Explores the top operational concerns for CPA firms as it pertains to performing work in a remote environment.
by Irene M. Walton May 26, 2021, 09:20 AM
Insightful lessons can be learned by reviewing professional liability issues. With this in mind, Gallagher Affinity provides this column for your review. For more information about liability issues, contact Irene Walton at email@example.com.
When managing a virtual workforce, building a remote-work policy is crucial. This document must spell out the objectives of virtual work teams and define which employees are eligible and the conditions under which they should work. After that, according to Gallagher risk experts, managers need to address operational concerns:
Building a policy and addressing the above concerns will lay the foundation for effective remote work. However, you also must address the risks of working from home. Two big risks are cyberliability and data breaches as well as remotely performing high-quality audits.
In the initial months of the pandemic, there was a rush to move employees offsite with, perhaps, a loosening of strict cybersecurity standards. The result was easy to predict: there was a 300% increase1 in accounting-firm cyberattacks, according to Black Talon Security LLC. CPA firms have learned a hard lesson: hackers can penetrate their systems, lock them out, and steal their data despite firewalls and antivirus software being in place.
“Firewalls and antivirus software are no longer enough to protect your network,” says Gary Salman, CEO of Black Talon. “You need additional steps, such as vulnerability scans, penetration testing, and cybersecurity awareness (staff) training to prevent ... disastrous attacks from occurring.”
The good news is that many firms’ tech-security teams have beefed up protocols and focused on helping remote staff adhere to best practices. The goal is to address the risks of unsecure networks, phishing attacks, computer sharing (and personal use), and mobile devices containing work product. Here are some guideposts to help ensure optimal remote security:
Normally, CPAs have close contact with client staff to facilitate the information sharing needed for an audit. With CPAs now largely working remotely, the already challenging task of preparing financial statements has become even harder.
Part of the problem is the emergence of “black swan” issues that may have reshaped a client’s business during the pandemic. These include loss of revenue, supply chain disruption, and weakened internal controls. With so many fundamental changes, auditors must think critically about the quality of client-supplied data. Plus, if clients had to use different analytical methods during the pandemic, start questioning the ability to make “apples-to-apples” historical comparisons.
When the people who handle financial transactions and reporting at the client can’t work in their offices – and must do work-arounds – auditors must secure additional evidence that controls are working to prevent material misstatements in the financial statements.
Furthermore, certain accounting issues suddenly became much more relevant during this period:
Auditors must assess whether their clients have the capacity to continue as a going concern under GAAP and whether or not financial statement adjustments (or further disclosures) will be needed due to the pandemic.
CPAs must continue to be uncompromising regarding remote audit standards. “We can’t just cave on our commitment to quality, adherence to our standards, and our level of service to our clients,” says Jodi Malis, CPA, CGMA, of Hancock Askew & Co. LLP in Atlanta. Speaking to the Journal of Accountancy,2 she said, “We can’t make excuses. We need to think through how we are executing our remote audits... what’s a different way we can perform our procedures while offering a personal touch.”
Not only will CPA firms have to work harder at complying with audit documentation standards, Malis notes, but they must also carefully manage audit team virtual interactions and those with clients.
As with every other way they’ve responded to the pandemic, CPA firms understand the benefits of flexibility, creativity, and a sustained focus on audit quality. No one knows exactly what happens next, but the lessons learned will be powerful assets going forward.
1 Gary Salman, “The Rise of Cybercrime in the Accounting Profession Continues,” Accounting Today. https://www.accountingtoday.com/opinion/the-rise-of-cybercrime-in-the-accounting-profession-continues
2 Ken Tysiac, “Remote Auditing Comes to Forefront during Pandemic,” Journal of Accountancy. https://www.journalofaccountancy.com/news/2020/mar/remote-auditing-during-coronavirus-pandemic.html
Irene M. Walton is vice president for the Greater Philadelphia area at Gallagher Affinity. She can be reached at firstname.lastname@example.org.