AICPA Launches Program to Spur Innovation

The AICPA and CPA.com are jointly sponsoring an initiative to accelerate the growth of early-stage companies that could have significant impact on the accounting profession. The goal is to promote innovation and give the profession early insight into disruptive technologies and services in finance and business.

The Association of International Certified Professional Accountants and CPA.com Startup Accelerator will look to support up to five early-stage companies over the next year.

It will focus on startups in two key areas: 1) Technology and Financial Information, which could include advances in artificial intelligence, automation of routine tasks and the application of blockchain/digital ledgers, and 2) Professional Competency Innovation, which can encompass machine learning to personalize professional education, collaboration tools for mentors and experts, and improvements in measuring professional competency, among other categories.

“The Association and CPA.com have a deep base of knowledge and resources to offer entrepreneurs looking to find a foothold in the accounting ecosystem,” says Lawson Carmichael, the Association’s executive vice president for strategy, people and innovation. “And for us, the startup accelerator offers a chance to ‘see around corners’ and take a more long-range view of opportunities in business transformation and innovation. There’s a compelling business case for collaboration.”

The startup accelerator will offer benefits to entrepreneurs in three ways:

  • Provide up to $20,000 in funding per finalist
  • Access to subject matter experts, including an advisory panel of thought leaders in the accounting technology field, who can provide coaching and mentoring on issues and opportunities unique to the profession
  • An opportunity to showcase their product or service next June at AICPA ENGAGE 2018, one of the largest accounting-related events in the United States.

Applicants from all global markets are eligible. Submissions by startups are due by Oct. 5. Interested companies who want more information can contact Greg Lafollette, a strategic advisor with CPA.com, greg.lafollette@hq.cpa.com, or Mark Brooks, a member of the AICPA’s innovation team, mark.brooks@aicpa-cima.com. To apply for consideration or learn more details about the startup accelerator, visit aicpaglobal.com/accelerator.

IPA Vendor Spotlight On … Chandra Bhansali, AccountantsWorld

Name: Chandra Bhansali
Company: AccountantsWorld
Title: Co-founder (with wife Sharada) and CEO

Accomplishments:

Chandra Bhansali

Chandra Bhansali

  • Introduced the first Windows-based based professional tax system in the 1990s.
  • Created the first payroll processing solution exclusively for accountants.
  • Used cloud technology to create Accounting Power for firms to offer client accounting services, countering the impact of do-it-yourself accounting systems on accounting practices.
  • Named one of the “100 Most influential People in Accounting” by Accounting Today for over 10 years.

You’ve been “in the cloud” for much longer than most and seem to have a knack for identifying emerging technologies. Can you offer any practical advice on how accounting firms can be more ‘future-ready’?

I’d tell them, “You are your clients’ most trusted advisor. What makes you their most trusted advisor? Your ability to analyze all the facts and help your clients make informed decisions based on those facts. To be future-ready, you need to use this important trait. It’s a fact that migration to the cloud is inevitable. Given that fact, when will you benefit the most from the migration? Should you wait until you are pushed to the wall, or move to the cloud sooner, in a more strategic way, to make the most of the migration?” It’s ironic that many of the same accountants who are their clients’ best advisors falter when making some of the most important decisions about their own practices.

Client accounting services seems to be a growing niche. Are accountants taking better advantage of the power of technology to help their clients?

Very few accountants are taking full advantage of technology to help their clients. Part of the problem is that most accountants don’t realize the capabilities of professional cloud solutions like Accounting Power. Given the choice, a large percentage of small businesses would not want to do their accounting in-house. They consider accounting to be a hassle and would love to offload it to their accountants, but most accountants don’t offer client accounting services (CAS), because functions like bill payment have traditionally been low-margin services. But with programs like Accounting Power, an accountant’s staff can now do everything their client’s staff did, only much faster and more accurately – all without leaving the office. Because of advances like this, many accountants are currently offering highly profitable CAS, which will ultimately become a major growth area.

What’s the biggest mistake firms typically make when making the move to the cloud?

The biggest mistake firms typically make when migrating to the cloud is to make a lateral move in which they move from desktop to cloud, yet their practices realize only marginal gains. That happens primarily for two reasons. First, these accountants don’t do their homework and learn about all the available solutions. Second, they are stuck in their current processes. To take full advantage of the cloud, you need to change your processes. If you keep an open mind and align your processes for optimal performance, then you will be able to take your practice to new heights that were never before possible.

There’s been lots of talk about the potential impact of Artificial Intelligence on the accounting profession. What’s your view?

My view about Artificial Intelligence is very simple – accountants with “Predictive Intelligence” will actually benefit a lot from AI. I’ll give you a simple example. AI will certainly minimize mundane tasks like data entry. If you let your clients offload their accounting work to you today, your fees will be based on what they currently spend on their bookkeeper or in-house accountant. When some of the capabilities of AI kick in to virtually eliminate data entry, that will greatly reduce your staff’s work and you will reap the benefits of that productivity gain. That’s “Predictive Intelligence.”

Final thoughts?

You know you have tremendous influence with your clients. Until now, accounting software vendors and payroll service providers have used your client relationships to make themselves billions of dollars. Would you like to continue doing that, or would you rather use your client relationships do what is in your, and your clients’, best interest? If you prefer the latter option, then download and read my whitepaper, “Forget Value Billing. Think Value Building.”  It will show you how you can use the cloud to greatly raise your bottom line, better serve your clients and feel the pride of being an accountant. Please visit www.AccountantsWorld.com/value to download the whitepaper.

Do you know someone else who would make a good Spotlight? Contact Christina Camara.

New AICPA Publication to Guide Reporting on an Entity’s Cybersecurity Risk Management Program

The AICPA has developed a new guide, “Reporting on an Entity’s Cybersecurity Risk Management Program and Controls,” to assist CPAs who are examining and reporting on an entity’s cybersecurity risk management program.

Reporting on a client’s description of its cybersecurity risk management program will help clients demonstrate to stakeholders, customers, vendors and others that they have sound cybersecurity procedures and practices.

The publication’s release follows last month’s introduction of two resources under a voluntary cybersecurity risk management reporting framework:

  • Description criteria – For use by management in explaining its cybersecurity risk management program in a consistent manner and for use by CPAs to report on management’s description.
  • Control criteria – Used by CPAs providing advisory or attestation services to evaluate and report on the effectiveness of the controls within a client’s program.

The 263-page publication includes chapters on Accepting and Planning a Cybersecurity Risk Management Examination, Performing the Cybersecurity Risk Management Examination; and Forming the Opinion and Preparing the Practitioner’s Report. It is available online and in print.

Meanwhile, in a new blog post, Susan S. Coffey, AICPA executive vice president, public practice, writes, “At the AICPA, we saw the emerging market need several years ago. We recognized that there hasn’t been a consistent, common language for describing and reporting on the cybersecurity risk management programs organizations put in place. This lack of transparency makes it difficult for stakeholders to determine whether an organization’s cybersecurity risk management plan effectively addresses potential threats.”

Visit aicpa.org/cybersecurity to learn more about the CPA profession’s cybersecurity activities.

Survey: Record Number of Organizations Were Victims of Payments Fraud in 2016

Nearly three-quarters of corporate treasury and finance professionals said their companies were victims of payments fraud last year, according to the 2017 Association for Finance Professionals (AFP) Payments Fraud Survey, which generated 547 responses.

This is the highest percentage since the survey debuted in 2005 and comes after a dramatic increase in 2015. Check fraud and business email compromise are both on the rise.

Checks continue to be the most popular method for committing payments fraud. Fully 75% of organizations that were victims of payments fraud in 2016 experienced check fraud – an increase from 71% in 2015. This is a reversal of the declining trend observed in check fraud since 2010.

Highlights of the 2017 AFP Payments Fraud and Control Survey, which was underwritten by J.P. Morgan.

  • 74% of survey respondents said their organizations were victims of business email compromise in 2016 – a 10 percentage point increase from 2015.
  • 70% of organizations have implemented controls to prevent business email compromise.
  • 63% of payments fraud attempts were made by outside individuals.

“Companies that offer mandatory training for all employees, particularly around cybersecurity, and that have a plan to respond to payments fraud, will fare better than those that do not,” says Jim Kaitz, president and chief executive of AFP.

Over 70% of corporate treasury and finance professionals are hesitant about adopting mobile payments at their organizations as they question the security of this payment method.

Nancy McDonnell, managing director at J.P. Morgan, says, “With three-quarters of companies experiencing fraud in 2016, it is important that businesses take preventive measures by educating their employees and implementing the products and processes they need to prepare and protect their assets and data from cyberfraud.”

Four Disruptive Cyber Trends That Could Slow the Bad Actors

Jason Bloomberg, president of industry analyst firm Intellyx, has written in Forbes about four broad trends that reveal transformational aspects of the cybersecurity marketplace after recently attending a huge RSA cybersecurity conference in San Francisco.

Disruption No. 1: Targeting the Links in the Cyber Kill Chain

Vendors are improving their ability to understand how bad actors behave, and can thus take steps to prevent, detect or mitigate their malicious activities, says Bloomberg. This may be the broadest of all the disruptions. Today’s vendors are understanding the ‘Cyber Kill Chain,’ or the steps a skilled, patient hacker will take to achieve his or her nefarious goals.

The product of U.S. Defense contractor, Lockheed Martin, The Cyber Kill Chain contains seven links: reconnaissance, weaponization, delivery, exploitation, installation, establishing command and control, and actions on objectives. Today’s more innovative vendors target one or more of these links, with the goal of preventing, discovering or mitigating the attack, Bloomberg says.

Disruption No. 2: Leveraging AI to Better Understand Human Behavior

One area where vendors are successfully applying Artificial Intelligence, Bloomberg writes, “is to tell the good guys from the bad guys, and furthermore, to tell the good guys from the bots simply by analyzing their behavior.” Insider threats are among the most pernicious. Cybersecurity vendors are identifying, investigating and blocking insider threats by tracking the behavior of users and identifying when that behavior violates policy.

Disruption No. 3: ‘Software-Defined’ Cybersecurity

“Cybersecurity has also joined the Software-Defined Everything (SDX) movement. If we can represent our entire cybersecurity deployment as a software-based model, the reasoning goes, then we have better control, visibility and flexibility,” Bloomberg says in Forbes.

Disruption No. 4: Israel Becomes the Cyber Silicon Valley

The fourth trend is how Israeli cybersecurity startups have come to dominate the innovation in this area. Of the 26 vendors Bloomberg and his colleagues met with at the RSA Conference, they spoke with no less than six Israeli firms. Silicon Valley may still have the edge generally, but Israel is gaining fast in the cyber arena.

Combined with innovations in threat prevention, detection and defense, the long-standing advantage that bad actors have enjoyed may finally be nearing its end.

Study: Technology Pressures in Audit Profession Will Force Major Changes

With constantly evolving technology driving change in the profession, firm leaders anticipate a future that may fundamentally transform the way audits are conducted. According to Thompson Reuters, the most pressing challenges facing the audit profession can be grouped into four main categories: quality, innovation, talent and relevance.

A recently released whitepaper covers how each of these challenges impact today’s audit and how reimagining solutions to these challenges can mean a new future.

The white paper, “Four Keys to the Future of Audit,” says that firms don’t realize that their audits are living in the past. “Many are under the false pretense that since their audits are paperless, they are modernized and future-ready. However, most of these firms don’t take into account that while the medium may have changed, nothing about the audit process itself has changed along with it – thus, the same systematic inefficiencies are still present. Furthermore, auditors continuously fail to use technology to better understand a client and their business, the industry and as a tool to enhance curiosity.”

Technology can be used to improve quality of the audits, the report says. For example, real-time quality dashboards can help the firm monitor quality. Emerging cloud-based audit technologies offer significant improvements in this area and hold “great promise in helping the profession move into the future,” the report says.

Big data and data analytics also offer promise, as auditors can provide insights that were not possible when only samples of data were examined. “However, auditors now have the ability to rise above limited amounts of data and scope out observations,” the report says. “With the ability to have an expanded real-time internal and external view, auditors can now think holistically and promote innovation within their firms.”

Cloud-based audit platforms can help position the firm for the audits of the future. Cognitive computing systems, which use algorithms to drive machine learning, will eventually become capable of anticipating problems and their solutions. “Other industries are much further along than the audit profession, but there is little doubt that cognitive computing has a prominent place in the future of the audit,” the report says. “It’s only a matter of time.”

All of these development will impact the kind of talent recruited into the profession and the skills training that should be made available.

“The audit technology tools that are in the cloud today, that integrate platform and methodology, are very good starting points to move to the future,” the report concludes. “Add cognitive computing and data analytics once they are more fully evolved, and the result could be an audit game-changer.”

LinkedIn Launches Facebook-like Redesign; Facebook Adds Job Search

While LinkedIn has launched a redesign that makes it look more like Facebook, Facebook has added a job search function that’s a lot like LinkedIn.

Both changes came about in the last couple of months. LinkedIn launched what it called a “complete overhaul” of its design in January, and Facebook allowed users to search and apply for jobs in February.

LinkedIn says its redesign was intended to provide a “more intuitive, faster” and more valuable experience. “Our goal is to ensure you can seamlessly access the most relevant professional conversations, content and opportunities whether you’re on our mobile app or on our desktop experience,” the company says. LinkedIn users say it looks and acts more like Facebook now.

LinkedIn is the most-used professional networking and job recruiting social media site, but Facebook’s new feature allows companies to publish a job posting on their page. Facebook users can click an “apply now” button that leads them to a page that is pre-populated with your name and any education or employment history that you’ve agreed to make public. A 1,000-character text box allows for a note, although resumes can’t be uploaded. The information then goes to the company in a Facebook message.

“Businesses and people already use Facebook to fill and find jobs, so we’re rolling out new features that allow job posting and application directly on Facebook,” Facebook vice president Andrew Bosworth said in a statement.

Wired magazine calls LinkedIn’s “blatant cribbing” of Facebook “smart.” In a Jan. 20 article, Wired says, “People know how to use Facebook, but even company co-founder Reid Hoffman once called the old LinkedIn ‘confusing.’ Amy Parnell, the company’s senior director of experience design, was more charitable when she said it had ‘too much noise, too much cognitive load.’ ”

LinkedIn’s cleaner look is easier to digest, thenextweb.com reports. “It’s more Facebook-like, which for a lot of people – especially new members – will mean something more familiar. Anything that gives people a reason to stick around is a win for LinkedIn.”

Survey: Cybersecurity and Infrastructure Management Top Concerns of IT Audit Leaders

Cybersecurity and privacy issues, along with infrastructure management and emerging technologies, rank as the top technology challenges organizations face today, according to a just-released survey report from global consulting firm Protiviti and ISACA, a global business technology professional association for IT audit/assurance, governance, risk and information security professionals. The survey of 1,062 IT audit and internal audit leaders and professionals found that IT audit is also becoming more involved in major technology implementation projects within organizations.

In the survey, respondents were asked to name the top technology or business challenges their organizations face today. The top 10 responses:

  1. IT security and privacy/cybersecurity
  2. Infrastructure management
  3. Emerging technology and infrastructure changes – transformation, innovation, disruption
  4. Resource/staffing/skills challenges
  5. Regulatory compliance
  6. Budgets and controlling costs
  7. Cloud computing/virtualization
  8. Bridging IT and the business
  9. Project management and change management
  10. Third-party/vendor management

Gordon Braun, a managing director with Protiviti and global leader of the firm’s IT audit practice, says other challenges are just as critical, “from resource and skills gaps to ongoing transitions to cloud and virtual networks. Additionally, as more and more organizations rely on third parties to support critical applications and infrastructure, the need to excel at managing vendor relationships has increased dramatically. Many organizations have not sufficiently addressed maturing their vendor management practices, and the resulting business risks can be significant.”

According to the ISACA/Protiviti survey, titled A Global Look at IT Audit Best Practices, in large companies (greater than $5 billion in revenue), 26% of IT audit functions have a significant level of involvement in major technology projects, while 45% have a moderate level of involvement. IT audit is most frequently involved in the post-implementation stages (65%).

“Seeing greater involvement by IT audit in significant technology projects is a positive trend, especially considering the dynamic nature of technology and critical risks related to security and privacy,” says Christos Dimitriadis, chair of ISACA’s board of directors and group director of information security for INTRALOT. “This is also notable because a substantial percentage of IT projects tend to run over budget and behind schedule and fail to achieve the desired objectives. Having IT audit bring a mindset of risk and control to these projects can be highly advantageous.”

In a majority of organizations (55%), the IT audit director regularly attends audit committee meetings. This represents a 6-point jump from the 2015 survey, and reflects a long-term trend in the survey findings since 2012, when less than one in three IT audit directors attended audit committee meetings regularly.

“There’s no question that cybersecurity and emerging technologies are now a regular topic at the board level,” says Braun. “Audit committee members, in particular, are seeking greater assurance around critical IT risks and controls – internal audit and IT audit leaders must be prepared to demonstrate audit coverage of key areas and articulate where the highest risks remain.”

The Protiviti/ISACA study also found that among large companies, 9% conduct an IT audit risk assessment. However, a majority (55%) only do so on an annual or less-frequent basis. Considering the growing risk landscape resulting from cybersecurity threats and emerging technologies, ISACA and Protiviti suggest that more organizations consider an approach that includes continually reviewing the IT risk landscape and adjusting IT audit plans accordingly.

The survey report is available for download at www.isaca.org/2017itauditstudy and www.protiviti.com/ITauditsurvey

The IIA, Crowe Horwath Examine Security Intelligence Centers

Cybersecurity remains a top business priority as cyber incidents and data breaches carry the threat of significant operational and reputational damage for all organizations. A new report from the Internal Audit Foundation (IAF) and Chicago-based Crowe Horwath (FY16 net revenue of $745.2 million) offers a look at the next step in the evolution of cybersecurity strategy by examining the growing use of security operation centers and security intelligence centers.

Next Steps: Beyond Response to Anticipation is based in part on a survey of chief audit executives conducted by The Institute of Internal Auditors’ (IIA) Audit Executive Center and Crowe. The survey found that more than a third of respondents are turning to security operation centers, formal and informal, as part of their cybersecurity strategies.

“It is logical and encouraging that models to address the pervasive and potentially devastating threat of cyberattacks are evolving,” says IIA President and CEO Richard F. Chambers. “The creation of formal security operation centers allows for holistic, proactive approaches to cybersecurity in which all parts of the organization, including the internal audit function, can support the battle against data breaches.”

To conduct the survey, Crowe personnel interviewed information security executives from organizations across the globe. The interviews confirmed a growing number of organizations recognize that “100 percent protection 100 percent of the time” is not achievable. It is then that an organization’s cybersecurity strategies can “shift from a defensive posture to a more offensive and proactive one that focuses on learning about how certain threats operate, how their effects can be limited or mitigated, and how the incident response time (from identification to remediation) can be accelerated,” according to the report.

The report identifies the common terminology, frameworks, metrics and tools used in the security operation centers and examines how these can evolve further into security intelligence centers.

“There is room for internal audit to get more engaged in the evaluation of security operations,” said Raj Chaudhary, Crowe Risk Consulting principal. “Over time, advanced analytics capabilities will allow companies to become more proactive in preventing events that could negatively impact business operations.”

The report is available through the Internal Audit Foundation.

Worldwide Public Cloud Services Spending Forecast to Reach $122.5 Billion in 2017, According to IDC

A new update to the International Data Corporation (IDC) Worldwide Semiannual Public Cloud Services Spending Guide shows that worldwide spending on public cloud services and infrastructure will reach $122.5 billion in 2017, an increase of 24.4% over 2016. Over the 2015-2020 forecast period, overall public cloud spending will experience a 21.5% compound annual growth rate (CAGR) – nearly seven times the rate of overall IT spending growth. By 2020, IDC forecasts public cloud spending will reach $203.4 billion worldwide.

Software as a Service (SaaS) will remain the dominant cloud computing type, capturing nearly two thirds of all public cloud spending in 2017 and roughly 60% in 2020. SaaS spending, which is comprised of applications and system infrastructure software (SIS), will in turn be dominated by applications purchases, which will make up more than half of all public cloud spending throughout the forecast period. However, spending on Infrastructure as a Service (IaaS) and Platform as a Service (PaaS) will grow at much faster rates than SaaS with five-year CAGRs of 30.1% and 32.2%, respectively.

“In 2017, discrete manufacturing, professional services, and banking will lead the pack in global spending on public cloud services as they look for greater scalability, higher performance, and faster access to new technologies,” said Eileen Smith, program director, Customer Insights and Analysis. “Combined, these three industries will account for one third of worldwide public cloud services spending, or $41.2 billion.”

The industries that will see the fastest growth in public cloud spending over the five-year forecast period are professional services (23.9% CAGR), retail (22.8% CAGR), media (22.5% CAGR), and telecommunications (22.1% CAGR). It is worth noting, however, that 18 of the 20 industries included in the Spending Guide will experience five-year CAGRs greater than 20%.

In terms of company size, nearly half of all public cloud spending will come from very large businesses (those with more than 1,000 employees) while medium-sized businesses (100-499 employees) will deliver more than 20% throughout the forecast. Large businesses (500-999 employees) will see the fastest growth with a five-year CAGR of 23.2%. While purchase priorities vary somewhat depending on company size, the leading product categories include customer relationship management (CRM) and enterprise resource management (ERM) applications in addition to server and storage hardware.

On a geographic basis, the United States will be the largest market for public cloud services, generating more than 60% of total worldwide revenues throughout the forecast. Western Europe and Asia/Pacific (excluding Japan)(APeJ) will be the second and third largest regions with 2017 spending levels of $24.1 billion and $9.5 billion, respectively. APeJ and Latin America will experience the fastest spending growth over the forecast period with CAGRs of 28.0% and 26.6%, respectively. However, seven of the eight regions are forecast to experience CAGRs greater than 20% over the next five years with the United States seeing the slowest growth at 19.9%.

“In Western Europe, the public cloud market will grow at a healthy 23.2% CAGR over the forecast period and utilities, insurance, and professional services industries will be the most dynamic market spaces,” said Serena Da Rold, senior research manager, Customer Insights and Analysis. “European companies have been slower in the adoption of cloud when compared to their U.S. counterparts, but now the market is maturing and it is the right time for cloud providers to target and capture the untapped segments.”

“As cloud adoption expands over the next four years, what clouds are and what they can do will evolve dramatically – in several important ways. The cloud will become more distributed (through Internet of Things edge services and multicloud services), more trusted, more intelligent, more industry and workload specialized, and more channel mediated. As the cloud evolves these important new capabilities – what IDC calls ‘Cloud 2.0’ – the use cases for the cloud will dramatically expand,” added Frank Gens, senior vice president and chief analyst at IDC.

The Worldwide Semiannual Public Cloud Services Spending Guide quantifies public cloud computing purchases by cloud type for 20 industries and five company sizes across eight regions and 47 countries. Unlike any other research in the industry, the comprehensive spending guide was designed to help IT decision makers to clearly understand the industry-specific scope and direction of public cloud services spending today and over the next five years.