The increasing digitization of business has disrupted the strategic plans of many CPA firms and their clients. In some cases, technological evolutions, whether from cloud computing, social media, internet of things (IoT) and big data, has permanently revolutionized service delivery strategies. This has enabled some firms to capitalize on these opportunities and expand their market portfolio by engaging new clients and developing new services. Unfortunately, others have little to no understanding of the threats facing their business models and the resulting contraction of their market.
Even more challenging for these latter firms are new accounting pronouncements that further stretch the CPA's ability to succeed in the new digital world. As CPAs review training plans and develop strategies to acquire requisite skills to deliver needed services, they can review the following recently released publications (most of which are free), that can help jump-start CPA efforts to remain competitive for the evolving digitized environment.
Center for Audit Quality Alert No. 2016-01, Select Auditing Considerations for the 2016 Audit Cycle: This annual alert provides a high-level summary of critical issues that audit teams and their clients should be considering. Although the audit teams may be well familiar with the issues, the summary provides a great refresher for nonattest practitioners who provide management advisory services. Management accountants can use this publication to help guide them in preparing for and prioritizing projects that may need to be completed prior to the arrival of the external auditors.
The National Institute of Standards and Technology's (NIST's) Small Business Information Security: The Fundamentals: It can be challenging for small business advisers to help their clients navigate the cybersecurity landscape. Even management accountants face overwhelming challenges. The cybersecurity knowledge ecosystem provides much guidance. However, this guidance can be quite confusing for the small business market. This confusion arises from "well-intentioned" consultants producing white papers whose advice can at times appear more complex than needed or reputable guidance that is directed to larger organizations. This publication satisfies both challenges. It contains reputable guidance tailored to small business needs.
AICPA Assurance Services Executive Committee's Proposed Description Criteria for Management's Description of an Entity's Cybersecurity Risk Management Program: The new exposure draft outlining criteria for an attest engagement on cybersecurity can also be used as a reference to guide practitioners on cybersecurity risks faced by their own firms. For example, firms can use the criteria as a self-assessment tool to understand how the firm is addressing cyber risks.
Verizon's 2016 Data Breach Investigations Report: This annual report provides a yearly reflection and study of actual breaches enabling readers to learn and plan for breach attacks. The well-respected report, which is referenced by cybersecurity practitioners, also contains two unique sections. The first analyzes breaches by industry enabling the focused and relevant analysis of breach prevention strategies for a business. The second identifies common misconceptions about cybersecurity protection that can contribute to ensuring the appropriate alignment of security investments with actual risks.
The Center for Internet Security's Critical Security Controls (formerly known as the SANS 20 Controls): This is a well-regarded resource that identifies the most pervasive and dangerous cyberattacks. The list is frequently cross-referenced to other well-known frameworks including the NIST's Cybersecurity Framework. Users appreciate the publication's prioritization of threats, plain-English explanation of the threat, and recommended actions.
The AICPA Audit Analytics and Continuous Audit: Looking Toward the Future: This series of essays imagines the future of traditional CPA services, especially from the audit, assurance, and continuous monitoring perspective. Some of these scenarios are more mature than others as the publication also includes a small number of case studies illustrating what is actually implemented today. These cases complement the academic research that provides the foundation for understanding how analytics and continuous auditing can better position the CPA to remain relevant throughout the 21st century.
Financial Executives International's Data Analytics and Financial Compliance: How Technology is Changing Audit and Business Systems: This research publication based on interviews with practitioners in both public and private accounting provides a current and realistic perspective on how analytic technology is used within the accounting community to address digital challenges. Readers will appreciate the frank discussions of the challenges faced in attempting to implement desired automated and analytical solutions to enhance the effectiveness of the audit service provided.
The Association of Certified Fraud Examiners' 2016 Report to the Nations on Occupational Fraud and Abuse: The report provides analysis, perspectives, and costs on how occupational fraud is committed throughout the world. As many of the reported frauds are committed by insiders, it highlights the need for focused efforts including technology-based controls. Details, including graphs and numerical aspects of fraud, can facilitate the communication of fraud risks to clients.
With the rapid adoption of cloud infrastructure services, CPAs would do well to develop a basic understanding of what these services offer and how they can be used to better achieve business objectives. Both Amazon Web Services and Microsoft Azure provide videos and tutorials that can help practitioners learn about critical features, costs, and benefits of using these platforms.
By investing time with the above references, CPAs can develop basic competencies to help their clients or employer navigate some of the more critical digital risks as the latter pursue business strategic objectives.
Joel Lanz, CPA/CITP/CFF, CGMA, is the founder and principal of Joel Lanz, CPA PC, a niche CPA practice focusing on information assurance, technology risk management, and security. He also chairs the AICPA Information Management and Technology Assurance Executive Committee and is an adjunct professor in the business school at The State University of New York at Old Westbury in Old Westbury, N.Y.
