On Balance Magazine - March/April 2018 by WICPA

March | April 2018 | Vol. 14 No. 2 A publication of the Wisconsin Institute of CPAs | wicpa.org

Fun

Seriously

Anne Donarski, CPA, MBA | 6

Plus: Taking the CAFR electronic | 10 Saving time with AI | 13 What exactly is blockchain? | 22 Disaster recovery vs. business continuity | 36

New Berlin Ale House SCHEDULE 5:30 p.m. Registration 6 p.m. Bowling 8 p.m. Awards & Raffle

104 PERSON LIMIT $30 per Bowler $120 for Foursome

INDIVIDUAL & TEAM PRIZES $150+ in Individual Awards $500+ in Team Awards Bowling Gift Card Package Raffle

REGISTRATION INCLUDES 3 Games of Bowling Shoe Rental Beverage Vouchers Appetizers & Pizza

For more information and to register, visit wicpa.org/BowlingNight.

A publication of the Wisconsin Institute of CPAs | wicpa.org

6 Features

Columns

6 Seriously Fun Anne Donarski, CPA, MBA, takes a passionate but playful approach to accounting. By Ken Wysocky

32 FRAUD Cyberinsurance equals risk mitigation A cyberattack can carry a heavy price tag for your business. By Randolph P. Johnston

10 It's time for interactive electronic CAFR Interactive and tagged data can revolutionize financial reporting for state and local governments, but GASB needs to act. By Khaled Abdel Ghany, CPA, PhD 13 Taking a smarter approach with AI Accounting firms are creating more time to strategize with clients by using artificial intelligence. By Ken Wysocky 18 Effective 2021: Mandatory CPE Wisconsin's new law will make it easier for CPAs to practice across state lines. By Marcia Tillett-Zinzow 22 What’s the deal with blockchain? Blockchain technology is predicted to disrupt long-settled ways of doing things. But what exactly is it? By Robert J. Bowman, JD 26 The rise of the chief information security officer (CISO) The ongoing threat to the security of confidential information has given rise to a new role: the CISO. By Steve Hyde, MS, MBA 28 The cloud is here! Now, where is it? Many services accountants need but don’t think are affordable are now more accessible through “cloud” services. By Marc Staut

wicpa.org

March | April 2018 Vol. 14 No. 2

34 TECHNOLOGY Business intelligence (BI), banks and auditing Implementing a BI system is more approachable than it was a generation ago. By Brian F. Tankersley, CPA, CITP, CGMA 36 INDUSTRY Business continuity/disaster recovery: Let’s cut to the chase Which plan do you need: disaster recovery or business continuity? By Sherry Jessen 39 TAX Emerging Tax Department Innovations and Strategies Innovative technologies are changing the skills tax professionals and corporate tax functions need to succeed. By Mark Quiroz, CPA, and Doug Watson, CPA

36 Departments 2 Odds & Ends | news briefs 3 Outlook | chair’s letter 4

Membership Matters | member benefits

15 Memorials | departed members 17 In Touch | president & CEO’s message 25 Kudos | members in the news

On Balance

March | April 2018

Odds & Ends Wisconsin Family Business of the Year nominations due March 30

2017–18 WICPA OFFICERS/BOARD MEMBERS Chair William L. Komisar, CPA, JD Chair-elect Michael D. Akers, CPA, CBM, CFE, CGMA, CIA, CMA, PhD Past-chair Steven G. Handrick, CPA, CGMA Secretary-treasurer Katherine L. Hauser, CPA, CGMA Directors Jon C. Gaines, CPA, CGMA, MBA Ryan J. Hanson, CPA, CGMA Patrick G. Hoffert, CPA Debra L. Lenz, CPA, CGMA, CIA, CRMA Terri M. Lillesand, CPA Matthew A. Los, CPA Steven A. Pullara, CPA Matthew J. Schaefer, CPA, CGMA Angela C. Thomas, CPA AICPA Council Rick E. Dreher, CPA, CGMA Neil R. Keller, CPA, ABV, CVA President & CEO Dennis F. Tomorsky, CPA, JD, CGMA Chief Financial & Operating Officer Tammy J. Hofstede Design & Layout Brett Stallman Advertising Terry Felker Editor Marcia Tillett-Zinzow

The 2018 Wisconsin Family Business of the Year Award program will accept nominations from businesses throughout the state until March 30. The award celebrates the accomplishments and impact of family-owned businesses on Wisconsin communities. Businesses can self-nominate and nominations can be made on behalf of a business by consultants, vendors, clients or friends. The program is sponsored by Smith & Gesteland LLP, First Business Bank and Husch Blackwell LLP. For more information, visit www.familybusinessaward.com or call 608-836-7500.

Capital Tax and Accounting Group acquires Marjorie Budahn CPA SC Capital Tax and Accounting Group, Cottage Grove, has acquired the practice of Marjorie Budahn CPA SC; Budahn has retired, according to the Cottage Grove Herald Independent. Capital Tax and Accounting assists individuals and small to medium-sized businesses with accounting and tax needs, including tax planning, state and federal tax compliance and filings, accounting, consulting and payroll.

KerberRose SC merges with Brettingen, Smits, Novak and Bastle SC The CPA firm of Brettingen, Smits, Novak and Bastle of Antigo has merged with KerberRose SC, based in Shawano, effective Jan. 1, according to the Shawano Leader and Antigo Daily Journal. The Brettingen firm served the Antigo business community for 47 years and had 19 staff members. The merger increases KerberRose’s staff to 142, including 50 CPAs.

Petkovsek & Moran joins Johnson Block & Co. Inc. Petkovsek & Moran, formerly located on Madison’s east side, has joined Johnson Block & Co. in their offices at 406 Science Drive, Madison. Dave Moran, CPA, and Ray Petkovsek, CPA, and their staff have provided accounting, tax and consulting services to the Madison community for more than 30 years. Johnson Block & Co. was established in 1985 and has offices in Madison, Mineral Point, Viroqua and La Crosse.

Schenck SC teams up with Florida-based EdgeMED Healthcare EdgeMED Healthcare, a national provider of health care revenue cycle management and software solutions, has acquired the medical billing division of Schenck SC, according to the Appleton Post-Crescent. EdgeMED is based in Boca Raton, Florida. Schenck is a full-service CPA and consulting firm based in Appleton.

Vrakas CPAs + Advisors acquires Radke & Schlesner S.C.

Printing Delzer

Vrakas CPAs + Advisors has acquired the accounting firm of Radke & Schlesner S.C., according to the Waukesha Freeman. The combined firm will operate as Vrakas CPAs + Advisors and will have nearly 65 professionals practicing in a variety of areas including assurance, tax, business advisory, valuations, technology, small business accounting and employee benefit plan services. All employees will be located in Brookfield.

Join us online!

WANT YOUR BUSINESS MENTIONED IN ODDS & ENDS? Email your announcement to tammy@wicpa.org.

On Balance is published six times a year by the Wisconsin Institute of Certified Public Accountants (WICPA). Change of address should be sent to: Membership, W233N2080 Ridgeview Pkwy, Suite 201, Waukesha WI 53188; Phone: 262-785-0445 or 800-772-6939; Fax: 262-785-0838; email: jessica@wicpa.org. Statements and opinions expressed are those of the authors and not necessarily those of the WICPA. Publication of an advertisement does not constitute an endorsement of the product or service by On Balance or the WICPA. Articles may be reproduced with permission. © Copyright 2018 On Balance.

On Balance

March | April 2018

Help shape your magazine's content! We're seeking members to serve on the 2018-2019 Editorial Advisory Committee. For a minimal time commitment, you can have input into what is published in On Balance and other WICPA publications. If interested, contact Marcia Tillett-Zinzow, editor, at mtzinzow@icloud.com.

wicpa.org

OUTLOOK | CHAIR’S LETTER “We encourage you to get involved and stay active in our WICPA to make it better for you and others.”

Today's rapid pace of change demands that we keep up

uring the past two years, as chair-elect and now as chairperson of our WICPA board of directors, I have been fortunate to attend a number of AICPA Council meetings. At these meetings, Barry Melancon, president and CEO of the AICPA, has stressed the rapid change in technology and the impact of artificial intelligence (AI). Many of these sessions were specifically to let us know the changes that are occurring and how they will continue to impact our profession. Changes are happening at a meteoric pace. From machines doing most (if not all) tax return preparation, to robots taking over many of the audit procedures that many of us grew up with, it is clear that our profession is in for very significant and fundamental changes. While some very large CPA firms and publicly held companies have invested millions of dollars to advance their knowledge and implement AI, many of us do not currently have the resources to acquire these technologies. This will cause inefficiencies, make our services more costly and perhaps even make it more difficult for us to compete. For these reasons, it is extremely important that we stay engaged and active in professional associations such as the WICPA and AICPA. By doing so, as shown in this issue of On Balance, we can all become more aware and more educated on the changes in our world. Whether by attending the WICPA technology or tax conferences or by reading the various materials they provide, you can keep up on the latest changes. We encourage you to get involved and stay active in our WICPA to make it better for you and others. As this is my last column as chairperson, I would like to thank all of you who I have met and talked with over the past year. Your allowing me to serve in this role has been most humbling. From our advocacy efforts in Madison and

wicpa.org

Washington to the passage of Act 88, to our helping high school and college students become aware of accounting opportunities, to assisting in increasing minority involvement as CPAs, our association has a very positive impact on both our profession and society. Your continuing involvement can only help make the WICPA’s impact stronger. Please continue to help. As I step down, I would like to express my gratitude to Dennis Tomorsky, president and CEO; Tammy Hofstede, chief financial and operating officer; and all of the WICPA staff. Their tireless work in advancing the mission of the WICPA is greatly appreciated.

William L. Komisar, CPA, JD, is a principal at CliftonLarsonAllen LLP in Milwaukee. Contact him at 414-238-6800 or bill.komisar@CLAconnect.com. On Balance March | April 2018

MEMBERSHIP MATTERS “Member focus groups and our WICPA strategic plan helped us shape new programs, services and activities to enhance your opportunities to learn, grow, give back and network.”

WICPA year in review

s we wrap up our fiscal year on April 30, I’d like to share what we’ve accomplished for members over the last year. Member focus groups and our WICPA strategic plan helped us shape new programs, services and activities to enhance your opportunities to learn, grow, give back and network.

NEW website! The new WICPA website is coming soon! We're streamlining navigation and increasing functionality. When the new site launches, you'll have: • A responsive design for mobile devices. • All-in-one access to your profile. • CPE materials for download. • An enhanced CPE Tracker and Find-A-CPA directory.

• Firm administrator accessibility. • Featured firms. • Classified ads. • Social communities for online networking and mentor programs.

Advocacy success! WICPA members banded together in a strong grassroots effort that helped pass AB 188, the bill proposing mandatory CPE for CPAs to renew a CPA license. We’re now aligned with the 54 other licensing jurisdictions and 40 other professions requiring licensure in Wisconsin. The members who testified and directly contacted legislators helped them understand the issue and its importance and received valuable media exposure through their efforts. Advocacy promoted the profession, protected its credibility and is a powerful benefit of your membership.

Attracting more students to the profession! College students were offered deeply discounted rates to attend WICPA programs to hear updates about the profession and network with accounting and business professionals. Materials geared to high school students were designed to promote accounting as a profession and were sent to educators and guidance counselors across the state. A focus group of young professionals was held to develop materials and real-life advice for college students. This 4

On Balance

March | April 2018

information was presented at college visits across the state by WICPA staff and volunteers.

Additional networking events! Several new networking opportunities were held in Madison, Milwaukee, La Crosse, Eau Claire, Appleton, Green Bay and Wausau. A second golf outing was added in Appleton in August. And to help you unwind, we’ve planned Bowling Night, coming up on April 26 in New Berlin.

More CPE opportunities! We expanded from two to four CPAs in Industry conferences, adding a fall conference in the Wisconsin Dells and a spring conference in Green Bay. These popular conferences offer a variety of topics, from economic and technical updates to sessions on technology and human resources. Attending also provides opportunities for you to network. For your convenience, new CPE online vendors were added, offering thousands of online courses through our CPE online catalog. The courses include technical updates as well as soft skills and range from one to eight hours in length.

Reduced CPE fees, increased discounts! Fees were reduced for breakfast meetings and seminars for all retired, part-time, unemployed and leave-of-absence members to help them continue their education while not working or working only part time. In addition, our Early Bird Discount of $50 for early conference registration was expanded to include seminars too—up from the previous $30 discount for early seminar registration.

More recognition of members! The annual Thank You publication recognized new and longevity members and those who have given of their time and talents to the many volunteer opportunities available to WICPA members. Excellence Awards categories were updated, and new categories were added to represent the different areas of membership for individuals and companies. Recipients of these awards will be recognized on May 10 at our annual membership banquet—to which we welcome all members to register and attend free of charge.

wicpa.org

Creative new ads were designed to promote the WICPA Find-A-CPA directory. Firms with WICPA members sign up to be included in the directory, which is a resource for the public, individuals and companies to easily find a CPA in their area. Several media outlets utilized the WICPA as a resource, contacting us for interviews, articles and quotes from WICPA membersâ&#x20AC;&#x201D;who enthusiastically shared their perspectives on current topics such as the economy, tax law changes and business. Several members were referred and volunteered to represent the accounting profession, the WICPA and their firms with media outlets across the nation.

Certificate presentation at our annual New CPA Banquet! Weâ&#x20AC;&#x2122;ve partnered with the Accounting Examining Board (AEB) and Wisconsin Department of Safety and Professional Services (DSPS) to make it possible for the AEB chair to personally present CPA certificates to new Wisconsin CPAs at the New CPA Banquet held in June. We encourage you to make the most of your membership by utilizing our new website, getting involved in a committee or online community, taking advantage of CPE discounts, attending our events and giving us feedback so we can continue to provide you with the membership features and benefits you want and need.

Thank you for your continued membership and commitment to the accounting profession and for making these initiatives possible! Tammy J. Hofstede is the chief financial & operating officer at the WICPA. Contact her at 262-785-0445 ext. 4518 or tammy@wicpa.org.

UPCOMING PROGRAMS AND EVENTS: MAR 22

CPAs in Industry Spring Conference (Milwaukee)

APR 24

CPAs in Industry Spring Conference (Green Bay)

APR 26

Bowling Night (New Berlin)

MAY 10

WICPA Membership Banquet & Annual Business Meeting (Milwaukee)

MAY 15

Networking Night at Appleton Beer Factory (Appleton)

MAY 24

Networking Night at Old Sugar Distillery (Madison)

JUNE 7

New CPA Banquet (Milwaukee)

JUNE 21

Networking Night at Mississippi Pizza Cruise (La Crosse)

Intelligent Conversations has joined the WICPA as a new affinity partner Intelligent Conversations is a coaching practice focused on helping companies implement proven systems that drive revenue growth. To learn more about business development skills and strategies to grow your business, contact Cliff McDonald, Partner, at cliff@intelligentconversations.com.

TWO NEW LOCATIONS! THURSDAY, MARCH 22

POTAWATOMI HOTEL & CASINO | MILWAUKEE

TUESDAY, APRIL 24

RADISSON HOTEL & CONFERENCE CENTER | GREEN BAY

WICPA members receive 20% off a comprehensive individual or team evaluation. wicpa.org

March | April 2018

Fun

Seriously

Anne Donarski, CPA, MBA, takes a passionate but playful approach to accounting. By Ken Wysocky

ccounting and fun often are considered mutually exclusive terms. But to Anne Donarski, CPA, MBA, the controller at Esker Inc., they mesh together as concisely and neatly as cross-footed numbers on a balance sheet—and foster a sense of infectious enthusiasm that inspires her staff.

But behind that infectious personality lies a serious focus on improving operating efficiencies and mentoring members of her five-person department. Moreover, Donarski also is a roll-up-your-sleeves, get-things-done kind of person who’s not above taking care of more mundane chores, such as getting a leaky faucet fixed or emptying a garbage can.

Esker develops document-management software aimed at automating low-value manual tasks and developing paperless processes. Donarski, 45, has been controller there since 2009.

As a result, when Donarski isn’t dealing with the company’s payroll, benefits, budgets, tax returns, month-end, audits and so forth, the multitasking controller also manages Esker’s facilities. “If anything goes wrong in the office, people go to Anne and she gets it resolved, even if it’s not her responsibility,” Smith noted. “She understands the impact that little things have on morale and the overall effectiveness of operations.”

“Most financial people are kind of dry—very numbers oriented,” said Steve Smith, the chief operating officer at Madison-based Esker as well as Donarski’s supervisor. “But Anne has such a happy, bubbly personality that when she talks about things like numbers, no one’s falling asleep listening to her. “And it’s contagious, too—all the people in her department also are nice, fun people,” he added. “She’s fantastic to work with and does a great job. I couldn’t be happier with anyone else in this position.” “She definitely loves what she does and that makes her really great to work with,” said Emily Craddock, an accounting financial analyst who reports to Donarski. “She really makes it fun to come to work every day.”

On Balance

March | April 2018

“I really love to dig in and take care of things,” Donarski explained. “If I see a full garbage can, I empty it. My boss loves that I see things and take care of them. “For example, I love process improvement, so I’ve streamlined a lot of things so we’re able to do more in less time,” she added. “For starters, I don’t like manual inputting because there are more chances for errors. So I’m always looking for opportunities to use technology to automate processes. And three years ago, we automated all our expense reports, which is a huge time-saver and greatly improved accuracy.”

wicpa.org

In her job as controller at Esker Inc., Anne Donarski inspires her staff by balancing serious work with a positive attitude.

wicpa.org

On Balance

March | April 2018

Posing on the Great Wall of China, Donarski and her son, Cameron, share another passion: world travel.

Hooked on accounting

Donarski found her professional calling during her sophomore year in high school, when she took her first accounting class. “I fell in love,” she said. “I always liked math…and loved how everything balances out in accounting. There’s something very tidy and methodical about it.” In 1994, Donarski graduated from the University of Wisconsin-Oshkosh with an accounting degree and then went to work as an auditor at the Legislative Audit Bureau in Madison. Later, she worked as an auditor at Telephone and Data Systems Inc. and a manager of financial analysis at TDS Telecom (a wholly owned subsidiary of Telephone and Data Systems). While at TDS, she went back to school and, in 2001, earned a master's degree in business administration from the University of Wisconsin-Madison. A career turning point occurred during her first couple of years at TDS Telecom, where she said things “started to click.” That resulted in more and more responsibilities. In a span of just a little more than three years, she was promoted from staff accountant to senior accountant, associate manager and then manager. “I started to see the fun in accounting,” she recalled. “I know this might sound odd, but when I was a staff accountant at TDS, I was coordinating the budget processes for more than 100 telephone companies. I really had fun with it.”

On Balance

March | April 2018

Becoming the controller of a large company wasn’t on Donarski’s radar when she started out. Instead, it happened organically—and the process started at TDS, where she realized that she really wanted to manage a group of accountants. “I’ve exceeded my expectations,” she said. “I really didn’t think my career would progress this far. Everything from now on is just icing on the cake.”

Looking beyond the numbers

Smith said one of Donarski’s key strengths is her ability to provide context for financial issues she’s explaining. Many accountants have a difficult time explaining things in anything but numbers. But because she’s so active in managing office operations, she’s able to go beyond just specifying what something will cost. “She can describe the impact and explain why something is or is not worth spending money on,” he explained. “She’s not just a spreadsheet person. A lot of that stems from the fact that she’s not sitting in an office, looking at spreadsheets all day. So she understands what makes things tick much more than most financial people.” That ability to provide context extends to her management style, too. Craddock compliments her ability to provide background information when answering staffers’ questions. “She’s never offended when people ask questions,” she said. “She’s always willing to explain the accounting principles behind a decision or a policy change.”

wicpa.org

Managing change is a big part of Donarski’s job. For example, an Esker client may know that it wants to streamline its invoice-approval process by using software to scan invoices, prepopulate them into an accounting system and electronically route them for approval, with full transparency and accountability. On the other hand, many clients' employees don’t like change. As such, change management is where the rubber meets the road, she says.

Son comes first

While Donarski loves her job, she says she’s a mom first and foremost. “My life revolves around my 16-year-old son, Cameron,” she said. They love to travel and visited China last year. Previous destinations include Mexico, France (Donarski minored in French in college), Germany and the Dominican Republic. Reading is another favorite activity, not to mention curling, a sport she was exposed to by a former colleague at TDS who was an Olympic curler. During winters, she plays once a week in a women’s league and once a week in an instructional league with Cameron.

“I wanted to do an indoor winter sport to pass the time,” she explained. “I’m still terrible at it, but it’s really fun. It’s a very social sport—a lot like softball, in that regard. And it’s a little bit like golf, too, in that there’s always something that keeps you coming back for more. I enjoy the challenge of trying to get better and keep upping my game.” The same is true at work, she noted, because her job is never the same from day to day; new challenges continually arise. But she said that she thoroughly enjoys working with Smith and her team and thrives on the fast-paced atmosphere. “If you don’t love coming to work every day, you need to find something new,” she said. “My actual job changes all the time…and after the year-end audit, you get the stamp of approval—everything’s all tied up with a bow. It gives you a great sense of self-satisfaction.” Just like perfectly cross-footed numbers on a balance sheet.

Ken Wysocky is a freelance writer based in Whitefish Bay. Contact him at 414-962-6202 or kwysocky@wi.rr.com.

T O G E T H E R , we have the power to make a difference. Your contribution to the WICPA CPAC/LIF Campaign for Political Awareness allows the WICPA to: Strengthen the voice and visibility of the WICPA.

Support the election campaigns of candidates who support our issues.

Educate lawmakers about the issues impacting Wisconsin CPAs.

Ensure a healthy business climate for CPAs and the clients you serve.

Visit www.wicpa.org/cpaclif to learn more and make a contribution today. wicpa.org

On Balance

March | April 2018

It’s Time for Interactive Electronic

CAFR

By Khaled Abdel Ghany, CPA, PhD

nteractive and tagged data has the potential to revolutionize financial reporting for state and local governments. The interactive electronic Comprehensive Annual Financial Report (CAFR) is expected to enhance understandability, comparability and usability of government financial statements among both regular and sophisticated users of financial information.

The International Financial Reporting Standards (IFRS) taxonomy contains concepts for all IFRS disclosure requirements, application and implementation guidance, illustrative examples and concepts relating to IFRS common reporting practice. The taxonomy includes other IFRS-related information, such as IFRS documentation (terminology) and XBRL references to corresponding standards.

These financial statements are no longer treated as blocks of static text. Instead, each individual item in the financial statement is assigned a unique computer-readable eXtensible Business Reporting Language (XBRL) tag, which enables financial information to be treated “intelligently.”

The International Accounting Standards Board (IASB) used the “standards-based” modeling approach to develop the IFRS taxonomy. This effectively means that the taxonomy is developed on a standard-by-standard basis.

This column discusses the use of XBRL and tagged data for financial reporting, as well as what needs to be done to develop a governmental accounting taxonomy and interactive electronic CAFR for state and local governments.

SEC and IFRS Guidelines In 2005, the Securities and Exchange Commission (SEC) started a voluntary filing program that allowed companies to submit their financial statements on a supplemental basis in interactive format as exhibits to specified filings under the Securities and Exchange Act. In 2006, the SEC contracted with XBRL U.S. to develop a taxonomy—a standard list of tags—necessary for financial reporting in an interactive format that is consistent with U.S. generally accepted accounting principles (GAAP). In January 2009, the SEC issued Rule No. 33-9002, Interactive Data to Improve Financial Reporting. This rule requires companies to provide their financial statements to the SEC, and post them on their corporate websites, in an interactive data format using XBRL.

On Balance

March | April 2018

IFRS disclosure requirements, guidance and examples in each standard are analyzed, modelled into an appropriate hierarchy and eventually constructed into XBRL files. The benefit of following this standard-based modeling approach is that it aligns the development of the taxonomy with the development of standards, according to IASB’s agenda. Standards-based modeling also results in the taxonomy being organized and structured in a way that is familiar to preparers, which facilitates readability and usability.

State Governments and XBRL The first state government XBRL pilot project was initiated in 2007 by the state of Oregon. That project, with outside funding assistance, involved creating XBRL financial statements for a statement of net position and statement of activities using Oregon’s CAFR. A multidisciplinary team, including Government Accounting Standards Board (GASB) staff members, was assembled to build a limited taxonomy for these two financial statements as a demonstration.

wicpa.org

A 2010 publication by the National Association of State Chief Information Officers (NASCIO), A Call to Action for State Government: Guidance for Opening the Doors to State Data, addresses the data transparency trend at the state government level. One of the anticipated outcomes of the NASCIO initiative was greater government accountability, credibility and integrity because the public will have easier access to government reports and the underlying data. In July 2012, the Association of Government Accountants (AGA) published a report focusing on electronic reporting (Report No. 32 in the AGA research series). Included in the report are references to the GASB and the Federal Accounting Standards Advisory Board, their financial reporting objectives, and the roles that standards setters have played and can play in the advancement of electronic financial reporting. The GASB Technical Plan for 2014 reported that a team of academics is conducting research and experimentation on electronic financial reporting. GASB staff has facilitated a coordination of efforts among the research teams and provided feedback and guidance.

What Needs to Be Done GASB can use the IFRS standards-based modeling approach to develop a governmental accounting taxonomy. This is a huge step, and it will require commitment from GASB staff to actively participate in developing the taxonomy, to sufficiently fund resources, and to support professional and academic teams. Once the governmental accounting taxonomy is developed, the GASB should introduce a volunteer program for reporting tagged and interactive CAFR, then progressively require use of the interactive CAFR based on a government’s general fund balance or the amount of net position in a particular fiscal year. State and local governments should select software to create instance documents. Some software can be all-inclusive of the required functionality for taxonomy extension, instance document creation and validation; while other software may offer this functionality separately or as part of a suite of tools. When preparing financial statements and mapping the information to XBRL in an integrated way, governments will incorporate XBRL into their internal financial systems. Thus, financial reports can be created from XBRL-tagged financial systems without the statements first being prepared in a human-readable format. Next, the government identifies the financial information to tag, chooses the governmental accounting taxonomy and downloads it into the XBRL software product. Each individual account value must be separately mapped to (or tagged with) a specific XBRL element (such as an account identifier) from the governmental accounting taxonomy. Each summary value, such as net position or total assets, is also mapped to a

wicpa.org

“The benefits of the tagged data include enhancing transparency, comparability and accessibility of financial information.” separate XBRL tag. The “tagging” process is then validated to identify any errors in the XBRL specification. Once errors are corrected, the software generates the financial statements. After the final step of reviewing the instance document for reasonableness and obvious errors, the financial statements can be issued for use in analyzing government financial performance.

Conclusion XBRL represents a global agreement of the semantics of financial reporting concepts and business rules. These semantics have already been created for IFRS and U.S. GAAP. These two taxonomies provide agreed-upon semantics aligned with respective accounting standards. The benefits of the tagged data include enhancing transparency, comparability and accessibility of financial information. The benefits for state and local governments and the users of CAFR are expected to exceed the benefits thus realized in the private sector, considering the special nature of government operations and the uniqueness of information needed for CAFR users. There have been significant efforts and initiatives by GASB, universities and governments to develop a taxonomy for governmental accounting for use in financial reporting. Unfortunately, there is no tangible outcome to date. The GASB needs to take the lead in these efforts, beyond the role of facilitator or adviser. The GASB should introduce a plan for specific actions to develop a taxonomy for governmental accounting, perhaps adopting the standards-based approach used by IFRS. Once the taxonomy is completed, the GASB can follow the steps the SEC used: start with a volunteer program, then increasingly require interactive electronic CAFR over time, based on the size of a government’s net position or general fund balance. When complete, the informational value of the CAFR will be maximized when all state and local governments are able to report tagged and interactive CAFR. Khaled Abdel Ghany, CPA, PhD, is an executive accounting adviser, Office of the Chief Financial Officer, D.C. Government. He can be reached at khaled.abdelghany2@dc.gov. Reprinted with permission from the Pennsylvania CPA Journal, a publication of the Pennsylvania Institute of Certified Public Accountants.

On Balance

March | April 2018

Donâ&#x20AC;&#x2122;t miss this chance to connect with your colleagues and other business professionals! Networking Nights offer the opportunity to build your network with a group of peers in a relaxed setting.

atures e f t h g ing Ni k r o w you to t r e o f N y h t i ac ate, e portun t p s o e n h hout t es as a g v r u e o s r h nd Held t ivity a t c a t ren . a diffe w way e n a ize in social This is also a great venue for strengthening relationships

UPCOMING NETWORKING NIGHTS: May 15 Appleton Beer Factory, Appleton

Oct. 16 Sprecher Brewery, Milwaukee

May 24 Old Sugar Distillery, Madison

Oct. 24 Lambeau Field, Green Bay

June 21 Mississippi Pizza Cruise, La Crosse

Nov. 7 Capital Brewery, Middleton

July 10 ABV Social, Wauwatosa

Nov. 13 Great Dane Pub, Wausau

with clients, co-workers, and business associates... So invite them to join you! Networking Nights are held 5:30 â&#x20AC;&#x201C; 8:30 p.m.

Sept. 18 Leinie Lodge, Chippewa Falls

For more On information and to register, visit wicpa.org/NetworkingNights. Balance March | April 2018 12

wicpa.org

By Ken Wysocky

ore effective risk-assessment processes for audits. Faster judgments about transaction classifications for tax returns. Quicker data retrieval for advising clients about tax-law changes. Better staff optimization, which ensures the best match between auditors and particular clients. These are just a few examples of how artificial intelligence (AI) is transforming how audit and accounting firms operate. The upshot? By letting computers and technology handle more menial and labor-intensive tasks, practitioners get more time to think and plan strategically—and add value for clients, experts in the field concluded. “Massive, massive change is coming our way,” said Steve Toy, the venture lead at America’s Tax Innovation Foundry, an inhouse arm of Ernst & Young LLP. “I think artificial intelligence within the white-collar world probably has accounting and

wicpa.org

tax preparation squarely in its sights as the first industries it will likely disrupt. I harken back to how the calculator rapidly accelerated the rate of work … that’s what AI is poised to do— perform a lot more work in much less time.” Moreover, accounting and tax preparation are extremely rules-based, which makes them excellent candidates for automated processes, he added. “It’s not just hype—it’s definitely happening,” agreed Jon Raphael, the audit chief innovation officer for Deloitte & Touche LLP. “There are real substantive investments being made across the profession. But the key is to find use cases within the audit process where you can accelerate the cognitive in the short term and in the long term … work toward getting a cognitive beginning-to-end experience for our professionals to leverage the technology and deliver an audit of the highest quality.”

On Balance

March | April 2018

Allen Smith, the chief information officer at Baker Tilly, predicted that AI would be the single biggest accounting industry disrupter in the next five to 10 years. “And I’m not talking about robots taking over the world,” he added. “What AI is going to do is leverage our people in a way that will absolutely change how we think about and deliver our services.”

AI use is accelerating Baker Tilly already is using AI to enhance both the client experience and the development of their team members. One specific initiative involving AI is helping ensure the best match between its employees and clients. First the company loaded five years of actual management data, including both client and employee characteristics, into a software product and developed a “staff optimization” algorithm. In simplest terms, the system “learns” what individual employee characteristics are best suited to do particular kinds of work for certain clients, Smith explained. Isn’t that a manager’s role? In a perfect world, yes, he said. “But I sit in Milwaukee, for instance, and see 200 practitioners,” he pointed out. “We have offices in a dozen states and 2,700 other practitioners so it’s difficult to know everyone’s capabilities and areas of expertise. But with AI, we can supplement the manager’s knowledge to make better decisions.” At Deloitte, AI is improving audit efficiency by dramatically reducing the amount of time it takes audit teams to gather and analyze data. Before AI, company auditors examined only a representative random sampling of a client’s leases, for example, during an audit. But by using algorithms to determine what factors in leases are most significant, an AI tool can scan through all of a client’s contracts—and in a fraction of the time it used to take employees to analyze random samples, Raphael explained. “With this technology, we can get 100 percent of a population inputted and understand what’s in it … and identify potential risks in a much different way,” he said. “We’re seeing a pivot now to much more analysis and, I would suggest, higher-quality audits. It’s a huge value play because we can evaluate so much more and spend time on where the risks are, and not on the more rote parts of an audit, such as data acquisition and work paper organization.”

Making judgment calls Ernst & Young is using AI to comb through vast amounts of documents to snare specific pieces of information, such as leases of a certain size or set at a certain interest rate that will be treated differently under new tax laws, for example. Historically, a team of people would search through contracts to find the relevant information—an extremely time-consuming process, Toy said.

On Balance

March | April 2018

“Massive, massive change is coming our way.” — Steve Toy, America's Tax Innovation Foundry The company also is using AI to make small judgment decisions, such as how to classify transactions for taxpreparation purposes. For example, tax preparers often must determine if certain transactions are 50- or 100-percent deductible. “We’ve been compiling these transactions for a long time, so we have a rich set of historical data we can feed into a computer and let it make those judgments going forward,” Toy explained. “AI is effective when we can use machine learning for classification purposes, where only a modicum of human judgment is required, and where a history of human judgment has been applied in the past.” Going forward, this technology could potentially remove tens of thousands of man hours of work over a large set of classification tasks. “A machine can do in seconds what it takes humans several minutes to do, and a machine can do it in bulk and never get tired,” Toy observed. All of that raises a thought-provoking question: Will employees even be needed as AI evolves? The answer is an emphatic yes, Toy said. “Machines can’t understand the problem and clean the data,” he commented. “We still need humans for that. But once a machine has been taught, that frees up professionals to provide higher-value services to their clients.” Raphael sees AI shifting the focus of what auditors do, not replacing employees with machines. “I understand that concern (about robots replacing humans) as it relates to the world in general,” he said. “But an audit is very complex, and there are key judgments specific to a client that require a professional mindset. Auditors step back and evaluate outputs … and it’s very difficult to create tools to capture those risks.

wicpa.org

“We won’t need as many people to do the tasks enabled by automation,” he continued. “But we’ll be looking at more complete amounts of data, and we’ll need people to do that. You just can’t press a button and get an audit. There are too many judgments or potential risks of overrides—bespoke, unusual or non-standard ways that complex global entities manage processes. We need to identify what’s unusual, and that’s where auditors bring professional skepticism and client value.”

Endless possibilities How will AI continue to change the accounting world? Different companies will choose different ways to leverage the technology. Some will take a “peanut butter approach”— spread money across many different technologies, Smith predicted, while others will focus laser-like on one specific technology investment. “The ideal solution is to be able to leverage a technology and make it a differentiator,” he said. “One example is digital assistants like Alexa or Siri. You can already ask Alexa to order you a pizza, so in the future why couldn’t clients tell Alexa to ask Baker Tilly to find out where their tax return is? That falls under the consumerization of AI, where consumers experience AI in their daily lives and then want to see it in a corporate environment, too.” Because tax preparation involves so many rule-based decisions, Toy expects AI to play an ever-expanding role in decision making—determining how to classify things such as

fixed assets, meal and entertainment expenses or real-estate transactions, for example. “It will all coalesce into machines making bigger and more effective decisions … keep marching up the complexities of the decision tree by using more and more complex reasoning,” he said. Smith also believes that AI will allow small firms to “play big and big firms to play small.” Smaller firms will be able to utilize technology to provide services that only larger firms could provide before. “Just because you’re the big boy doesn’t mean you’re incapable of being disrupted by smaller companies,” he said, pointing out that Amazon started out as just a bookseller. And through AI-augmented services, larger firms will be able to offer smaller clients more competitive pricing. The bottom line: Use of AI will only expand, so accounting firms must embrace it and decide where it makes the most sense to make technological investments. “No industry has succeeded in the face of disruptive technology by playing protect and defend,” Smith concluded. “Ultimately, it’s all about providing a great client experience. That’s the big differentiator. Firms need to figure out how they can infuse AI into their processes and provide clients with a great experience.”

Ken Wysocky is a freelance writer based in Whitefish Bay. Contact him at 414-962-6202 or at kwysocky@wi.rr.com.

memorials Curt J. Baier, CPA

Laurence “Larry” V. Smith, CPA

Curt J. Baier, CPA, a retired partner in the firm of Schumaker, Romenesko & Assoc., passed away in Appleton on Dec. 28, 2017, at age 92, according to the Appleton Post-Crescent. Baier was born in Switzerland and emigrated to the U.S. in 1949 after serving in the Swiss Army during World War II. He gained his U.S. citizenship in 1956 and subsequently became a certified public accountant. Baier was active in his community, serving on the local United Way board of directors and the advisory committee of the Community Foundation for the Fox Valley Region. He was a charter member of the Rotary Club of Appleton-West and the Rotary Club of Appleton-West Foundation Inc. and was recognized by his fellow club members with a Paul Harris Fellowship.

Laurence “Larry” V. Smith, CPA, passed away Jan. 19, 2018, at Mayo Clinic Health System in La Crosse, according to the Black River Falls Banner Journal. He was born Sept. 18, 1945, in Milwaukee and in 1963 graduated from Waukesha South High School, where he participated on the track team. Smith operated his own CPA firm from 1979 until 1993. He was a long-time member of Ducks Unlimited and became a life sponsor in 2009. Smith had lived in Black River Falls since retiring.

(1925-2017)

(1945-2018)

If you are aware of a member obituary and believe it should be included in Memorials, please send a copy of the obituary or contact Tammy Hofstede at tammy@wicpa.org.

wicpa.org

On Balance

March | April 2018

SPECTRUM

INVESTMENT ADVISORS

Retirement Plan Investment Seminar 13th Annual Seminar

NEW - 2nd Location!

Ingleside Hotel, Pewaukee, WI

Radisson Hotel & Conference Center, Green Bay, WI

S��

(formerly the Country Springs Hotel)

F��

Wednesday, June 20, 2018 Tuesday, October 23, 2018 8:15 am - 12:15 pm Program

Topics Include:

8:15 am - 12:15 pm Program

Global Markets Outlook, Retirement Plan Fiduciary Concepts, Investment Committee Best Practices

Co-sponsored by

Spectrum Investment Advisors and

The Wisconsin Institute of CPAs

Colors Simplify Investing®

-More Information & Registration to Follow- spectruminvestor.com

From the WICPA

sia@spectruminvestor.com 800-242-4735

Investment advice offered through Spectrum Investment Advisors, Inc., a registered investment adviser. Registration with the SEC does not imply a certain level of skill or training. Spectrum Investment Advisors and the Wisconsin Institute of CPAs are not affiliated.

On Balance

March | April 2018

wicpa.org

IN TOUCH | PRESIDENT & CEO's MESSAGE “These provisions reflect the latest neuroscience research regarding learning effectiveness and will serve as an example for other jurisdictions.”

CPE required for Wisconsin CPA license renewals starting in 2021

n Nov. 30, 2017, Gov. Scott Walker signed into law 2017 Wisconsin Act 88, which changes Wisconsin CPA licensing requirements in the following ways:

1. CPA Exam and license education requirements are updated immediately to expedite approval of candidates’ CPA Exam and license applications. 2. Wisconsin will immediately participate in three national CPA licensing databases to help CPA regulators and the public confirm CPA license status. 3. Mandatory continuing professional education (CPE) will be required to renew a Wisconsin CPA license beginning in December 2021 (as currently required in all 54 other CPA licensing jurisdictions and for more than 40 other Wisconsin licenses).

The new law’s CPA Exam and license education eligibility provisions were developed with input from educators representing all of Wisconsin’s 26 colleges and universities that have four-year accounting programs. In order to expedite approval of CPA Exam and license applications, the updated provisions rely on rigorous academic accreditation processes completed by many colleges and universities. Relying on accreditation to expedite CPA Exam and license approval helps candidates while reducing administrative regulatory burdens. The updated CPA Exam and license education requirements also provide flexibility for the Accounting Examining Board to recognize that the content and titles of individual courses change over time and vary among Wisconsin’s colleges and universities. The new mandatory CPE requirement for CPA license renewals beginning in December 2021 recognizes the increasing complexity of continuously changing technical areas in which CPAs apply their expertise. Mandatory

wicpa.org

CPE also provides greater consistency with all 54 other CPA licensing jurisdictions while protecting the public by requiring continuing competency of licensees. The law directs the Accounting Examining Board (AEB) to develop regulations that will require no more than 80 CPE credits every two years, including three credits in ethics, and allow up to 40 of the 80 credits to consist of informal learning activities that may include technical research, reading books and articles relating to the CPA’s areas of professional responsibility and other types of learning activities. The regulations will also allow creditable learning activities as short as five minutes for learning activities measured by time. These provisions reflect the latest neuroscience research regarding learning effectiveness and will serve as an example for other licensing jurisdictions that update their CPE requirements in the future.

Dennis F. Tomorsky, CPA, JD, CGMA, is president & CEO of the WICPA. Contact him at 262-785-0445 ext. 4519 or dennis@wicpa.org. On Balance

March | April 2018

EFFECTIVE 2021: MANDATORY CPE FOR

LICENSE RENEWAL

On Balance

March | April 2018

wicpa.org

Center: Gov. Scott Walker. Left to Right: Greg Hubbard, Vincent Williams, Peter Hienz, Angela Thomas, Neil Keller, Senator Howard Marklein, Dennis Tomorsky, Jeff Dewane, Nicholas Lascari, Tammy Hofstede, Ryan Hanson, Matthew Schaefer, Alice O'Connor, Sandy Lonergan, Steven Pullara, Representative Dale Kooyenga.

By Marcia Tillett-Zinzow

andatory continuing professional education (CPE) for all CPAs in Wisconsin has been a subject of consideration for quite some time. But the subject can be put to rest now because there’s a new law on the books. Effective in December 2021, all Wisconsin CPAs will be required to have obtained 80 credit hours of CPE over a two-year reporting period to renew their CPA licenses. Wisconsin Institute of CPAs members came together in 2017 to advocate for passage of AB 188—the bill that proposed mandatory CPE, among other recommendations. The bill was introduced to the state legislature by its primary authors, Sen. Howard Marklein, CPA, and Rep. Dale Kooyenga, CPA, on March 28, 2017. It passed the Assembly by a vote of 95–1 on June 14 and the Senate by an overwhelmingly positive voice vote on Nov. 7. On Nov. 30, Gov. Scott Walker signed the bill into law as 2017 Wisconsin Act 88. The legislation—three years in the making—brings Wisconsin into alignment with the other 54 U.S. licensing jurisdictions and more than 40 other Wisconsin professions that require continuing education for license renewal. It also gives the Accounting Examining Board (AEB) authority to make rules around what will qualify as CPE, and some of those rules will allow for flexibility. AEB will also have authority to make rules around coursework required to meet the 120-credit-hour requirement to sit for the CPA Exam and the 150-credit-hour requirement for certification. One of the rules will make it possible for military veterans to get credit for some of their service.

wicpa.org

CPE requirement not really new—but now flexible The WICPA has long required members to obtain an average of 40 credit hours annually to renew their membership. If you’ve been part of a regional, national or global accounting firm, even if you’re not a WICPA member, most likely you’ve already been complying with the 80-credit-hour requirement. “It’s really for those practitioners with smaller firms or on their own, who have probably been keeping up with continuing education, and now they’ll just have to keep track of it and maintain evidence of compliance to renew their license,” said Marklein. An important part of the new law is allowing flexible learning activities. Half of the required 80 credit hours can be “informal” in nature—such as reading, teaching, researching, serving on a board or committee, viewing a video or webcast, listening to an audio recording or podcast, or participating in other experiential learning activities the AEB determines to be relevant to the CPA’s competency to practice. “The proposed innovative CPE requirements reflect the latest technology and neuroscience research that support allowing CPE requirements to be met using short fiveminute increments, rather than the outdated 50-minute time increments,” said Dennis Tomorsky, WICPA president & CEO. “This will permit many more kinds of creditable learning activities that are convenient, inexpensive and often free, and result in more effective learning than historical lecture-focused CPE.” AEB Chair John Scheid said the forthcoming rules will put Wisconsin on the leading edge. “We’re actually going from

On Balance

March | April 2018

“This will make it easier for Wisconsin CPAs to practice in multiple jurisdictions. That is a significant reason for making the change.” — Rep. Dale Kooyenga, CPA last place—as the only one of 55 jurisdictions that didn’t have mandatory CPE—to first place, by applying the latest research on learning,” he said. Scheid said the rule-making process will take time. “We’ll draft rules and submit them for public hearing in 2018. Then, based on the legislative process and the rule publication process, the rules will take effect sometime in 2019,” he said. “Compliance will occur during the two-year period beginning Dec. 14, 2019, and closing Dec. 14, 2021, and by then, all CPAs in the state will have to maintain evidence that they complied with the new requirements.”

Why require CPE? The main benefit of mandatory CPE is providing CPAs more mobility to work across state lines, said Kooyenga. “Wisconsin is the only one of 55 licensing jurisdictions that doesn’t have the requirement, and it creates a problem with reciprocity,” he said. “This will make it easier for Wisconsin CPAs to practice in multiple jurisdictions. That is a significant reason for making the change.” Marklein believes the mandatory CPE requirement also will help safeguard the public by ensuring a basic standard for keeping up with the continuous changes impacting CPA services. “Because of Wisconsin CPAs’ high level of competence, we haven’t had big audit failures like those that have occurred in other areas of the country, but I want to make sure we don’t in the future,” he said. “So the CPE component of this bill was a matter of protecting the public interest and their confidence in our CPAs. They should be professionally current, whether they’re WICPA members or not. There was an assumption by the public that all CPAs were keeping up with continuing education.” Kooyenga especially favors enabling military veterans to count some of their service toward educational credits. “I was in the military and still serve in the U.S. Army Reserves,” he said. “I have a lot of friends trying to go to college after having spent a lot of time in the military. This will just give them a lot more flexibility. It’s important for the AEB to recognize that and allow these individuals to get on with their careers after they’ve served or while they’re serving.”

On Balance

March | April 2018

Grassroots effort made the difference Marklein said the support of WICPA members made all the difference in getting the bill passed. “I was impressed with the level of grassroots involvement by CPAs all over the state,” he said. “They were engaged, and I don’t think a lot of CPAs are naturally inclined to be politically active. But in this case, they were very visible, contacted their representatives and senators and let their views on the bill be known. Their phone calls and emails were a large part of the bill’s success.” Scheid, Tomorsky and WICPA board member Angela Thomas met individually with more than 50 state assembly representatives at an early 2017 Madison event to explain the importance of protecting the public and the benefits of Wisconsin CPAs being recognized as CPAs in more jurisdictions. Tomorsky reached out to numerous WICPA members in person and by email to rally support. He prepared individual reports of WICPA members who were constituents of certain legislators. “We wanted to email those members who would be most likely to call, write or email specific legislators to express their support for the bill,” he said. The outcome was mobilizing more than 50 WICPA members in public accounting, corporate, government and education who shared their support for bringing Wisconsin in line with the other 54 CPA licensing jurisdictions. “Our members helped legislators understand the need for mandatory CPE and for flexibility in learning,” Tomorsky said. “Wisconsin’s leadership in establishing the most innovative CPE requirements for license renewal in the country is being studied by other organizations interested in exploring similar updated CPE requirements,” he said. Find out more about 2017 Wisconsin Act 88 at this page of the Wisconsin Legislature’s website: https://docs.legis. wisconsin.gov/2017/related/acts/88.

Marcia Tillett-Zinzow is a freelance writer and editor based in Greendale. Contact her at mtzinzow@icloud.com.

wicpa.org

YOUR PROPERTY TAX PARTNER The Property Tax Section of von Briesen & Roper, s.c. has extensive experience and is your comprehensive resource for property tax issues. From public to private entities, the Property Tax Section has assisted clients in contesting and defending property tax assessments, chargebacks, tax exemptions, and advising on PILOT agreements and TIF/TID districts. Our creative approach to the most complex matters has positioned us to be your trusted advisor on property tax. The bottom line? We get results. To learn more about our Tax Section, please contact Robert Mathers at rmathers@vonbriesen.com.

vonbriesen.com/tax Milwaukee • Madison • Waukesha • Oshkosh • Green Bay • Appleton • Manitowoc

wicpa.org

On Balance

March | April 2018

What’s the deal with

BLOCKCHAIN?

By Robert J. Bowman, JD

lockchain technology has reached near ubiquity as a topic of interest in technology and financial publications and is often cited as the “next big thing”: That is, the technology that will substantially reinvent long-settled ways of doing things and, in the process, disrupt major parts of the world economy. But what is blockchain? I imagine a Jerry Seinfeld routine along the lines of, “What’s the deal with blockchain? Is it a block, is it a chain—what is it?” At its most basic level, blockchain—also known as distributed ledger technology—is a system for organizing and storing related data points in chronological order. In other words, blockchain is a virtual or electronic ledger that can be used to capture, organize and validate data. Blockchain gets its name from being made up of a number of data “blocks” linked together in a chronological “chain.” Each data block represents a single data point or a series of data collected

On Balance

March | April 2018

Figure 1. The graph measures search interest in the term "blockchain" over the past five years. Source: Google Trends, December 4, 2017.

concurrently and includes a date and time stamp. The blocks are then sequentially linked together in a chain. The chain element is a “hash” of the previous block inserted into each new block, creating a link between each new block and the previous block. A hash is typically an alphanumeric sequence of a designated number of characters that is based upon the data contained in the previous data block generated by a hash function. Thus, changing the underlying data in a block will result in a different hash, and this feature is an inherent data security feature that allows users to authenticate the data in the previous block (see sidebar, pg. 24).

wicpa.org

The distributed ledger Blockchain is built upon a decentralized network in which a copy of the blockchain is stored on any number of storage nodes instead of a centralized server. It is maintained through a syncing process that updates and syncs the data on each node at a given time interval. Because blockchain is decentralized, it can be set up for peer-to-peer transactions. Data collected and stored in a blockchain is irreversible, and blockchain platforms can incorporate programming to provide some automated actions to occur based upon the data inserted into the blockchain. Additionally, blockchains can be configured to control various levels of access to the data. For example, some members can be authorized to update the blockchain by adding data, whereas another group of members may only be allowed to view data on the blockchain.

Data security considerations From a data security standpoint, conventional hub-andspoke networks with central servers are vulnerable because data is stored in one location and accessed from many. Hacking the single central hub allows a hacker to control all the data viewed by everyone on the system. In contrast, the decentralized nature of blockchain (1) requires a hacker to infiltrate each and every node before the blockchain syncs to effect a permanent change in the blockchain, and (2) virtually eliminates data hostage taking because there are numerous identical copies of the blockchain simultaneously maintained. Aside from these benefits, blockchain offers another key data security feature: transparency. In a centralized storage system, data can be permanently altered without detection.

wicpa.org

In many applications, having altered data can be worse than just having the data stolen. The decentralized nature of blockchain provides safeguards of the data’s authenticity. Blockchain’s use of hash identifiers in each block allows users to authenticate data in previous blocks. Moreover, because access to the blockchain is limited and each action by a user of the blockchain is tracked, one can identify and track any questionable access of the data or actions to the authorized user’s account. While it doesn’t prevent someone gaining access to the blockchain without authorization, it may quickly help to identify the access point. Accordingly, blockchain not only provides benefits from a data security standpoint, but also provides confidence in the authenticity of the collected data.

Applications to public accounting Auditing and inventory. Blockchain technology has a particular application in supply chains because of its ability to create an immutable record of transactions that tracks all items coming into an entity and exiting out of an entity. Taxing of income generated through the use of cryptocurrencies. Cryptocurrencies create the potential for more people to generate taxable income through buying and selling tokens in exchange for U.S. dollars, foreign currency or other cryptocurrency (such as bitcoin). Additional complexity may exist for gain or loss generated through the exchange of one cryptocurrency for another. IRS Notice 2014-21 articulates the current tax treatment for the use of cryptocurrencies. Similarly, as cryptocurrencies become more prevalent, more and more commercial transactions will be cryptocurrency denominated. If your client accepts bitcoin as payment and uses it in the future to pay a vendor or other expense, it will require tracking the equivalent

On Balance

March | April 2018

A salmon’s blockchain: from ocean to dinner plate

dollar value of the bitcoin as it was received compared to the value when it was expended. Take note that if your clients have bought or sold cryptocurrency, these earnings can be readily shown by enforcement agencies, as blockchain provides a permanent record of all the transactions. Initial coin offerings (ICOs). According to data from research firm Coindesk, during 2017 there were more than 160 ICOs, which collectively raised more than $3 billion. An initial coin offering involves an investor or interested participant providing money to the offeror of a new cryptocurrency token, and the SEC has been unclear on whether the structure of these offerings falls within their regulatory remit as a security offering. If you have a client who is either thinking of initiating an ICO or investing in one, a thorough review of the facts surrounding the offering and consultation of a securities lawyer is suggested. The implementation of blockchain applications and related cryptocurrencies in the marketplace have the potential to transform commerce. This transformation will require accounting and legal professionals to stay up to date on the developments of these technologies and the approach governing jurisdictions take in regulating and taxing these nontraditional commercial transactions.

Bob Bowman, JD, is a technology, manufacturing and transportation associate at Husch Blackwell LLP, Denver, Colorado. Contact him at 303-749-7259 or bob.bowman@huschblackwell.com.

On Balance

March | April 2018

Each block in a blockchain contains information that represents a step of the process or transaction. Here’s a sample blockchain for a salmon entrée with examples of the information captured in each block along the way. A restaurant could show a customer this blockchain to prove provenance and ensure that the salmon is what the menu says it is, such as a wild-caught Pacific salmon. Blockchain technology works the same way.

1 CK

O BL

Fish Number: 12 Action: Caught Location: Alaska Coast Species: Salmon Date: July 23, 2017

2 CK

O BL

Fish Number: 12 Action: Fillet and packaging Place: Juneau, Alaska Species: Salmon Date: July 24, 2017 Hash: 12-CAS7232017

(This is the hash of Block 1, which contains an identifying number, the first letter of each data point and the date.)

K OC L B

Fish Number: 12 Portion Number: 2 Action: Preparation of portion for dinner Place: Milwaukee Species: Salmon Date: July 26, 2017 Hash: 12-FJS7242017 (Hash of Block 2)

K OC L B

Fish Number: 12 Portion Number: 2 Action: Served customer Place: Milwaukee Species: Salmon Date: July 26, 2017 Hash: 12-2PMS7262017 (Hash of Block 3)

wicpa.org

kudos Mark E. Albrecht, CPA, has been named managing partner of Chortek LLP following the retirement of Greg Junek, CPA. Mark E. Albrecht, CPA

Jill Boyle, CPA

Sequoya Borgman, CPA, has launched Borgman Capital, a new private equity firm based in Milwaukee. Jill Boyle, CPA, a senior manager at Sikich, was named one of Milwaukee’s top 40 leaders under the age of 40 by the Milwaukee Business Journal.

Michael Radtke, CPA, CVA, was promoted to partner in Chortek LLP’s tax business practice. Michael Radtke, CPA, CVA

Meagan Rutkowski, CPA, has joined Bull Moose Financial, Milwaukee, as a partner. Joseph Schirger, Jr., CPA, MT

Erik Bunnell, CPA, has joined KerberRose SC as a shareholder.

Eric Bunnell, CPA

Troy Campbell, CPA, has been promoted by Chortek LLP to partner in the firm’s assurance and accounting practice.

Justin Schneider, CPA

Doug Gross, CPA, CGMA, has been named a partner in MBE CPAs, Sun Prairie. Troy Campbell, CPA

Doug Gross, CPA, CGMA

Attorney John F. Hager

Attorney John F. Hager, a partner in the law firm of Hager, Dewick and Zuengler SC, was named 2017 Trustee of the Year by the Wisconsin Hospital Association. Dennis Heim, CPA, has been hired as chief financial officer of PremierBank, based in Fort Atkinson. Sue Hintz, CPA, has joined Hjortness CPAs in Menasha as tax manager. Kyle Kaja, CPA, a manager at Wegner CPAs, was appointed to the Sun Prairie Chamber of Commerce in November 2017.

Dave Kerber, CPA, managing partner and a founding member of KerberRose SC, has been appointed to the board of directors of State Bank, Shawano. Jeffrey Knorr, CPA, has been appointed to the Port Washington State Bank board of directors. Diana Luttmann, CPA, has been promoted to partner at Ritz Holman CPAs, based in Milwaukee.

Want your

Stephanie Rogers, CPA, has been hired as business manager by Green Bay Water Utility.

Julie Schroeder, CPA

Brad Voght, CPA

Derek Salzwedel, CPA, has been promoted to senior manager at Strohm Ballweg LLP in Middleton. Joseph Schirger, Jr., CPA, MT, and Justin Schneider, CPA, have recently been named shareholders of Schenck SC. Julie Schroeder, CPA, has been promoted to partner in Chortek LLP’s assurance and accounting practice. Jay Schwab, CPA, has joined Annex Wealth Management as a client experience manager. Melanie Stellmacher, CPA, was hired by KerberRose as a tax manager in the firm’s Oshkosh office.

Brad Voght, CPA, has been named a partner at Reilly, Penner & Benton LLP, Milwaukee. Daniel Young, CPA, has been named president of Schenck SC. CPAs running for office Angela C. Thomas, CPA, is seeking election to District 2 Alder in Sun Prairie in the April 2018 election. Christopher Zwygart, CPA, chief legal officer for West Bend Mutual Insurance Co., is a candidate for West Bend School District Board of Education.

new job, promotion or award mentioned in Kudos?

H Email your announcement and photo in JPG format to tammy@wicpa.org. H

wicpa.org

On Balance

March | April 2018

The rise of the chief information security officer By Steve Hyde

t seems like every week there’s another high-profile data breach making headlines. Chief financial officers (CFOs) can rely on internal controls to provide a level of accuracy and integrity necessary to prepare and attest to financial statements, but with every incoming email or jump drive a possible threat, it seems like an impossible task to keep a company’s sensitive information secure. The CFO isn’t fighting this war alone, however. The constant threats have given rise to a new role: the chief information security officer, or CISO. While the CISO position isn’t necessarily new, it’s getting more and more attention and being propelled to the same levels as chief information officer (CIO) and CFO. Previously, information security was just another hat worn by the CIO. Due to technology advancement and financial regulations, the background needed to be a CISO is changing. While enterprise and security architecture play a large part, the CISO also needs to understand legal and regulatory requirements, risk management, security audits and data structures.

On Balance

March | April 2018

As the CISO role expands, it’s becoming a harder role to fill. The CISO must attend to many responsibilities. First and foremost, he or she needs to understand the many types of data used or stored by the company, such as personally identifiable information, credit card data, sensitive health information and critical intellectual property. Knowing such data exists, where it resides and how it can be protected is just the start.

New systems and procedures help keep data safe A CISO must work hand in hand with the CIO to ensure sensitive data is protected by the technical infrastructure. In some cases, this even means protecting users from themselves with help from new technologies. Here are some of the tools being utilized to ensure sensitive information remains securely within the walls of the company: • Many companies are implementing email systems that automatically scan outgoing messages for sensitive

wicpa.org

data—such as Social Security numbers or credit card information—and force such messages to be encrypted. • Some companies lock out jump drives to prevent the transfer of information and unintentional introduction of viruses. • Smartphone proliferation has required the use of mobile device management systems that enable companies to wipe their information off an employee’s phone if necessary. • Print management systems can identify sensitive information in a document and automatically mask certain fields—because securing electronic data is hard enough, but trying to secure information that’s been printed is impossible. Knowing what sensitive information exists and where it resides is useless if the wrong people have access. The CISO needs to ensure procedures exist to verify a new user’s access and terminate access as soon as an employee leaves the company. For many companies, this is a manual process, so it’s important to verify employee access annually at minimum to make sure no one who’s left the company has been missed. Physical security, password policies and patch management all are major factors in keeping your information safe.

Education keeps everyone up to date The CISO also plays the role of teacher within the company. We recommend that the CISO review company policies with the Human Resources Department, especially when it comes to standard computer usage and information security best practices. And this education isn’t just for new employees. A CISO may hold mandatory educational classes for all employees

wicpa.org

to remind them of the security threats they face on a daily basis. As new threats arise, the CISO may need to email the entire company to warn them of a zero-day threat exploiting a system vulnerability. In addition, the person in the CISO role needs to continually refresh their skills based on new and emerging threats. Many have turned to continuous-learning certifications to keep up. While this can add indispensable skills for a technology or audit professional, those with an already full workload must understand it takes a significant time commitment to complete them. The following certifications are the most popular and relevant to the role: • Offensive Security Certified Professional (OSCP) • Certified Information Security Manager (CISM) • Certified Information System Security Professional (CISSP) • Certification in the Governance of Enterprise IT (CGEIT), offered by the Information Systems and Control Association (ISACA) Being the chief information security officer takes a varied skillset and continuous learning, and often employees perceive the CISO as just making their jobs harder with the policies and procedures they put in place. But the CISO can take great satisfaction in knowing the data breaches they help prevent are the reason there’s still a company to protect. Steve Hyde is chief information officer and director of information technology services at Schenck SC in Appleton. Contact him at 920-996-1292 or steve.hyde@schencksc.com.

On Balance

March | April 2018

The cloud is here! Now, where is it?

By Marc Staut

ecently, I was working with an accounting firm that wanted help in assessing their technology road map. They’d been hearing about the benefits of the cloud for years but weren’t sure they were ready to take the leap. They knew there were some advantages but couldn’t definitively list them, and the risks they’d heard were all worst-case scenarios and fears rather than reality. But with an impending server refresh to replace older and unsupported hardware looming, and the associated capital costs set to wipe out their IT budget, they wanted to reevaluate. They were surprised to learn how far “the cloud” has come. Many services they needed but didn’t think would be affordable (such as data protection services, real-time backups and versions and better remote access options) have been commoditized and are more accessible through cloud services. The costs and the security benefits were also very enticing to

On Balance

March | April 2018

them. Excitement built quickly, and they were ready to get started right away. Then the managing partner called me aside and said, “Great! The cloud is here! Now, where is it?” It’s a question a lot of people in the industry ask. Fortunately, like the firm I was working with, you have some options.

What type of cloud is right for you? There are generally three cloud categories organized around the location of the cloud: private, public and hybrid. But there are also newer terms that are coming into the discussion these days: “outsourced cloud” and “true cloud.” The nomenclature varies, as different people and companies have different definitions for some of the variables in each, but the general categories and descriptions that follow are enough to get everyone moving in the same direction.

wicpa.org

PRIVATE CLOUD “Private” comes from the distinction of the remotely located environment not being shared with any other companies or their data. In this scenario, the intention is to keep as much control and minimize as much risk as possible, while still providing some of the benefits and “feel” of being in the cloud. Often, the company moves servers and applications to a firm-controlled data center. This centralizes the data, making it easier to consolidate storage, run proper backups and plan for business continuity scenarios. Employees access the information either directly over the local network or through a variety of remote access tools, often including Remote Desktop Protocol (RDP), Citrix or VMware. Virtual private networks (VPNs) and information portals also are leveraged frequently. One of the misconceptions about building a private cloud solution is that it will be one of the most secure options available. In fact, it is considerably riskier for the firm from a security perspective. To gain the remote access benefits, the data must be accessible from anywhere. That makes it a target. And the security and compliance responsibilities still fall on the firm’s technology team, which often doesn’t have specialized security experts.

Another drawback of this setup is that it still requires a large amount of capital expenditure. Servers, storage, routers, bandwidth, licenses and repair warranties will all continue to be the responsibility of the firm. The private cloud may be cheaper and more efficient than a local distributed server system, but it doesn’t save nearly as much as people initially think. Note: This can also be done at one of the firm’s physical locations instead of a third-party data center. Private Cloud Pros

Cons

• Centralized data. • Virtualized systems. • Increased remote access. • Better disaster recovery/ business contingency (DR/BC) options. • Single tenant system.

• Large capital expenditures necessary. • Less savings than expected. • Firm still responsible for security. • Additional bandwidth needed.

PUBLIC CLOUD

HYBRID CLOUD

In this model, resources like storage, applications, connectivity, memory and processing power—the complete computing structure—are made available via the internet to anyone who subscribes to the services. Your firm’s data, while segregated and heavily restricted for accessibility and security, is stored on servers that house the data of other companies as well (multitenant). Due to the prevalence of encryption (in transit and at rest) and the capability to privately control encryption keys, this poses much less risk for data privacy and security than it once did. And because these are essentially distributed data networks, economies of scale keep costs low and scalable. Providing additional resources is simple and straightforward.

This model is the most common and can be any combination of on-premises, private cloud or third-party public cloud service integrations. The system is maintained by both the firm and the vendor, with each being responsible for some parts of the whole.

In our industry, we often see the public cloud offerings as a subscription to a specific application (Software as a Service). Examples would be GoSystem Tax RS or CCH Axcess. Public Cloud Pros

• Controlled costs; pay for what you use. • Increased performance over private cloud. • Scalable. • No capital investment in hardware or software. • Data security is provided by an expert team and is a priority.

wicpa.org

Cons

• No control over the infrastructure. • Multitenant. • Data may be located anywhere. • May have long service level agreements (SLAs).

Some services are migrated into either a private or public cloud, while others (particularly legacy systems or applications with low latency tolerances) might remain installed locally on site. An example would be outsourcing some functionality, such as backups to a data center or email to the public cloud, while retaining some localized services (like legacy or specialty applications) for performance or compatibility reasons. Hybrid Cloud Pros

Cons

• Can be done in phases.

• Leverages best-of-breed approach. • Can balance risk and accessibility.

• Keep legacy systems but gain some cloud benefits. • Take advantage of commoditized services with low entry barriers.

On Balance

• Extra effort needed to ensure compatibility between local and cloud-based systems. • Costs not completely controlled (capex and opex).

• DR/BC concerns must be addressed. • Can be worst of both worlds if done poorly.

March | April 2018

TRUE CLOUD

OUTSOURCED CLOUD

[Infrastructure as a Service (IaaS)]

One final variation is “outsourced cloud.” Leveraging this entails moving all server functionality off site to be managed by another company. Staff accesses all resources remotely, even when they are working from an office. Most applications and services are run in a virtual environment hosted by the provider.

This solution entails taking virtualized servers and migrating them directly into a high accessibility, payas-you-go computing environment such as Amazon Web Services (AWS) or Azure. This can be done by the firm to remove or reduce physical servers. Innovative IT teams leverage this method to move servers (data and applications) out of the firm and into the cloud when there is no vendor-provided cloud solution. The benefit of purchasing only physical computers must be weighed against the lack of physical accessibility. The only means of remediating any issues is through software management tools or the vendor’s support desk. The term “true cloud” may also be applied to software vendors who offer applications through a browser-based interface with no software download requirements. In concept, it should be the same experience on an iPad or a Chromebook as it would be on a Mac or PC laptop. An example of this could be Office 365 and Exchange Online residing in the public cloud based on the Azure environment. There is no hardware to buy, no servers or software to maintain, but no way to resolve issues except through the admin console or Microsoft support. Another example could be virtualizing an older on-premise-only tax application and migrating it into the Azure or AWS cloud where it can be accessed and used remotely.

The most common example of this is Xcentric, which specializes in providing this service to accounting firms. Outsourced Cloud Pros

• Everything is handled by the provider. • Simplified management.

• Support included.

• Built-in backup and disaster recovery.

• Costs are known and predictable. • Easy to get started with conversion help to their systems.

Cons

• Support times can vary.

• Updates need to be cleared and scheduled in advance. • Bandwidth needs must be provisioned and planned for properly.

• No internet = no access or applications.

True Cloud, or IaaS Pros

Cons

• Controlled costs: pay for what you use. • Scalable: easy to expand on demand. • Simplified provisioning.

• Multitenant.

• No capital investment costs.

• Back-end data security is provided at a very high level.

On Balance

• Less control over the location of the data: may be in any number of data centers. • May have long support SLAs.

• Biggest security risk remains your employees.

March | April 2018

The time has come to move your practice into the cloud. The benefits can be enticing, and there is a path forward for every firm. Once you’ve determined your tolerance for risk, available budget and project time frame, you can choose which of the cloud solution models you think will work best and start your journey into the cloud.

Marc Staut is principal and consultant at Boomer Consulting Inc. He can be reached at (785) 537-2358 or marc.staut@boomer.com.

wicpa.org

Everything you care about is in this house. Things your family just can’ t afford to lose. We can help you protect it with a Home and Highway® policy from West Bend. You’ll benefit from the convenience of one policy, one bill, one deductible, and one agency. And because you’re a member of the WICPA, you could also receive a discount on your annual premium.

To find out what else the Home and Highway has to offer, contact this Official Supplier of the Silver Lining. Professional Insurance Programs at (414) 277-0154 or info@profinsprog.com or to find an agency near you, visit thesilverlining.com.

wicpa.org

On Balance

March | April 2018

{ Fraud | Cybercrime and cyber insurance }

CYBER INSURANCE EQUALS RISK MITIGATION

By Randolph P. Johnston

On Balance

yberattacks are becoming more frequent, more invasive and more lucrative to bad actors. It’s not a matter of if your firm will have a breach of security, it’s simply a matter of when. While experts try to argue the merits and risks of using cloud providers versus premise-based solutions from a security perspective, all types of technology are vulnerable—from your mobile phone to your hosted or Software as a Service (SaaS) provider. An attack can cause significant expense to a business, including the cost of reporting required by compliance regulations, downtime and loss of data. Since we can’t be sure that all the efforts of your cybersecurity technology teams will keep the bad actors out, one way to mitigate your risk is to shift the risk of cybercrime to cyber insurance carriers. There are almost 100 providers of these policies today.

March | April 2018

wicpa.org

{ Fraud | Cybercrime and cyber insurance }

Public practice firms and industry businesses have a variety of regulations that must be followed for computer systems and computer-based records. For example, breach reporting laws exist in 47 states. These laws have driven recommendations to encrypt all data, whether in motion over the internet or at rest on a local drive, server or storage device. However, both Tennessee and Louisiana currently require reporting a breach even if the data is encrypted. Other regulations control personally identifiable information (PII), personal health information (PHI), or payment card industry (PCI) data that frequently exist in our client records or on our mobile devices. One defense you can implement is multifactor authentication (MFA). With the March 1 changes in PCI regulations requiring MFA as well as the requirement early in 2017 by the IRS to use MFA, and many banks and other financial institutions implementing MFA for larger or business accounts, the minimal best practice for security is shifting to MFA for most businesses. If you don’t have MFA or encryption, your risks increase—similar to the increased risks in the 1990s of not having a firewall or antivirus software. Consider security training at least annually and perhaps as often as four times per year. Instruction for team members on what to do or not do and how to recognize attacks will drive up awareness and, in turn, drive down your risk. This could include simple training, such as recognizing bad email, not clicking through links, making sure that antivirus software is running properly as well as how to report and respond to a suspected issue. You can use services that test your organization with social engineering as well as tools that run network vulnerability scans or external penetration tests. Studies have shown organizations that make cybersecurity a priority from the top levels of management have more security awareness throughout the organization and fewer security errors. Bad actors, whether they’re individuals, organized crime or state actors, have discovered that obtaining PII can be profitable when it allows them to access bank accounts, credit cards, retirement accounts, stock holdings and other monetary instruments. While the perception of many businesses is that bad actors only target larger players, anyone who is connected to the internet is a potential target. Automated cracking tools that can be obtained for less than $100 make this even easier. Automated tools identify specific targets with vulnerabilities, desirable characteristics for monetary gain and easy targets for infection. Malicious software can be planted that destroys live files and backups or simply transfers valuable data from your business to the bad actor. One type of malware, called ransomware, blocks access to a computer until a sum of money is paid.

wicpa.org

“It’s not a matter of if your firm will have a breach of security, it’s simply a matter of when.” The most effective attacks are the ones you never detect. If a breach occurs on your data and you have a reporting incident, industry standards suggest it could cost your company $250-500 per person. Consider if you do work for a business and obtain individuals’ records as part of that work. One project could result in hundreds or thousands of required breach reports. Ask yourself some questions: Have you confirmed your provider’s claim of having appropriate backups, security and other protections in place? Have you tested your restore capabilities, business continuity or disaster recovery plan, or reviewed your incident response plan lately? What about your internal controls? Have you reviewed the strength of your various controls and procedures? To counter the risks, insurance companies have begun to offer insurance to specifically protect against the threat of digital attacks. Most business owners purchase casualty and liability insurance to protect their business from unforeseeable risk. Cyber insurers either offer separate policies or riders that can be added to your existing policies to assist in the costs of reporting, forensics and litigation. The policies available and related premiums and coverage are still developing. As you review policies, listen to your underwriter but consider the cost of: 1) Downtime 2) Remediation 3) Forensics

4) Litigation 5) Reputation damage 6) Loss of data

Hopefully, your business will never be attacked or breached. However, with the simplicity of today’s attack tools, the value of business data and vulnerabilities in our various hardware and software systems, even if everything is perfectly implemented, there are no guarantees that your protection mechanisms will keep out bad actors. Cyber insurance can help you shift the risk of cybercrime. Randy Johnston is a shareholder in K2 Enterprises LLC, a leading provider of CPE to state CPA societies. He also owns Network Management Group Inc., a managed services provider of around-the-clock support. Concepts for this article were extracted from the Technology Update session produced as part of the 2017 K2 Technology Conferences and from Johnston’s experience. Email him at randy@k2e.com.

On Balance

March | April 2018

{ Technology | Business intelligence }

Business intelligence, banks and auditing: The future is now By Brian F. Tankersley, CPA.CITP, CGMA

S 34

ome of you might not want to hear this, but financial statements are outmoded as a tool for real-time tactical management and operational management information. The future will be reported in real time, and itâ&#x20AC;&#x2122;s going to require us to step outside the general ledger to lead into the future.

businesses lag large organizations in their adoption. For midsized organizations, the delay between when a transaction happens and when it is reported in the financial statements kills the utility of the information for tactical management of business processes in the 21st century.

While world-class organizations have been using business intelligence (BI) systems for decades, small and midsized

The truth is that old-school general ledger systems are much like the passenger facing backwards in a stretch limousine:

On Balance

March | April 2018

wicpa.org

{ Technology | Business intelligence }

“The future will be reported in real time, and it’s going to require us to step outside the general ledger to lead into the future.” They will always be looking backwards at what you just passed instead of seeing what’s coming through the driver’s windshield of CRM, orders and operations management. That’s why we need BI systems in addition to our accounting systems—so we can measure (and thus manage) the right things in our businesses. Accounting is still important for many types of decisions, such as investments, cash flow management, tax planning and many others. Accounting and financial pros should participate in and even lead those efforts in their organizations (unless you are willing to implicitly trust the sales, operations and IT departments of your organization to reconcile that data back to the accounting systems). As BI has grown in importance, new methods of extracting, transforming, loading and reporting on the data have been developed, and the cost and complexity associated with implementing a business intelligence solution have both dropped precipitously. While implementing a BI system is still challenging, it’s much more approachable than it was just a generation ago, when it required significant investments in hardware, software and personnel just to get started. Modern, self-service, cloud-based BI platforms like Microsoft Power BI, Tableau Online, and Qlik Sense Cloud allow users to use templated connections that pull data from a wide range of on-premises and cloud-based applications into data warehouses that run on shared computers in the cloud. For example, you can connect Microsoft Power BI to a wide range of data sources (such as Salesforce, Acumatica, QuickBooks Online, Sage 50, Xero Salesforce, Google Analytics, Adobe Analytics, most of the Dynamics 365 apps, Dynamics GP, Office 365, Asana, SmartSheet, SQL databases, Twilio, and ZenDesk) with your login and a little information in less than five minutes. And most connections come with a generic dashboard and an Excel-based report. If you have onpremises data, you can use a data connector to automatically upload your operations management information to Microsoft’s servers, or you can use Microsoft Power Query to extract it from most major database engines and then publish it to Power BI Online. It’s priced at $9.99 per month per user, with no up-front costs. Reports, dashboards and even Excelbased analyses can be published to web portals, consumed on personal computers or accessed on mobile devices while

wicpa.org

retaining the same interactivity and drill-down access to data that is available from your personal computer. This new “self-service” model for business intelligence has significant implications for the long-term future of auditing. When transaction details from accounting, CRM and operations management systems can be combined and stored on a third-party data store with easy access to external data feeds from e-mail, banks, credit cards and merchant accounts, it changes the game. This future will allow investors, directors and lenders to use the same BI systems used by management to analyze the activity surrounding the company’s operations and their collateral (usually inventory and accounts receivable) and, if permitted, they can get signs of unusual activity in near real time. With more and more organizations setting up electronic workflow tracking systems, the digital evidence trail associated with transactions could be analyzed in real time for any warning signs—before borrowings are permitted against questionable sales transactions or slow-moving inventory items. The data that is aggregated by such systems is also interesting, since the data ends up stored in a structured database format. Process workflow data with date and time stamps can be used to create data-based performance standards for business processes. These integrated data stores can lead to better measurement, fewer mistakes, more focus on operationalizing business processes, and more transparent organizations. While some believe that this “big data” is the new big brother, I believe integrated, structured data is a huge competitive asset that can be combined with continuous improvement for the benefit of accountants, managers, executives, companies and their investors and lenders. Are you and your organization ready for this new chapter in your future?

Brian F. Tankersley, CPA.CITP, CGMA, advises firms and companies on accounting technology issues. He has served as technology editor for a major accounting industry publication and currently teaches courses in the U.S. and Canada through K2 Enterprises. Contact him at 865-684-4707 or brian@bftcpa.com. Find his blog at CPATechBlog.com. © 2018 Brian F. Tankersley, all rights reserved.

On Balance

March | April 2018

{ Industry | Business continuity planning }

Business continuity/disaster recovery: Letâ&#x20AC;&#x2122;s cut to the chase. 36

On Balance

March | April 2018

wicpa.org

{ Industry | Business continuity planning }

By Sherry Jessen

oogle search “business continuity/disaster recovery plan,” and you’re likely to get hundreds of thousands of hits, all taking you in multiple directions and overwhelming you with statistics, considerations and preparation guidelines. You’ll find various articles, directives and expectations from organizations like the National Institute of Standards and Technology (NIST), Federal Financial Institution Examination Council (FFIEC) and the Federal Emergency Management Agency (FEMA). Additionally, you will find government regulations like the Health Insurance Portability and Accountability Act (HIPAA), guidance from standard-setting groups like the International Organization for Standardization (ISO) and more. There’s much to be shared on this topic, but this article will cut to the chase on the basic elements required for thorough business continuity and disaster recovery plan development. First things first. Too often, the terms “business continuity” and “disaster recovery” are misconstrued, and understanding the definitions is an integral first step in planning. It’s not uncommon to find an organization seeking guidance on writing a disaster recovery plan, when they are actually looking to write a business continuity plan (BCP). This begs the question, “What’s the difference?” - Business continuity is enterprise driven, focusing on maintaining and streamlining the recovery of the organization’s critical business functions, not just technology. - Disaster recovery is narrower in scope, focusing specifically on the preparation, continuation and recovery of the organization’s technology infrastructure to resume business operations. Disaster recovery is a subset of the organization’s business continuity plan.

“Set your business up for continued success.” threat scenarios. It considers scenarios for natural, technological and human threats that may not only affect the organization, but also customers and critical vendors.

Now that we’ve cleared up the nomenclature, below are the core fundamentals of a business continuity plan that also show how disaster planning is incorporated. These eight fundamentals may be condensed or titled differently depending on your industry regulation but, ultimately, you’ll find them referenced in almost all of the industry guidelines.

2. Business impact analysis (BIA) This step is the most crucial and beneficial building block for business continuity planning and prioritizing the recovery efforts. In performing a BIA, organizations can assess the value of each business function as it relates to the operations of the organization as a whole, so that optimal and efficient recovery can be achieved. Performing a BIA helps organizations operate on facts rather than assumptions. It identifies current and target recovery time objectives (RTO) and recovery point objectives (RPO) and shows where workarounds may be available.

1. Risk assessment A solid continuity plan begins by

3. Gap analysis and preventive controls Once your

assessing the organization’s greatest business exposures. In performing a risk assessment, an organization is identifying the most likely and impactful threats that could disrupt business operations. A risk assessment ranks potential business disruptions based on the likelihood, duration, and severity of

wicpa.org

organization has identified its greatest risks and set priorities and expectations for recovery, it’s vital to assess where the gaps exist. It’s time to examine strategies and consider the investments needed to further mitigate risks and reduce threats by implementing preventive controls.

On Balance

March | April 2018

{ Industry | Business continuity planning }

4. Policy statement Most organizations wouldn’t build

a facility or start a new venture without having a blueprint. The same can be said for building a BCP. A policy statement is the blueprint describing the specific guidelines for plan development. It provides clear direction and expectations to minimize the need for on-the-fly decision making. A policy statement should include terms for security, change control, communications, response and notification. It should also clearly define plan authority and responsibilities.

5. Plan development It seems like a lot of work just to

get started; however, up to this point there has been a lot of assessment and discussion, and important guidelines have been established. Now it’s time to incorporate those items into welldocumented procedures for executing priorities, delegating responsibilities and specifying the required resources. Procedures must be:

- Specific about when and how to implement.

- Focused on how to efficiently and effectively return to operations.

- Flexible in considering unanticipated threats and business changes.

- Effective at minimizing disruption and financial losses.

Organizations may want to consider focusing their plans on those threat scenarios that pose the greatest risk to critical business functions, such as:

the procedures well documented and easily executable? The best way to know is to test them, document the results and readjust the plan accordingly.

8. Plan maintenance Finally, don’t fall into the set-and-

forget trap. As long as an organization is thriving, technology and competition will continue to challenge business strategy and daily operations. The plan must be regularly evaluated, reformed and validated—indefinitely. Benjamin Franklin once said, “By failing to prepare, you are preparing to fail.” Set your business up for continued success. Don’t view planning as a burden performed in a silo and then shoved in a binder. Make it a critical business process that is collaborative, thorough, impactful and reliable in protecting your business. Sherry Jessen is a technology advisory & strategy manager for CliftonLarsonAllen LLP. Contact her at 319-558-0283 or Sherry.Jessen@claconnect.com.

KEEP YOUR BUSINESS WORKING Stop wondering What if … when you have customized procedures in place for disaster response.

- Unavailability or loss of critical resources: personnel, facilities, hardware, software or data. - Inaccessibility to third-party providers for: software, telecommunications, data or power. - Latency of network resources: data lines, phones, applications or websites. - Liquidity constraints: internally, vendors or customers.

6. Plan training To effectively execute any plan, staff

must be educated on plan procedures, responsibilities, and overall expectations. Training will raise awareness levels. It will help prepare staff before an event occurs, enhance their participation in required testing efforts, and support risk mitigation efforts by identifying plan gaps or considerations that may have been overlooked.

7. Plan testing What good is a plan that has never been

tested? About as good as a playbook that has never been executed. Plan resilience must be validated on a periodic basis. Are plans reliable? Are set RTOs and RPOs realistic? Are

On Balance

March | April 2018

Brian Pye 612-397-3139 | CLAconnect.com WEALTH ADVISORY | OUTSOURCING | AUDIT, TAX, AND CONSULTING Investment advisory services are offered through CliftonLarsonAllen Wealth Advisors, LLC, an SEC-registered investment advisor. 24-0132 | ©2018 CliftonLarsonAllen LLP

wicpa.org

{ Tax | Innovations and strategies }

wicpa.org

On Balance

March | April 2018

{ Tax | Innovations and strategies }

t’s no secret that innovative companies are adopting new technologies to be profitable and remain competitive. As a result, innovative technologies are changing the skills tax professionals and corporate tax functions need to be successful.

Mark Quiroz, CPA and

Doug Watson, CPA

In the next few years, tax service providers and corporate tax departments will need to embrace innovative technologies—such as tax data warehouses, data analytics, smart algorithms and robotic process automation—to streamline processes and integrate source systems with downstream tax reporting. The tax function of the future will manage tax risk with speed and quality and ultimately accomplish more with less.

How do you start the tax innovation journey? An effective tax innovation journey depends on the size and complexity of your business and should utilize a manageable, scalable approach. Successful tax functions generate increased value by combining best practices such as a holistic end-to-end process with innovative technologies using: • Tax data warehouses, which combine data from multiple sources, such as enterprise resource planning systems or Excel spreadsheets in a tax-sensitized format. • Robotic process automation (RPA) that gathers tax-sensitized information automatically and pushes good data to outcomes such as the tax provision, a tax return or quality data for planning purposes. • Smart algorithms and artificial intelligence, which analyze and interpret big data, making automatic decisions based on tax function policy or identifying transactions that merit tax professional review. • Data analytics and visualization technology that allow the tax function to prioritize transactions and perform high-value planning by focusing on the highest-risk transactions. Keep in mind, you don’t need to solve all problems at once. An easy update is to identify the number of offline Excel spreadsheets that could be automated to decrease cost and improve quality of data.

On Balance

March | April 2018

As you design your tax innovation strategy, it’s important to keep your goals in mind and avoid reinventing the wheel. When deciding which software to use, consider an all-in-one package such as Domo. These programs combine a tax data warehouse with tax-reporting requirements into a set of visualization metrics and dashboards that your tax leadership can use to enhance tax planning, build tax minimization strategies and develop whatif tax scenarios. An alternative approach is to use individual software products for each of the desired functions and combine them with internally developed applications. Whatever approach you use, consider how to integrate the software with your existing systems as you develop a meaningful business case.

Return on investment Successful tax innovation projects require stakeholder support and a compelling business case that clearly outlines the associated costs and potential return on investment. Costs may include consulting costs for helping design and implement tax innovation technology, software license fees for data analytics and RPA software. One example where innovative technologies were successfully utilized involved a client that was struggling to prepare federal tax returns on a timely basis. Through robotics, the client implemented a bot that was responsible for automatically retrieving each trial balance and populating the relevant data into the appropriate Schedule M-3 work papers and, in some cases, performing basic M-3 calculations. After the tax personnel reviewed the M-3 work papers and completed certain complex calculations, the bot then automatically populated the relevant fields on each tax return. Another example is multinational companies that are using planning software to forecast local country legal entity levels. The program calculates expenses and income for the local country and legal entity levels and then calculates taxable income estimates in each taxing jurisdiction. The end result is less variation between the quarterly tax rate and the year-end tax rate. In short, applying innovative technologies and best practices to your tax practice can increase efficiencies and create operational savings throughout your tax ecosystem. The short-term benefits include cost reduction and increased speed to close your books, while long-term benefits include tax risk management and high-value tax planning. Mark Quiroz, CPA, is a tax managing director, and Doug Watson, CPA, is an international tax director at Grant Thornton LLP. Contact Mark at 312-602-8093 or mark.quiroz@us.gt.com. Contact Doug at 612-677-5260 or f.douglas.watson@us.gt.com. Grant Thornton has three offices in Wisconsin.

wicpa.org

Thursday, May 10 at 5 p.m. Hilton Milwaukee City Center Join us for the WICPA’s signature event of the year to: • Honor 10, 25 and 40 year members.

• Present the 2018 Excellence Awards.

• Elect the 2018–19 Board of Directors.

• Enjoy dinner, drinks and networking.

Complimentary for WICPA members. Registration is required to attend.

PRSRT STD U.S. POSTAGE

The Magazine for Wisconsin CPAs

Wisconsin Institute of Certified Public Accountants W233N2080 Ridgeview Parkway, Suite 201 Waukesha, WI 53188 wicpa.org

PAID

Milwaukee, WI Permit No. 5845