AICPA Announces ‘18Q1 Score Release Dates
The Q1 2018 score release dates are posted to the Score Release Timeline page of the AICPA’s CPA Examination page. For complete information regarding scoring, please visit the Examination Scoring and Scoring FAQ pages
The National Association of State Boards of Accountancy will release scores to candidates and state boards of accountancy based upon the target score release dates listed in the tables below.
- All dates and times are based on Eastern Standard Time zone.
- For the vast majority of candidates, the AICPA receives the Examination data files from Prometric within 24 hours after a candidate completes the Examination
- The scores for the Examination data files received after the AICPA cutoff dates will be in the subsequent scheduled target score release.
- Some candidates who take the BEC section might receive their scores approximately one week following the target release date due to additional analysis that might be required for the written communication tasks.
For updated information, please visit nasba.org.
Getting Ready for Assurance Has Its Benefits
In recent months, sweeping global cyberattacks have taken thousands of businesses offline, compromising valuable data and blocking access to critical services and information assets. If it wasn’t clear before, it is now: cybersecurity is a business imperative with direct implications for overall company value. Prior to this spring, and without a common language or benchmark for cybersecurity, how do you quantify and communicate your cybersecurity risk in a meaningful way?
Enter the AICPA’s cybersecurity risk management reporting framework. Unveiled in April, the framework is intended to standardize the way organizations define their cybersecurity objectives and report against those standards in a format that works for all stakeholders.
At BDO, we work with clients to leverage the reporting framework in two key ways:
1) to design and assess a comprehensive cybersecurity risk management program, taking into account industry best practices and regulatory requirements; and
2) to undertake an examination-level attestation engagement, known as a SOC (system and organization controls) for cybersecurity examination.
BDO has been providing advisory services on cybersecurity strategy and risk management for some time. Before the new AICPA cybersecurity engagement guidance was even released, client questions started rolling in—how do we evaluate our cybersecurity risk management program? How do we talk with our board about it? What can we do to convince our clients and investors their data is safe with us?
Although a number of strong frameworks and standards have been in the cybersecurity space for some time, they are designed for an IT-savvy audience and are difficult for nontechnical stakeholders to understand. Unlike other frameworks, the AICPA’s reporting framework was designed to enable users to compare an entity’s cybersecurity efforts to that of other organizations while maintaining a degree of flexibility.
BDO uses the AICPA’s reporting framework when performing a SOC for Cybersecurity examination, which takes an enterprise-wide look at cybersecurity risk management, as opposed to focusing in on system controls relevant only to a service provided to an outside party. A SOC for Cybersecurity examination is a natural extension of the work CPAs are already trained to do: We look at controls and processes and quantify risk in a standardized way. In our traditional attestation work, we’re already assessing cybersecurity risk in terms of the potential financial impacts. Now, we’re looking a level deeper, examining cybersecurity controls not just in terms of financial risk, but to the extent that they can help the entity achieve its cybersecurity objectives.
Many companies will find they haven’t yet reached the level of maturity necessary to receive an unqualified opinion in a SOC for Cybersecurity examination—which is why we recommend most companies start with an internal readiness assessment before undertaking that engagement. An internal readiness assessment gives companies a snapshot of their current overall cybersecurity health—for example, whether their cybersecurity controls align with their overarching cybersecurity objectives, if resources are concentrated in the right places, and whether there are gaps in their existing controls that need to be remediated. After performing the internal assessment, we work with the organization to develop remediation strategies or to reprioritize cybersecurity investments as needed, and communicate those changes across the organization.
In addition to SOC for Cybersecurity, the AICPA has announced plans to address other system and organization (SOC) engagements. First, the AICPA is in the process of updating the SOC 2® Guide, Reporting on Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality or Privacy, to align it to the clarified attestation standards and to the 2017 Trust Services Criteria, which are used as measurement criteria for the engagement. The SOC 2 guide is expected to be issued by year end.
Second, the AICPA is developing a new attestation examination and related guide addressing vendor supply-chain cybersecurity risk that will enable CPAs to examine and report on controls relevant to the security, availability, information processing, confidentiality, and privacy of manufacturers and distributors to enable entities who use their services to assess the risks in their supply chain and distribution networks. The vendor/supply chain guide is expected to be issued in 2018.
We see the AICPA’s SOC for Cybersecurity examination, which is performed using the cybersecurity reporting framework, as the beginning of a rapidly growing new practice, bringing together the discipline of an auditor with the tech savvy of our cybersecurity professionals. Firms can explore this opportunity by accessing the AICPA’s Private Companies Practice Section (PCPS) Building a Cybersecurity Practice toolkit. You’ll find resources that help you assess clients’ cybersecurity needs.
To find the AICPA’s cybersecurity risk management reporting framework, visit aicpa.org/cybersecurityriskmanagement. For more information on cybersecurity, visit the AICPA’s Cybersecurity Resource Center at aicpa.org/cybersecurity.
Jeff Ward heads BDO’s AICPA SOC for Cybersecurity/Third-Party Attestation National Practice and is a member of the AICPA’s Assurance Services Executive Committee’s (ASEC) Cybersecurity Working Group, which developed the new cybersecurity risk management reporting framework.
Gregg Garrett is the Head of International Cybersecurity in BDO’s Technology and Business Transformation Services practice.
Cybersecurity courtesy of Shutterstock.
Fighting His Way Out of IRS Penalties. Literally.
IRS penalties and fees have caused a fair amount of consternation among taxpayers in the past, but in what might be a bout for the record books, we could witness the first time a taxpayer literally fights to pay what they owe and reduce penalties.
Floyd Mayweather, widely regarded as one of boxing’s greatest, apparently owes the IRS unpaid 2015 taxes. The boxer’s recent tax court petition seeking an installment agreement with the IRS might represent his first foray into the super heavyweight category.
Mayweather’s 2015 fight against Manny Pacquiao reportedly earned him as much as $220 million, and likely represents a significant portion of his income to which the taxes are due. The $22 million Mayweather reportedly owes is tiny relative to his estimated net worth, but net worth doesn’t need to be liquid. And as penalties and interest accrue over time, it’s a safe wager the bill could amount to a knock-out blow.
The boxer has requested in his petition that the IRS await payment until his August 26 fight with Conor McGregor, which he claims will provide the liquidity he needs to meet his tax obligation: the fighter’s guaranteed purse from the 2015 Pacquiao fight was $100 million, and his upcoming fight with McGregor is expected to earn him a similar amount. Again, keep in mind, that’s the guaranteed purse—win or lose. The final amount to the winner is a composite of various factors that could boost Mayweather’s take as high as $400 million.
The IRS, on the other hand, holds that Mayweather’s substantial estate (reportedly including a garage filled with about $15 million in cars) could liquidate assets or apply for a loan to pay the back taxes and penalties immediately.
Mr. Mayweather has done some—let’s call it “creative”—bobbing and weaving when it comes to taxes. In 2014, he visited a strip club, where he dropped a reported $20,000 cash on exotic dancers, and then proceeded to 1099 the club for the amount. While this is something the IRS would probably appreciate, it’s not exactly what one might term a common occurrence.
In the meantime, should the IRS grant Mr. Mayweather’s request for an installment plan prior to the McGregor fight, he will have to provide them with information on all his available assets, which includes homes, cars, jewelry and a host of other items against which the IRS could place a lien as a hedge against potential nonpayment of the installments. Additionally, they will demand information on all outstanding debts and a statement of monthly necessary living expenses. The IRS will use Mr. Mayweather’s list of necessary expenses (tips to exotic dancers surely fail to meet the standard) to help determine how to craft his installments so as not to interfere with the necessities of life (mortgage, food, transportation, etc.), but also to make certain that Mr. Mayweather does not attempt to reduce his installment amounts by claiming unnecessary expenses (see the aforementioned tips).
Even if Mr. Mayweather’s request is granted, he will continue to accrue penalties and interest on the unpaid balance until it is paid in full. The penalties generally amount to 0.5% of tax not paid by due date on the return (reflected in the notice) —generally 21 calendar days from notice date, 10 business days if the balance equals or exceeds $100,000; 0.25% during approved installment agreement (if return was filed on time, and taxpayer is an individual); 1% if tax is not paid within 10 days of a notice of intent to levy.
It seems likely, however, that the tax court petition is a delay tactic. By the time the court has a chance to hear the case and make a ruling, Mr. Mayweather will probably have had his payday from his upcoming fight and made payment in full, averting a lien action.
IRS payment agreements can be complex, even for clients who don’t climb into the ring, then climb back out with a few hundred million dollars. For guidance that can save your clients time and money, be sure to check out the AICPA Tax Section’s dedicated IRS Collections Guidance and Resources page.
Adam Eric Junkroski, Lead Manager, Communications, Tax, PFP, S&C — Public Accounting, Association of International Certified Professional Accountants
Boxing courtesy of Shutterstock
Tips for Eclipse 2017
On Monday, August 21, a total solar eclipse will move across 14 states of the country. The last time this was visible in the United States was on February 26, 1979. The next won’t happen until October of 2023. Given their rarity, it’s understandable why a total eclipse has people excited and even taking time off from work to watch.
Even if you’re not in the path of the total eclipse, you’ll at least be able to see a partial eclipse from most places in the U.S. Below are some tips to prepare for the event and make the most of your experience.
Check what you’ll see in your location.
Take a look at this website prior to the eclipse to see what percentage of the eclipse you’ll be able to view. The website recommends looking at multiple zip codes around you to make sure you get the best view possible. This will also determine if you want to make travel arrangements or stay put.
Make sure to protect your eyes.
According to NASA, “the only safe way to look directly at the uneclipsed or partially eclipsed sun is through special-purpose solar filters, such as ‘eclipse glasses.’” Make sure you’ve reviewed all the recommended safety tips, and that your glasses are up to the standards listed in this article.
Watch the weather.
Nothing can ruin an exciting event like unexpected weather. Make sure you use this site from the National Weather Service to have up-to-date weather alerts all along the eclipse path.
Plan out your travel.
If seeing a total eclipse is on your to do list, you might need to jump in the car and drive to one of the locations in the path of totality. Just remember that you won’t be the only one traveling to see it, so allow cushion in your driving time. The U.S. Department of Transportation has traffic information listed here, as well as tips on staying safe on the roads on eclipse day.
Block your calendar.
Take a few minutes to make sure you don’t have any meetings scheduled during the eclipse. The entire event will only last a few minutes, so take the time to see the whole thing. Move the meetings around and block the time on your calendar to be certain you can make it outside and enjoy the moment. To check the timing in your area, take a look at this map.
If you can make it out of the office, join friends and family to watch together. Check if there are any local viewing events happening around you. Make sure you take advantage of this exceptionally rare event!
If you’re interested in learning more about the eclipse, visit the official NASA site for more information.
3 Tips for Millennials Who Want to Give Back
As a young accountant who recently passed the Exam, things are going very well for you. You have gotten into a rhythm and you know the ropes. But, you’re looking to make a difference in your community – have you considered volunteering at a nonprofit?
David Almonte, CPA, CGMA and member of the AICPA’s National CPA Financial Literacy Commission, knows the merit of giving back. He was taught from an early age the value of education, a strong work ethic and volunteerism. Additionally, his skills as a CPA have given him the opportunity to make a difference in peoples’ lives. He frequently gives presentations across the country, many of them focusing on his main passion: financial literacy. By providing free and accessible resources from websites like 360finlit.org and feedthepig.org, Almonte hopes to break down the walls that very often lead to financial insecurity.
Like Almonte, you too can use the skills you’ve gained throughout your career to give back. Not sure where to begin? Here are three tips to jumpstart your community service:
- Brag a little. You’d be surprised by how many of your talents align with activities you genuinely enjoy. Write down your talents, then research various volunteer opportunities that utilize your skills. For example, are you a pro at creating a résumé, or know exactly how to nail an interview? Oftentimes, local homeless shelters seek out professionals to lead workshops that help clients get back on their feet. Or maybe you love writing – so find a small nonprofit that needs help keeping up its blog. Just as David uses his passion for financial literacy to give back, there are countless other needs in your community. All you have to do is look.
- Embrace social media. Facebook is not just for spying on your ex! If you’re looking for a volunteer opportunity, post it as your status so friends can share with their own networks. Specify what you’d like to help with – maybe you want to use your bookkeeping expertise to help a local animal shelter cut back on costs, or your interpersonal skills on a crisis hotline. Whatever you want to do, social media is your friend.
- DIY! If what you’re looking for doesn’t exist, make a volunteer group yourself! Understanding his own desire to make a difference using his professional aptitude, Almonte wanted to provide a platform for other millennials to do the same. Since this kind of group didn’t exist, he co-founded FountainHead RI, a nonprofit in Rhode Island that hosts networking events and panels on topics of interest, including financial literacy. Through FountainHead RI, Almonte and his co-founders, Nick Denice and Jason Dodier, aim to attract people who have a similar desire to change the world using their unique professional experiences. If you know a few people who want to make a difference in the local community, set up a meeting and discuss ways you can get involved.
Whether it’s helping others learn more about their personal finances, or supporting a local nonprofit’s sustainability efforts, there are a plethora of ways to give back to the community. There is no contribution too small to make an impact – the important thing is to get involved.
How do you use your skills to give back? Let us know in the comments below, or send us a tweet at @360finances and @feedthepig!
Samantha Delgado, Manager – Communications, PR & Corporate Responsibility, Association of International Certified Professional Accountants