« July 2017 | Main

14 posts from August 2017

Getting Ready for Assurance Has its Benefits

Cyber

 

In recent months, sweeping global cyberattacks have taken thousands of businesses offline, compromising valuable data and blocking access to critical services and information assets. If it wasn’t clear before, it is now: cybersecurity is a business imperative with direct implications for overall company value. Prior to this spring, and without a common language or benchmark for cybersecurity, how do you quantify and communicate your cybersecurity risk in a meaningful way?

Enter the AICPA’s cybersecurity risk management reporting framework. Unveiled in April, the framework is intended to standardize the way organizations define their cybersecurity objectives and report against those standards in a format that works for all stakeholders.

At BDO, we work with clients to leverage the reporting framework in two key ways:

1) to design and assess a comprehensive cybersecurity risk management program, taking into account industry best practices and regulatory requirements; and

2) to undertake an examination-level attestation engagement, known as a SOC (system and organization controls) for cybersecurity examination.

BDO has been providing advisory services on cybersecurity strategy and risk management for some time. Before the new AICPA cybersecurity engagement guidance was even released, client questions started rolling in—how do we evaluate our cybersecurity risk management program? How do we talk with our board about it? What can we do to convince our clients and investors their data is safe with us?

Although a number of strong frameworks and standards have been in the cybersecurity space for some time, they are designed for an IT-savvy audience and are difficult for nontechnical stakeholders to understand. Unlike other frameworks, the AICPA’s reporting framework was designed to enable users to compare an entity’s cybersecurity efforts to that of other organizations while maintaining a degree of flexibility.

BDO uses the AICPA’s reporting framework when performing a SOC for Cybersecurity examination, which takes an enterprise-wide look at cybersecurity risk management, as opposed to focusing in on system controls relevant only to a service provided to an outside party. A SOC for Cybersecurity examination is a natural extension of the work CPAs are already trained to do: We look at controls and processes and quantify risk in a standardized way. In our traditional attestation work, we’re already assessing cybersecurity risk in terms of the potential financial impacts. Now, we’re looking a level deeper, examining cybersecurity controls not just in terms of financial risk, but to the extent that they can help the entity achieve its cybersecurity objectives.

Many companies will find they haven’t yet reached the level of maturity necessary to receive an unqualified opinion in a SOC for Cybersecurity examination—which is why we recommend most companies start with an internal readiness assessment before undertaking that engagement. An internal readiness assessment gives companies a snapshot of their current overall cybersecurity health—for example, whether their cybersecurity controls align with their overarching cybersecurity objectives, if resources are concentrated in the right places, and whether there are gaps in their existing controls that need to be remediated. After performing the internal assessment, we work with the organization to develop remediation strategies or to reprioritize cybersecurity investments as needed, and communicate those changes across the organization.

In addition to SOC for Cybersecurity, the AICPA has announced plans to address other system and organization (SOC) engagements. First, the AICPA is in the process of updating the SOC 2® Guide, Reporting on Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality or Privacy, to align it to the clarified attestation standards and to the 2017 Trust Services Criteria, which are used as measurement criteria for the engagement. The SOC 2 guide is expected to be issued by year end.

Second, the AICPA is developing a new attestation examination and related guide addressing vendor supply-chain cybersecurity risk that will enable CPAs to examine and report on controls relevant to the security, availability, information processing, confidentiality, and privacy of manufacturers and distributors to enable entities who use their services to assess the risks in their supply chain and distribution networks. The vendor/supply chain guide is expected to be issued in 2018.

We see the AICPA’s SOC for Cybersecurity examination, which is performed using the cybersecurity reporting framework, as the beginning of a rapidly growing new practice, bringing together the discipline of an auditor with the tech savvy of our cybersecurity professionals. Firms can explore this opportunity by accessing the AICPA’s Private Companies Practice Section (PCPS) Building a Cybersecurity Practice toolkit. You’ll find resources that help you assess clients’ cybersecurity needs.

To find the AICPA’s cybersecurity risk management reporting framework, visit aicpa.org/cybersecurityriskmanagement. For more information on cybersecurity, visit the AICPA’s Cybersecurity Resource Center at aicpa.org/cybersecurity.

Jeff Ward heads BDO’s AICPA SOC for Cybersecurity/Third-Party Attestation National Practice and is a member of the AICPA’s Assurance Services Executive Committee’s (ASEC) Cybersecurity Working Group, which developed the new cybersecurity risk management reporting framework.

Gregg Garrett is the Head of International Cybersecurity in BDO’s Technology and Business Transformation Services practice.

Cybersecurity courtesy of Shutterstock.

Fighting His Way Out of IRS Penalties. Literally.

BoxingIRS penalties and fees have caused a fair amount of consternation among taxpayers in the past, but in what might be a bout for the record books, we could witness the first time a taxpayer literally fights to pay what they owe and reduce penalties.

Floyd Mayweather, widely regarded as one of boxing’s greatest, apparently owes the IRS unpaid 2015 taxes. The boxer’s recent tax court petition seeking an installment agreement with the IRS might represent his first foray into the super heavyweight category.

Mayweather’s 2015 fight against Manny Pacquiao reportedly earned him as much as $220 million, and likely represents a significant portion of his income to which the taxes are due. The $22 million Mayweather reportedly owes is tiny relative to his estimated net worth, but net worth doesn’t need to be liquid. And as penalties and interest accrue over time, it’s a safe wager the bill could amount to a knock-out blow.

The boxer has requested in his petition that the IRS await payment until his August 26 fight with Conor McGregor, which he claims will provide the liquidity he needs to meet his tax obligation: the fighter’s guaranteed purse from the 2015 Pacquiao fight was $100 million, and his upcoming fight with McGregor is expected to earn him a similar amount. Again, keep in mind, that’s the guaranteed purse—win or lose. The final amount to the winner is a composite of various factors that could boost Mayweather’s take as high as $400 million.

Continue reading "Fighting His Way Out of IRS Penalties. Literally." »

Tips for Eclipse 2017

EclipseOn Monday, August 21, a total solar eclipse will move across 14 states of the country. The last time this was visible in the United States was on February 26, 1979. The next won’t happen until October of 2023. Given their rarity, it’s understandable why a total eclipse has people excited and even taking time off from work to watch.

Even if you’re not in the path of the total eclipse, you’ll at least be able to see a partial eclipse from most places in the U.S. Below are some tips to prepare for the event and make the most of your experience.

Check what you’ll see in your location.

Take a look at this website prior to the eclipse to see what percentage of the eclipse you’ll be able to view. The website recommends looking at multiple zip codes around you to make sure you get the best view possible. This will also determine if you want to make travel arrangements or stay put.

Continue reading "Tips for Eclipse 2017" »

3 Tips for Millennials Who Want to Give Back

Almonte David 01As a young accountant who recently passed the Exam, things are going very well for you. You have gotten into a rhythm and you know the ropes. But, you’re looking to make a difference in your community – have you considered volunteering at a nonprofit?

David Almonte, CPA, CGMA and member of the AICPA’s National CPA Financial Literacy Commission, knows the merit of giving back. He was taught from an early age the value of education, a strong work ethic and volunteerism. Additionally, his skills as a CPA have given him the opportunity to make a difference in peoples’ lives. He frequently gives presentations across the country, many of them focusing on his main passion: financial literacy. By providing free and accessible resources from websites like 360finlit.org and feedthepig.org, Almonte hopes to break down the walls that very often lead to financial insecurity.

Like Almonte, you too can use the skills you’ve gained throughout your career to give back. Not sure where to begin? Here are three tips to jumpstart your community service:  

  • Brag a little. You’d be surprised by how many of your talents align with activities you genuinely enjoy. Write down your talents, then research various volunteer opportunities that utilize your skills. For example, are you a pro at creating a résumé, or know exactly how to nail an interview? Oftentimes, local homeless shelters seek out professionals to lead workshops that help clients get back on their feet. Or maybe you love writing – so find a small nonprofit that needs help keeping up its blog. Just as David uses his passion for financial literacy to give back, there are countless other needs in your community. All you have to do is look.

Continue reading "3 Tips for Millennials Who Want to Give Back " »

6 Planning Ideas for Advising Entrepreneurs

Advising entrepreneursIf you work with entrepreneurs or small business owners, you likely have an appreciation of their vision, determination and work ethic.  You may also have run into some common hurdles that can derail their finances.  By focusing on the following planning considerations, CPAs and advisers serving entrepreneurs can keep their clients’ business and personal finances on track.

Choose an appropriate business form

Helping entrepreneurs evaluate key tax and nontax factors when selecting a business entity is not only important to the business’ financial success, but also the owner’s.

Should they operate as an S or C corporation, partnership, limited liability company or sole proprietorship? What are the classes of ownership, special allocations, basis, liability, elections and distributions for each structure and the impact of these factors on the owner? Navigating these complex decisions is crucial to getting their business off on the right foot. If you are an AICPA Personal Financial Planning Section member or CPA/PFS credential holder, see Chapter 18 of The Adviser’s Guide to Financial and Estate Planning for a comprehensive overview of entity selection.

Continue reading "6 Planning Ideas for Advising Entrepreneurs" »

How Relaxation Can Improve Concentration

RelaxIt’s not surprising that National Relaxation Day (Aug. 15) is observed in the thick of summer because, for many, ideal relaxation involves lounging on a tropical beach and just feeling away from it all. For me, however, snowboarding is a great way to relax. When I’m carving down a beautiful snow-covered mountain, I’m able to allow my concerns to drift off into the background. From these two examples, it’s plain to see that perceptions of what constitutes relaxation vary.

Relaxation does not inherently require us to be inactive or unplugged from our normal routine. Perhaps you make room in your weekly schedule to take a morning run, practice yoga or spend some time in your garden. These activities may be great when we can engage in them, but how can we find other ways to help us relax the rest of the time, which is most often spent at work? One way to find some space and peace, no matter where we are, is through the practice of mindfulness.

Continue reading "How Relaxation Can Improve Concentration" »

Most Passwords Are Easy to Guess. Do This Instead.

Password2You’re doing your passwords all wrong.

So says the developer of the guidelines most internet users have been following for 15 years, anyway. Passwords that L00K l!ke tHi$ are actually much more susceptible to hacking than most people realize, says Bill Burr, former manager of the National Institute of Standards and Technology (NIST) and author of the NIST’s 2003 recommendations for password management.

In an interview with The Wall Street Journal, Burr said that his previous advice to use numbers, symbols and randomized capitalization resulted in people creating passwords that are easy for computers to predict.

A more secure option is to use four random words, such as “that purple monkey dishwasher.” Such a phrase is actually much more complicated for computers to guess, The Wall Street Journal reports. (Cartoonist Randall Munroe explained the math in a comic six years ago.)

Some password advice remains relevant, however: avoid using birthdays or anniversaries, your kids’ names or your address, as all of this information is easy for hackers to locate. Additionally, use different passwords for each of your accounts and avoid storing them where they can be easily seen or stolen.

Continue reading "Most Passwords Are Easy to Guess. Do This Instead." »

4 Things You Need to Know About Gender Equality

Women in professionFor decades, women and men have been entering the accounting profession in equal numbers. As a result, you might reasonably assume that women are now at or near parity with men at the leadership level. However, that assumption would be wrong. Only 24% of CPA firm partners are women, according to AICPA statistics. Another recent study found that only 17% of audit partners are women. If these qualified professionals aren’t reaching the top levels, firms are clearly missing out on a lot of talent.

The AICPA Women’s Initiatives Executive Committee’s (WIEC) CPA Firm Gender Survey, first distributed in 2015, is designed to identify trends in women’s leadership over time. It informs practical solutions for firms that want to make the most of their talent and prevent the loss of leadership potential. The results provide a unique spotlight on trends related to diversity in leadership and suggest solutions on how best to address them. As we launch the second iteration of the survey this year, I’m reminded of a few of the many valuable insights that the last survey revealed, along with some of the questions firms might want to ask themselves in light of those findings. The lessons learned—and the value and perspective they can offer to CPA firms—underscore the benefits of participating in the survey. Outlined below are a few key takeaways from the inaugural CPA Firm Gender Survey.

Continue reading "4 Things You Need to Know About Gender Equality" »

One Attestation Engagement that Can Save the Planet

SustainabilitySustainability assurance is a growing field for CPAs. While reporting on this topic remains voluntary, over 82% of the S&P 500 publish some type of sustainability report, up from 20% in 2011. Furthermore, 73% of portfolio managers and research analysts take sustainability matters into account when making investment decisions and 69% of them believe it is important that such information be subject to independent assurance.   

Sustainability reporting encompasses information about an organization’s environmental, social and governance performance and can range from a full sustainability report to a greenhouse gas statement to information about select sustainability topics. As companies look to increase the credibility and reliability of their reported sustainability information, they are engaging CPAs to provide assurance on this information.  

Continue reading "One Attestation Engagement that Can Save the Planet " »

Discounting Tax Services: Good or Very, Very Bad?

DiscountPeople love discounts, coupons and the perception of saving money, even when they actually aren’t. But there is another side to the discount, and that’s the product or service provider’s. When they discount their offering, they are losing money, right? Not always.

The Good

The discount is a common and time-honored marketing tactic. It can be a powerful tool. There are a few ways discounts are used to the benefit of the provider. A few of these include: loss leader, introduction/new business and reconciliation.

The loss leader is a simple concept: by heavily discounting an offering (sometimes to cost), you get clients in the door where they will hopefully purchase additional, non-discounted offerings or upgrade from the discounted offering to a superior one that is full price.

In product or service introductions, either the product or service is new, or the client is. The idea is that the discount is used to lure the client in, give them a taste of how good the offering is, and hopefully turn them into a regular customer who pays full price.

Continue reading "Discounting Tax Services: Good or Very, Very Bad?" »

FASB Addresses Accounting for Grants and Contracts

ContractsThe Financial Accounting Standards Board (FASB) recently issued an exposure draft, Clarifying the Scope and the Accounting Guidance for Contributions Received and Contributions Made, which is intended to address questions stemming from their revenue recognition standard (ASU No. 2014-09) regarding its implications on the grants and contracts of not-for-profit organizations. Specifically, do not-for-profit grants and contracts fit the definition of a contract with a customer, such that the new revenue standard would apply? Or are they more appropriately classified as contributions, which would exclude them from the scope of ASU 2014-09 and instead require the application of contribution guidance? More on that below.

The FASB exposure draft clarifies that the first decision to consider is whether the transaction is reciprocal (an exchange) or non-reciprocal (a contribution). That is, does the donor or grantor “receive commensurate value in return for the resources provided?” If so, then the asset transfer is an exchange transaction. It is important to note that societal benefit—even if it furthers the resource provider’s charitable mission—is not commensurate reciprocal value.

Continue reading "FASB Addresses Accounting for Grants and Contracts" »

Plan Smart: Banishing Time Wasters

“I cannot make my days longer so I strive to make them better.” –Henry David Thoreau

Time wastersTime is money

We’ve heard the proverb many times. But when it comes to balancing client needs along with all of the nuances of leadership in a practice, time often really IS money. How many times have you looked at the clock and realized the day was half over before you’d had a chance to accomplish even a fraction of what you’d initially planned? A 2014 study found that only 13% of advisers report feeling in complete control of their time. Alarmingly, an overwhelming number of professionals frequently experience time drains that inhibit their relationships with clients, the growth of their business, and their own personal and professional productivity. Thankfully, there are some very easy-to-implement solutions that most CPAs can put into practice today to combat the time wasters in their daily schedule.

Continue reading "Plan Smart: Banishing Time Wasters" »

Key Facts about a New SAS on Exempt Offerings

SAS 133A municipal government issues a bond offering after the audit report date. Or a franchisor is getting ready to prepare its annual update to its franchise disclosure document. What are the auditor’s responsibilities in each case? Practitioners with governmental clients are probably familiar with long-standing guidelines to address involvement with municipal securities offerings, however a recently issued auditing standard expands those best practices into required guidance for all exempt offerings.  

What’s the Background?

The Auditing Standard Board’s Statement on Auditing Standards (SAS) No. 133, Auditor Involvement With Exempt Offering Documents, applies to exempt securities or franchise agreements when the auditor is involved. The Securities and Exchange Commission (SEC) oversees a significant regulatory framework for publicly traded offerings, setting rules on what types of information and documents must be filed and when, and on auditor involvement. Some offerings, such as municipal securities, franchise offerings, crowdfunding, and short-term commercial paper with a maturity of nine months or less, are exempt from SEC registration rules. Exhibit A in the new SAS includes a list of exempt offerings.

Continue reading "Key Facts about a New SAS on Exempt Offerings" »

3 Factors Driving Single Audit Quality [Infographic]

Single audits are a highly specialized type of compliance audit performed on states, local governments and not-for-profit organizations that expend $750,000 or more of federal assistance in a single year. Given that both the public and federal agencies rely on single audits to confirm that these organizations are managing federal funds appropriately, it’s important that firms perform high-quality single audits.

That’s why the AICPA Peer Review Program recently conducted a study to determine which factors made a difference in single audit quality. Take a look at the infographic below to learn more about the three quality factors the AICPA identified and the steps firms can take to perform high-quality single audits. 

Continue reading "3 Factors Driving Single Audit Quality [Infographic]" »

Subscribe

Subscribe in a reader

Enter your Email:
Preview