Recent massive ransomware attacks on organizations around the world demonstrate how disruptive—and in some cases destructive—cyberattacks can be. The “WannaCry” malware incident is just the latest alarm on the ever-urgent call for companies to immediately address and manage their cybersecurity risks. Every organization is susceptible to cyber assaults, making a clearly defined, flexible and robust risk management program essential to a business’s ongoing success.
Addressing an Increasing Market Need
With cyberattacks on the rise, organizations are not only reinforcing their ability to prevent attacks, but also taking steps to demonstrate that they are doing all they can to detect, respond to, mitigate and recover from attacks on a timely basis. Customers, investors, boards of directors and even government officials want to know more about what companies are doing to address cybersecurity.
The parallels between sailing and audit quality came to mind recently when I was speaking with a practitioner who is passionate about sailing. His comments about his enthusiasm for sailing reminded me of the profession’s passion and ongoing commitment to quality.
When sailors go to sea, they depend on their ships to get them to their destinations quickly and safely, conquering instability, uncertain weather conditions and unexpected obstacles along the way. In many ways, they place the same faith in their vessels as CPAs place in their firms. CPAs rely on the firms they’ve built to achieve their goals – to help them serve their clients and business communities, uphold the public interest and create thriving workplaces – as they navigate the many challenges of a fast-changing and increasingly complex environment. In both cases, a strong discipline and commitment to quality is critical to success.
The list of companies is growing. Businesses, organizations and governmental entities have suffered damaging publicity—and faced lawsuits—due to data breaches, forcing them to make cybersecurity a priority. It’s not surprising to hear, then, that 95% of CGMA designation holders said their companies were concerned about cyberattacks, according to an AICPA survey. Organizations and their stakeholders are not only seeking ways to address current and potential threats but also to gain assurance and communicate about the efficacy of their own efforts to identify and manage the potential effects of cybersecurity risks.
Stepping up to help our fellow CPAs meet businesses’ and clients’ needs, the AICPA is proposing a way for businesses to demonstrate due care and build stakeholder confidence in their cybersecurity risk management efforts. The Cybersecurity Working Group of the AICPA’s Assurance Services Executive Committee (ASEC), in collaboration with the AICPA’s Auditing Standards Board, is developing criteria and guidance that companies can use to communicate, and we can use to report on entity cybersecurity risk management efforts.
March is Women’s History Month, a worthwhile time to consider the many contributions that women have made to our country’s progress. In fact, this is also an interesting time in the history of women in the CPA profession. Given the retirement of the large Baby Boomer generation and the fierce competition for talent, it’s clear that the profession is evolving to create more opportunities and to attract and retain a more diverse range of professionals.
And that’s good news for women, because the accounting profession is a great place for us to be right now. The career opportunities for women are endless -- both in public practice and management accounting. How can you take advantage of these opportunities to find the success you’re seeking?
Here are a few tips for making the most of the options I believe are awaiting female CPAs today.
When small business owners want or need to address risk, they often turn to their CPA as a trusted adviser for guidance. Risk is a significant issue for companies of all sizes; in a recent CGMA report, “Global State of Enterprise Risk Oversight, 2nd Edition,” the AICPA and its partner, the Chartered Institute of Management Accountants, examine the challenges facing large and small companies and consider how investment in enterprise risk management can strengthen an organization’s resiliency and agility.
When organizations, particularly small ones, search for ways to minimize risk, there is a tremendous opportunity for CPAs to provide value. That’s because many companies misunderstand or underestimate the risk factors they face. Here is a look at five misconceptions that your small business clients may have about risk.
Like many of you, my background is in auditing. We launched our careers playing a vital role on an audit team. From those early days, with every engagement, we gained increased confidence in this complex discipline. We developed the understanding that our exemplary abilities to perform the audit are fundamental to the public’s trust in our profession.
In recent years, audit quality and audit relevance have become focal points for both public and private companies. It’s more important than ever for the profession to remain vigilant and uphold excellence. That’s why I’m proud that the AICPA has developed another plan, a bigger and bolder one than ever before to make this happen.
Two years ago, based on input from the AICPA’s governing Council, a task force sanctioned by the Board of Directors began exploring ways to raise the Peer Review Program’s current practice monitoring efforts to even higher levels of relevance, strength and effectiveness.
Developed with research and input from various stakeholders, the concept paper offers a glimpse into practice monitoring with a futuristic view. The paper asks us all to imagine the possibilities of what practice monitoring might look like in the next 5 to 10 years and beyond.
In an interview with CPA Letter Daily, AICPA President and CEO Barry Melancon, CPA, CGMA, reflects on the accounting profession’s successes in 2014 and discusses the opportunities and challenges of 2015. Below is an excerpt from the interview; for the full interview, watch the accompanying video.
When I was in public practice, I audited both small and large entities, in both the public and private markets. Regardless of the client’s size or its stakeholders, the success of an audit depends on the dedicated efforts of numerous professionals. One or two people may oversee an engagement and chart its course, but its ultimate quality reflects each individual’s contribution and how well the team pulls together to maintain high standards. In essence, everyone has to step up to make sure the team succeeds.
The AICPA recently launched its own team effort: the Enhancing Audit Quality initiative. AICPA President and CEO Barry Melancon describes in his recent blog post how this comprehensive, integrated effort is looking at every area that impacts the quality of private entity financial statement audits. (When we talk about private entities, we are referring to all non-SEC registrants, including not-for-profit organizations, employee benefit plans and governmental entities.)
Whether you’re new to tax season or an experienced pro, there were probably times in the months leading up to April 15that brought new meaning to the term “multi-tasking.” Helping clients sift through back-up material, preparing and filing returns and keeping abreast of tax news, is an all-consuming process. Yet, tax season is also a time when you can easily overlook opportunities to improve your practice, strengthen client relationships and foster your professional development.
With April 15 comfortably behind you, now is the perfect time to look back and identify opportunities that can help grow your practice or help manage your staff. Here are five AICPA resources you might have kept on the back burner while you were in the throes of tax season.
I continue to get requests from members on how to handle the "comfort letter" issue, as well as feedback on guidance the AICPA has developed and suggestions for how we can better advocate for our members and their clients. By way of background for those of you who may have missed my previous blog post, CPAs are often asked to verify a variety of client information for regulators, banks, insurance providers, state taxing authorities and more.
What they're asking for, basically, is a guarantee that certain information about a client is correct, such as confirmation of a client’s self-employment status; verification of income from self-employment; verification of a self-employed borrower’s business ownership percentage; and profitability or sustainability of a self-employed client’s business. While it's certainly understandable why they would want verification of this information, depending on what the request is can place CPAs in a risky situation. At the AICPA, we’ve received several inquiries from members regarding what is often referred to as "providing comfort" or “comfort letters.” However, the requests are actually “third-party verifications."
Every few years, the issue of providing clients with comfort letters – or verification documents – rears its head among our members. Regulators or banks often look for verification that certain items within a financial statement (e.g., revenue) or a tax return (e.g., income) is "right" and they want a CPA to verify it. AICPA members have even received requests for comfort letters from adoption agencies, health insurance providers and state taxing authorities.
3 Tips for
Ensuring You’re Coaching a Winning Team
I’m a sports fan. And I’m the mother of two athletic teenage
boys. I’ve watched a lot of ball games over the years, and I’d like to think
I’ve learned a little bit about coaching. Recently, I watched a basketball
game where the home team lost, but should have won.
Why do I think they lost? Coaching.
Despite the team’s collective talent, the coach allowed
selfish play and poor execution without consequence. More importantly, he
failed to adjust his strategies to counter the opposing team's strengths. Occasionally, talent alone suffices in order to win a game. Most times,
however, how that talent is deployed makes the difference between success and
As CPAs, we are increasingly called upon to use our professional
judgment in facing key auditing, tax and accounting concerns – especially as
the profession moves from being rules-based to more principles-based. We gain our
ability to apply professional judgment over time, through experience, training
and an understanding of what a reasonable person would perceive as the right
course of action under certain circumstances. We are informed by our
upbringing, by the guidance of our mentors and colleagues, and during
interactions with our employers and clients.
At some point during our careers our professional judgment is
likely to be tested.
Last month, I had the pleasure of attending the very first Women’s Global Leadership Summit,
organized by the AICPA Women’s Initiatives Executive Committee, along with
sponsors AICPA Private Companies Practice Section, the American
Woman's Society of Certified Public Accountants and the Canadian Institute of Chartered
Accountants. What an inspiring experience with a group of accomplished,
empowered women. Women from all areas of accounting gathered to talk about the
business case for creating inroads for women leaders in the profession, best
practices for onboarding, preparing and maintaining female leadership and the
effectiveness of establishing mentorship and advocacy programs.
I know many of my peers are striving to stay ahead of the
complexities of the profession, build a solid reputation and balance work and
family in an increasingly challenging environment. I came out of the Summit
feeling energized that more women are assuming leadership roles in accounting. I thought: “What advice do I wish I had heard
from my peers and role models when I was just starting out in the profession?”
you seen the CGMA
Report “Thirsty Planet”? The report expertly underscores
the need for businesses to consider social and environmental sustainability as
a means to sustain business. Ensuring that natural resources, such as water,
are safe and clean for future generations, communities and businesses to come
should be a priority for businesses.
sustainable enterprise has a clear strategy not only on how it will make money,
but also on its social and environmental impact. An organization’s ability to
create and preserve value for itself, its stakeholders and society at large,
depends on the strength of its business model;
the sustainability of the financial, social, economic and environmental
systems within which it operates; as well as on the quality of its
relationships with, and assessments and decisions by, its stakeholders. Businesses need to consider environmental and
social impacts in order to have a genuinely sustainable business that makes
money—not just because it is the right thing to do, but also because it makes
good business sense.
It’s valuable to have a perspective on the current state of firms, no matter your role in the CPA profession. Knowing the existing best practices in areas such as staffing, training and technology is important. The 2012 PCPS/TSCPA National MAP Survey, which is being fielded now through July 20, provides you the opportunity to expand your knowledge base on these hot topics. This comprehensive look at CPA firms’ key strategic data is the largest firm practice management survey project of its kind. Contribute your answers to the survey and you’ll have access to the results when complete.
A unique benchmarking tool, the PCPS/TSCPA National MAP Survey reveals key performance indicators broken down by firm size and region so that it’s possible to make meaningful comparisons among firms. It also assesses how firms are doing and spots emerging trends.