The Washington CPA 2022 Winter by Washington Society of CPAs

THE

WASHINGTON CPA

Volume 65, Number 3

Shut Out, But Not Down! A Ransomware Response Plan of Action

WINTER 2022

Crypto Curious? What to Know Before Accepting Digital Payments Avoiding Social Engineering Scams & Fraudulent Wire Transfers

THE WASHINGTON CPA WINTER 2022

www.wscpa.org • memberservices@wscpa.org Tel 425.644.4800 902 140th Ave NE Bellevue, WA 98005-3480

BOARD OF DIRECTORS Thomas J. Sulewski Chair Sara E. Bailey Vice Chair Joyce Lee Treasurer Andrew Brajcich Secretary Jared M. Theis Immediate Past Chair Kimberly D. Scott President & CEO Aaron R. Dawson Lowel Krueger Sarah Funk Diane Pietrowski Norm Haugen Bryce Rassilyer Courtney Hirata Leslie Sesser Writu Kakshapti Bonnie Tse CHAPTER BOARD CHAIRS TBD Bellingham Area TBD Everett Area Darin Johnson Olympia Area Brittany Malidore Seattle/Bellevue Area Tara Lambert Spokane Area Jessica Packer Tacoma Area Anthony Adams Tri-Cities Area Connie Olson Tri-Cities Area Canada Segura Yakima Area Wade Helms Yakima Area

MAGAZINE PRODUCTION Jeanette Kebede Editor Kaitlin Brake Art Direction The Washington CPA is published by the Washington Society of Certified Public Accountants for its members. Views and opinions appearing in this publication are not necessarily endorsed by the Washington Society of CPAs. The products and services advertised in The Washington CPA have not been reviewed or endorsed by the Washington Society of Certified Public Accountants, its board of directors, or staff. The Washington CPA is published quarterly by the Washington Society of Certified Public Accountants, 902 140th Avenue NE, Bellevue, WA 98005-3480. $12 of members’ annual dues goes toward a subscription to The Washington CPA.

CONTENTS

On the Cover Crypto Curious? What to Know Before 11 Accepting Digital Payments Shut Out, But Not Down! A Ransom- 16 ware Response Plan of Action Avoiding Social Engineering Scams & 29 Fraudulent Wire Transfers

Spotlights CPE Tracker: Mandatory Step to 25 Renew Your License Thank You to Our 2021 Sponsors 26 10 Actions You Can Take Today to Be 34 More Inclusive at Work

Departments Leadership Lens 4 Membership News 9 Washington CPA Foundation 15 Upcoming CPE 22 WSCPA Peak Firms 27 Advocacy 31 Classified Ads 33

Periodicals postage paid at Bellevue, Washington and additional mailing offices. Cover Graphics Illustration: © iStock/Foxeel

@WashingtonCPAs POSTMASTER: Send address changes to The Washington CPA, c/o WSCPA, 902 140th Avenue NE, Bellevue, WA 98005-3480.

www.wscpa.org

The Washington CPA Winter 2022

LEADERSHIP LENS

Membership Value in a New Year Tom Sulewski

Welcome to a new year! Turning the page on the calendar is a natural time for us all to set both personal and professional goals. The hopes and opportunities that lie ahead for our organizations, our profession and our clients are tremendous. Achieving success in the coming year will again take focus, flexibility, and creative solutions to both known and unknown challenges. The WSCPA is here to help you every step of the way. Make it a goal this year to not only renew your own membership, but to invite a peer to join us and to actively engage. The rewards and benefits are many:

Advocacy – Protecting our profession from regulatory changes and external risks are primary concerns for many firm leaders today. The WSCPA has an active and effective advocacy team working on our behalf. They currently are monitoring several topics, including Washington State Board of Accountancy rule changes related to the revised CPA exam, the CPA-inactive bill, DOR and capital gains taxes, and licensing regulations getting traction at the state and national levels. Networking and Resources – During challenging times like the past two years, we have relied on the best practices and idea sharing of our peers more than ever. The WCSPA is your connection to resources on current topics through the Connect Community, Knowledge Hub, Job Board, and Coronavirus and Mental Health Resource Centers. Chapter and membership events are tremendous opportunities to build relationships with other professionals from different regions of the state to share ideas and common challenges. Student Pipeline – As the “great resignation” sweeps through the economy, our profession is not immune to its impacts. It is more important now than ever to be investing in the student pipeline to our profession and the WSCPA takes a leading role in that effort. The annual awards of more than 80 accounting scholarships across multitudes of universities in our state help develop the future CPAs for our firms. You can contribute to a named scholarship, join the application review committee, and share the opportunity with students and interns in your firm or network. The WSCPA student engagement programs with Beta Alpha Psi programs actively promote the profession to students seeking employment.

The Washington CPA Winter 2022

www.wscpa.org

LEADERSHIP LENS

Diversity and Inclusion – The WSCPA is fully engaged in expanding the diversity in our profession. Board-level training programs and delivery of our 2nd annual Diversity & Inclusion Conference for 2022 are key initiatives to help our members develop DEI initiatives that can be implemented in their own organizations. We’re grateful to the members who have joined our newly established DEI Council, which will play an integral role in this essential work. Through the Washington CPA Foundation, there are new opportunities for DEI action including scholarship programs targeted directly at community college students and grants to organizations with programs or events designed to improve the diversity of the CPA pipeline in Washington. Education and Training – Your membership includes discounts on continuing education to keep you up to date on current standards, new technologies, and new programs. Take advantage of webinars, conferences, webcasts, Season Tickets, Coupons and the Prix Fix CPE Series offerings. Peak Firm – If you are a firm leader, help us engage with your firm more broadly by becoming a Peak Firm. A Peak Firm enrolls 100 percent of its eligible staff as WSCPA members. Peak Firms enjoy exclusive membership benefits, a single renewal invoice, free Passport Corporate cards, and recognition with a specialized logo to acknowledge your commitment to your people and our profession. Join the nearly 40 firms currently enjoying the benefits of Peak Firm investments as we enter a new year.

www.wscpa.org

From a personal perspective, the connections I have made through my engagement with the WSCPA have been incredibly helpful professionally. New challenges faced with the pandemic, diversity and inclusion initiatives, and staffing and recruiting pipeline concerns are just a few examples for which I was thankful to have WSCPA program support. The professionals I have met through membership events, board participation, and committee work have not only been valuable sounding boards, but many have become lifelong friends. It’s an honor to be associated with all of you in this profession. We value your membership and look forward to actively connecting with you in 2022. Tom Sulewski, CPA, is the shareholder in charge of the audit department for Clark Nuber PS and WSCPA Chair. You can contact Tom at tsulewski@ clarknuber.com.

The Washington CPA Winter 2022

LEADERSHIP LENS

YOUR OFFICE OF THE FUTURE Kimberly Scott

Virtual or Hybrid World Many offices went virtual at some point during the pandemic, and according to industry surveys and what I’m hearing from firm leaders, most offices appear to be considering maintaining a hybrid working model moving forward. This has created many new challenges and benefits. Perhaps the most significant benefit for staff is the time gained due to the lack of commuting every day. Many have also taken this opportunity to move out of the city or to other locations, allowing more choices in their work-life structure. If we compare member addresses from pre-COVID to now, there is a noticeable difference in where members are living based on chapter area. During the pandemic, many staff combined work with a vacation or travel, often for a month or longer. Whether this trend will continue is unknown, but it is unique. These benefits appear to be extremely valuable to employees and are pursued by those who are considering new opportunities.

Typically, when you see a title or headline that mentions the office of the future, it is focused on technology. While technology is absolutely key to any office, there are many more variables related to the office of the future which are keeping CPAs up at night.

your organization, as the cost of living and wages in our state are higher than other areas. Although the benefits are enjoyed, the challenges seem to be growing. Last fall a group of partners from small, mid-sized and large firms shared the challenges that were keeping them up at night. Technology remains a top consideration. Cyber security is a tremendous concern with staff working in multiple locations.

For organizations, virtual or hybrid operations offer the opportunity to reduce their footprint or move locations and cut overhead office costs. This is not unique to firms, as the Puget Sound Business Journal has reported that many organizations are decreasing their office size. Another benefit to firms is the ability to look outside of the immediate location to hire. I have heard from firms of all sizes in our state that they have new staff living and working in other states. This can give a competitive edge if it works for

The Washington CPA Winter 2022

www.wscpa.org

LEADERSHIP LENS

However, finding software that meets the needs of the office and clients, while being easy to learn and use, and yet able to incorporate the complexity of the laws often feels like a unicorn. Most are excited that technology has allowed us to create a mobile workforce, yet almost all felt it was also overwhelming.

Staffing & Training So what is the biggest challenge keeping everyone up at night? Nearly unanimously everyone stated STAFFING. There is a definite labor shortage in the current job market and in the pipeline. However, it goes beyond a current shortage; burnout, training and making staff feel connected all seem more critical than ever. The mentoring and training that historically took place in the office is not happening. Many expressed that ensuring proper training and skills enhancement in this virtual environment feels like a new experiment.

The CPE Pipeline While CPE and training along with peer group discussions can help with many of these issues (and if you want to join a WSCPA resource group, please contact us), there is an issue we all need to work on together to make progress—the

candidate pipeline. The CPA profession provides opportunity for individuals and protection for the public. It is also unknown to many students. State societies, the AICPA, NASBA and educators are all working together on the CPA Evolution as well as trying to get accounting considered part of STEM. As a CPA, you understand that technological skills are necessary today in order to understand businesses and to help enable them to thrive. Connecting with schools in your area to participate in career days is a great way to get involved. Many professionals say they learned about the CPA profession from a family member or someone who came to their school. You also can learn about, support, and/or volunteer for the Washington CPA Foundation, which provides more than $500,000 a year in scholarships to accounting students from community college through Ph.D. programs. The Foundation also provides grants to organizations increasing the diversity in the CPA pipeline (see page 15 for more information). The experiences of the last couple years are unique to our place in history but are shared by us here today. While many of the challenges of the office of the future feel overwhelming, I am confident that we can collaborate and help create positive outcomes for these challenges that are keeping the profession up at night.

Kimberly Scott, CAE, is President & CEO of the Washington Society of CPAs. You can contact Kimberly at kscott@wscpa.org. Illustration: © iStock/KIT8

www.wscpa.org

The Washington CPA Winter 2022

MEMBERSHIP NEWS

Save the Date for the WSCPA Annual Meeting June 9 | 1 CPE Credit

Kick Off the New Year by Sharing Your Skills! Check Out the Volunteer Opportunity Board. Have an opportunity to submit? The WSCPA volunteer opportunities board is a complimentary service for bona fide not-for-profit organizations in need of pro bono work by a CPA or looking for CPAs to serve on their boards of directors. Learn more at wscpa.org/volunteer

Find a CPA - Free WSCPA Resource! Enroll your firm in the Find a CPA directory! Help prospective clients find your firm through an easy, interactive, and searchable directory, at no charge to your organization.

Utilize your Passport Corporate Card to save big in 2022! • • •

WallyPark: 30% off online rates at all WallyPark national locations including two SeaTac locations. Total Wine & More: Save 15% on 750ml and 1.5L wine. Save 10% on beer singles. Regal Entertainment Group: Save over 20% off movie tickets nationwide.

Visit wscpa.org/passport for more discounts.

Looking for Your Next Big Break? Peruse the WSCPA Job Board. Looking for talent? The WSCPA Job Board receives hundreds of visitors a month, all looking for new and exciting career opportunities. Post your opening and be seen by some of Washington's finest finance professionals.

Explore the directory at wscpa.org/find-a-cpa Learn more at wscpa.org/job-board

www.wscpa.org

The Washington CPA Winter 2022

CRYPTO PAYMENTS

CRYPTO CURIOUS? What to know before accepting digital payments They can help lower transaction fees, but plenty of due diligence is still required. Chris Baysden Once primarily the financial darling of tech geeks and the dark web, cryptoassets such as bitcoin and dogecoin have emerged as household names in the past few years, thanks in part to extensive media coverage of their rollercoaster valuations. All the exposure — especially with a big business name such as Elon Musk repeatedly making investment waves — may have more companies than ever wondering if they should join the crypto club. So what do crypto curious finance departments need to know when deciding whether to accept bitcoin and its digital brethren? This article breaks down key considerations CGMA decision-makers should keep in mind regarding accepting crypto payments. (Editor's note: The potential perks and pitfalls of corporate crypto investments are legion and beyond the scope of this article.) Accounting technology consultant Amanda Wilkie notes a number of potential advantages to taking payments in cryptoassets. At the top of the list, cryptoassets provide users with the opportunity for real-time settlements, lower transaction fees, and a way to generate revenue across borders without having to deal with currency conversions.

www.wscpa.org

DAYS OF FUTURE PAST Bitcoin, introduced in January 2009, is the oldest and by far the most widely used cryptocurrency, with a market cap north of $800 billion as of this writing. Ether is a distant second to bitcoin but still considerably more popular than tether, dogecoin, and the rest of the thousands of cryptoassets on the market. Wilkie thinks getting into cryptoassets now — a little over a decade into their development — can give companies a competitive advantage akin to the one that some tech-savvy companies gained in the early days of the internet. Whether for those reasons, or simply to attract more tech-savvy customers, many companies have dipped their toes into the crypto waters. AT&T, Microsoft, Rakuten, and Sotheby's are among the big names that accept crypto payments. But the

The Washington CPA Winter 2022

CRYPTO PAYMENTS use of crypto isn't limited to large multinationals. In the US alone, about one-third of small and medium-size companies accepted payments in cryptocurrency, according to a January 2020 study funded by HSB, a subsidiary of insurance giant Munich Re. "The intro into accepting crypto is becoming much easier," noted Wilkie, who is based in Alexandria, Virginia, in the US and works at Boomer Consulting Inc. "You don't have to spin up mining rigs." That's a reference to bitcoin mining, in which miners compete to validate and add a block of transactions to a blockchain. The miners compete through the use of a computer to solve complex equations, and the winning miner is then entitled to transaction fees and/or a block reward (that is, newly created bitcoin).

"We have to make sure the funds are good," Sterk said. "Nobody stays in business long selling free gold."

"Companies first should investigate whether there is existing consumer demand for paying in crypto — or if accepting crypto might attract new clientele."

The inner workings of cryptoassets and blockchain can seem opaque to nontechies with its talk of tokens, wallets, and hashes. Even its origins are shrouded in mystery, with no one really sure who is behind the alias of bitcoin creator "Satoshi Nakamoto".

PAYMENT PROCESSORS CAN HELP But Wilkie says companies don't need to understand the technological minutiae if they use a payment processor, which can accept payment in various cryptoassets and then convert it to a fiat currency before it even hits the company's books. Companies can choose from among many crypto payment processors. One of those, BitPay, has been used since November 2017 by APMEX, based in Oklahoma City, Oklahoma, in the US — a company that sells coins and precious metals to retail investors and collectors. Since signing up with BitPay, APMEX has conducted $93 million in crypto transactions, with those deals typically making up about 3% of the company's annual sales. One benefit of using a crypto payment processor is the speed, said APMEX CFO Doug Sterk. BitPay

deposits US dollars into APMEX's account within one day after receiving the payment in bitcoin or another cryptocurrency. This allows his company to quickly send out the goods to buyers instead of having to wait for a cheque to arrive and to clear the bank.

The Washington CPA Winter 2022

Sterk also likes that the fee he pays to BitPay is only around 1% of the transaction. By contrast, credit card processing fees are typically 1.5%–3.5%, according to Bankrate.com. Companies also can pay 4%–6% fees for international wires, noted Jagruti Solanki, CPA, CGMA, the CFO of Atlanta-based BitPay. Solanki, whose company processes about $1 billion in transactions annually, adds that there is no risk of chargebacks. That's another major plus for CFOs such as Sterk. "That chargeback is a four-letter word," he said.

DUE DILIGENCE STILL NEEDED While using a payment processor can help to mitigate many risks, companies still must perform due diligence before accepting crypto payments.

Companies first should investigate whether there is existing consumer demand for paying in crypto — or if accepting crypto might attract new clientele. Then, companies need to do their homework when picking a processor to make sure that it is reputable and its technology systems are secure. Companies also still need to practice the KYC, or "know your customer", philosophy. Since crypto can be harder to track than, say, bank transactions, it's crucial to ensure you aren't dealing with money launderers or entities with financial sanctions. There's another consideration for giant companies: That 1% processing fee can go to almost zero if a company builds its own processing capabilities, said Howard Greenberg, president of the American Blockchain & Cryptocurrency Association (ABCA), a trade association based in Washington, D.C. For that reason, it may make sense for companies that engage in an enormous number of transactions to build their own payment collection system. Building your own processing system obviously entails additional upfront costs, as well as specialized technology skills. Therefore, it is less likely to make sense for small or even midsize organizations. "There is still a technological barrier to entry," added ABCA board member Ted Kowalsky.

www.wscpa.org

CRYPTO PAYMENTS

Operating without a payment processor also entails more than just cybersecurity challenges, especially for finance departments. First is the volatility — cryptoasset valuations can change quickly. Companies that keep crypto on their books as part of their cash flow strategy could see wild swings in its worth and should address that in their risk management strategy. For companies using a payment processor like BitPay that accepts crypto on behalf of the company's customer and settles to the company in fiat currency, the tax and accounting is no different from the way they record transactions today — there is no impact of cryptocurrency on the company's books. Companies holding cryptocurrency or receiving cryptocurrency must keep track of the cost basis of the asset and calculate realized losses and gains. This could be complicated by the fact that there is a dearth of guidance in some countries regarding how to treat gains and losses. "It can be an accounting and tax nightmare if it is not done properly from the start," Solanki said.

Chris Baysden is an FM magazine associate director. You can contact Chris at Chris.Baysden@aicpa-cima.com. This article originally appeared in FM magazine. ©2021 Association of International Certified Professional Accountants. Used with permission.

Background Graphics: © iStock/filo People Illustrations: © iStock/topvectors

"For a company to implement all of this from scratch, this is not an easy lift."

Set Sail on the CPA Seas With a $5,000 Accounting Scholarship!

New this year! The Washington CPA Foundation is excited to announce our new $2,000 Associate Scholarships for rising freshman and sophomores. Learn more at wscpa.org/aa-new.

WILL YOU BE 1 OF 75?

The Washington CPA Foundation is excited to be able to offer nearly $500,000 in scholarships for students in Washington State. The number of scholarship recipients typically exceeds 75 students.

AWARD AMOUNT $5,000 - $10,000*

* $10,000 scholarships for master’s / PhD candidates

Help Us Give Away Nearly $500,000 in Accounting Scholarships!

APPLICATION DEADLINE

February 14, 2022

APPLY NOW! WSCPA.ORG/CPASEAS

BECOME A SCHOLARSHIP REVIEWER TIME COMMITMENT 15-20 hours

QUESTIONS? 425.644.4800 foundation@wscpa.org

Scholarship applications are reviewed in your home or office through our secure, online portal with a provided scoring matrix and guidelines.

For more information and to sign up, please contact Benjamin Warren at bwarren@wscpa.org.

$5,000

WASHINGTON CPA FOUNDATION

Washington CPA Foundation Report: Focus on Diversity Monette Anderson

The Washington CPA Foundation is committed to promoting diversity in the accounting profession. In 2016, the first year of the Washington State Board of Accountancy scholarship partnership, only 17 percent of scholarship applicants identified themselves as diverse (with 34 percent as Caucasian and 46 percent unidentified). In 2021, 40 percent of Washington CPA Foundation scholarship recipients selfidentified as diverse applicants. We believe the two largest contributors to this change have been on-campus marketing and changes in how we solicit this data from awardees (pre- and post-award surveys). The Foundation is opening a new scholarship award category focused on Washington CPA Foundation Awardees Self-Reported Diversity students working on associate or 2-year transfer degrees or pathways in Asian 22% Washington. Due to Caucasian 58% this change, we can introduce students Hispanic 9% to scholarships and WSCPA career and Black 5% mentoring resources Middle Eastern 4% earlier in their education Other 2% journey. In doing so, we

www.wscpa.org

can continue to impact the profession's pipeline of diversity and offer students increasingly stronger scholarships and additional resources as they advance their education and enter the accounting workforce. Currently, the Washington CPA Foundation has two contributors offering diversityfocused awards for Black accounting students. Last year DP&C approached WSCPA to offer a Black Accounting Scholarship. The first scholarship was awarded in April 2021. This year, we are pleased to introduce a new scholarship fund; the Bill Reed Family Scholarship will support Black accounting students at the associate level with a focus on applicants from community colleges. The above information is a reminder of how far we’ve come in breaking down barriers for all students to access education, and we recognize there is still much work to do. Part of that work is ensuring the scholarship review committee, comprised of WSCPA member volunteers, represents the diversity of our membership and scholarship applicants. Any member with the time and willingness to volunteer to review applications from February through March is welcome to join the review team. If you also identify with an underrepresented demographic in the accounting profession, your experience and perspectives are incredibly valuable. We hope you’ll consider joining the review team this year.

Monette Anderson is the WSCPA Director of Membership. You can contact Monette at manderson@wscpa.org.

The Washington CPA Winter 2022

Photo: © iStock/averess

Forty years ago, the American Institute of CPAs recognized the need to support people of color in the CPA profession, yet the profession has struggled to make meaningful progress during the last 10 years. While African Americans and Hispanics comprise 30 percent of the US population, 14 percent of enrollees in accounting programs and only four percent of partners in the profession (as reported by the American Institute of CPAs) are African American or Hispanic.

SECTION TITLE

Shut Out, But Not Down!

A Ransomware Response Plan of Action First reported in 1989, ransomware attacks are clearly not a new phenomenon. In 2020 alone, more than 2,000 cases were reported to the Internet Crime Complaint Center (IC3) with victims experiencing losses of more than $29 million. President Biden has called these attacks a threat to our national security and has made it a priority to stop them. If you find yourself the victim of a ransomware attack, what should you do? This checklist will explain how to respond to a ransomware incident and get on the road to recovery. This information is not intended to dissuade you from taking proactive steps to prevent a cyber ransom attack. Make sure that you are following best practices for keeping your data safe, such as keeping your computer operating system current, backing up data, staying aware of the latest security threats, investing in insurance, and having a response plan. The advice here is presented as a guide and should be implemented while consulting with IT professionals experienced in handling ransomware attacks, insurance experts, and legal counsel.

The Washington CPA Winter 2022

www.wscpa.org

SECTION TITLE

AM I A VICTIM OF A RANSOMWARE ATTACK? Ransomware is a type of malware (short for malicious software). It is installed by cybercriminals to prevent access to, or lock, a computer’s data. The criminals demand money or ransom from the victim in exchange for release of the data.

In some cases, you may notice files with names that are suspicious, or you may not be able to open your files. If your computer has a virus scanner, the antivirus scanner may sound an alarm.

www.wscpa.org

The Washington CPA Winter 2022

Graphic: © iStock/Foxeel

When you are a victim of a ransomware attack, your computer screen typically goes blank. There isn’t a way to access any menus or files. A cryptic message appears on the screen that says your computer will be unlocked or your files will be decrypted after you pay a ransom. Sometimes the cybercriminals will contact you and present their demands.

CYBERSECURITY

HOW TO RESPOND TO AN ATTACK coverage for every computer/system)? Is the payment of ransom included? What supplements are included?

IMMEDIATE RESPONSE STEPS If you suspect a ransomware attack has occurred, it is essential to prevent the ransomware from spreading and enlist the assistance of trained experts right away. TIP: Communicate via phone calls (that are not connected to your primary network connection) to avoid tipping off cybercriminals that the infiltration has been discovered.

◊

Find out your insurance company’s approved ransomware-response vendors that are covered under your policy.

◊

If you are interested in using a vendor, such as an IT vendor, outside of the approved vendor list, inquire about the process for getting non-approved vendors approved before using them.

1. Reach out to your IT team or a cybersecurity expert. Take a photo or screenshot of the message on your screen (or of the evidence that tipped you off to the existence of the ransomware).

Photo: © iStock/Morsa Images

Unless you are particularly savvy with information technology systems, immediately call your IT team or an expert for assistance with steps 3-5 below. For a technical checklist written for IT professionals, refer to part 2 of the CISA MS-ISAC Ransomware Guide (https://www.cisa.gov/sites/default/files/ publications/CISA_MS-ISAC_Ransomware%20 Guide_S508C.pdf).

If you do not have insurance, you will probably need to hire a ransomware expert directly. Contact the vendors provided by your insurance company and determine scope and budget of hiring the expert. TIP: If someone tries to sell you new systems to replace the compromised systems, be aware that it is unlikely that such systems will be covered under your insurance policy. Likewise, if someone offers to restore your data or decrypt a ransomware attack, be wary of this offer and expect that such services will not be covered under insurance.

3. Isolate your computer

2. Contact your insurance agent and your carrier. Complete this step concurrently with step 3.

Your agent will assist you in identifying the services which are covered under your policy. Depending on your policy and the breach, those services could include access to IT security and forensic experts, media relations assistance, notification to clients, and/or remediation services. ◊

Even if you do not believe that your insurance covers ransomware, still inform your agent of your situation. Your agent may be able to recommend trusted forensic vendors that you can contact for assistance.

Explain the situation and ask what your policy covers and does not cover. If ransomware attacks are covered by your policy, what are the limits of the coverage (typical coverage is $25,000 worth of

The Washington CPA Winter 2022

Because it is not possible at this point to gauge the extent of the infiltration, it is essential to disconnect your computer entirely from other computers and limit external connections to your computer. This will prevent the ransomware from spreading further. ◊

Disconnect from networks

◊

Unplug your internet connection

◊

Turn off WIFI/wireless network connections

◊

Turn off Bluetooth connections

◊

Shut down VPN remote desktop protocols

◊

Remove any USB or external hard drives

◊

Allow only trusted IPs

◊

If you are able to identify the bad IP, change firewall rules to block it

◊

Change your router password www.wscpa.org

CYBERSECURITY If connected to a network, determine which systems were impacted and isolate all of them using the steps above. If possible, take the network offline at the switch level.

Photo: © iStock/Laurence Dutton

If you are unable to disconnect the computer from the network, turn the computer off to avoid further spread of ransomware infection. In this situation, other computers on the network should be shut down also.

FORENSIC INVESTIGATION & ANALYSIS In order to determine the type of ransomware, the extent of infiltration, and steps for recovery, a forensic IT expert should conduct an investigation, including steps 4-6 below. Expect this to take 10-15 days.

1. Preserve ransomware evidence There are different types of ransomware. In June 2021, the FBI reported that it is investigating 100 different variants of ransomware.i In order for forensic experts to be able to properly investigate and know which type of ransomware is at play, preserve evidence that is accessible to you and turn it over to your forensic expert. The expert will review the system, gather and take screenshots of all evidence, and use a program to clone your hard drive. Your insurance company and law enforcement may be interested in reviewing the following items as evidence: recovered executable file, copies of readme file (do not remove the file), live memory (RAM) capture, malware samples, encrypted file samples, images of infected systems, ransom notes (with file naming scheme), ransom details (amount and whether paid), bitcoin wallets used, and communications with the attackers.ii

◊

Whether your data was compromised or stolen. If it is concluded that data (on any affected computers, servers or cloud storage locations) has been compromised or stolen, you will need to determine whether data of your customers, clients, or employees has been breached. You must also determine what, if any, legal requirements you must observe, such as notification requirements. For additional guidance on dealing with a data breach, refer to the FTC’s Data Breach Response: A Guide for Business (https://www.ftc.gov/tips-advice/businesscenter/guidance/data-breach-responseguide-business). For Washington State security breach notification requirements, refer to RCW 19.255.010, RCW 42.56.590. Keep in mind that notification requirements are time-sensitive.

◊

How the ransomware got into the system. It is possible to determine whether the attackers gained access via unsecured remote desktop ports; weak passwords; phishing emails with malicious attachments or links; operating system vulnerabilities; or out-of-date, unpatched software, servers or firewalls. Knowing how the system was infiltrated will enable you to correct vulnerabilities (see return to operations below) that led to the attack on your system.

◊

How and when to completely eradicate the ransomware. Once the system is evaluated and all evidence is documented and preserved, the ransomware should be removed from the system by running anti-malware software. How effective anti-malware software will be in removing the malicious software depends on the type of ransomware on your machine. Removing the ransomware ensures that the malware is unable to continue doing harm to your device. It does not recover or unlock your encrypted files.

2. Determine the extent and impact of the attack The forensic IT experts will review available evidence to determine the following: ◊

The type or strain of ransomware involved in the attack. Though there are many ransomware variants, they can be divided into two main strains: Strain that only encrypts data – This is the more traditional strain. Data is more likely to be restorable when this strain is involved. Strain that encrypts and also downloads your data – This strain is increasingly common.

www.wscpa.org

The Washington CPA Winter 2022

Photo: © iStock/gorodenkoff

CYBERSECURITY

3. Evaluate recovery options ◊

2. If you pay the ransom

Determine whether your affected data can be restored from backups. Because some ransomware may encrypt backups, be sure that backup data has not been affected by the ransomware. If sufficient backup data exists, use the backup to restore your data. This eliminates the need to negotiate with the ransomware attackers.

◊

Your insurance company and forensic expert should be involved with the process of paying the ransom. Reaching out to the threat agents alone is not advised.

◊

Negotiate for a lower ransom amount, but do not reveal to threat actors that you have insurance. Insist that you’re incapable of paying the requested ransom.

◊

If backup data does not exist, is it possible to compile data from other sources (email records, attachments, hardcopy records)? Evaluate the effort required to restore your affected data in this manner.

◊

Ensure that the threat actor is not a known terrorist or illegal organization on the federal government’s non-pay list. The insurance company will conduct a background check on the threat actors.

◊

If you are unable to restore data from your backups or recrate the data, consider whether to pay the ransom to decrypt or gain access to your files.

◊

Ransom Considerations

Insist on a “try before you buy” plan whereby the threat actors must decrypt two files to demonstrate that they are capable of decrypting your files. TIP: The IRS offers no formal guidance on ransomware payments, but if an insurance company doesn’t make the payment for you, your ransom payment may be deductible as an ordinary and necessary business expense.iii

Your insurance company and forensic expert will be able to provide guidance as you make decisions related to paying a ransom.

1. Decide whether to pay ransom

◊

The FBI advises against paying the ransom. In their view, paying a ransom encourages further criminal behavior and does not guarantee that a victim’s files will be recovered. Consider the costs. Typical ransomware fees include $15,000 per IP, $5,000 for dealing with the threat actor, and the cost of hiring an assistant to make the payment transaction. Depending on how much of your data has been affected, the typical downtime for recovering data can be weeks to months.

3. Executing ransom payments ◊

Ransomware attackers typically request ransom payments in bitcoin.

◊

The attacker typically will provide instructions on setting up bitcoin wallets and procuring bitcoin.

◊

Your insurance company should be able to provide guidance on how to pay and recommend a crypto broker, such as DigitalMint.

There is no guarantee that the attackers will restore the data. On the other hand, some believe that this type of criminal has a reputation to maintain (they want to be known as someone who will uphold their word and unlock the files when paid according to their terms).

The Washington CPA Winter 2022

Photo: © iStock/dem10

◊

www.wscpa.org

CYBERSECURITY

Recovery and Post-Incident Review

2. Return to Operations ◊

A full forensic investigation will have uncovered vulnerabilities that need to be addressed in order to prevent future attacks from occurring. Address those vulnerabilities completely and invest in any security enhancements as advised, even if they are not covered by your insurance.

◊

Do a sweep of all systems to make sure no remaining malware is on the system.

◊

Conduct a 360-degree analysis of the attack. This is essential to ensuring you are positioned to resist future attacks. Questions to consider:

In order to recover completely from a ransomware attack and help prevent a future incident, invest in the time and resources needed to complete the following steps.

1. Notify authorities Victims of ransomware should file a report with the local police within 30 days. The Federal Bureau of Investigation urges victims to also report incidents to: ◊

Local federal law enforcement field office 206.622.0460 | seattle.fbi.gov

◊

Internet Crime Complaint Center (IC3) https://ic3.gov/Home/Ransomware

◊

National Cyber Investigative Joint Task Force (NCIJTF) CyWatch 24/7 support 855.292.3937

◊

Cybersecurity & Infrastructure Security Agency (CISA) www.us-cert.gov/report

Authorities will be able to share resources and information on how to recover. Reporting ransomware incidents provides investigators with critical details needed to track ransomware attackers, hold them accountable under U.S. law, and prevent future attacks.

•

How did the assailants access the system?

•

How could it have been stopped?

•

Did you have a proper backup system in place?

•

Was the proper client data encrypted?

•

What malware protections do you need to install going forward?

•

Which vendors and partners touch your network in some way? Review all connections to the network and ensure vulnerabilities are addressed.

•

What gaps in staff training need to be fixed? Invest in a staff education program.

Special thanks to Joe Salpietro, Senior Global Director of Cyber Claims, Cyber Scout, for contributing to this resource. Notes: i. “FBI says it is investigating about 100 types of ransomware – WSJ,” Reuters, June 4, 2021, https://www.reuters.com/technology/fbi-saysit-is-investigating-about-100-types-ransomwarewsj-2021-06-04/ ii. Ransomware Guide, September 2020, Cybersecurity & Infrastructure Security Agency (CISA) Multi State Information Sharing & Analysis Center® (MS-ISAC®), https://www.cisa.gov/sites/default/files/ publications/CISA_MS-ISAC_Ransomware%20 Guide_S508C.pdf, page 12 iii. “Hit by a ransomware attack? Your payment may be deductible,” ABC News, June 19, 2021, https://abcnews.go.com/Business/ wireStory/hit-ransomware-attack-paymentdeductible-78373692

Additional Sources: •

•

Ransomware Fact Sheet, IC3, https://www.ic3. gov/Content/PDF/Ransomware_Fact_Sheet. pdf Ransomware: What It Is & What To Do About It, Department of Justice, https://www.justice. gov/criminal-ccips/file/872766/download

www.wscpa.org

•

CISA Ransomware Resource Page, CISA, https://www.cisa.gov/stopransomware

•

Ransomware Guide September 2020, MSISAC®, CISA®, https://www.cisa.gov/sites/ default/files/publications/CISA_MS-ISAC_ Ransomware%20Guide_S508C.pdf

• •

•

“What is ransomware forensics?” Proven Data Recovery, https://www.provendatarecovery. com/blog/preserve-ransomware-evidence/

•

“Ransomware Outbreak,” CISA, https://www. cisa.gov/publication/ransomware-outbreak

“Top 6 Ransomware Incident Response Actions,” Proven Data Recovery, https:// www.provendatarecovery.com/blog/top-6ransomware-incident-response-actions/

•

Cybersecurity for Small Business/Topic Ransomware, FTC, https://www.ftc.gov/tipsadvice/business-center/small-businesses/ cybersecurity/ransomware

“Ransomware protection: how to keep your data safe in 2021,” Kaspersky, https://usa. kaspersky.com/resource-center/threats/ how-to-prevent-ransomware

•

“What it’s really like to negotiate with ransomware attackers,” CNN, https://www. cnn.com/2021/07/13/tech/ransomwarenegotiations/index.html

“Removing ransomware | Decrypting data – how to kill the virus,” Kaspersky, https://usa. kaspersky.com/resource-center/preemptivesafety/ransomware-removal

•

“Ransomware Attacks and Types – How Encryption Trojans Differ,” Kaspersky, https:// usa.kaspersky.com/resource-center/threats/ ransomware-attacks-and-types

•

“The Essential Guide to Ransomware,” Avast, https://www.avast.com/c-what-isransomware

•

“Ransomware is a national security risk,” CNN, https://www.cnn.com/2021/06/10/ perspectives/ransomware-attacks-nationalsecurity/index.html

The Washington CPA Winter 2022

Upcoming CPE A selection of WSCPA CPE events scheduled February - May are listed. To view the hundreds of course listings and complete details, please visit the CPE & Event Catalog at wscpa.org/cpe.

save the date!

WSCPA Spring Conferences

Governmental Accounting & Auditing Conference April 26-27

International Tax Conference May 12

WSCPA.ORG/SPRING22

Women's Leadership Summit June 2

Online CPE DATE

COURSE TITLE

2/1

Are You Running Your Business or is Your Business Running You? WEBCAST

2/1

Top 10 Audit Findings and What To Do WEBCAST

2/2

When Plans Change in a Grant Award, Amendments Offer Solution WEBCAST

2/3

CFO Series: Developing Creditability Part 2 WEBCAST

2/8

Annual Update for Governments and Not-for-Profits WEBCAST

2/8

Inventory, Expense & Payroll Fraud WEBCAST

2/8

What Does Fraud Look Like? WEBCAST

2/9

Driver-based Budgeting & Rolling Forecasts for Fast Analysis WEBCAST

2/10

SAS 122, AU 240, Consideration of Fraud In A Financial Statement Audit WEBCAST

2/10

CFO Series: Advanced Skills Made Easy Part 1 WEBCAST

2/11

Change the Way You Work: Success as a Virtual CFO WEBCAST

2/15

NFP Financial Reporting Update WEBCAST

2/16

Advanced Financial Skills WEBCAST

2/17

CFO Series: Advanced Skills Made Easy Part 2 WEBCAST

2/24

CFO Series: Emotional Intelligence Part 1 WEBCAST

3/1

CPA to Consultant WEBCAST

3/3

K2'S Emerging Technologies For Accountants, Including Blockchain And Cryptocurrencies WEBCAST

3/3

The Yellow Book: From Beginning to End WEBCAST

The Washington CPA Winter 2022

CREDITS 1.5

2.5

www.wscpa.org

EDUCATION AND EVENTS

Online CPE DATE

COURSE TITLE

CREDITS

3/3

CFO Series: Emotional Intelligence Part 2 WEBCAST

3/4

Clear, Confident, Compelling - Communication Strategies for the Empowered Leader WEBCAST

3/5

Reimbursing Expenses Under Accountable Reimbursement Plans - These Days, It's the Only Game in Town WEBCAST

3/5

Strategic Career Management: Only You Have Sleepless Nights Over Your Career WEBCAST

2.5

3/5

The Complete Indirect Rate Toolkit: For Nonprofits with Federal Grants under the Uniform Guidance WEBCAST

3/9

Professional Conduct & Ethics - AICPA and Washington Board CPA Regulatory Update - 2022 WEBCAST

3/10

Governmental Auditing Update: Yellow Book & Uniform Guidance What You Need to Know WEBCAST

3/10

CFO Series: Cash Management Part 1 WEBCAST

3/11

K2'S Tales Of True Tech Crimes - Ripped From The Headlines WEBCAST

3/11

Accounting & Auditing in a COVID World WEBCAST

3/15

Risk Is Increasing - and Risk Management Is Evolving WEBCAST

3/16

Revenue Recognition: Mastering the New FASB Requirements WEBCAST

3/17

K2's Paperless Office WEBCAST

3/17

CFO Series: Cash Management Part 2 WEBCAST

3/18

Managing People: Conquering the Soft Side of Your Job WEBCAST

3/19

Mergers & Acquisitions: Tricks, Traps, & Terrors WEBCAST

3/19

SAS 122, AU 240, Consideration of Fraud In A Financial Statement Audit WEBCAST

3/19

SAS No. 122, AU 315, Understanding the Entity and Its Environment and Assessing the Risk of Material Misstatement WEBCAST

3/23

K2's Technology Planning For A Post-Pandemic Environment WEBCAST

3/24

K2's A Scary Ride Through the Dark Web WEBCAST

3/24

Government GAAP Update WEBCAST

3/24

Not for Profit GAAP Update WEBCAST

3/24

CFO Series: Become More Effective Part 1 WEBCAST

3/25

Inventory Accounting: GAAP, Software and Variance Recognition WEBCAST

1.5

The Washington Society of CPAs is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of group-live and group-internet-based continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its web site: www.nasbaregistry.org For more information regarding refunds, complaints, program cancellations or other policies visit www.wscpa. org/cpe/cpe-policies or call 425.644.4800

www.wscpa.org

The Washington CPA Winter 2022

EDUCATION AND EVENTS

Online CPE DATE

COURSE TITLE

3/28

Accounting & Auditing Update WEBCAST

3/31

CFO Series: Become More Effective Part 2 WEBCAST

4/4

Build Your Personal Net Worth WEBCAST

4/6

K2's Small Business Internal Controls, Security, and Fraud Prevention and Detection WEBCAST

4/6

Why Auditors Fail To Detect Fraud WEBCAST

4/7

SOC for Service Organizations Deep Dive (Day 1) WEBCAST

4/7

CFO Series: Be the Best Part 1 WEBCAST

4/8

SOC for Service Organizations Deep Dive (Day 2) WEBCAST

4/11

K2's Working Remotely- The New Normal WEBCAST

4/11

Achieving Balance in Work and Life Part 2 WEBCAST

4/11

Creating Virtual Training: Processes, Tools, and Strategies WEBCAST

4/13

Building Our Immunity to People's Negativity: Maximizing Teamwork & Customer Relations WEBCAST

4/13

SAS 122, AU 240, Consideration of Fraud In A Financial Statement Audit WEBCAST

4/13

Taking the Financial Executive's Leadership to the Next Level: Perspective and Skills WEBCAST

4/14

CPA to Consultant WEBCAST

4/14

What's Going on at the FASB WEBCAST

4/14

CFO Series: Be the Best Part 2 WEBCAST

4/15

K2's Case Studies in Fraud and Technology Controls WEBCAST

4/15

K2'S Tales Of True Tech Crimes - Ripped From The Headlines WEBCAST

4/19

Roles and Responsibilities in Risk Management WEBCAST

4/19

Professional Conduct & Ethics - AICPA and Washington Board CPA Regulatory Update - 2022 WEBCAST

4/21

CFO Series: Key Tax Issues Part 1 WEBCAST

4/28

CFO Series: Key Tax Issues Part 2 WEBCAST

4/29

Divorce, Alimony and Property Settlements (Before and) After TCJA - A Wholly Different Rodeo WEBCAST

5/5

CFO Series: Numbers Rule the World Part 1 WEBCAST

5/12

CFO Series: Numbers Rule the World Part 2 WEBCAST

5/19

CFO Series: Preparing For Growth Part 1 WEBCAST

5/23

Fringe Benefit Planning for 2020 and Beyond WEBCAST

5/24

Employee Benefit and Retirement Planning: Pension and Deferred Compensation Tools WEBCAST

5/26

CFO Series: Preparing For Growth Part 2 WEBCAST

The Washington CPA Winter 2022

CREDITS

6.5 4 5.5

www.wscpa.org

CPA LICENSURE

CPE Tracker:

Mandatory Step to Renew Your License When your CPA license is up for renewal, you must enter your completed CPE into the CPE Tracker when you renew. This step is now mandatory for license renewals. The CPE Tracker is available through your Secure Access Washington (SAW) account on your Washington State Board of Accountancy (WBOA) service dashboard. This is also where you will submit your renewal application once your CPE has been logged. You must log enough completed CPE to show that you have met your renewal requirement before the application will allow you to move forward.

CPE REPORTING HELPFUL HINTS •

Enter your CPE throughout your CPE reporting period—don’t wait until you are completing your renewal application to enter all of your CPE.

•

Enter longer courses first if you complete more than the required 120 hours. You only need to enter your WBOAapproved ethics course plus another 116 hours.

•

Be sure to keep in mind your 20-hour minimum annual CPE requirement.

•

Upload of CPE course completion certificates is only required if you are requesting a CPE Extension or if you are notified that you have been selected for a CPE audit.

•

Have all of your CPE course information handy when you sit down to enter it. The CPE Tracker requires the input of all fields before you can add the course and continue to the next course.

•

Remember the username and password for your SecureAccess Washington (SAW) account registered with the WBOA. Creating a new SAW account each time you enter CPE can be time consuming.

Source: Washington State Board of Accountancy

www.wscpa.org

The Washington CPA Winter 2022

Thank You to Our 2021 Sponsors

PEAK FIRMS

WSCPA PEAK FIRMS The WSCPA Peak Firm program recognizes and awards special benefits to firms that sign up 100% of their eligible staff for WSCPA membership. Being a Peak Firm establishes you as a leader in the profession and provides an array of discounts and benefits. Learn more and enroll your firm at wscpa.org/peak-enroll

CURRENT PEAK FIRMS Hauser Jones & Sas

Moss Adams LLP

Bader Martin PS

Hellam Varon & Co Inc PS

The Myers Associates PC

Brantley Janson Yost & Ellison

HMA CPA PS

Nicholas Knapton PS

Clark & Associates CPA PS

Hunt Jackson PLLC

Norris Lutkewitte PLLC

Clark Nuber PS

Hutchinson & Walter PLLC

Opsahl Dawson PS

The Doty Group PS

Jacobson Jarvis & Co PLLC

Ryan Jorgenson & Limoli PS

Dwyer Pemberton & Coulson PC

Johnson Stone & Pagano PS

Shannon & Associates LLP

Eide Bailly LLP

King & Oliason PLLC

Smith & DeKay PS

Falco Sult & Co

Kovarik & Kim PLLC

Starr & Leaf CPA Group PLLC

FBCPA Group PS Inc

Larson Gross PLLC

Sweeney Conrad PS

Finney Neill & Co PS

Martin Bircher Thompson PC

Vine Dahlen PLLC

Greenwood Ohlund & Co LLP

McDevitt & Duffy CPAs

Werner O'Meara & Co. PLLC

Alegria & Company PS

www.wscpa.org

The Washington CPA Winter 2022

FRAUD

Avoiding Social Engineering Scams & Fraudulent Wire Transfers Suzanne M. Holl, CPA

CPAs continue to be at high risk of social engineering attempts due to the type of information firms gather and store, and CAMICO has observed an uptick in the frequency of these attempts. “Phishing” is one of the more common social engineering scams.

Use your professional skepticism to avoid being lulled into a false sense of security. Any requests for money to be transferred to a bank account unfamiliar to you should be a red flag, especially if the new account is in another country.

CAMICO has also observed a rise in fraudulent email requests for wire transfers. Fraudulent wire transfers frequently cause large dollar losses. If the fraudster controls the client’s and the firm’s email, commonly referred to as a “man in the middle” attack, and the fraudulent request mimics previous legitimate requests, it is very difficult for the firm to identify the request as illegitimate. When the fraud is discovered after the transfer, the funds are usually not recoverable.

If the firm’s protocol with clients is to permit requests for wire transfers to be made via email, then establish and follow procedures to confirm requests using a mechanism other than email and proceed with the transfer only after confirming with the client (ideally by phone or in person) that the request is legitimate. This includes, but is not limited to, confirming the dollar amounts, the name of the financial institution, and the bank account number. To validate the authenticity of the request, confirm information only known to the client (ask questions to which hackers would not know the answers).

www.wscpa.org

The Washington CPA Winter 2022

FRAUD

Practical loss prevention tips to minimize fraudulent wire transfer exposure:

The following basic best practice measures should also be prioritized:

Slow down to avoid becoming another “phishing scam” victim. Take the time necessary to validate suspicious or unexpected email. And do not click a link, pop-up, or attachment without first hovering your cursor over the link to display the URL to assess its legitimacy. If there is an urgent call to action, rather than clicking a link, consider a different way to validate the request, such as speaking with the sender to get verbal confirmation that the communication is legitimate, or visiting the purported sender’s URL.

Ensure all software has the latest security options/patches especially for “zero day vulnerabilities.” This will help protect against malware, viruses, and hacker attacks.

Establish written protocols. The firm should establish written protocols with clients for handling client funds, especially as it relates to handling wire transfer requests. Consider establishing dollar thresholds above which verbal consent would be required if clients do not want to be “bothered” to approve each request. In addition, document who the authorized client representative(s) would be for providing such consent if/when the client is not available. Proceed with caution. With the increased number of claims related to fraudulent wire transfers, best practice in the absence of any written protocols to the contrary would be to verbally confirm all wire transfer requests with these clients to minimize risk.

Change and strengthen passwords frequently and make sure employees use different passwords for different products. Systems are only as secure as the passwords used to access them. Use multi-factor authentication. This can add an extra level of security to help prevent an account hack, especially when employees work remotely. Maintain strong work-from-home cyber hygiene. Reinforce with employees the cyber protocols to be followed when working remotely (e.g., machine use restrictions, WiFi passwords, VPN, firewalls). Remind all employees of the importance of powering down computers when not in use. Computers are not accessible to attacks or intrusions when powered off.

Frequently back up all important data and information offline and verify your backups. Regular offline backups (“cold backups”) reduce the likelihood that critical data is lost in the event of a cyberattack. Protect the backups in a remote or external location, outside of your network, where they are safe from ransomware that seeks out backup copies to encrypt them as well as the rest of the firm’s network and files. Periodically verify that your data backup process is working properly to assure that your data will be recoverable if a crisis occurs.

Suzanne M. Holl, CPA, is senior vice president of loss prevention services with CAMICO (www.camico.com). With almost 30 years of experience in accounting, she draws on her Big Four public accounting and private industry background to provide CAMICO’s policyholders with information on a wide variety of loss prevention and accounting issues.

The Washington CPA Winter 2022

www.wscpa.org

ADVOCACY

CPA–Inactive Bill Aims to Promote Clarity and Benefit Licensees In preparation for the upcoming Legislative Session the WSCPA has worked with legislators to propose HB 1648 and SB 5519. These bills would set a timeline for phasing out certificate status while also creating a new CPA–Inactive license status. In 2001 the Washington State Board of Accountancy (WBOA) ceased issuing certificates to candidates that had passed the CPA exam but not yet completed the work experience requirements for a CPA license. The Certificate–Inactive is a status in our state for those who had received a certificate. Almost every other state has a CPA–Inactive license status without a certificate equivalent. This has caused some confusion as other states work with CPAs from Washington.

Individuals who still have a certificate will have until 2024 to complete the remaining requirements to transition to a CPA license. If they do not complete that process their status will become the new CPA–Inactive status. These individuals will be able to continue performing the non-CPA work that they have been eligible to do under their current certificate. These bills will be considered in the 2022 Legislative Session which runs from January through March. For more information, please reach out to me at mnelson@wscpa.org.

Mike Nelson is WSCPA Manager of Government Affairs.

Adding a new inactive license status will create parity among the other states. This will also give current CPA licensees an alternative to letting their license lapse or retire.

WE’VE GOT YOUR BUSINESS. AND YOUR BACK. We take a more personal approach to business lending. At Columbia Bank, we care as much about your business as you do. That’s why our lenders take the time to truly understand your business needs, then work closely with you every step of the process, through closing and beyond. So you can feel good that you’re getting the best loan for your business, and for you. Visit ColumbiaBank.com.

Member FDIC

www.wscpa.org

Equal Housing Lender

The Washington CPA Winter 2022

CLASSIFIED ADS Detailed advertising information is available online at wscpa.org/classifieds. Contact Sharon Olene-Marander at smarander@wscpa.org for more information. Office Space DOWNTOWN SPOKANE Gorgeous Private Offices: Gorgeous private offices with full support services, Meeting Rooms, Lounge. Immediate access to Parking. Walk to restaurants and shops. Take advantage of our year end specials. Starting at $350/month CALL NOW 509.204.7400.

Profitable South King County Tax and Accounting Practice for Sale: Established in 1985, this south King County tax and accounting firm has become well-known for its integrity, service, and reputation for going above and beyond for each client. The Practice’s service by revenue breakdown is 59% Tax, 24% Controller Services, 13% Bookkeeping, 2% Financial, and 2% Other. As of November 2021, the Practice has approximately 413 active clients comprised of ~80% individuals and ~20% businesses. Over the past three years (2018-2020), the Practice has averaged gross revenue of approximately $475,000. The Practice employs three (3) full-time employees and two (2) part-time/ seasonal employees, including the Owner, who is willing to provide transition assistance and help with goodwill transfer, business development, and other “mentoring” functions for an agreed upon period up to one (1) year, if desired. The Practice is stable, profitable, and poised for growth under new ownership. To take the next step towards this exciting business opportunity, call us at 253.509.9224 or, send an email to info@privatepracticetransitions.com, with “1180 Profitable South King County Tax and Accounting Practice for Sale” in the subject line. Absentee Owner Selling Profitable Washington Tax & Accounting Firm: For over 18 years, this busy Northeast Seattle tax and accounting practice has provided tax preparation and planning, and other accounting services to countless clients. The Practice’s service by revenue breakdown is 55% Tax, 42% CAS (Accounting, Bookkeeping, CFO), 2% Consulting and 1% Other. The Practice’s success can largely be attributed to its established name and loyal clients who have grown to trust the services it provides. The Practice has dedicated and tenured employees (three have been with the Practice since 2007) who

www.wscpa.org

Volunteer Opportunities The following organizations need a CPA to serve on the board of directors and/or provide other guidance on financial matters. Learn more about these and other organizations that need your help online at wscpa.org under community. AMA Puget Sound, Seattle Arivva Center for Arts & Technology Children's Campaign Fund Ecologists Without Borders Facing Homelessness Grassroots Projects Helping Link / Môt Dâu Nôi Operation Nightwatch People's Memorial Association Seattle's Giving Garden Network South Park Senior Citizens Tilth Alliance

provide outstanding service to their ~440 active clients. Over the past three (3) years, the Practice has averaged gross revenue of approximately $993,401 (2018-2020), and in 2020, the Practice brought in $1,061,411 in gross receipts. As of October 2021, the Practice has already exceeded 2020 revenues with yearto-date gross revenues of $1,061,433 (up 10.92% YoY). Including the Owner, the Practice has eight (8) staff. The Owner is an absentee owner, willing to stay on as a consultant for up to 1-2 years if desired. To take advantage of this exciting business opportunity, call us at 253.509.9224 or send an email to info@ privatepracticetransitions.com, with “1179 Absentee Owner Selling Profitable Washington Tax & Accounting Firm” in the subject line. Oregon CPA Firm Selling 30% Ownership (1178): Established in 1954, this CPA Practice has provided tax preparation and planning, and other accounting services to countless clients with a service by revenue breakdown of 35% Business Tax Preparation & Planning, 30% Individual Tax Preparation & Planning, 23% Bookkeeping, and Payroll Services, 6% Estate Work, 3% Financial Statements and 3% Advisory. The Practice is owned by three partners, one of which is looking to retire. The remaining two Partners will stay on as 35% owners each, and they are looking for a third Partner to buy in at 30% ownership. The Firm is primarily located within Clackamas County, with small portions extending into neighboring Multnomah and Washington counties. The Practice is known for doing quality work and as such, has a great reputation within the community. Because of this, the Practice receives a lot of word-ofmouth referrals and has incredibly high client retention. As of September 2021, the Practice has already exceeded 2020 revenues with year-to-date gross revenues over $1,015,000. The retiring partner is willing to stay on as a consultant through the end of 2022 if desired. With impressive gross revenues and over 1,030 active clients, this is a great opportunity for any buyer looking to buy-in to an already thriving business. For more information on this listing, call 253.509.9224 or email info@ privatepracticetransitions.com.

Mergers & Sales IBA Sells Privately Held Companies: Do you represent a client who is ready to retire or has taken a company as far as they want to or can? IBA is the Pacific Northwest’s oldest business brokerage (M&A) firm. We are professional negotiators with over 4000 completed transactions. Please contact us if we can be of assistance at 425.454.3052, 509.907.9406, or www.ibainc.com. Accounting Practice Exchange - free weekly buyer email alert service: The Accounting Practice Exchange is the online marketplace for CPA practices. Get the latest opportunities available in Washington via our free weekly email alert service. Sign up for it here: www. accountingpracticeexchange.com. Practice for Sale Seattle: CPA seeks an experienced tax preparer to acquire 99.5% of his expanding tax practice so he can focus on fee-based financial planning services to his clients. Gross revenues for the fiscal year ending November 2021 are $176,000 and growing. Seller will retain.05% interest so he can be true to his clients that he is still a partner in the firm. All future tax preparation and bookkeeping service requests will be referred to his new partner to handle. Includes turnkey fully equipped office sharing arrangements with a great downtown location and water view of the Puget Sound. For more information contact Bruce Clark at 856.304.1035. Share Office Space & Grow Your Practice: CPA looking toward retirement is looking for an individual who has their own client base but is looking to grow their practice. Share office space (your own office) in Old Downtown Kent. Help me provide tax services to my existing clients, with a possibility of transfer of clients in a succession scenario. I have been using Ultra Tax, Fixes Assets and Filing Cabinet in a Virtual Office configuration. Contact Alan Gray, CPA, at alan.gray@alangraycpa.com or 253.852.7413. CPA Looking to Acquire Small to Medium Size Firm: I’m a CPA with 10+ years of experience at small and national CPA firms providing services to a range of clients, including complex individuals and entities. I’m highly proficient with technology and the use of all major tax software and paperless systems. I’m interested in firms in Seattle or surrounding areas and open to owners that want to transition out overtime and partnership opportunities. Email dkg.wacpa@gmail.com. Have a Client/Owner Ready to Explore the Business Sale Process? We help owners confidentially explore the sale process. Transaction expertise, market knowledge, and results. 100% performance based fees - owners pay only at closing. Business owners are experts on their business. We are experts on the process of selling a business. Call 937.344.8750 for a confidential, no commitment consultation. Check out resources and learn more at wabusinessbrokers.com. Put our experts to work for you! Established South Snohomish County Practice: looking to transition a $150,000 practice to new owner. My primary goal is to be sure my clients will be treated well. Most are small businesses. We only prepare about 70 returns a year including business returns. Contact Terry J Campbell PLLC at terry@businesscpa.cc or 425.776.7900.

The Washington CPA Winter 2022

DIVERSITY, EQUITY, & INCLUSION 1

10 Actions You Can Take Today to Be More Inclusive at Work Donald Thompson

CPA Firm Competency Model New Diversity and Inclusion Competencies wscpa.org/firm-competency

The Washington CPA Winter 2022

Inclusive language shows that you respect and value the person you are speaking with. Learn best practices for inclusive language, and when you don’t know how to address a person, remember that it’s ok to ask. Learn more about inclusive language at wscpa.org/ language.

Run more inclusive meetings and work sessions.

Stop interruptions. When you notice one colleague interrupting another, say “I’d like to hear Sam finish their thought” or “Let me stop you there so we can hear what Sam thinks.”

Give credit where credit is due.

Thank people for their specific co nt r i b u t i o n s , a n d s h a re t h o s e contributions with others, using phrases like “Here’s what I learned from Jordan” 5 and “That’s a point Alex made earlier.” Also, redirect misguided questions by saying something like “Pat’s the one to ask about this issue.”

Give direct feedback. Remember, you’re not doing anyone a favor by holding back on feedback that could help them do a better job. Real respect means honest, actionable feedback and a high expectation for every person’s success.

Volunteer to be included in interviews. A diverse team makes better hiring decisions. By participating in the interview process, you’ll learn to unpack your own biases and help to mitigate unconscious bias on your team. Learn more at wscpa. org/bias.

Use respectful language.

Give every person a clear opportunity to share their ideas, concerns, and solutions. Some people speak up easily. Others do so only when called upon. And still others will need your explicit direction to share their comments and questions by email afterward.

Sponsorship Success Toolkit wscpa.org/sponsor-toolkit

The most important thing you can do to be more inclusive is educate yourself about other people’s experiences. Commit to your own continued education, and don’t underestimate the value of your example. Inclusion is a continuous practice. Learn more about how to approach tough conversations as an ally at wscpa.org/ally.

“Diversity, equity, and inclusion” can sound vague and jargony if you don’t know how it translates into everyday action. Here are 10 things you can do today to create a more inclusive work environment.

Check out these additional DEI resources from the AICPA:

Listen and learn.

Disrupt office housework. Office housework is routine work that isn’t part of someone’s job description, distracts from their career trajectory, and makes no real impact on business o u tco m e s ( l i ke m a k i n g cof fe e , straightening up the board room, ordering lunch, or organizing another person’s meeting schedule). When you see one person always assuming these tasks, volunteer yourself, or disrupt the flow by establishing regular rotations for administrative duties.

Interrupt microaggressions. Use micro-interruptions to respond in the moment and to act as an ally to fellow employees who may not have the confidence to speak up yet. See what inclusion in action looks like at wscpa. org/action.

Learn what to do when you make a mistake. Mistakes are human. When you mess up, acknowledge it, apologize, and move on quickly. Learn what to do when you accidentally misspeak at wscpa.org/ apology.

Learn more tips and strategies for workplace inclusion by enrolling in the free beta edition of MicroVideos by The Diversity Movement at wscpa.org/microvideo. © The Diversity Movement. Reprinted with permission of The Diversity Movement. Photo: © iStock/JamesBrey

www.wscpa.org

Periodicals postage paid at Bellevue WA and additional mailing offices 902 140th Ave NE Bellevue WA 98005-3480

CLEAR

AREA

save the date! WSCPA Spring Conferences WSCPA.ORG/SPRING22 Governmental Accounting & Auditing Conference April 26-27

International Tax Conference May 12

Women's Leadership Summit June 2

The Washington CPA 2022 Winter

Articles inside