SEC Adopts Statement and Interpretive Guidance on Public Company Cybersecurity Disclosures

The SEC voted to approve a statement and interpretive guidance to assist public companies in preparing disclosures about cybersecurity risks and incidents.

“I believe that providing the commission’s views on these matters will promote clearer and more robust disclosure by companies about cybersecurity risks and incidents, resulting in more complete information being available to investors,” says SEC chairman Jay Clayton. “In particular, I urge public companies to examine their controls and procedures, with not only their securities law disclosure obligations in mind, but also reputational considerations around sales of securities by executives.”

The guidance provides the commission’s views about public companies’ disclosure obligations under existing law with respect to matters involving cybersecurity risk and incidents. It also addresses the importance of cybersecurity policies and procedures and the application of disclosure controls and procedures, insider trading prohibitions, and regulation fair disclosure and selective disclosure prohibitions in the cybersecurity context.

Xero Names New CEO

Steve Vamos

Steve Vamos

Xero, a cloud accounting company, named Steve Vamos as its new global CEO. Previous CEO, Rod Drury, will remain with the company as a non-executive director.

“What Rod and Xero have accomplished is rare and remarkable,” says Vamos. “I’m excited to have this opportunity to lead Xero’s growth and development going forward. I have really enjoyed the opportunity to work with the Xero leadership team and we have a clearly communicated strategy, which we are committed to executing.”

Vamos has 30 years of experience including being the former head of Microsoft Australia. Prior to that, he served as managing director of Apple Computer Australia and New Zealand, and in various executive and professional roles at IBM between. Vamos also led the growth and development of an online media business in his role as CEO of Ninemsn, a joint venture between Microsoft and former Australian media company Publishing and Broadcasting Limited.

“Succession planning has been high on the board’s agenda and with the business performing strongly, we believe the time is right to make the transition at CEO level,” says Xero chair Graham Smith.

“Xero has recently achieved a number of key milestones: We’ve achieved positive EBITDA and operating cash flows, consolidated our listing on the ASX and built an exceptional leadership team. It’s now the right time for me to pass the baton to Steve, who has the experience to significantly expand Xero internationally. Steve has demonstrated to the board and me that he has the skills and experience we need to execute Xero’s next phase of growth, while I contribute to strategy as a non-executive director with my passion for product innovation,” says Drury.

New White Paper Identifies Potential Blockchain Implications for Audit and Assurance

A new white paper, Blockchain Technology and its Potential Impact on the Audit and Assurance Profession, from Chartered Professional Accountants of Canada (CPA Canada), the AICPA and Waterloo discusses how financial statement auditing might evolve with blockchain technology and also considers new assurance services and future roles for CPAs. The paper was authored by several leaders in blockchain technology from Deloitte’s U.S. audit and consulting businesses, as well as blockchain leaders of Deloitte Canada, CPA Canada, the AICPA and Waterloo.

The white paper concludes that while blockchains are unlikely to replace judgments by a financial statement auditor, “CPA auditors need to monitor developments in blockchain technology because it will impact their clients’ information technology systems; and work with experts to audit the complex technical risks associated with blockchains. CPA auditors should be aware of opportunities to leverage their clients’ adoption of blockchain technology to improve data gathering during the audit and should consider whether blockchain technology will allow them to create automated audit routines.”

“Change comes quickly,” says Gord Beal, vice president of research, guidance and support at CPA Canada. “Anticipation, early understanding and integration of innovative technologies is critical to the success of our members and the organizations they serve. Blockchain is already starting to affect CPAs and its impact on the profession is anticipated to grow. We are committed to providing guidance to help CPAs navigate these changes and create opportunities for the future.”

“This white paper sheds light on a key technological development that CPA auditors in North America – and around the world should stay abreast of,” says Susan Coffey, Association of International Certified Professional Accountants’ executive vice president for public practice. “Blockchain is bringing new challenges and opportunities to the audit and assurance profession. As the paper makes clear, CPAs will need to evolve their skillsets and knowledge to meet the anticipated demands of the business world as blockchain and other new technologies are more widely adopted.”

“There is no doubt that blockchain technology, cryptocurrencies and smart contracts have captured the imaginations of people around the world,” says Efrim Boritz, professor, School of Accounting and Finance, University of Waterloo, director, UWCISA. “The University of Waterloo’s Centre for Information Integrity and Information Systems Assurance is monitoring developments in this area and conducting research to ensure that we understand the strengths and weaknesses of these technologies – to look beyond the hype – to help decision makers make sound choices when considering the opportunities and risks represented by these technologies.”

The white paper contains a call to action that urges CPAs, including those in auditing, to continue to monitor developments in blockchain technology. Additionally, CPA Canada and the AICPA encourage auditing and accounting standard setters to monitor progress and adoption of blockchain technology in the business ecosystem. The CPA profession needs to envision the future skills that will be required to allow CPAs to meet the demands of the market in a business world where blockchain technology is widely accepted.

How Do CPAs Remain Relevant in a Disruptive World? Research Points to Eight Key Competencies

With advancing technology poised to automate many of their data-driven tasks, accounting and finance professionals must master eight key skills if they want to remain relevant in a changing and complex world, says Tom Hood, executive director of the Maryland Association of CPAs.

Tom Hood

Tom Hood

As executive director of the MACPAs and its learning and innovation affiliate, the Business Learning Institute, Hood has spent the past few years analyzing the research, studies and thought leadership surrounding the future of the profession. After cross-referencing all of the available expertise, Hood has determined that future-ready accounting and finance professionals must be proficient in the following eight skills:

  • Communication
  • Leadership
  • Critical thinking and problem solving
  • Anticipating and serving evolving needs
  • Synthesizing intelligence to insight
  • Integration and collaboration
  • Technology acumen and data analytics
  • Functional and domain expertise

“Anything that can be automated will be automated,” said Hood. “Crunching the numbers is no longer good enough. Machines can do that faster and more accurately that we’ll ever be able to. Our future relevance depends on our ability to do the things the machines can’t do — to interpret the numbers, to tell the stories behind the numbers and make our clients future-ready at the same time. These skills will help us do that.”

Hood’s list of future-ready skills is based on cross-referencing the research presented in a number of high-profile studies, including:

  • The AICPA’s “CPA Horizons 2025” study
  • The Second Machine Age, by Erik Brynjolfsson and Andrew McAfee
  • Only Humans Need Apply, by Thomas Davenport and Julia Kirby
  • Humans Are Underrated, by Geoff Colvin
  • The Fourth Industrial Revolution, by Klaus Schwab
  • Future Work Skills 2020, by the Institute for the Future
  • The 2020 Workplace, by Jeanne sister and Karie Willyerd

The problem, says Hood, is that most accounting and finance professionals – and the organizations they work for – refuse to spend enough time or money to ensure that they are proficient in these future-ready skills.

“That has to change,” says Hood, “and it has to change on three levels. At an individual level, we each must take charge of our own careers and ensure that we have the skills that will take us to the next level. At an organizational level, the folks we work for must spend the time and money to ensure that their teams have the skills that will keep their businesses and their clients future-ready. And at an educational level, the folks who teach the next generation of CPAs must start including these critical skills in their curricula. Nothing is more important to our profession’s future relevance.”

“Wherever you learn the skills that will make you future-ready, insist that these eight competencies are part of the program,” says Hood. “Nothing is more important to you, your organization, or your clients.”

Why Accenture Has the Most Blockchain Job Openings in the World

Global companies are making large investments in blockchain, the digital ledger technology that underpins cryptocurrencies and allows information to flow securely between different parties. According to Forbes, Accenture is hiring more blockchain jobs than any other company.

In English-speaking countries, Accenture had 537 blockchain job openings in 2017. It’s seeing the most demand in three areas: financial services, supply chain and identity, hiring primarily for roles like software developer, technical architect and business strategist. Accenture provides consulting and technology implementation services, while companies like IBM build the technical tools that Accenture often uses.

Accenture uses blockchain to link entities together privately instead of a simple database because, according to David Treat, managing director and co-head of Accenture’s global blockchain practice, it comes down to trust. Historically, organizations have rarely trusted one company to become a central data repository, “either because of the proprietary value of their data or due to a lack of trust in others.” With blockchains, multiple parties maintain a replica of recorded transactions that can’t be changed.

Accenture is a founding member of a public-private partnership called ID2020 that aims to solve a wide range of identity problems, ranging from helping the one billion people around the world who don’t have an official identity to solving the customer-service headache of having to provide your information every time you deal with a company or service provider.

CPAs Cite AI, Machine Learning, Cognitive Computing as Profession’s Top Tech Trends

Artificial intelligence, machine learning and cognitive computing in audit and tax are the top trends that will impact the accounting and finance world over the next three years, according to research conducted by the Maryland Association of CPAs, the Business Learning Institute and world-renowned futurist Daniel Burrus.

Daniel Burrus

Daniel Burrus

The research began with Burrus’s “Top 20 Technology-Driven Hard Trends Shaping 2018 and Beyond.” Using Burrus’s annual list as a starting point, MACPA Executive Director Tom Hood asked more than 1,000 CPAs and finance and accounting professionals which of those trends will have the greatest impact on the profession over the next three years. Their answers in rank order are as follows:

  1. AI, machine learning and cognitive computing in audit and tax
  2. Big Data and high-speed data analytics
  3. Adaptive and predictive cybersecurity
  4. Virtualization and automation of processes and services
  5. Mobile apps for business process innovation
  6. Blockchains and cryptocurrency
  7. Advanced cloud computing
  8. Smarter smartphones and tablets drive mobile process automation
  9. Virtualization of desktops, storage, applications and networking
  10. Social business applications

“These trends highlight enormous, game-changing opportunities in a broad array of applications and industries,” says Burrus. “As you read through them, look for opportunities for you to leverage them and become a positive disruptor.”

“One more word of advice,” says Hood. “Don’t stop at the trends impacting your firm or company. Stop and think about how these trends are impacting your clients and customers, both internally and externally. Think about the hard trends facing your industry and your customers’ industries. Read the entire list and think about robotics and 3-D printing, augmented and virtual reality, the Internet of Things, location-based services, drones and wearables.”

These seemingly individual technologies are joining forces to disrupt the accounting and finance profession exponentially. The impact of AI is huge, but when combined with blockchain, for instance, its impact increases tenfold … at least. This “10x mindset” will be vital going forward, Hood said.

Learn how to think exponentially

Want to learn how to turn these hard trends into opportunities? Master the lessons found in The Anticipatory Organization: Accounting and Finance Edition.

This award-winning online learning program is designed to help accounting and finance professionals develop future-focused anticipatory skills that can elevate and accelerate their ability to be proactive and use these trends to their advantage. By learning to anticipate disruptions, problems and game-changing opportunities, you can proactively shape the future of your career and organization from the inside out.

Learn more by visiting

KPMG Bolsters Cyber Capabilities Partnership

New York-based KPMG LLP (FY16 gross revenue of $8.6 billion) has partnered with Okta Inc., a provider of single sign-on capabilities across platforms.

The alliance will allow KPMG cybersecurity services to design, implement, and automate identity and access management processes using Okta’s leading cloud identity platform to help clients manage, control, and secure enterprise and consumer access, while identifying areas for cost savings.

“Our alliance with Okta is accelerating KPMG’s status as a leading cybersecurity firm with the ability to help clients protect information as they pursue new digital interactions and enhanced productivity in the cloud,” says Charlie Jacco, principal of KPMG cybersecurity services. “With Okta, we can deliver fast and reliable IAM solutions to help keep data safe, while enhancing the user experience.”

“In today’s ever-evolving security landscape, organizations must protect data across an increasingly complex breadth of technologies, including cloud applications, mobile devices and legacy solutions. The Okta Identity Cloud – including our identity and security products, as well as our 5,500 pre-built integrations to applications and infrastructure providers – enables organizations to easily and securely adopt the technologies they need to fulfill their missions faster,” says Patrick McCue, senior vice president of worldwide partners, Okta.

The Coincheck Hack and Future of Blockchain Security

The loss in January of more than $500 million worth of digital coins from Coincheck, a Japanese cryptocurrency exchange, is raising questions about the security of virtual currencies.

The ease with which hackers stole the digital currency shows that basic security measures were not in place, according to MIT Technology Review. For example, the stolen currency was stored in an internet-connected “hot” wallet, while many exchanges already hold most users’ funds offline. “Going forward, this will presumably become standard practice,” MIT Technology Review reported.

Another issue is the security of the private cryptographic keys that are associated with every public cryptocurrency address. Someone managed to acquire a private key in the Coincheck heist.

One possible answer is a multisignature address, which requires more than one cryptographic key to execute a transaction. The system is similar to the multi-factor authentication process used to access email or bank accounts. Business partners can use the technology, for example, to create a wallet that requires each of them to sign off on transactions. The system is not perfect, however, because hackers defeated a multisignature system in 2016 to steal $65 million from Bitfinex.

A broader discussion about blockchain security is just beginning, says MIT Technology Review. “Some say blockchains can revolutionize how we track a host of assets beyond just money, like land titles. Such a system might look different from the blockchain networks running today’s cryptocurrencies, but it would still rely on cryptographic keys that could fall into the wrong hands. The techniques and processes we adopt for securing them will be crucial for keeping hackers from running off with land that isn’t theirs.”

Doing Business in Europe? New Privacy Rules Go into Effect May 25

The General Data Protection Regulation (GDPR), which replaces the 1998 Data Protection Act, is a new series of privacy regulations that apply to anyone who stores or processes personal information of European Union citizens or residents, regardless of a company’s physical presence in Europe. An implementation deadline of May 25, 2018 has been set by the European Union, and North American firms who deal with clients overseas need to be in compliance or face hefty fines.

The GDPR defines personal information as anything that can be used to identify a person – an identification number, bank account number, or simply a name and email address. If personal data is involved in a data breach then the individual must be notified within 72 hours of discovery. Under the GDPR, individuals have other enhanced rights including:

  • The right to erasure, also known as the right to be forgotten. An individual has the right to request their data be deleted, including any backups or cloud storage.
  • The right to be informed. Firms are obligated to provide fair processing information, typically through a privacy notice, which is written in clear language rather than legal jargon.
  • The right to object. Individuals can object to the processing of their data and to direct marketing.

Organizations that process personal data must have a lawful basis for doing so. GDPR outlines six bases, including fulfilling a necessary contractual obligation for clients or obtaining explicit (rather than implied) consent. Firms must determine the lawful basis, and document it, before processing.

If one thing is clear about the GDPR, it’s that whatever you do, it must be documented. This documentation could be the duty of a Data Protection Officer (DPO), which organizations are required to appoint in some circumstances, such as when information is processed on a large scale. The DPO has responsibility for data protection compliance and is the first point of contact for any data protection activities. The GDPR allows for this position to be an existing employee, as long as there is no conflict of interest and the professional duties are compatible.

Questions your firm should be asking: 1) Is your privacy notice written clearly? 2) Do your processes uphold privacy by design? 3) Do you have a breach notification plan? 4) Do you engage a third party to process any personal data?

Those found in violation of the GDPR could be fined up to 4% of their annual revenue, or €20 million, whichever is greater. However, according to the European Commission, the most important aspect of the GDPR is that it allows for client trust and confidence that their sensitive personal information is being handled with appropriate care. Only 15% of people feel they have complete control over the information they provide online, the commission says.

Helpful resources:

How to Make Going Paperless Worth It This Tax Season

Jesse Wood

Jesse Wood

By Jesse Wood, CEO of eFileCabinet

If you’re thinking about taking your accounting department paperless this 2018 tax season, these tips will turn a potentially negative experience into a positive one.

Know That “Paperless” Only Describes Half the Benefits
There are many ways to go paperless before tax season, but not all are created equal. The best paperless strategies are backed by software solutions that automate, simplify and securitize processes traditionally completed with paper, and this is where the resulting efficiencies and cost reductions can be tracked.

For instance, going paperless would serve little purpose if all one used was a scanner and a traditional Windows folder structure.

The benefits of paperless can’t be realized without the right document management software. Going paperless with nothing more than a scanner and Windows folder structure will cause the same problems paper-based processes cause in accounting offices: misfiling, difficulty retrieving information, poor security and limited collaboration.

Think Paperless Means Breaking the Bank? Think Again
There’s a widespread belief in the accounting community that going paperless can cost over $20,000. However, after implementation fees of a document management solution and a monthly subscription fee of roughly $50 per month to use the software, the return on investment begins quickly if the system is leveraged and embedded across existing business processes.

One of the most common mistakes accountants and CPAs make when going paperless is forgetting to leverage the features of a document management solution. This is easily avoidable if selecting a system as intuitive as possible, and therefore easy to remember to utilize and embed into an existing process architecture.

Choose a Software Vendor That Can Automate and Encrypt Your Entire Process
To succeed in the 2018 tax season, most accountants will need the following features in a document management solution to automate and encrypt processes deeply embedded in their existing, paper-based routines:

Templates: When adding a new client to file structures, accounting must manually create the folder, store it and tag it. Templates mean that instead of copying, pasting and moving file, folder and drawer structures, accountants can replicate them in different places, automating a file and folder creation process that would otherwise be repetitive and time-consuming.

Zonal OCR: Zonal OCR for accountants automates the scanning and information management portion of scanned documents. It also enables throughput continuity and simplifies using a document management solution over the long-term, automatically routing documents where they need to go in the solution by identifying relevant metadata.

Encrypted File Sharing: Sending files with sensitive client information via email is no longer acceptable given that email is susceptible to breach and customers are warier of sharing their information than ever.

Relying on a web portal as an encrypted file sharing feature has two benefits over email: 1) Never having to remove items from the portal, but rather letting clients access documents via the portal, and 2) impressed clients who feel safe sharing their information. Additionally, some accountants even charge their clients to use these portals and collect extra income because of their ease of use and security.

Head for the Cloud to Integrate with Solutions You Already Use
The cloud is the future of all software interdependence and connection, so learning to rely on it sooner rather than later will remove any need to convert data from an on premises technology to the cloud, and also enable longevity to the integrations with software accountants already use, such as Lacerte from Intuit or QuickBooks.

You Don’t Need to Rush to Get It Done
Going paperless with even the best software should never feel like a rushed, confusing process. Many accountants can complete the process within the span of several weeks without shutting down operations, but still, others choose to opt in for a “phased” implementation, merely scanning a document into their document management solution of choice whenever it’s touched. Neither option is better than the other, but a matter of preference.

If accountants remember these tips to prepare for the 2018 tax season, they are bound to succeed in their paperless endeavors.

About the Author:
Jesse Wood is the CEO of document management software vendor, eFileCabinet. Founded in 2001, eFileCabinet, Inc. began as a cutting-edge tool to digitally store records in accounting firms. As it grew in popularity, eFileCabinet developed into a full-fledged electronic document management solution designed to help organizations automate redundant processes, ensure security and solve common office problems.