Accounting & Auditing

By Allison M. Henry, CPA, CGMA, vice president – professional and technical standards

In August 2017, the AICPA Professional Ethics Executive Committee (PEEC) finalized a new Hosting Services Interpretation. It concludes that when members provide hosting services, they are maintaining internal control over a client’s data or records, which presents a threat to independence. Therefore, compliance with this new interpretation is critical to maintaining independence.

Generally, PEEC defines hosting services as nonattest services in which a member accepts responsibility for acting as the sole host of a client’s information system, taking custody or storing client data or records, or providing electronic security or back-up services to the client. Most practitioners will not have issues complying with the prohibition against providing electronic security or back-up services. But what does it mean to be the sole host of a client’s information system? Does that include bookkeeping software? And what does storing client data or records entail?

There are several practical issues that practitioners may face as a result of the new interpretation.

1. Firms assisting with bookkeeping services using general ledger software will need to either run separate instances of the software and provide updated files to the client, or have the client provide the firm with access to a cloud-based solution.
2. Firms that use portals to facilitate the secure exchange of electronic files will need to ensure that the attest client’s access to the data or records in the portal is terminated within a reasonable period of time after the engagement is concluded.
3. Firms that use a client’s original data or records to assist with nonattest services will need to return such records upon completion of the engagement, or at least annually for a multiyear engagement. Practitioners may retain copies of client records in support of their services.
4. The new interpretation emphasizes that members cannot keep client data or records on the client’s behalf.
5. It is important to keep in mind that practitioners should provide member-prepared supporting schedules and computations (e.g., for depreciation and amortization) to the client so that the client’s books and records are complete. ET 1.400.200 provides detailed guidance explaining the different types of records (i.e., client-provided records, member-prepared records, member’s work products, and working papers), and explains the various situations in which these records should be returned to or may be withheld from the client. ET 1.400.200.04, for example, indicates that certain member-prepared schedules may be withheld if fees are due to the member for that specific work product, unless a member and the client have agreed to the contrary. As a side note, since failure to follow the guidance in ET 1.400.200 by not turning over a former client’s supporting documents is a frequent source of ethics complaints, it may be beneficial to become familiar with this guidance.

This new hosting interpretation is effective beginning Sept. 1, 2018. You have some time to ensure that your firm’s current practices comply with the new requirements. While you are planning for upcoming engagements, it may be helpful to look through your files to determine whether your firm is the sole source for certain client information. If so, take the opportunity to clean out the files and transfer those records back to the client. See the Sept. 27, 2017 AICPA Journal of Accountancy column, “How Data-Hosting Services Affect Independence,” by Catherine R. Allen, CPA, for more information about the new interpretation. The article includes examples of scenarios that may create hosting services and impair independence.

As this interpretation will likely change some firms’ current practices, feel free to reach out to me with any implementation questions. I can be reached at ahenry@picpa.org or (215) 972-6187.

Hear more from Allison Henry when she discusses professional ethics and audit quality at the PICPA Government Accounting Conference on July 9-10, 2018.

Ethics

By Allison M. Henry, CPA, CGMA, vice president – professional and technical standards

In August 2017, the AICPA Professional Ethics Executive Committee (PEEC) finalized a new Hosting Services Interpretation. It concludes that when members provide hosting services, they are maintaining internal control over a client’s data or records, which presents a threat to independence. Therefore, compliance with this new interpretation is critical to maintaining independence.

Generally, PEEC defines hosting services as nonattest services in which a member accepts responsibility for acting as the sole host of a client’s information system, taking custody or storing client data or records, or providing electronic security or back-up services to the client. Most practitioners will not have issues complying with the prohibition against providing electronic security or back-up services. But what does it mean to be the sole host of a client’s information system? Does that include bookkeeping software? And what does storing client data or records entail?

There are several practical issues that practitioners may face as a result of the new interpretation.

1. Firms assisting with bookkeeping services using general ledger software will need to either run separate instances of the software and provide updated files to the client, or have the client provide the firm with access to a cloud-based solution.
2. Firms that use portals to facilitate the secure exchange of electronic files will need to ensure that the attest client’s access to the data or records in the portal is terminated within a reasonable period of time after the engagement is concluded.
3. Firms that use a client’s original data or records to assist with nonattest services will need to return such records upon completion of the engagement, or at least annually for a multiyear engagement. Practitioners may retain copies of client records in support of their services.
4. The new interpretation emphasizes that members cannot keep client data or records on the client’s behalf.
5. It is important to keep in mind that practitioners should provide member-prepared supporting schedules and computations (e.g., for depreciation and amortization) to the client so that the client’s books and records are complete. ET 1.400.200 provides detailed guidance explaining the different types of records (i.e., client-provided records, member-prepared records, member’s work products, and working papers), and explains the various situations in which these records should be returned to or may be withheld from the client. ET 1.400.200.04, for example, indicates that certain member-prepared schedules may be withheld if fees are due to the member for that specific work product, unless a member and the client have agreed to the contrary. As a side note, since failure to follow the guidance in ET 1.400.200 by not turning over a former client’s supporting documents is a frequent source of ethics complaints, it may be beneficial to become familiar with this guidance.

This new hosting interpretation is effective beginning Sept. 1, 2018. You have some time to ensure that your firm’s current practices comply with the new requirements. While you are planning for upcoming engagements, it may be helpful to look through your files to determine whether your firm is the sole source for certain client information. If so, take the opportunity to clean out the files and transfer those records back to the client. See the Sept. 27, 2017 AICPA Journal of Accountancy column, “How Data-Hosting Services Affect Independence,” by Catherine R. Allen, CPA, for more information about the new interpretation. The article includes examples of scenarios that may create hosting services and impair independence.

As this interpretation will likely change some firms’ current practices, feel free to reach out to me with any implementation questions. I can be reached at ahenry@picpa.org or (215) 972-6187.

Hear more from Allison Henry when she discusses professional ethics and audit quality at the PICPA Government Accounting Conference on July 9-10, 2018.

Leadership

By Allison M. Henry, CPA, CGMA, vice president – professional and technical standards

In August 2017, the AICPA Professional Ethics Executive Committee (PEEC) finalized a new Hosting Services Interpretation. It concludes that when members provide hosting services, they are maintaining internal control over a client’s data or records, which presents a threat to independence. Therefore, compliance with this new interpretation is critical to maintaining independence.

Generally, PEEC defines hosting services as nonattest services in which a member accepts responsibility for acting as the sole host of a client’s information system, taking custody or storing client data or records, or providing electronic security or back-up services to the client. Most practitioners will not have issues complying with the prohibition against providing electronic security or back-up services. But what does it mean to be the sole host of a client’s information system? Does that include bookkeeping software? And what does storing client data or records entail?

There are several practical issues that practitioners may face as a result of the new interpretation.

1. Firms assisting with bookkeeping services using general ledger software will need to either run separate instances of the software and provide updated files to the client, or have the client provide the firm with access to a cloud-based solution.
2. Firms that use portals to facilitate the secure exchange of electronic files will need to ensure that the attest client’s access to the data or records in the portal is terminated within a reasonable period of time after the engagement is concluded.
3. Firms that use a client’s original data or records to assist with nonattest services will need to return such records upon completion of the engagement, or at least annually for a multiyear engagement. Practitioners may retain copies of client records in support of their services.
4. The new interpretation emphasizes that members cannot keep client data or records on the client’s behalf.
5. It is important to keep in mind that practitioners should provide member-prepared supporting schedules and computations (e.g., for depreciation and amortization) to the client so that the client’s books and records are complete. ET 1.400.200 provides detailed guidance explaining the different types of records (i.e., client-provided records, member-prepared records, member’s work products, and working papers), and explains the various situations in which these records should be returned to or may be withheld from the client. ET 1.400.200.04, for example, indicates that certain member-prepared schedules may be withheld if fees are due to the member for that specific work product, unless a member and the client have agreed to the contrary. As a side note, since failure to follow the guidance in ET 1.400.200 by not turning over a former client’s supporting documents is a frequent source of ethics complaints, it may be beneficial to become familiar with this guidance.

This new hosting interpretation is effective beginning Sept. 1, 2018. You have some time to ensure that your firm’s current practices comply with the new requirements. While you are planning for upcoming engagements, it may be helpful to look through your files to determine whether your firm is the sole source for certain client information. If so, take the opportunity to clean out the files and transfer those records back to the client. See the Sept. 27, 2017 AICPA Journal of Accountancy column, “How Data-Hosting Services Affect Independence,” by Catherine R. Allen, CPA, for more information about the new interpretation. The article includes examples of scenarios that may create hosting services and impair independence.

As this interpretation will likely change some firms’ current practices, feel free to reach out to me with any implementation questions. I can be reached at ahenry@picpa.org or (215) 972-6187.

Hear more from Allison Henry when she discusses professional ethics and audit quality at the PICPA Government Accounting Conference on July 9-10, 2018.

Practice Management

By Allison M. Henry, CPA, CGMA, vice president – professional and technical standards

In August 2017, the AICPA Professional Ethics Executive Committee (PEEC) finalized a new Hosting Services Interpretation. It concludes that when members provide hosting services, they are maintaining internal control over a client’s data or records, which presents a threat to independence. Therefore, compliance with this new interpretation is critical to maintaining independence.

Generally, PEEC defines hosting services as nonattest services in which a member accepts responsibility for acting as the sole host of a client’s information system, taking custody or storing client data or records, or providing electronic security or back-up services to the client. Most practitioners will not have issues complying with the prohibition against providing electronic security or back-up services. But what does it mean to be the sole host of a client’s information system? Does that include bookkeeping software? And what does storing client data or records entail?

There are several practical issues that practitioners may face as a result of the new interpretation.

1. Firms assisting with bookkeeping services using general ledger software will need to either run separate instances of the software and provide updated files to the client, or have the client provide the firm with access to a cloud-based solution.
2. Firms that use portals to facilitate the secure exchange of electronic files will need to ensure that the attest client’s access to the data or records in the portal is terminated within a reasonable period of time after the engagement is concluded.
3. Firms that use a client’s original data or records to assist with nonattest services will need to return such records upon completion of the engagement, or at least annually for a multiyear engagement. Practitioners may retain copies of client records in support of their services.
4. The new interpretation emphasizes that members cannot keep client data or records on the client’s behalf.
5. It is important to keep in mind that practitioners should provide member-prepared supporting schedules and computations (e.g., for depreciation and amortization) to the client so that the client’s books and records are complete. ET 1.400.200 provides detailed guidance explaining the different types of records (i.e., client-provided records, member-prepared records, member’s work products, and working papers), and explains the various situations in which these records should be returned to or may be withheld from the client. ET 1.400.200.04, for example, indicates that certain member-prepared schedules may be withheld if fees are due to the member for that specific work product, unless a member and the client have agreed to the contrary. As a side note, since failure to follow the guidance in ET 1.400.200 by not turning over a former client’s supporting documents is a frequent source of ethics complaints, it may be beneficial to become familiar with this guidance.

This new hosting interpretation is effective beginning Sept. 1, 2018. You have some time to ensure that your firm’s current practices comply with the new requirements. While you are planning for upcoming engagements, it may be helpful to look through your files to determine whether your firm is the sole source for certain client information. If so, take the opportunity to clean out the files and transfer those records back to the client. See the Sept. 27, 2017 AICPA Journal of Accountancy column, “How Data-Hosting Services Affect Independence,” by Catherine R. Allen, CPA, for more information about the new interpretation. The article includes examples of scenarios that may create hosting services and impair independence.

As this interpretation will likely change some firms’ current practices, feel free to reach out to me with any implementation questions. I can be reached at ahenry@picpa.org or (215) 972-6187.

Hear more from Allison Henry when she discusses professional ethics and audit quality at the PICPA Government Accounting Conference on July 9-10, 2018.

Technology

By Allison M. Henry, CPA, CGMA, vice president – professional and technical standards

In August 2017, the AICPA Professional Ethics Executive Committee (PEEC) finalized a new Hosting Services Interpretation. It concludes that when members provide hosting services, they are maintaining internal control over a client’s data or records, which presents a threat to independence. Therefore, compliance with this new interpretation is critical to maintaining independence.

Generally, PEEC defines hosting services as nonattest services in which a member accepts responsibility for acting as the sole host of a client’s information system, taking custody or storing client data or records, or providing electronic security or back-up services to the client. Most practitioners will not have issues complying with the prohibition against providing electronic security or back-up services. But what does it mean to be the sole host of a client’s information system? Does that include bookkeeping software? And what does storing client data or records entail?

There are several practical issues that practitioners may face as a result of the new interpretation.

1. Firms assisting with bookkeeping services using general ledger software will need to either run separate instances of the software and provide updated files to the client, or have the client provide the firm with access to a cloud-based solution.
2. Firms that use portals to facilitate the secure exchange of electronic files will need to ensure that the attest client’s access to the data or records in the portal is terminated within a reasonable period of time after the engagement is concluded.
3. Firms that use a client’s original data or records to assist with nonattest services will need to return such records upon completion of the engagement, or at least annually for a multiyear engagement. Practitioners may retain copies of client records in support of their services.
4. The new interpretation emphasizes that members cannot keep client data or records on the client’s behalf.
5. It is important to keep in mind that practitioners should provide member-prepared supporting schedules and computations (e.g., for depreciation and amortization) to the client so that the client’s books and records are complete. ET 1.400.200 provides detailed guidance explaining the different types of records (i.e., client-provided records, member-prepared records, member’s work products, and working papers), and explains the various situations in which these records should be returned to or may be withheld from the client. ET 1.400.200.04, for example, indicates that certain member-prepared schedules may be withheld if fees are due to the member for that specific work product, unless a member and the client have agreed to the contrary. As a side note, since failure to follow the guidance in ET 1.400.200 by not turning over a former client’s supporting documents is a frequent source of ethics complaints, it may be beneficial to become familiar with this guidance.

This new hosting interpretation is effective beginning Sept. 1, 2018. You have some time to ensure that your firm’s current practices comply with the new requirements. While you are planning for upcoming engagements, it may be helpful to look through your files to determine whether your firm is the sole source for certain client information. If so, take the opportunity to clean out the files and transfer those records back to the client. See the Sept. 27, 2017 AICPA Journal of Accountancy column, “How Data-Hosting Services Affect Independence,” by Catherine R. Allen, CPA, for more information about the new interpretation. The article includes examples of scenarios that may create hosting services and impair independence.

As this interpretation will likely change some firms’ current practices, feel free to reach out to me with any implementation questions. I can be reached at ahenry@picpa.org or (215) 972-6187.

Hear more from Allison Henry when she discusses professional ethics and audit quality at the PICPA Government Accounting Conference on July 9-10, 2018.

Tax

By Allison M. Henry, CPA, CGMA, vice president – professional and technical standards

In August 2017, the AICPA Professional Ethics Executive Committee (PEEC) finalized a new Hosting Services Interpretation. It concludes that when members provide hosting services, they are maintaining internal control over a client’s data or records, which presents a threat to independence. Therefore, compliance with this new interpretation is critical to maintaining independence.

Generally, PEEC defines hosting services as nonattest services in which a member accepts responsibility for acting as the sole host of a client’s information system, taking custody or storing client data or records, or providing electronic security or back-up services to the client. Most practitioners will not have issues complying with the prohibition against providing electronic security or back-up services. But what does it mean to be the sole host of a client’s information system? Does that include bookkeeping software? And what does storing client data or records entail?

There are several practical issues that practitioners may face as a result of the new interpretation.

1. Firms assisting with bookkeeping services using general ledger software will need to either run separate instances of the software and provide updated files to the client, or have the client provide the firm with access to a cloud-based solution.
2. Firms that use portals to facilitate the secure exchange of electronic files will need to ensure that the attest client’s access to the data or records in the portal is terminated within a reasonable period of time after the engagement is concluded.
3. Firms that use a client’s original data or records to assist with nonattest services will need to return such records upon completion of the engagement, or at least annually for a multiyear engagement. Practitioners may retain copies of client records in support of their services.
4. The new interpretation emphasizes that members cannot keep client data or records on the client’s behalf.
5. It is important to keep in mind that practitioners should provide member-prepared supporting schedules and computations (e.g., for depreciation and amortization) to the client so that the client’s books and records are complete. ET 1.400.200 provides detailed guidance explaining the different types of records (i.e., client-provided records, member-prepared records, member’s work products, and working papers), and explains the various situations in which these records should be returned to or may be withheld from the client. ET 1.400.200.04, for example, indicates that certain member-prepared schedules may be withheld if fees are due to the member for that specific work product, unless a member and the client have agreed to the contrary. As a side note, since failure to follow the guidance in ET 1.400.200 by not turning over a former client’s supporting documents is a frequent source of ethics complaints, it may be beneficial to become familiar with this guidance.

This new hosting interpretation is effective beginning Sept. 1, 2018. You have some time to ensure that your firm’s current practices comply with the new requirements. While you are planning for upcoming engagements, it may be helpful to look through your files to determine whether your firm is the sole source for certain client information. If so, take the opportunity to clean out the files and transfer those records back to the client. See the Sept. 27, 2017 AICPA Journal of Accountancy column, “How Data-Hosting Services Affect Independence,” by Catherine R. Allen, CPA, for more information about the new interpretation. The article includes examples of scenarios that may create hosting services and impair independence.

As this interpretation will likely change some firms’ current practices, feel free to reach out to me with any implementation questions. I can be reached at ahenry@picpa.org or (215) 972-6187.

Hear more from Allison Henry when she discusses professional ethics and audit quality at the PICPA Government Accounting Conference on July 9-10, 2018.