Author: FFC

News

Why CPAs Should Learn about Integrated Reporting

Post author By FFC
Post date October 18, 2016

Why CPAs Should Learn about Integrated Reporting

Integrated reporting is receiving a growing amount of coverage worldwide lately, from both academics and from the accounting profession, and this trend shows no sign of slowing down. Books, research articles, presentations and other publications that highlight the potential opportunities of integrated reporting are becoming commonplace. The International Integrated Reporting Council has developed a plethora of resources including case studies and reports that provide a solid introduction to this topic. But a fundamental question remains unanswered. In terms of day-to-day implementation and data that can be acted upon, what exactly is an integrated report, and what does it mean for the CPA profession?

What is it?

An integrated report focuses on the financial performance of an organization, but also includes operational and qualitative information not typically contained in a 10-K. Proposed and supported by the International Integrated Reporting Council, the framework includes information about financial capital, manufactured capital, intellectual capital, human capital, social and relationship capital, and natural capital. In essence, integrated reporting attempts to convey a more comprehensive view of the organization than simply reporting financial performance. Underpinning this idea is the reality that, while financial results are analyzed by shareholders and other end users, the strategic management of the six capitals and operational data, including qualitative data, drive those financial results.

What it means for CPAs

CPAs traditionally have occupied the role of financial reporting experts, and play an important part in communicating the performance of the organization to internal and external users. Expanding beyond this traditional role and scope of work is a topic widely discussed at accounting conferences and among accounting professionals. Integrated reporting provides an opportunity for CPAs to assume a more leadership-focused role within organizations and the decision making process. As the individuals who most thoroughly understand the information being reported, it is logical that CPAs seize this opportunity to improve the relevance of information distributed to end users.

How to find out more

While integrated reporting is an emerging field, there is an abundance of information available for CPAs wishing to learn more about . The IIRC webpage referenced above is a terrific resource for research on this topic. Additionally, organizations around the world, including the AICPA and CIMA, have dedicated efforts designed to explore this emerging area. Additionally, and perhaps the best way to embrace the idea of integrated reporting, is to be proactive in both the search for information and the application of this information to a company or industry. In an increasingly stakeholder-oriented business environment- that includes growing numbers of groups such as environmental and governance agencies interested in the performance of an organization, as well as investors that adopt longer-term, sustainable strategies- CPAs who embrace the opportunities of will be well positioned for success.

Sean Stein Smith, DBA, CPA, M.S., M.B.A., CMA, CGMA, Assistant Professor, Rutgers School of Business – Camden. Sean serves on the AICPA National CPA Financial Literacy Commission. He is a member of the NJCPA Content Advisory Board, Student Programs & Scholarship Committee, Young CPAs Council, Nonprofit Interest Group, and Accounting & Auditing Standards Interest Group. He can be reached at drseansteinsmith@gmail.com.

Employees around a table image courtesy of Shutterstock

Four Steps to a Happier, Successful “Business” Retirement

Post author By FFC
Post date October 13, 2016

Four Steps to a Happier, Successful “Business” Retirement

As CPA financial planners and advisers, we spend a considerable amount of time addressing the technical aspects of IRAs, 401ks and defined benefit plans. We work to convert enterprise value into retirement assets. We consider diversification, funding strategies and tax implications.

Those issues are important, but it can be the personal and emotional aspects of helping your clients retire from their businesses that set you apart from other planners. Here are four critical steps to help you be a better partner to your clients who own a business.

Step One: Adjust the Conversation

The first step, and for many retirees the hardest one, is the mental adjustment of retiring after decades building a business and creating value. Then, one day, they sign a contract and turn those work responsibilities over to others.

Many then wonder, “What’s my purpose?”, and the answer can be difficult. Golf and travel are enjoyable, but they are not enough for many retirees. As their adviser, you can help a great deal simply by starting the conversation.

For example, ask your client something like this: “Is there a dream you’ve always had, but couldn’t pursue while you were building the business?” Clients must define this picture, but you can suggest the coloring by providing insights from their practice, creating a new frame of reference and encouraging an open dialog.

Step Two: Define Success

When we ask a retiring client to create a “purpose statement”, we get a few funny looks.

We create a financial plan with asset allocations, income streams and Monte Carlo projections that extend many years into the future, so why not also create a mission statement for the next stage in life?

Start by asking some basic questions: What are your personal goals? What are the expectations of your spouse, children or grandchildren? Do you have a favorite charity? Discuss these issues early in the process and put the answers in writing. Even though this sounds like a formal approach, the process gives the client more control to determine his or her future. From experience, I can tell you they really enjoy the journey.

Step Three: Identify Successors

If your client owned his or her own business, the next step is selecting who will inherit or purchase the business, who will run it, and what, if any role, the retiree will play going forward. This decision may require balancing family relationships, financial expectations and hopes for the business.

Most owners want the business to go to someone who will add value, not just inherit and live off of it. Children may have differing or competing ideas about the future of the business, and conflict is not unusual.

That is why organizing a formal meeting can be helpful. Participants should be encouraged to discuss their expectations, ask questions and express their concerns. I encourage what we call “intentional listening:” connecting with clients to help identify and address potential problems with the transition.

Step Four: Implement the Changes

The final step initiates the formal process of shifting the client’s role from owner to retiree. If you have addressed the first three steps carefully, you will have gained the retiring businessperson’s confidence and this should be a smooth transition.

After all, by now the client knows his or her direction and purpose, the financial situation and the future direction of the business. To guide this final step, develop a process checklist and address options to liquidate assets, such as the enterprise value of the business. Communicate with the seller and buyer as to assets of value that are not integral to the continued operations of the company. These assets may be sold prior to the transition of successor management operations.

AICPA members can access this sample checklist and can use it as a guide – and you can customize it to your own needs and the needs of your clients.

A good financial adviser can handle the technical aspects of a business retirement. To become a true partner, go a step further and tackle the personal and emotional challenges faced by your clients. These four steps are part of a webinar I recently presented “Retirement Planning for the Business Owner.” Members of the Personal Financial Planning Section may access the recording and slides here.

Jimmy Williams, CPA/PFS, president and founder, Compass Capital Management, LLC. He specializes in creating plans for retirees and near-retirees utilizing tax-efficient strategies. Jimmy has written technical articles for U.S. News & World Report, The Planner Newsletter, Tax Adviser, CPA Insider and the Journal of Financial Planning. As a national conference speaker, he has authored and presented courses in professional ethics, tax planning, leadership, motivation and financial planning techniques.

Retired couple image courtesy of Shutterstock

3 Steps to Mitigate and Respond to a Security Breach in the Cloud

Post author By FFC
Post date October 11, 2016

3 Steps to Mitigate and Respond to a Security Breach in the Cloud

The AICPA is participating in National Cybersecurity Awareness Month with a series of blog posts to help CPAs understand the role they can play in addressing cybersecurity issues. This is our second post in this series. Our first post discussed low- and no-cost ways to protect data.

Much like their counterparts who run growing companies in virtually every industry, many accounting firm executives have their heads in the cloud. They have implemented, or are considering, cloud computing options for everything from data storage and networking to task automation and product delivery. Some firm executives see an additional opportunity: offering consulting services to help clients understand and use the cloud.

It’s clear that cloud computing provides proven advantages over on-premises options, such as savings, convenience and flexibility. However, the cloud also presents some unique challenges, including often complex deployment options, operational issues and substantial security concerns. Below you’ll find three steps to take to address cloud computing security.

Step One: Know the Risks

The first way to mitigate a security breach is to understand and prioritize the risks related to using cloud services. For accounting firms and their clients that use a cloud service provider (CSP), cloud-based solutions present the same risks as traditional information security, plus the risks associated with managing and governing a third-party service provider.

Specific threats include data breaches, information loss and account hijacking. Additional risks include internet-based threats, such as denial-of-service attacks, or malicious actions by personnel at companies or subcontractors who steal information and sell it for personal profit. Systems may be more vulnerable if they contain insecure application protocol interfaces (APIs), established with improper access configurations within multi-tenancy environments.

Step Two: Work with Your Partner

You need to collaborate with your CSP to establish cloud-related security protections.

At the very least, a CSP should have a formal information security management program. Robust cloud security systems incorporate a number of well-known tools, including internal and perimeter defense and monitoring technologies, proper encryption, malware defenses, penetration testing, network and application vulnerability assessments, multi-factor authentication and access controls and layered network- and application-specific protections.

A good security program will incorporate technologies to secure the information environment, provide data backup and redundancy and ensure a rapid response to threats and incidents. A reliable CSP should also have documented methods for vetting, training and monitoring its personnel. In addition, the governance policy should address asset ownership and location, physical security, media and software management, disaster recovery, change control and service termination issues.

Step Three: Put it in Writing

Before finalizing a contract for cloud-oriented services, make sure the agreement includes detailed descriptions of how security measures will be established, managed and reported.

A cloud-oriented service contract should clearly define the management and governance issues described above, the ownership and location of all data, breach notification clauses, incident response obligations, the sharing of the appropriate Service Organization Control (SOC®) Report (SOC 1® or SOC 2® Reports) and the rights to audit and obtain assurances relating to cloud services.

What to Do When a Breach Occurs

Cloud technology makes sense for an accounting organization and for your clients, but working with a CSP presents unique challenges. Ultimately, the responsibility falls on you and the client to really understand the business and technical risks associated with the CSP’s services. Key to this is to ask the CSP any questions you need answered based on your own risk assessments in order to ensure their concerns are addressed.

It’s not a question of whether a breach will happen, but when it will happen, so the bottom line is to be prepared. Work with your providers to fulfill the federal, state, regulatory and industry-related requirements for incident-response handling and breach notification. In addition, make sure you understand what you can do to prepare for such an unfortunate circumstance.

Resources: Need help selecting the right cloud vendor? An AICPA Information Management and Technology Assurance Section webcast scheduled for Oct. 25 explores this issue. In addition, you can access other helpful resources from the AICPA, including a suite of SOC tools and reports, information from the Cybersecurity Resources Center and the AICPA-Ridge Global webcast series.

Finally, since cybersecurity is such a critical issue, I invite you to share your feedback on the AICPA’s recently released proposed criteria that companies can use to communicate, and CPAs can use to report on an entity’s cybersecurity risk management program. These criteria provide a way for businesses to demonstrate due care and build stakeholder confidence in their cybersecurity risk management programs. Comments are due Dec. 5, 2016.

Steven J. Ursillo, Jr., CPA.CITP, CGMA, Sparrow, Johnson & Ursillo, Inc. Steve Ursillo is a principal and director of Technology & Assurance Services for his firm in West Warwick, Rhode Island. He is co-chair of the AICPA’s IMTA Cybersecurity Task Force and a member of the AICPA’s IMTA SOC Task Force.

Cloud computing security courtesy of Shutterstock.

5 Tips for Becoming a Firm of the Future

Post author By FFC
Post date October 6, 2016

5 Tips for Becoming a Firm of the Future

Here’s a familiar scenario: A firm has been in business for decades, achieving success using a tried-and-true formula of providing high-quality work and great client service. As a new generation takes over and market demands change, however, the firm’s partners begin to wonder how they can grow the practice while maintaining the winning attributes that have made the firm what it is. They worry a major change will distract their team from the important business of serving clients—and eat up too much time and money.

That’s the situation my firm faced about five years ago. As the recession was coming to an end, the firm, which has been in business roughly 70 years, had about 25 people and around $3.5 million in revenues. Our culture had long been to work hard and play hard. We’ve held on to the spirit of camaraderie and the family environment our founders built, but as we moved forward into the millennium we hadn’t developed the internal structures we would need to manage growth. However, by making some strategic decisions, over the course of five years we have grown to a firm of 35 people and $5 million in revenues.

To forge a path for the future of our firm, we followed many of the strategies that are set forth in the Private Companies Practice Section Firm inMotion e-toolkit. It’s an online resource for practitioners that can help firms navigate current trends and, using best practices developed by leading consultants and other thriving firms, chart a course for success. Based on our experiences, I offer the following advice to other firms looking toward the future:

Don’t assume this doesn’t apply to you. Even a successful and happy firm may not be working as effectively and efficiently as possible. My firm didn’t undertake our reassessment because of any problems we faced. We did it to ensure we could maintain and enhance our success into the future. Remember, too, that this is a process that can benefit firms of every size. No matter how well a sole practitioner or two-partner practice already knows their business, a strategic review can offer new insights and inspire fresh ideas that can help them work smarter and achieve more satisfying outcomes.

Figure out where you stand. After reviewing the e-toolkit’s Why Dashboards, available in each section, I recommend you begin with the Transition Continuum and Checklist. This is a simple tool that lists transitional steps a firm can take in its culture, talent and clients, explains the potential benefits of each one and points users to available tools that will help with each step. You can use it in partner retreats or in more informal brainstorming sessions to identify steps that can help you move your firm forward.

Put the tools to work. The e-toolkit includes tools related to firm structure and strategy, staff development and culture, clients and relationship building and the use of technology. At my firm, staffing was a priority for us, and we found the Staff Assessment and Career Development plan, available to PCPS members, to be an extremely valuable resource. It includes the PCPS Firm Competency Model, an indispensable guide to role analysis for any level in the firm that you can edit and modify to suit your own needs. The Mentoring Guide and related tools also offer a great blueprint for your firm’s program to nurture talent. Separate from the Firm inMotion Toolkit is the PCPS Partner Accountability and Unity Guide. It helped us understand the benefits of an accountability culture and establish greater unity in following our strategies and achieving our goals.

Set your own priorities. When we started reviewing our firm’s status, we had three promising managers we wanted to train so that they would be prepared to be the firm’s next generation leaders. As part of that effort, we assigned them the task of developing our firm’s mission, vision and values. While firms can use the e-toolkit resources as a template and starting point, you can also develop and implement projects that suit your own situation and dovetail with what you accomplish using the e-toolkit.

Don’t Reinvent the Wheel. If you’re inspired to reassess—and possibly change—your firm, don’t waste time researching and creating the steps you need when they’re all already waiting for you in the e-toolkit. Don’t let all the resources overwhelm you, either. Instead pick and choose the areas that are most important to you and get started tackling them.

Although our firm was ready for change, we believed that we wouldn’t be ready to make the most of growth without a firm foundation beneath us. In the past, there was a limit to how much we could take on, but we’re now able to accept new clients and expand our service offerings thanks to the key strategic changes mentioned above. Start getting to know the Firm inMotion e-Toolkit and see what it can do for you.

George Forsythe, CPA, Managing Partner, WellsColeman. As Managing Partner of the firm, George serves on the executive committee for the firm’s governance with a focus on continuous improvement for the firm and its leaders. With nearly 20 years of experience, he oversees the firm’s information systems and consults with clients regarding their information technology needs. In addition to technology, his passion is inspiring small business clients to achieve extraordinary results through strategic coaching and consultations. George is a member of the PCPS Executive Committee.

Future start image courtesy of Shutterstock

It’s a Great Day to Be a CPA!

Post author By FFC
Post date October 5, 2016

It’s a Great Day to Be a CPA!

As someone who grew up in the small farming town of Belmont, Wisconsin, the past year has been remarkable for me. I’ve visited more than half the states and met thousands of CPAs working in every professional accounting role you can imagine. And I’ve learned something from every one of them.

There’s nothing like talking with CPAs working with or in real businesses facing complex accounting and tax issues to understand what is important to the future of our profession. They understand we need to evolve to maintain our relevance. The confluence of complexity and rapidly evolving technology has accentuated the imperative for change.

We often discuss the four areas I spoke about at my inaugural address last October. CPAs want to modernize their services, which means adopting new technologies and being a step ahead of what the marketplace demands. They’re asking about everything from how auditors can leverage data analytics, to the latest standards from the Financial Accounting Standards Board and the impact Brexit will have on the work they do.

Something else they want to talk about, and the second area where we can shape our own future and ensure relevance, involves the speed in which we are developing new fields of expertise. These efforts are in response to the changing needs and requirements of our clients and employers. Today the world moves too fast to wait.

For example, just look at what we’re doing in the cybersecurity area. The Securities and Exchange Commission has acknowledged that our profession’s experience with integrating data, reporting and assurance puts CPAs in a unique and influential position to help organizations address their cybersecurity concerns. We are developing guidance for organizations in designing and describing their cybersecurity risk management programs, along with a new cybersecurity examination engagement for firms to perform for clients. And the AICPA is helping CPAs take leadership roles in other emerging areas, such as integrated reporting and crowdfunding.

The third area is increasing our collaboration with others. I think this opportunity is where we’ve seen the most progress during my term as chairman. CPAs are playing more strategic, interconnected and critical roles in business than ever before. Firms are expanding how they support clients by aligning with companies that provide niche or technical services, such as change management, strategic planning or engineering.

One of the most exciting events during my term was the overwhelming approval of the membership ballot on evolving the joint venture between the AICPA and The Chartered Institute of Management Accountants (CIMA). AICPA members who voted passed the measure 86.5% to 13.5%, and CIMA members who voted endorsed it 89.7% percent to 10.3%.

Launching in January 2017, the new international accounting association will provide a platform for stronger advocacy, enhanced member resources, and new ways to reach out to our memberships and the next generation of accounting professionals. The AICPA will remain the membership body for CPAs and the Institute will continue its primary commitment of promoting, protecting and growing the CPA. Together with CIMA, the new association will represent more than 600,000 accounting professionals in over 90% of the world’s countries, raising the profiles of the CPA and CGMA designations worldwide.

The final area where I believe we can shape our future relates to our most important asset – people. During the past twelve months, individual firms and the AICPA have made giant strides in the effort to create the “environment of choice” for the most trusted business advisers of the 21^st century. CPAs today demand a more dynamic personal and professional experience. That includes employing innovative ways to help businesses thrive and recognizing that CPAs can be successful working in their own way, on their own time. The modern professional can be just as productive working in shorts from the northwoods of Wisconsin or in the stands at their child’s softball game as they can in a business suit or dress in their firm’s downtown office.

When looking back on the year, I’m proud of how the profession has progressed to stay ahead of change and maintain relevance. And I haven’t even mentioned exciting initiatives to transform the way CPAs approach learning, the latest developments in our Enhancing Audit Quality initiative, or state and federal advocacy efforts to nurture a landscape conducive to business.

I’d like to thank the 418,000 members of the AICPA, and to end my term with the same words I used to begin it, because they are as true today as they have ever been. I’m sure you will agree, “It’s a great day to be a CPA!”

By Timothy L. Christen, CPA, CGMA — Chairman, AICPA Board of Directors

5 Low- or No-Cost Ways for CPAs to Help Slam the Door on Cybercriminals

Post author By FFC
Post date October 4, 2016

5 Low- or No-Cost Ways for CPAs to Help Slam the Door on Cybercriminals

October is National Cybersecurity Awareness Month, but fighting cybercrime is a year-round battle. As experienced keepers of confidential information, CPAs are uniquely positioned to support cybersecurity initiatives for their firms, clients, or employers. But cybersecurity is costly, and budgets are always limited, especially in the public and not-for-profit sectors. Consider these five simple steps CPAs can take to help protect data without breaking the bank.

Know email scams and warn others. People are increasingly the weak link in organizations’ cyber armor. You know not to give your checking account info to an unknown foreign government dignitary. But what if you get an email from your CEO instructing you to wire funds for a deal that you know is about to close? This scenario was all too real last year for a finance employee who was tricked into wiring $730,000 to a bank in China, according to an FBI report. Since the FBI started tracking business e-mail scams in late 2013, it has compiled statistics on more than 7,000 U.S. companies that were targeted. Total losses exceeded $740 million.

Maintain a strong connection with IT. CPAs and IT professionals have a common interest in protecting sensitive and confidential data. What we can learn from each other will likely surprise you. Of course CPAs can help IT design cybersecurity controls and develop reports—or—provide assurance on them. But beyond that, there are many low- and no-cost ways you can help prioritize which information and systems are most sensitive and balance cybersecurity against operational needs. Stay connected with your IT staff and encourage informal dialogue with them by holding regular discussions. Bring in lunch (or dinner) and make sure everyone is on the same page. Clear priorities help IT work more efficiently and save money in the long run.

Stay on top of free updates/upgrades. According to Amy Zegert, co-director and senior fellow for the Stanford Center for International Security and Cooperation, research shows there is on average one defect for every 2,500 lines of programming code—just regular human mistakes. Cyber criminals exploit these mistakes to break into systems. Software updates to correct these vulnerabilities are often overlooked by busy users. Most of the time, updates are free, so use them—on computers, smart phones and any other devices used for business purposes.

Adopt a stronger password policy. If your password can be found in a dictionary, it is not secure. If it’s the name of a child, pet, spouse, or car, it’s probably not secure either—unless you take some special precautions such as substituting numbers or special characters for letters. Despite the inconvenience, implementing and enforcing a good password policy is a free and simple way to protect data. Good policies should include guidelines for how often to change passwords, where to store passwords, and instructions for creating them.

Develop a plan—and practice it. Yes, this advice appears in every business article about cybersecurity, but its importance cannot be overstated. CPAs can help by developing and activating the business continuity plan—in this case “cyber incident response plan.” Small businesses can accomplish this using a local CPA firm. Small CPA firms can develop a reciprocal agreement with another CPA firm. You should already have answers to questions like: Who is the cybersecurity point person? and Who outside this office needs to be notified of the breach? Conducting practice exercises will help key people understand their role and help you work out any kinks. Update the plan as new threats arise. When it comes to cybercrime, you can never be over prepared.

Learn more about the role CPAs can play in the cybersecurity landscape and access news and information at the AICPA’s Cybersecurity Resource Center. In addition, you can find targeted resources for CPAs providing cybersecurity advisory services through the AICPA’s Information Management and Technology Assurance Section, including this free podcast on social engineering, a type of cybercrime.

The AICPA welcomes your feedback on proposed criteria that companies can use to communicate, and CPAs can use to report on, an entity’s cybersecurity risk management program. These criteria provide a way for businesses to demonstrate due care and build stakeholder confidence in their cybersecurity risk management programs. Comments are due Dec. 5, 2016.

Susan Pierce, CPA, CITP, CGMA, Associate Director-Info Management & Technology Assurance, American Institute of CPAs.

Cybercrime courtesy of Shutterstock.

3 Steps to a Secure Financial Future for Your Divorcing Clients

Post author By FFC
Post date September 29, 2016

3 Steps to a Secure Financial Future for Your Divorcing Clients

Anyone who has ever been through, or witnessed, a divorce knows that the pain of separating isn’t just emotional—it’s also financial. CPA financial planners may often feel at a loss as to what advice or guidance to offer distraught clients.

Let’s say your client Kate, age 50, calls in tears to tell you that her husband of 25 years, a high-level executive, wants a divorce.

“He wants to avoid using attorneys,” she says. “He made me an offer yesterday: He keeps all his retirement savings and I keep mine. I get the ski lodge; he gets the apartment in the city. We split cash and investments. I really don’t want to make him angry, but my own retirement will be so small. Is his offer enough?”

We all want what’s best for our clients and answering this complicated question will take some research. However, the most important factor is to avoid any conflict of interest. If you were advising the couple before the split, you may need a disclosure, a waiver or even a new engagement letter.

Divorce is like a three-legged stool comprised of legal, emotional and financial issues. It’s no wonder that CPAs often cringe at the thought of unraveling this messy bundle. The best way to approach it is one step at a time.

Step 1: Address Legal Issues

Kate’s husband does not want to use an attorney, and she’s afraid of making him angry. In my experience, pro se divorces, or representing himself or herself in court without the help of a lawyer, are a fine choice for individuals who do not own property or do not have large retirement accounts to worry about. Kate’s estate is complex, and she would be taking a significant risk by failing to investigate the legal aspects of the divorce. The ultimate decision is hers, but my recommendation would be to share with her the pros and cons of retaining an attorney.

Step 2: Address Emotional Issues

Divorce is one of the most stressful events an individual can experience over a lifetime. If your client is struggling, consider connecting him or her with counseling resources that can help.

Step 3: Address Financial Issues

This is where your technical background can truly shine and make a difference for your client’s outcome. Depending on the complexity of the case and the willingness of the sides to collaborate, you may be able to accomplish a lot of this on your own. In situations in which one of the parties won’t share the information or is being deceitful, you may have to work with a forensic specialist or a private investigator. Either way, plan to address these areas:

Identify all assets. This includes cash and investment accounts, real property and retirement accounts.

Map out living expenses. Begin with a one- to three-year history, then project the numbers into the future. Consider whether your client would be moving his or her residence, buying a new car or funding education expenses to prepare for a new career. Divorce often results in a change to healthcare coverage, so investigate any possible increases in premiums. The size of the emergency fund must be reassessed, as well.

Map out property division scenarios. Create a projection of each scenario over the lifetime of your client. Consider inflation and healthcare premium increases, as well as the tax consequences of the property division.

Ultimately, the specific decisions of asset division are up to the client. However, CPAs can do a great deal to inform and guide clients so all decisions are grounded in facts and thoughtful analysis, not fear and emotional confusion.

Tracy B. Stewart, CPA/PFS, CFF. Tracy has advised divorcing couples and their attorneys on the financial aspects of divorce for more than 15 years. Tracy has been a member of the AICPA National Financial Literacy Commission and currently serves as a member of the PFP Executive Committee; a trustee for the Collaborative Law Institute of Texas, Inc.; and contributes articles, as well as frequent presentations, on collaborative divorce. Contact her at stewart@texasdivorcecpa.com.

Divorce courtesy of Shutterstock.

How Not-for-Profits Can Share Risks and Reap Benefits through Collaboration

Post author By FFC
Post date September 28, 2016

How Not-for-Profits Can Share Risks and Reap Benefits through Collaboration

“We are all here on earth to help others; what on earth the others are here for I don’t know.” – W. H. Auden

I’ve spent most of my career in business development and have worked with organizations of all shapes and sizes, both for-profit and not-for-profit. From this vantage point, I’ve observed that leaders of social- impact organizations tend to be risk averse. This is because they feel pressure to maximize their time and resources on achieving the immediate needs of program service delivery. Often this pressure is increased when funders restrict resources to specific short-term projects.

In business, as in philanthropy, it takes long-term planning, time and resources to identify prospective partners and find mutual goals. There is an element of risk involved in sharing information and undertaking new business strategies together. One way that I like to describe strategic partnerships is by comparing them to a seesaw. Participating organizations strive to balance the four R’s: Reach, Resources, Revenue and Risk.

Like a seesaw, organizations that collaborate can keep moving forward if they remain focused on their collective push, that is, their mutual mission. They balance the potential to increase their Reach, Resources, and Revenue against the greater weight of Risk.

There is no one size fits all approach to collaboration. Partnership arrangements can be formal or informal, long-term or project-specific. Some examples include: negotiating purchasing deals with other businesses, undertaking a benchmarking study with peers, forming a coalition to address a community need, coordinating program service delivery, or forming a joint venture.

Organizations addressing similar social problems or serving similar constituents stand to benefit the most from collaboration. For example, Harlem’s Children Zone is hailed in the philanthropy community as a trailblazer in the collective impact movement. By working with community partners such as tenant associations, social service agencies and health care providers, the organization provides a comprehensive, birth-to-college continuum of services to help poor youth succeed. They also host workshops with community representatives, policymakers, and funding agencies. This model has been replicated in other cities across the nation and has helped inspire a nationwide initiative, Promise Neighborhoods.

Identifying prospective partners and building and cultivating relationships that can lead to meaningful partnerships takes time and energy—and yes, an element of risk. However, keep in mind that inaction can be just as risky, if not riskier than taking manageable strategic risks. The latter offers potential growth opportunities while the former just ensures that the organization will remain stagnant. It would be irresponsible to stay still while those around you are moving forward.

If you want to learn more on this topic, I recommend AICPA’s online e-learning track, “Governance and Strategy for Not-for-Profits.” You can purchase this track individually or as part of the Not-for-Profit Certificate Program. To learn more, go here.

Bret Johnson, Director of Channel Management and Development, American Institute of CPAs.

Collaboration image courtesy of Shutterstock

Source: AICPA

News

5 Ways to Make the Most of Mentoring

Post author By FFC
Post date September 27, 2016

5 Ways to Make the Most of Mentoring

A successful mentoring relationship, like all relationships in life, is about give and take. But in order to be successful, both mentor and mentee need to give genuine input. It isn’t as simple as the mentor giving and the mentee taking. Considering the value of mentoring, what can mentees do to guarantee they’re getting the greatest advantage from the relationship?

Be sure to opt in. Everyone’s schedule is busy, and mentoring may seem like something that’s easy to delete from a crowded calendar. It’s a mistake to underestimate the importance of support, however. Among other things, a mentor can help you assess your priorities, which can ensure your time is spent wisely and more productively.

Your mentor should not be your direct boss. Your supervisor may be a source of great advice, but it’s best to find a more objective mentor. Your supervisor has his or her own interests in mind in addition to yours, yet they may be too close to recognize every growth opportunity for you.

Find a mentor at each stage of your career. Your goals and needs change as you move up the ladder and expand your experience and professional horizons. Locate a mentor who will provide feedback that meets your changing circumstances at each stage of your career and in each new organization.

Learn to listen, listen to learn. Your mentor will want to hear about your situation, but be sure to hone your listening skills so that you can recognize and use all the insights and ideas he or she has to share.

Don’t be afraid to ask questions. People face uncertainties about their professional lives at every stage of their career, so take advantage of your mentor’s interest in your questions. You won’t gain as much if you don’t speak up and find the answers and solutions you need. Being inquisitive also shows you are interested and eager to learn more.

How do you find a mentor? The answer to that question got a lot simpler with the recent introduction of the AICPA Online Mentoring Program. This pilot program, which is free to AICPA members, is a simple-to-use tool that makes it easier for mentors and mentees to find each other and build relationships. The initial questionnaire to match mentees and mentors takes less than five minutes to complete. The ultimate goal is to develop well-connected and highly-functioning professionals to advance our profession. Find out what mentoring, and this valuable new resource, can do for you. First time users should use passcode aicpa2016 when signing up.

Yasmine ElRamly, Senior Technical Manager- Firm Services & Global Alliances, American Institute of CPAs.

Mentor and mentee image courtesy of Shutterstock

Introducing a New Framework for Reporting on Cybersecurity Risk Management

Post author By FFC
Post date September 26, 2016

Introducing a New Framework for Reporting on Cybersecurity Risk Management

The list of companies is growing. Businesses, organizations and governmental entities have suffered damaging publicity—and faced lawsuits—due to data breaches, forcing them to make cybersecurity a priority. It’s not surprising to hear, then, that 95% of CGMA designation holders said their companies were concerned about cyberattacks, according to an AICPA survey. Organizations and their stakeholders are not only seeking ways to address current and potential threats but also to gain assurance and communicate about the efficacy of their own efforts to identify and manage the potential effects of cybersecurity risks.

Stepping up to help our fellow CPAs meet businesses’ and clients’ needs, the AICPA is proposing a way for businesses to demonstrate due care and build stakeholder confidence in their cybersecurity risk management efforts. The Cybersecurity Working Group of the AICPA’s Assurance Services Executive Committee (ASEC), in collaboration with the AICPA’s Auditing Standards Board, is developing criteria and guidance that companies can use to communicate, and we can use to report on entity cybersecurity risk management efforts.

The assurance guidance, set to be released in Q1 2017, enables us to leverage CPA core competencies in information security and control assessment to undertake entity-wide cybersecurity examination engagements as trusted, independent assessors. Two sets of criteria, released this week for public comment, are intended to serve as a common language for companies to use in describing their cybersecurity risk management process, and to provide CPAs with a framework for reporting thereon.

Here are some key details that you should know about this initiative:

What does the cybersecurity examination engagement entail?

In an entity-wide cybersecurity examination engagement, CPAs report on whether the description of the entity’s cybersecurity risk management program is presented in accordance with the description criteria, and whether the controls within that program are effective to achieve the entity’s cybersecurity objectives based on the control criteria. To help stakeholders better understand and provide input on these criteria, the working group has issued two exposure drafts for public comment:

Cybersecurity risk management program description criteria—description criteria—(for management to use in preparing a description of their cybersecurity risk management program, and CPAs to reference in evaluating the description)

Revised Trust Services criteria—control criteria—(for evaluating the suitability of design and operating effectiveness of controls in reporting on an entity’s cybersecurity risk management program, or other engagements such as Service Organization Controls (SOC 2®))

The working group has aligned the criteria with the 2013 COSO Internal Control—Integrated Framework Points of Focus, allowing management and CPAs to take a strategic, objectives-based approach in their communications and reporting. Plus, to ease adoption, the description criteria and control criteria have been mapped to existing frameworks and standards that are commonly used to manage risk and cybersecurity risk, including the NIST Critical Infrastructure Cybersecurity Framework, and the ISO/IEC 27001 standard on Information Security Management. It is the prerogative of management to select the criteria that are appropriate to be used for their business, and which will in turn be used in the examination engagement.

Why do we need cybersecurity criteria?

The new criteria allow organizations to communicate useful information about their cybersecurity risk management programs to stakeholders. This fills an important market need, since there is currently no widely accepted, holistic approach to communicating this information. Furthermore, the criteria and the assurance guidance that are being developed enable CPAs to provide consistent, meaningful, third-party assessments of a company’s cybersecurity risk management program. In the same way that CPAs, organizations and stakeholders reference U.S. GAAP in preparing financial statements, they will be able to turn to the new description criteria for a common and comprehensive way of communicating how organizations manage cybersecurity risk.

How does the examination engagement benefit organizations?

With cybersecurity risks on the rise, organizations and their boards of directors are increasingly expected to share information regarding their cybersecurity risk efforts with stakeholders. The framework and subsequent report provide organizations and their boards with the following advantages:

Organizations will be better able to understand the elements necessary for effective cybersecurity risk management.

A consistent, standardized approach will help organizations and their stakeholders to have greater confidence in the completeness and reliability of information about a company’s cybersecurity risk management.

This reporting model can help to alleviate organizations’ existing compliance requirements by reducing the number of information requests from stakeholders and the amount of information sought if such requests are made.

How does the examination engagement benefit other stakeholders?

The examination engagement offers directors, management, customers, business partners, regulators and the market:

Independent assurance reports from a reliable, objective source based on a consistent, accepted reporting framework.

A deeper understanding of the complexity and effort required to establish effective and agile cybersecurity risk management programs.

Why a CPA?

CPAs are in a unique position to offer this service, since we have a strong reputation for objectivity, competence and integrity, and because the market has an established confidence in high quality CPA assurance services. Many CPAs and firms have decades of experience in providing valuable information security services. At the same time, all CPAs also must follow rigorous professional requirements and standards for attest and advisory services, and must have appropriate subject matter expertise for specialized engagements. Providing attestation on an entity’s cybersecurity efforts is a natural extension of our core competencies. Given the complexities of these new engagements, they should be performed by CPAs already working in the information security space, or auditors working alongside experienced information security professionals.

I encourage you to learn more about cybersecurity. Review the two exposure drafts currently out for comment and give us your feedback. Register to attend the AICPA-Ridge Global series webcasts, which outline cybersecurity fundamentals for practitioners, CFOs, controllers and management accountants. And visit the AICPA’s Cybersecurity Resource Center for additional information and educational opportunities.

Susan S. Coffey, CPA, CGMA, Executive Vice President- Public Practice, American Institute of CPAs.

Cybersecurity courtesy of Shutterstock.