Outsourcing guidance for CPAs: hot topic has everyone from state legislators to the AICPA chiming in.Ask 10 CPAs what they think of outsourcing and you'll probably get 10 different responses. The mere mention of the word inspires lengthy and emotional debate. [ILLUSTRATION OMITTED] Outsourcing has morphed into a political concern, fueling the temperaments of a population waiting for the economy to kick into high gear once again. But politics aside, the chief concerns among accounting groups and regulatory bodies are not labor and trade issues, but the safeguarding of private information and the issue of disclosure. Should clients be informed of work performed by third-party service providers? What can a CPA (Computer Press Association, Landing, NJ) An earlier membership organization founded in 1983 that promoted excellence in computer journalism. Its annual awards honored outstanding examples in print, broadcast and electronic media. The CPA disbanded in 2000. do-to ensure the safety and integrity of a client's personal information once it is in the hands of a third party? Though outsourcing has been a commonly employed business tactic for years, the Years, The the seven decades of Eleanor Pargiter’s life. [Br. Lit.: Benét, 1109] See : Time rise of identity theft has made the issue of safeguarding personal information a more immediate concern. "This issue is not new," says Ric Rosario, CPA. CFE CFE Conventional Forces in Europe (treaty) CFE Cash Flow to Equity (finance/accounting) CFE Comisión Federal de Electricidad (México) CFE Certified Fraud Examiner and vice president of risk management for Camico Mutual Insurance Company. "What's changed are the speed of information being transferred and the ease of identity theft, which didn't exist 20 years ago." The Federal Trade Commission estimates that nearly 31,000 Californians were victims of identity theft in 2002, the second highest per capita rate per capita rate A rate proportional to the number of persons in a population in the country. And according to according to prep. 1. As stated or indicated by; on the authority of: according to historians. 2. In keeping with: according to instructions. 3. separate studies done by Gartner Research and Harris Interactive Harris Interactive (NASDAQ: HPOL) is an American market research company that specializes in public opinion research using both telephone and surveys on online panels. The company is the product of a 1996 merger between the Gordon S. Black Company and Louis Harris & Associates. in July 2003, approximately 7 million U.S. adults were victims of identity theft in the prior year. That's about 19,178 a day, 799 an hour, or 13.3 a minute. State legislators are proposing regulations that would affect the practice of outsourcing or offshoring
Offshoring describes the relocation of business processes from one country to another. , as are the AICPA AICPA See American Institute of Certified Public Accountants (AICPA). and California Board of Accountancy, which have been studying the issues amid growing calls for guidance. DEFINITION OF TERMS In its broadest sense, outsource is defined by Webster's New World College Dictionary as "to transfer (certain manufacturing operations Manufacturing operations concern the operation of a facility, as opposed to maintenance, supply and distribution, health, and safety, emergency response, human resources, security, information technology and other infrastructural support organizations. , administrative activities, etc.) to outside contractors outside contractor n → contratista m/f independiente , especially so as to reduce one's operating costs operating costs npl → gastos mpl operacionales ." But the term is often confused with offshoring, which is defined as "engaged in outside the U.S. as by U.S. banks or manufacturers (offshore investments, offshore assembly plants)." One can outsource without offshoring, and one can offshore without outsourcing. Outsourcing involves the transfer of work to any third party, regardless of geography, whereas offshoring (in the context of outsourcing) involves third-party service providers located in another country. STATE LEGISLATION Most of the legislative concern focuses on jobs leaving America and the inability of the U.S. government to enforce confidentiality and privacy laws when workers are in another country. To date, 35 state legislatures A state legislature may refer to a legislative branch or body of a political subdivision in a federal system. The following legislatures exist in the following political subdivisions: California legislators have introduced a bevy bevy a flock of birds. of bills that express the intent of reforming outsourcing either by banning the state from contracting with entities that outsource or prohibiting the transmission of confidential financial information to workers located outside of the United States United States, officially United States of America, republic (2005 est. pop. 295,734,000), 3,539,227 sq mi (9,166,598 sq km), North America. The United States is the world's third largest country in population and the fourth largest country in area. . The two bills affecting CPAs include AB 664 (Correa) and SB 1451 (Figueroa). AB 664, Outsourcing of Personal Information. Would require businesses sharing confidential information Noun 1. confidential information - an indication of potential opportunity; "he got a tip on the stock market"; "a good lead for a job" steer, tip, wind, hint, lead with affiliates in another country to disclose to consumers and clients that information is being shared and the name of the country. At press time, the bill is awaiting a hearing by the Senate Judiciary Committee The U.S. Senate established the Committee on the Judiciary on December 10, 1816, as one of the original 11 standing committees. It is also one of the most powerful committees in Congress; among its wide range of jurisdictions is investigation of federal judicial nominees and oversight of . SB 1451, Outsourcing of Financial and Medical Information. Would ensure the privacy of a customer's records and personal information and has been amended to require, among other things, written disclosures to be given to clients when medical or financial information is outsourced. WHAT THE AICPA SAYS The AICPA issued outsourcing guidance in a March Journal of Accountancy article, reiterating its Code of Professional Conduct's position that practitioners are ultimately responsible for maintaining the security and confidentiality of client information. Ethics Ruling No. 1, under the Code of Professional Conduct, Rule 301. Computer Processing of Client Returns, states that members must take "all necessary precautions" to ensure that the use of a third party does not result in the release of confidential information. In essence, a confidentiality breach by an outsourcer is the responsibility of the CPA. Though the rule deals specifically with using outside services to process tax returns, it also applies to any use of a third-party provider. CPAs should perform due diligence Research; analysis; your homework. This term has caught on in all industries, because it sounds so "wired." Who would want to do analysis or research when they can do due diligence. See wired. to ensure the provider is capable of protecting nonpublic info, the AICPA says, especially if that third party is located in an unfamiliar place where enforcing privacy laws may be more difficult. Monitoring procedures should be in place to ensure the continued effectiveness of third-party provider procedures, and at the least. CPAs should discuss with a third party the specific controls in place to safeguard the client's information and make sure those controls are adequate. The AICPA's Professional Ethics professional ethics, n the rules governing the conduct, transactions, and relationships within a profession and among its publics. professional ethics liability, n 1. Executive Committee has established a task force to consider whether Ethics Ruling No.1 should be revised and if additional guidance in the Code of Professional Conduct is needed. "I'm pretty sure they would update the guidance, because the guidance is 30 years old and related only to tax returns," says Richard Miller Richard Miller may be:
Miller said disclosure is "on the table," but several issues merit further guidance. "First of all, there is the definition of outsourcing," he says, citing all types of third-party work a CPA firm may contract, such as cleaning services and document depositories. "But the real concern seems to be offshoring." Citing identity theft cases within a company's U.S. walls. Miller wonders to what degree CPAs should practice disclosure. "Companies send confidential information all the time within their own firms." he says. Coming up with a one-size-fits-all guidance "is not as simple or easy as it sounds." There's also concern that CPAs will be held to increasingly higher standards than other tax preparers. "Maybe the IRS An abbreviation for the Internal Revenue Service, a federal agency charged with the responsibility of administering and enforcing internal revenue laws. should think about doing something." Miller says. Though CPAs are held to high standards, "there's an argument regarding whether or not you're creating too uneven a playing field by putting in standards that nobody else has, and that might not necessarily serve the public interest," he says. Miller also cites the practice of large, international accounting firms opening subsidiaries in foreign countries in lieu of using a third party that could circumvent any outsourcing guidance or regulations. "We haven't fully defined outsourcing yet," Miller says. WHAT THE IRS SAYS IRC (Internet Relay Chat) Computer conferencing on the Internet. There are hundreds of IRC channels on numerous subjects that are hosted on IRC servers around the world. After joining a channel, your messages are broadcast to everyone listening to that channel. Sec. 7216 prohibits anyone involved in tax return preparation from knowingly or recklessly disclosing or using the tax-related information other than in connection with the preparation of such returns. The regulations under Sec. 7216 provide an exemption from this law, however, for tax return preparers who disclose taxpayer information to a third party that processes the return. There is no disclosure requirement in Sec. 7216 for a CPA to inform the client that a third party is being used. Additionally, Sec. 7525 provides a CPA-client privilege, similar to attorney-client privilege In the law of evidence, a client's privilege to refuse to disclose, and to prevent any other person from disclosing, confidential communications between the client and his or her attorney. , when they make certain tax-related disclosures. The AICPA recommends ensuring a third-party provider does not compromise this privilege. WHAT THE CBA See Capital Builder Account. SAYS Sec. 54.1 of Title 16 of the CBA's California Code of Regulations California Code of Regulations (CCR) contains the text of the regulations that have been formally adopted by state agencies, reviewed and approved by the Office of Administrative Law, and filed with the Secretary of State. prohibits the disclosure of confidential client information without the client's consent. The CBA is expected to expand upon that 14-year-old disclosure requirement. At its May 14 meeting, the CBA voted to pursue amendments to Sec. 54.1 that would require CPAs using any outsourcing services to provide clients with a written notice that information is being shared with others. The notice also must include mention that the confidential information is being shared with those outside the U.S. if that is the case. Proposed restrictions on outsourcing that were dropped at the meeting included requiring CPAs to disclose what country the information is going to and imposing limits on how long the service provider could keep personal information. The CBA plans to offer additional guidance to assist the licensee "in exercising as well as documenting due diligence when choosing an outsourcing contractor." The CBA also plans to provide outsourcing-related guidance for consumers on its website, www.dca.ca.gov/cba. The "Selecting a CPA" section of the website advises consumers to get an engagement letter before any work is performed that details what work will be performed, where it will be performed, by whom and the confidentiality and security of any private and personal information. WHAT CAMICO SAYS Better safe than sorry is a good tack to take when it comes to liability protection. While Treasury Reg. 301.7216-2(h) seems to allow a CPA to disclose client data to an offshore return processor, it's what can happen once that information is in the hands of a return processor that you should protect against. The liability concerns include the third party's potential unauthorized client data disclosure and use of detailed client information to directly market to the CPA's clients. Camico believes that if your firm outsources tax returns, the safest bet would be to use a U.S.-based offshore return processor, such as an affiliate of a major tax return preparation software company. This is preferable to using a foreign-based offshore return processor with a U.S. branch because the more contacts an offshore return processor has in the U.S., the more legal recourse the client and CPA would have should an unauthorized client data disclosure occur. Camico also believes that CPAs should include a disclosure regarding the offshore return processing in their individual tax return client engagement letters. That proactive approach protects against liability should there be damages relating to relating to relate prep → concernant relating to relate prep → bezüglich +gen, mit Bezug auf +acc a CPA's use of third-party provider. "Our view is that the right thing to do is to tell your client what you're doing with their information," says Rosario. "And if clients want to opt out, they can." If using a third party, you also should disclose your due diligence process to ensure the integrity of that information; how the information is secure; and why that third-party outfit is reputable. "Better to do that with a client up-front, rather than with an angry client afterward," Rosario says. Citing the AICPA's recent guidance, Rosario says CPAs are responsible to check the security measures Noun 1. security measures - measures taken as a precaution against theft or espionage or sabotage etc.; "military security has been stepped up since the recent uprising" security the third party uses and to monitor whether or not those measures stay in place. But from a liability standpoint, doing your due diligence is no reason not to disclose. If damages occur through a CPA firm's use of a third-party provider, disclosure and due diligence would put the CPA "in a much more defensible de·fen·si·ble adj. Capable of being defended, protected, or justified: defensible arguments. de·fen position," he says. THE FUTURE Offshoring and outsourcing also may be regulated at the federal level. More than 50 federal laws restricting or banning offshoring have been proposed in the last year. And more businesses are expected to offshore work. Forrester Research Forrester Research is an independent technology and market research company that provides its clients with advice about technology's impact on business and consumers. Corporate facts
According to Dun & Bradstreet's Global Barometer for Outsourcing, finance and accounting will represent 10 percent of the worldwide market for outsourced services by 2005. As regulations are mulled mull 1 tr.v. mulled, mull·ing, mulls To heat and spice (wine, for example). [Origin unknown. , and as the profession continues to hone its outsourcing-related guidance, one thing is certain: CPAs are ultimately responsible for the work they've outsourced to a third-party service provider--and any resulting damages that may occur. RELATED ARTICLE: What is--and isn't--Outsourced? Finance and accounting functions are expected to be the most widely outsourced business processes in the next few years. The most commonly outsourced finance and accounting functions are tax consulting and payroll, according to a survey of senior U.S. executives by Ross Research. But there are certain finance and accounting functions that survey respondents said they would not outsource, including: Financial Management Activities: operating budgets/forecasts, capital investments, treasury functions, equity financing/debt, cash management, budgeting, performance analysis and investor relations Investor relations The process by which the corporation communicates with its investors. . General Accounting: general ledger General Ledger A company's accounting records. This formal ledger contains all the financial accounts and statements of a business. Notes: The ledger uses two columns: one records debits, the other has offsetting credits. , cost accounting/revenue, equity accounting/debt, statutory accounting, fixed asset accounting and business unit accounting. Financial Reporting and Accounting: accounts payable/receivable, leases, billing/customer invoice and customer credit/expense reporting. Jerry Ascierto is CalCPA's associate editor. You can reach him at jerry.ascierto@calcpa.org. |
|
||||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion