The Gramm-Leach-Bliley Act still applies to CPAs
The information encoded in your DNA determines your unique biological characteristics, such as sex, eye color, age and Social Security number. - Dave Barry
The fight against identity (ID) theft is starting to bear fruit: The number of taxpayers who reported that they were victims of identity theft to the IRS dropped in 2016. This means 376,000 fewer taxpayers reported ID theft, a drop of 46%. Also, the IRS stopped 883,000 tax returns with confirmed identity theft links from getting through the system in 2016. That helped lead to a 37% drop in stolen returns that year.
Dave Barry is a funny guy, but ID theft is no laughing matter. Fraud detection is still one of National Taxpayer Advocate Nina Olson’s “most serious problems” as indicated in her 2016 Annual Report to Congress.
Olson sites a 2015 Treasury Inspector General for Tax Administration (TIGTA) report that said although the IRS’s fraud detection efforts were able to stop between $22 billion and $24 billion of false refunds from being issued, identity thieves were still able to steal approximately $5.75 billion in the 2013 filing season.
ID theft is such a concern to her that she recommends the IRS consider initiating a research study that considers the costs and benefits of holding taxpayer refunds until after filing season ends. It’s a controversial suggestion, given 70% of taxpayers expect a refund and want it NOW. The delay would give IRS time to match information it receives from third-party information filers with the 1040s filed, and a better shot at stopping the fraudulent returns.
This topic is so important that when the AICPA recently updated its Guiding Principles of Good Tax Policy, “information security” (tax administration must protect taxpayer information from all forms of unintended and improper disclosure) was added as one of two new principles.
One law passed by Congress to control the ways that financial institutions deal with individuals’ private information is the Gramm-Leach-Bliley Act (GLB), also known as the Financial Modernization Act of 1999. The Act has three sections:
- The Financial Privacy Rule, which regulates the collection and disclosure of private financial information;
- the Safeguards Rule, which specifies that financial institutions must implement security programs to protect such information; and
- the Pretexting provisions, which prohibit the practice of pretexting (accessing private information using false pretenses)
The Financial Privacy Rule requires financial institutions (defined to include tax return preparers) to provide each consumer with a privacy notice at the time the consumer relationship is established and annually thereafter. CPAs ("accountants and auditors") are exempt from this rule. (§313.15(a)(3)) The Safeguards Rule requires financial institutions to develop a written information security plan that describes how the company is prepared for, and plans to continue to protect, clients' nonpublic personal information. CPAs are not exempt from the safeguards requirements; CPAs must still have a written information security plan.
In a recently publicized case, TaxSlayer LLC entered into a settlement with the Federal Trade Commission (FTC) for violating both the Financial Privacy and Safeguard Rules. The violations came to light because hackers gained access to roughly 9,000 TaxSlayer taxpayer accounts and filed fraudulent returns. As part of its settlement with the FTC, the company must obtain biennial third-party compliance assessments with these rules for the next 10 years.
The FTC provides information on how to comply with the safeguards rule. The IRS also has useful information on this topic, including in Publication 4557. The AICPA provides information and tools related to identity theft, too.
Finally, I’d recommend having a conversation with your professional liability insurance carrier about ID theft and information security. The digital world has created the need for cybersecurity protection. And while every firm must do their best to ensure their client’s information is secure, they should also obtain a cybersecurity policy to protect the future of the firm in the event of a breach.
Dave Barry also said that “[g]ravity is a contributing factor in nearly 73 percent of all accidents involving falling objects.” The connection between the lack of information safeguards and ID theft may be almost as compelling. Don’t become a statistic.
Ed Karl, CPA, CGMA, Vice President --Taxation, Association of International Professional Accountants
ID theft courtesy of Shutterstock.
Not a natural born leader? 5 tips can boost your skills
Some say that leaders are born. Others believe that leaders are made. I’m definitely a fan of the hybrid approach. There have been moments in my career where I’ve harnessed some inherent abilities and cultivated others to move up the ladder. Even from a young age, I knew I wanted to make a significant contribution to my community. But, to be effective as the Treasurer of the Cherokee Nation, I’ve had to draw from personal and professional experiences and build my confidence. You can do it too. Here are some tips.
- Lead by observation. Closely observing a respected leader’s approach to strategy is key to developing your own. I became a math hound from watching and helping my grandmother run her business. That’s really where my leadership training began. Later, when I started working for the Cherokee Nation, I had a terrific mentor who took me under his wing and allowed me to be involved in decision-making for the tribe. By watching how others lead, you can gain their 30,000-foot view while simultaneously working with your boots on the ground.
- Lead by listening. Listening to and understanding the perspectives of others can help you determine how to tackle new challenges and gain the trust of your colleagues. When I became Treasurer of the Cherokee Nation, I was suddenly managing an experienced team of 98 people. I had to prove myself to everyone, and I did that by listening to them. I asked them what they felt the tribe’s opportunities and challenges were. Also, I wanted to hear about the ideas they had and what they would focus on if they were in my position. My team felt heard and saw firsthand my eagerness to put their thoughts and ideas into action.
- Lead by taking on new responsibilities. You don’t have to have a leadership title to build your confidence and leadership skills. All you have to do is raise your hand. Whether you’re offering to manage a work project, volunteering for the board of a nonprofit organization or taking a leadership role at your alumni association, step up. This is how you learn and demonstrate to others that you’re willing to lead.
- Lead by learning. Any professional will tell you that you learn new things every day, CPE-required or not. Take the audit, for instance. By performing an audit, you learn about planning, project management and how to form an argument. It’s a proving ground for many CPAs as they build real-world leadership qualities, which was certainly the case for me. I pass the spirit of constant learning on to my staff by encouraging them to take advantage of opportunities to broaden their horizons on a variety of topics, from Standards for Excellence to public speaking. I’m a big believer in demonstrating the desire to learn; it’s a leadership quality all on its own.
- Lead from the heart. My love for the Cherokee people is what drives me to find creative solutions to our problems. So every day, I use my head to achieve the goals of my heart. Don’t be afraid to reveal your passion and how it drives you. You’ll foster stronger relationships with colleagues, clients, business partners and staff and they’ll respect knowing what motivates you.
No matter where you are in your career, you can always use the AICPA’s professional education resources to become a more confident leader. The AICPA Diversity and Inclusion team offers CPE through its D&I webcasts, a professional development series. The next webcast “Global diversity: driving innovation through inclusion” will be held in January.
Lacey A. Horn, CPA/CGMA, is Treasurer of the Cherokee Nation. She oversees all financial functions of the tribal government, including the tribe’s $1 billion annual budget including the Cherokee Nation’s tribal health care system, which is the largest of its kind. In 2015, Ms. Horn was appointed to the U.S. Department of Treasury’s Tribal Advisory Committee. The Native American Finance Officers Association selected Ms. Horn as “Executive of the Year” in 2014 and she appeared in Oklahoma Magazine’s 40 Under 40 list in 2012. She has two degrees from SMU and was named SMU’s 2017 “Emerging Leader.”
You asked, we delivered. A more flexible attestation standard.
We heard from members. Their clients want them to perform procedures and report in a format similar to an agreed-upon procedures (AUP) engagement, with more flexibility. To be responsive to the needs of our members and the public, the AICPA Accounting and Review Services Committee (ARSC), got together with the Auditing Standards Board (ASB) and developed a new proposed standard, Selected Procedures. If adopted, it will address several practice issues that CPAs are experiencing today and result in a standard that is in the public interest.
Development of the procedures
In an AUP engagement:
- The CPA performs procedures that are established by specified parties.
- The specified parties are responsible for the sufficiency of the procedures for their purposes.
- The engagement letter is required to include agreement on the procedures.
- In circumstances where the procedures evolve or are modified over the course of the engagement, the CPA is required to amend the engagement letter to reflect the modified procedures.
- The practitioner’s report is restricted to the use of those parties that established and agreed on the sufficiency of the procedures
In practice, many CPAs find that the specified parties are unable or unwilling to develop the procedures needed.
The proposal would provide greater flexibility by:
- Allowing the practitioner (or any combination of parties) to develop the procedures.
- Allowing the procedures to evolve during the course of the engagement.
- Not requiring any party to take responsibility for the sufficiency of the procedures.
- Letting users of the CPA’s report make their own determination as to whether the procedures are sufficient for their intended purpose.
- Permitting the issuance of a practitioner’s report that is not restricted as to use.
The proposal would require the CPA to provide the engaging party with the actual procedures performed prior to the issuance of the CPAs report – thus providing an opportunity for the engaging party to provide feedback on the procedures to be performed.
Elimination of the reporting penalty when the CPA does not obtain a written assertion
In an AUP engagement, when the responsible party does not provide the practitioner with a written assertion, the CPA is required to disclose this refusal in his or her report.
In practice, specifically in situations where the engaging party and the responsible party are different, the responsible party may not be in a position to provide a written assertion. Also, in order to provide the written assertion, the engaging party would have had to measure or evaluate the subject matter against the criteria – which is not always practical. The proposed standard does not require the CPA to request or obtain an assertion from any party. This provides flexibility, permitting the CPA to perform the initial measurement or evaluation of the subject matter and still be able to issue an unrestricted report.
The Accounting and Review Services Committee (ARSC) and the Auditing Standards Board (ASB) encourage CPAs to consider the proposed standard and provide feedback. The exposure draft includes a series of questions soliciting feedback on specific key aspects of the proposal and both committees will consider all comments received. Comments should be sent to me at email@example.com by December 1.
Mike Glynn, AICPA Senior Manager, Audit and Attest Services, American Institute of CPAs.
Slinky courtesy of Shutterstock.
Your new, blockchain supported job
You’ve probably heard that blockchain technology is going to disrupt accounting. (If you read AICPA newsletters or accounting news articles or attend our conferences, you have definitely heard this.)
But do you still find yourself wondering exactly how it is going to do that? Look no further. We’ve compiled 4 big ways your job could change because of the blockchain.
If you still have questions about what Blockchain is, check out this article and watch this short video. You can then test your new knowledge by taking a fun “How much do you know about blockchain?” quiz.
Emma Sadowski, Analyst – Innovation, Association of International Certified Professional Accountants
Personal financial satisfaction hits record high - what’s in it for me?
Personal finances are like fingerprints, everyone is unique. With the AICPA’s Personal Financial Satisfaction Index (PFSi) at an all-time high, you may be wondering what it means for you.
Let’s start with some background. The PFSi is a quarterly economic indicator that measures the financial standing of the average American. It’s calculated as the difference between two sub-indexes: The Personal Financial Pleasure Index, which measures the growth of assets and opportunities, and the Personal Financial Pain Index, which calculates the loss of assets and opportunities. Most recently, the Pleasure Index (68.1) greatly outweighed the Pain Index (42.1), bringing the PFSi to a positive reading of 25.9, the highest reading since 1994.
I recently sat down with Michael Eisenberg, CPA/PFS and member of the AICPA’s National CPA Financial Literacy Commission, to discuss what the record-setting quarter means for Americans.
Jonathan Lynch: What do you think about the PFSi reaching this record high?
Michael Eisenberg: It’s great for Americans. The stock market is in its second longest bull market in history, overall job openings are setting records and inflation remains favorably low. While we can all benefit from the current environment, we need to remember that the economy is cyclical, so what goes up is going to come down. Don’t let current satisfaction steer you away from long-term goals. Staying aware and positioning your financial plan appropriately can help safeguard your finances for when the economy is less prosperous.
JL: What financial opportunities and decisions should Americans consider?
ME: This is a perfect time to analyze your cash flow. Calculate how much money you’re bringing in after taxes and how much you have left after covering your monthly bills. If you have extra cash, consider increasing your savings. This may be a good time to build up that emergency fund. If your financial situation allows it, put some money aside to treat yourself, too. Whatever you do, keep in mind how your decision impacts your financial plan.
JL: What’s your advice for people who are still feeling the effects of the 2008 recession?
ME: It’s important to not let your current financial situation get you down. Start small. If you pay all your bills, be proud. If you're taking steps to fund your retirement, give yourself a pat on the back. Think logically and reasonably – don’t dwell on something that you have little or no control over. Instead, choose to focus on what you can control and create a plan that puts you on the path towards your goals.
JL: What do you think will happen in the months ahead?
ME: It’s tough to predict the future. Based on previous trends, it’s likely that the regions affected by the recent hurricanes, floods and wildfires will see a negative impact on the housing market and a significant increase in loan delinquencies. Those who weren’t affected should take this opportunity to prepare in case they ever face a similar situation. The AICPA’s Disaster and Financial Planning: A Guide for Preparedness and Recovery is a great resource. Remember, if you’re having trouble navigating your financial situation, consider meeting with a CPA financial planner.
Jon Lynch, Manager, Public Relations, Association of International Certified Professional Accountants