Have you ever made your own “leadership skills checklist”? If you have, it probably included things like “active listening,” “decisiveness,” “delegation,” and “motivation,” to name a few. As accountants, we love to create checklists ...


Lead with inspired authenticity: chuck the checklist and find your why and more...

Lead with inspired authenticity: chuck the checklist and find your why

Paper cranes leadershipHave you ever made your own “leadership skills checklist”? If you have, it probably included things like “active listening,” “decisiveness,” “delegation,” and “motivation,” to name a few. As accountants, we love to create checklists that can get us to a well-defined outcome – so why would we treat our efforts to become great leaders any other way?

The thing is, if we are only checking off skills on a list, are we really developing into the best leader we can be?

I believe the answer is a resounding NO!

To become the best leader we can be, we have to get past our skills checklist and dig into who we are and what drives us. If we can stop worrying about checking off skills and instead focus on our true purpose, we can lead our teams with authenticity and inspiration.

I am sure you are thinking that finding your true purpose sounds pretty touchy-feely. All I ask is that you give yourself permission to try the following steps and see if they change the way you interact with your teams:

Start simple – take an assessment. There are a number of self-assessments that can help you better understand yourself and how you interact with the world.

From the VIA Survey (which is free), to Clifton’s StrengthsFinder, to Wiley’s DISC and Myers Briggs personality assessments, you can begin to develop a detailed picture of how you relate to people, situations and even environments.

While these assessments certainly don’t define who you are, they can help you see traits and preferences you may not have otherwise noticed about yourself. They can also explain how those around you view your style, communication and interactions.

Crank it up – ask yourself “why?” Now that you know a little more about yourself and how others may view you, take a moment to consider the “why” of what you do.

Why do you get out of bed every day? Most of us will start off by answering – “because I have to.” We have to take care of our families, be there for our colleagues, and be successful. But consider that there may be deeper reasons for why you get out of bed every morning.

Perhaps you get out of bed because you believe that what you do for your clients or company makes a positive difference in the world at large. Perhaps you get out of bed because your family is the cornerstone of your happiness and providing for them brings you true joy.

"There is a deeper reason for why you do what you do, so take some time to find it."--Mark Twain

Lead with purpose – apply your “why”. So, you have figured out your purpose, what does that have to do with leadership?

In reality, leadership is all about how we connect with one another to accomplish something greater than we could have accomplished individually. So, if leadership is all about our connections, doesn’t it follow that being your authentic self and knowing what you believe make it much easier to build relationships with those around you?

Building relationships by sharing your purpose, living your purpose and translating your purpose into actions invites others to “buy-in” to your vision. When people see your vision and align their own purpose with yours, innovation and success quickly follow.

I know this process may feel uncomfortable at first, as I have been through it myself. It can be a little scary to let go of the checklist mentality. And it is definitely unfamiliar territory to turn away from the technical skills we all thrive on in the accounting space.

But I promise you this, finding your purpose opens up new possibilities in creating relationships and leading in an inspiring and authentic way. Being yourself (and knowing the real you!) just plain feels good.

So, give it a try and see what happens when you chuck the checklist and follow the pathway to purpose, you might be surprised by who you find.

Watch this segment from the Human Intelligence series to learn more and join Lindsay Stevenson for EDGE Career Development at AICPA ENGAGE in Las Vegas, June 12-14.

 Lindsay Stevenson, CPA, CGMA, Vice President of Finance & Tax at 1st Financial Bank USA.



Nonprofit risk management 101

JengaNonprofit organizations are, by definition, on a mission. In pursuit of their missions, they may engage in risk-reward scenarios that for-profit businesses can’t afford to tackle. To further their cause, many nonprofit leaders accomplish more with less funding than seems possible. Unfortunately, limited resources create risk exposures. This may lead nonprofit management and boards to believe they can’t afford a risk management program. But they can’t afford not to.

Public trust is foundational to nonprofit organizations’ sustainability. Left unmanaged, risks can result in all sorts of losses: donors, employees, members, patrons and grants. Often, it’s not until a critical event occurs that risk management moves up the priority list.

In our experience (although risk management can seem overwhelming — especially for smaller organizations), it’s worth the time and resources.

Frequently faced risks

Following are some common situations we’ve seen and some tips for avoiding them:

Unplanned executive retirements create challenges. A large nonprofit unexpectedly found its entire senior leadership team retiring within the same year. The organization’s current leadership had not proactively identified and developed the next generation of leaders and scrambled to fill key positions.

Key takeaway: Seventy-five-million Baby Boomers — the largest birth group in U.S. history — are entering retirement. In the United States, there are 10,000 people turning 65 every day. Succession planning should be on every organization’s risk-management to-do list.

Revenue concentration leads to loss of funding. Another nonprofit relied on one major funder to support more than 50% of its budget. To the organization’s surprise, the funder announced it was changing focus and would not provide any more resources. The nonprofit found itself in a crisis, laying off half of its employees and cutting programs dearly needed in the community.

Key takeaway: Auditors and those with audit backgrounds know that revenue concentrations are risky and should be disclosed in the financial statement notes. It’s important to go a step further. Auditors can provide additional value by connecting the dots about the risks we identify through the audit. In communicating the overall operating risks to the rest of the organization, remedial action can be taken.

Cybercrimes endanger far more than data. Lastly, we would be remiss not to mention the issues we’re seeing with cybercrime. Cybersecurity events often require embarrassing public announcements. And they can cost a fortune to repair. Beyond the harmful effects on those whose private data is compromised, a cyberattack can deal a powerful blow to an organization’s reputation.

Key takeaway: Nonprofits of all sizes can take steps to develop and implement sound policies and train staff on how to recognize phishing attacks. While a risk management plan may not prevent negative events from occurring, it will help your organization better understand its risks and promote faster recovery when something does occur. The AICPA has developed a cybersecurity risk management reporting framework to help organizations demonstrate that they are managing cybersecurity threats and have implemented effective controls to detect, respond to, mitigate, and recover from these events. Learn more at aicpa.org/cybersecurityriskmanagement.

All three of these crises could have been reduced, if not avoided entirely, with a little more time devoted to risk management — specifically, risk identification and mitigation strategies.

Key questions to identify and mitigate risks

Consider these questions as part of your risk identification and mitigation efforts:

  • What are our major risks? (What keeps our board members and management up at night?)
  • How do we know we have identified all risks?
  • What is our mitigation plan to reduce the negative effects of the identified risks?

More and more nonprofits are seeking board members with financial and risk management expertise. To help boost your knowledge in this area, the AICPA Not-for-Profit Section is offering a webcast called Risk Management for Not-for-Profit Organizations on March 29 from 1–3pm ET. The session will be geared toward those involved in

  • Risk management, including board members
  • Not-for-profit risk management and finance staff
  • Not-for-profit auditors and advisors.

Register here.

Robert J. Fleming, CPA, is a Senior Consultant with Clark Nuber P.S., serving over 750 not-for-profit organizations in the Seattle area.

Mitch Hansen, CPA, is a Shareholder in Clark Nuber’s audit and assurance practice where he primarily works with not-for-profit and governmental organizations.

Risk courtesy of Shutterstock.


How your organization handles personal data is about to change

GDPRIf your organization or client handles personal data of any person residing in the European Union—even if the organization itself isn’t located there—pay attention. The way you store and manage that data may need to change significantly.

Enforcement of the EU General Data Protection Regulation (GDPR), which was ratified in 2016, will go into effect May 25, 2018. The GDPR was created to allow individuals to have greater control over their personal data and provide consistency across the EU member countries when it comes to data privacy rules. According to EUGDPR.org, personal data is defined as “any information related to a natural person or ‘Data Subject’ that can be used to directly or indirectly identify the person. It can be anything from a name, a photo, an email address, bank details, posts on social networking websites, medical information or a computer IP address.”

Given that times and technology have both changed since the previous Data Protection Directive 95/46/EC of 1995 was implemented, GDPR will both replace that directive and bring the regulation up to date based on how customer data is used today. And the standardization across EU countries reduces some of the compliance burden for organizations who do business in multiple EU countries.

Any company that processes or holds personal data of a person who lives in the EU is required to follow GDPR. And UK citizens will most likely be afforded the same data protections, regardless of Brexit. The United Kingdom has committed to creating a new Data Protection Bill that will bring GDPR into UK law, so even post-Brexit, organizations will likely need to follow GDPR rules for UK citizens’ personal data. Organizations that are in violation of GDPR can be fined up to 4 percent of their annual global revenue or 20 million euros, whichever is higher.

Since there are only around two months left before GDPR officially starts being enforced, if you haven’t started preparing yet, now is the time. Here’s where to start:

  1. Educate yourself and your organization or clients on GDPR. The International Association of Privacy Professionals’ EU GDPR Resource Center is a good place to start. EUGDPR.org also has an overview of key changes as well as other information. And you may be interested in reviewing some of our courses on data protection and GDPR.
  2. Evaluate how GDPR relates to how your organization or clients do business. Once you understand how GDPR will affect your organization and the risks involved, you can develop an effective plan to mitigate those risks. For example, you may need to make an external change, such as updating your privacy policies to provide more transparency to end users about how their data is used. Or, you may need to change how you do business internally when it comes to data processing and data storage, adding additional structure to those processes depending on your GDPR-related risks.
  3. Consider engaging a data protection officer (DPO). Under GDPR, some organizations will be required to have a DPO. However, even if your organization doesn’t fall under that category, a DPO could be beneficial for helping you navigate the new compliance requirements. On the flip side, CPAs who provide risk advisory services might also consider providing data privacy-based advisory services to organizations that will be impacted. As trusted, independent business advisors who are familiar with an organization’s risks and how to mitigate those risks, CPAs can play a beneficial role in helping organizations stay compliant.

Through GDPR, individuals will benefit from having more control over their data—and organizations who may not have been impacted previously will have to make changes to be compliant. If you’d like to learn more about GDPR and how to prepare, sign up for our upcoming Association of International Certified Professional Accountants webcast on GDPR implementation, which will broadcast March 22 at 12 p.m. ET.

Jon Mabe, Senior Manager – IT Audit, Security & Privacy and Data Privacy Officer, Association of International Certified Professional Accountants

GDPR courtesy of Shutterstock


4 new opportunities blockchain could create for auditors

Blockchain 2In case you haven’t heard, blockchain technology has the potential to change the auditing profession. A new whitepaper co-authored by the American Institute of CPAs details what opportunities could emerge for auditors.

Not sure what blockchain is? Don’t worry, you’re not alone. It’s a digital, distributed ledger that contains every transaction since its creation. Once transactions are entered, they can’t be changed or deleted. Every user on a blockchain has an identical version of the ledger, and all copies are updated automatically when a new transaction occurs. Each entry refers back to the previous entry across all versions, creating a “chain” of information.

What does this mean for auditors? In an earlier blog, we talked about how the work auditors do every day may change. The AICPA’s new whitepaper goes further. It explains how blockchain technology could both evolve audit and assurance practices and create totally new opportunities. Specifically, the paper identifies 4 new jobs that we might see in a blockchain ecosystem:

  1. Auditor of smart contracts

One intriguing capability of blockchain technology lies in smart contracts. This capability allows for a computer program to digitally transfer assets between parties once pre-specified conditions are met. However, users of such smart contracts will still want assurance that the contracts are implemented with the correct business logic. This is where the CPA comes in. Additionally, CPAs could verify the interface between smart contracts and external data sources.

  1. Services auditor of consortium blockchains

As the technology becomes more mainstream, businesses will likely develop blockchain platforms that other organizations can use for their own purposes. Before subscribing to one of these platforms, though, organizations will want independent assurance as to the stability and robustness of the blockchain’s architecture. Thus, the blockchain business may choose to engage a CPA to provide assurance as to the effectiveness of controls over a private blockchain.

  1. Blockchain administrator

For private blockchains, organizations may want an independent party – such as a CPA – to perform the functions of a central access-granting administrator. CPAs could validate the enforcement and monitoring of a blockchain’s protocols. If one of the blockchain’s users were to perform these functions, that individual might have an undue advantage over the blockchain’s other participants. Having an independent auditor serve in this role creates greater trust for the blockchain’s users.

  1. Arbitrator

While blockchain technology can execute contracts, people still determine those contracts’ terms. This means there is room for error. In a world with blockchain, CPAs may be able to serve as an arbitrator in those cases when the spirit of a smart contract departs from a legal document, contractual agreement or letter.

As the CPA’s role evolves in the blockchain ecosystem, standards and education have to evolve as well. These new opportunities raise questions that the profession must consider, such as:

  • What types of skill sets does the profession need to remain relevant?
  • When providing assurance across a blockchain, who is the client?
  • How would a CPA assurance provider assess engagement risk for an autonomous system?
  • How would independence rules apply to users of a blockchain?

As the technology gains wider acceptance and new applications become apparent, the AICPA’s Assurance Services Executive Committee, working with other AICPA committees, will be at the forefront identifying answers.

To learn more now, check out the webcast Blockchain Technology – Impact on the Accounting and Finance Profession, airing March 26.

Lindsay N. Patterson, CAE, Senior Manager, Communications and Public Relations, Association of International Certified Professional Accountants 

Blockchain courtesy of Shutterstock.


3 myths about tax extensions

Tax extensionSometimes filing a tax extension can be a benefit to your clients, but only if they are clear on what an extension means —and what it doesn’t mean.

If you’re a tax CPA, you’ve probably come across a client who chose not to file an extension because they misunderstood how it would affect them. On the other hand, maybe a client was happy to go on extension but for the wrong reasons.  

Below are three myths that your clients may have about extensions that you can proactively dispel.

Myth #1:  If I go on extension, I can wait until the return is filed to pay. 

Your client may not realize that although they have extra time to file, they don’t have extra time to pay. These clients are confident they don’t owe anything, so they do not want to make a tax payment with the extension. They are sometimes in for an unpleasant surprise after a Schedule K-1 arrives that summer, showing income that they did not expect. Now they owe penalties on top of the tax payment. Ouch.  

In some cases, this common misconception is mixed in with payment anxiety. Some taxpayers find themselves in a position where it’s difficult to pay a tax bill all at once. They may not always mention this, so it’s important to stress that payment cannot be delayed but installments are an option.   

Gerard Schreiber, CPA, recommends that CPAs should send a letter to clients who will need to file for an extension that spells out the client’s responsibility to pay estimated taxes to avoid penalties. He requires his clients to sign the letter before filing the extension to eliminate issues that may arise later such as complaints about late payment penalties. 

Myth #2:  Going on extension is expensive.

One of the main advantages you can stress to a client who needs to go on extension is that the return will likely be more accurate because it reflects up-to-date information and is not finalized in a rush. This means an amended return (prepared at extra cost) will not be necessary. The client may also save money by allowing time to see if more deductions can be claimed.  Additionally, self-employed clients benefit from an extension because they will have more time to fund a SEP IRA, solo 401(k) or SIMPLE IRA retirement plan.

Because they believe an extension may be expensive, clients may resist the idea and plead for more time, offering to get the needed information to you soon. One of the best ways to address this issue is to use an engagement letter for the client to provide tax information. The deadline should also be accompanied by a clear statement that if all information is not received by that date, the client may need to go on extension and will face late payment and interest penalties for amounts not paid by the filing date.    

Myth #3:  Filing a return after the April deadline makes me more susceptible to an audit. 

Lawrence Carlton, a CPA who runs a practice in Massachusetts, has occasionally fielded this question.  “It really is a myth,” says Carlton, who also serves on the AICPA’s IRS Advocacy Relations Committee. “Your chances of an audit are not related to the timing” of the filing.

Instead, it is a rating scale that determines the audit. The IRS assigns returns a Discriminant Inventory Function (DIF). The IRS is understandably tight-lipped about the details of DIF, but the bottom line is that the score reflects potential red flags that are on the agency’s radar, such as a high level of charitable contributions compared to reported income.

This year adds a new angle to tax extensions with the passing of the Tax Cuts and Jobs Act and the Bipartisan Budget Act of 2018. There are provisions in each law that affect 2017 returns, which creates confusion as to what certain taxpayers should do as well as uncertainty about how some states will conform to the changes. The IRS is working on implementing this major tax legislation, which should alleviate some of the confusion and allow for more successful tax planning and strategic moves.

Still need a few more talking points when discussing extensions with your clients? Download these FAQs for clients from the AICPA Tax Practitioner’s Toolkit and share with your clients to shed some light on the topic.

And once you’ve addressed your clients’ concerns, take a few minutes to refresh yourself on some of the rules and procedures listed below for return preparation, including those related to extensions.

Best of luck as you head into the final stretch of busy season.

April Walker, CPA, CGMA, Lead Manager, Tax Practice & Ethics, Association of International Certified Professional Accountants

 Tax extensions courtesy of Shutterstock.