F).
Search for "confidential information" → check if the definition is specific or generic. (10 seconds)
Search for "term" or "duration" → confirm there's a clear time period. (10 seconds)
Search for "governed by" → confirm jurisdiction is reasonable for your client. (10 seconds)
Search for "mutual" → if absent, check whether the obligations should be two-way. (10 seconds)
Scroll to the end → confirm there's a remedies/breach section that's specific. (15 seconds)

Total: under a minute of actual reading. Three to four minutes of explaining to your client what you found.

If all five elements are present and reasonable, you can tell your client: "It looks structurally sound to me. I'm not a lawyer, so I'd recommend you read it through yourself for anything specific to your situation, but the bones are solid."

If any of the five elements are missing or weak, you can tell your client: "This document has some gaps. I'd recommend either having an attorney review it before signing, or having a professional document service redraft it."

When to send the client elsewhere

The 5-minute review isn't a substitute for legal advice. There are specific situations where the right answer is "send this to an attorney" — full stop:

The client is a defendant in active litigation
The NDA is part of a transaction over $500,000
The agreement involves intellectual property the client created and wants to protect
The other party is sophisticated (large company, deep legal team) and your client isn't
The NDA includes non-compete or non-solicit provisions that materially affect the client's business

Outside those situations, a structural review like the one above — followed by the client signing themselves, or by a professional document service redrafting if needed — is usually enough.

What about contractor agreements?

NDAs are one of three documents CPAs get asked to "just take a look at." The other two are contractor agreements and operating agreements. Each one needs its own 5-minute framework — the questions to ask are different, even though the muscle of "structural review without becoming a lawyer" is the same.

We wrote a companion piece for contractor agreements that follows the same five-question structure. If you handle a lot of clients onboarding contractors, it's worth a read: When Your Client Hands You a Contractor Agreement — A CPA's Quick Review.

When the answer is "this needs to be redrafted, not just reviewed"

Sometimes the document isn't fixable with a comment or two. The structure is broken, the definitions are too vague to negotiate around, or the client needs a fresh agreement that fits their actual situation.

Most CPAs send those clients to a lawyer. The honest problem with that handoff: it's a $500 bill, a two-week wait, and the client often disappears into the lawyer's process never to return — taking the relationship with them.

There's a third option. IntelliDoc Agency drafts NDAs, contractor agreements, and operating agreements for small businesses in 2–4 hours, starting at $75. No retainer. No discovery call. The CPA stays in the loop because the document goes back to the client through the same email thread the CPA started.

A handful of CPAs across the country have started referring document work this way when an NDA review reveals the document needs more than a sanity check. It keeps the relationship warm, gives the client a real answer, and skips the law-firm wait.

Need a clean NDA drafted?

NDAs drafted in 2–4 business hours, starting at $75. No retainer, no discovery call.

Start an Order →

Want the checklist as a one-page PDF?

We put together a free 5-point NDA Checklist your clients can use as a quick sanity check before signing anything. No spam, no retainer — built specifically so professional services firms (CPAs, consultants, financial advisors) can hand it to small business clients.

Download the 5-point NDA Checklist (free) →

This article is for informational purposes only and does not constitute legal advice. CPAs are encouraged to know the limits of their professional scope. For complex legal matters, consult a licensed attorney in your state.

Written by the team at IntelliDoc Agency — a professional document service for small businesses in the US, based in Charlotte, NC. We are not a law firm.