At this time of year, there’s plenty of “spookiness” to go around – the new Halloween movie, haunted houses, people incessantly arguing about politics on Facebook (just to name a few). Luckily, starting a small business doesn’t have to be something that makes your hair stand on end.

To calm potential entrepreneurs’ fears of starting a small business, I wanted to learn about some of the most popular myths – and hopefully put them to rest. Amy Wang, CPA and senior manager of the Tax Advocacy & Policy team at the AICPA and Margaret McNab, founder and co-organizer of the Freelance League of North Carolina, joined me on #CPApowered’s new podcast, The Small Biz Brunch, to discuss just that.

Myth #1: Side Hustles Aren’t Taxable

Halloween used to scare me. I was sure that monsters — specifically zombies — were out to get me. But I’m not afraid anymore because I faced down a nameless ghoul who did more actual harm to me than any imaginary monster could ever do.

It all started one fateful day when an identity thief used my name, Social Security number and birth date to file a fraudulent tax return, netting the fraudster a $4,000 refund. While it was an excellent payday for the thief, it was the start of some major headaches for me.

By the time I found out what happened, I was on the hook for more than $14,900 (including supposed unpaid taxes, penalties and interest). Fresh out of grad school with high student loan debt, rent and health insurance payments, I was completely unprepared to weather this storm.

As a CPA or CGMA, you excel at getting into the weeds. Whether it’s a reporting discrepancy or buried tax provision, you will find it. More importantly, you know how to arrange those weeds to form a bouquet that helps your client.

Now, with software spouting numbers on everything from revenue and sales to “likes” and clicks, a new business opportunity is opening up, one that lets you use that great analytical mind to serve clients who desperately need help with getting a grip on all that data.

“CPAs are ideally positioned to be able to step in and do that type of work.” said Dan Griffiths, CPA, Strategy and Leadership partner at Tanner LLC. Griffiths ought to know. In addition to Tanner’s tax and audit practices, the firm has stretched its accounting arms to carry a range of specialty consulting services such as strategic planning, cybersecurity and, now, data analytics.

As CPAs, we’re always interested in numbers, so let me share an interesting statistic: The United States Census Bureau has projected that  groups now considered ethnic minorities will make up the majority of the population by 2042 with Hispanics being the second largest racial or ethnic group and second fastest growing.

According to market research by Nielsen, there are about 57 million Hispanics in the U.S., or 18 percent of the population, making them an important demographic to any business – including CPA firms. Is your firm ready to engage with these potential clients and staff? There are a few insights that can help CPA firms connect with this burgeoning business and talent market.  

You’ve seen all the news stories: Cyberattacks are happening almost daily, and they can have devastating consequences. You know you need to protect your organization’s data. But where do you even start?

A cybersecurity framework can guide you in the right direction. These frameworks help you design a cybersecurity risk and controls process that is right for your organization. Whether you’re interested in helping set up your own organization’s cyber program, or you’re interested in providing assurance on other organizations’ cybersecurity systems, you should be familiar with different cybersecurity frameworks and what types of companies they’re best for. I’ve listed a few common ones you should know about below.

While I’m not a good baker, when I talk to CPAs who are new to the governmental auditing area and need to understand what the “Yellow Book” is, I often explain using the analogy of a multi-layered cake. The bottom layer of the cake is the AICPA auditing standards, which are the basis for most Yellow Book audits. The second layer of the cake (let’s make it a yellow layer!) adds standards issued by the Government Accountability Office (GAO), known as the “Yellow Book” or Generally Accepted Government Auditing Standards (GAGAS) that build upon the AICPA rules. Finally, if your client gets federal funds, there may be a third layer of the cake that consists of compliance auditing requirements.

The big news for auditors right now is that the GAO has issued a 2018 revision to the Yellow Book which will change the ingredients for the middle layer of the cake. If you audit federal, state or local governments, or not-for-profits, whose audits are subject to the Yellow Book, you should begin updating your recipe card so your cake turns out right. 

On August 19, 2018, I checked something off my bucket list: I completed the IRONMAN® Mont-Tremblant triathlon – a 2.4 mile swim, a 112 mile bike ride and a 26.2 mile run. I wasn’t particularly fast — it took 15 hours and 40 minutes to finish — but it was an amazing day in beautiful Quebec, Canada, that I will never forget.

As an adult, I developed a love of running to help stay active and reduce stress. When I turned 40, I got into triathlons to mix it up a bit. For many years, I wasn’t very athletic. So it was pretty shocking to many that I had undertaken such an intense activity.

Now, having run countless miles, I’d like to share some of the lessons I learned while training and running. I find they cross over into my everyday business life.

Unless you’ve recently installed a flux capacitor in the family mini-van, you probably can’t predict the future. But human nature is insistent in its curiosity, so predictions do persist. Weather, gambling, investing…many things we do and experience prompt a desire to know what’s coming next.

The Association of International Certified Professional Accountants recently announced the Watchlist, a semi-annual list of trends, technologies and possibilities that could affect the accounting profession. The list is divided into three areas: things happening now, things that might happen soon, and things that might happen eventually. Each topic is related to how CPAs do their work, and a few of them might actually surprise you.

Unlike Marty McFly’s sports almanac, the Watchlist isn’t predestined. That aside, both do the same thing: use data to make predictions. But a small problem creeps in: what data do you use?

Is there even a day that passes anymore in which you don’t read, hear or watch a story about the wonders of technology? New apps, new computer systems and entirely new technologies are emerging and being put into practice at dizzying speeds. Cutting through the noise and knowing which technologies are best for your planning practice can be complicated, but ignoring the value technology can add to your practice carries a heavy price in lost efficiency and opportunity.

Are you still driving a manual?

Spreadsheets used to be the go-to tech for organizing and assessing a client’s finances and your resulting financial plan. Handy but labor-intensive, spreadsheets were and are prone to errors and omissions. Other old-school trappings like physical copies of client’s financial data, wills or healthcare directives presented other problems related to security, inaccessibility or loss of the paperwork due to disaster or misplacement.

When I first saw the word smishing, I assumed it was some new lingo the kids came up with to further stump us adults. But then again, this is coming from someone who didn’t know what ‘on fleek’ was until it was no longer cool to use. (It’s okay if you still don’t know what that means.)

Jokes aside, smishing is a very serious matter – and since October is Cybersecurity Awareness Month, it’s the perfect time to discuss it.

What is smishing?

According to Experian, a credit reporting bureau in the U.S., smishing is yet another tool used by cybercriminals to obtain personal information and steal identities. You’ve probably heard of ‘phishing,’ which is an attempt to get people to provide sensitive information via email, like credit card numbers or passwords. Smishing is a mashup of SMS (short message service) and phishing.

If you have a small firm, you know how much of your valuable time can be eaten up with things that don’t generate revenue, such as administrative duties and staffing headaches. So, the thought of doing one more thing might seem overwhelming. But what if it’s the one thing that catapults your practice to the next level?

“We talked about doing a client poll a million times, but never seemed to find the time,” explains Jim Davidson, CPA, of Davidson and Nick CPAs in Naples, Florida. “This past year we had a lot of new staff. We wanted to know what clients thought we did well, and what we didn’t.”

What Jim learned didn’t exactly surprise him, but it did give him some good ideas. After 30 years of practicing in a town known as a retirement mecca, it wasn’t a revelation to learn clients were looking for estate and trust planning. But Naples is nearly bursting with those services already. Surely his clients are getting them elsewhere?

The thing I enjoy most in my role as Chair of the AICPA is the time I get to spend talking to members from across the profession about the issues most important to them. What’s clear to me is we’re all facing the same challenge of staying ahead in a fast-changing world. But we’re unique in how we confront this challenge.

This is especially true with small firms and sole practitioners, which play a powerful role as trusted advisers for their clients and communities. Firm owners wear many hats — human resources, business development, marketing and service providers. As the pace of change speeds up, it’s hard to manage the day-to-day and prepare for the future.

How many emails does your firm receive in one day?

Whatever the number, there’s a good chance a chunk of it is malware. According to a 2018 report compiled by Symantec, Corporation, one in 412 emails contained malware in 2017. For businesses with less than 250 employees, this rate jumped to one in 376 emails. When you consider just how many emails the average office worker receives in a week, things can look a little scary.

Cyberattackers represent a growing and evolving threat to CPA firms. Perpetrators are seeking sensitive client information, financial records and firm data like PTINs using any method available to infiltrate your defenses. And a lot of times, it works.

Understanding how to ward off these attacks is half the battle. Learn how to dispel common misconceptions about cybersecurity so you can be better prepared to face down any threat to your data.

Fall has finally arrived. The change in season is the perfect time to evaluate your firm’s inner workings and maybe even switch up your routine. Are your staff and clients happy? Are you fostering a work environment where staff feel energized, supported and have growth opportunities available to them?

People need the right blend of opportunities, challenges and accomplishments to achieve optimal success. And when the environment is right, growth can flourish. We asked three successful firm leaders how they’ve nurtured their firm’s cultural climate. This is what they said:

1. Define your desired culture and core beliefs.

Your clients may feel like October 15 is still far away, but you know better. Completing a return that is on extension takes time, and you’re getting worried because you don’t have all the information you need. Calls and emails to the clients aren’t producing results. 

You may feel like you’ve seen this movie before, and perhaps it’s time to write a new script. Here are a few actions you can take to address the issue.

1. Issue an alert

Ideally, you sent clients an engagement letter at the beginning of the year that spelled out deadlines and responsibilities of both parties, as well as the consequences if the client does not produce information required to complete a timely return. These letters are important, as they protect the practitioner and make the client aware of the consequences of procrastinating. If your engagement letter didn’t include a deadline, set this now and notify your client by certified mail. 

In an era of near-daily cyberattacks, organizations increasingly need to show they are protecting sensitive data—and they are turning to CPAs to help them do so.

SOC reporting isn’t something auditors should learn on the job or figure out as they go, though. If you’ve been thinking about expanding your firm’s offerings to include Service and Organization Control (SOC) engagements, there are a few things you need first.

1. You need to be knowledgeable in the service area

Specialized knowledge of an industry or organization is vital for understanding where risks are, assessing those risks and adjusting procedures to the appropriate risk level. As such, focus your SOC practice on areas with which you are already familiar.