November 21, 2009
 
About the AICPA
Member Service Center
Membership Information
AICPA Mission
Corporate Governance
Understanding the Organization
Frequently Asked Questions
Media Center
People and Places
Jobs at the AICPA
Vision Project
Legal Briefs
Professional Resources
Accounting and Auditing
Accounting and Auditing Technical Help
Accounting Standards
Audit and Attest Standards
Audit Committee Effectiveness Center
Authoritative Standards
Business Reporting Assurance & Advisory Services
Enhanced Business Reporting
FASB Accounting Standards Codification
IFRS
Private Company Financial Reporting
Sarbanes-Oxley Resources
SEC Regulations Committee
XBRL
Tax
Business, Industry, and Government
Financial Management Center
Audit Committee Effectiveness Center
Audit Committee Matching System
Public Accounting Firm Resources
Center for Audit Quality
Employee Benefit Plan Audit Quality Center
Governmental Audit Quality Center
PCPS Firm Practice Center
Small Firm Corner
Peer Review
AICPA Peer Review Program
Peer Review Public File
National Peer Review Committee
Peer Review Transparency
Professional Ethics/Code of Conduct
Code of Conduct
Disciplinary Actions
Professional Ethics
Personal Financial Planning
Forensic and Valuation Services
Information Technology
Antifraud Resource Center
Financial Literacy
Exposure Drafts
CPA Marketing Toolkit
Public Meeting Notices
Conferences, Publications, CPE & the AICPA Library
AICPA Conferences
CPE
Publications
AICPA Library
Magazines and Newsletters
The CPA Letter
Journal of Accountancy
Journal of Accountancy Classified Ads
Newsletters
The Tax Adviser
Weekly News Updates
Copyright Information
Becoming a CPA/Academic Resources
Accounting Education Center
Students and CPA Candidates
Minority Initiatives
Start Here. Go Places.
Career Development and Workplace Issues
What's New
Career Advice
Job Search Tools
Mentoring Guidelines
Women in the Profession
Work-Life Balance
Young CPA Network
Consumer Information
360 Degrees of Financial Literacy
Antifraud Resource Center
Audit Committee Effectiveness Center
Audit Committee Matching System
Disciplinary Actions
Find a CPA
Peer Review Firm Terminations
Peer Review Public File
Web Trust
Media Center and Video Library
Media Center
Video Library
Legislative Activities and State Licensing Issues
Congressional and Federal Affairs
Mobility and State Licensing Issues
State News and Info

Home > Magazines and Newsletters > Newsletters > The Practicing CPA > September 2006 > The Small CPA Firm and Privacy Services


The Small CPA Firm and Privacy Services

By Philip M. Juravel, CPA

Many of your current or prospective clients may need to expand into e-commerce to ensure continued growth and profitability. But e-commerce also introduces vulnerability and the need to protect data that must remain private. CPA firms can help their clients assess and acquire privacy protection. The following article discusses the services that can be provided by firms and why firms should offer them. Finally, this article considers the cost to firms of entering into providing privacy protection, and the probable amounts of billable time arising from providing these services. Resources to support these services are also provided.

In a joint effort, the AICPA and the CICA (Canadian Institute of Chartered Accountants) recently published Generally Accepted Privacy Principles (GAPP)A Global Privacy Framework (the Framework). Originally published in 2003, the Framework is regularly updated to address marketplace trends such as outsourcing and the growing international focus on privacy. The Framework also includes a new section that provides step-by-step guidance on how businesses and other entities can use the document.

Practitioners will want to pay special attention to a second document, Building a Privacy Practice In Small and Medium-Sized CPA Firms, published to accompany GAPP and written for firms to help them provide privacy services to their clients. Although GAPP is intended primarily for medium and large firms, Building a Privacy Practice is designed for firms with 10 or fewer professionals/staff. In fact, Building a Privacy Practice in Small and Medium-Sized CPA Firms was written by the small firm members of the AICPA/CICA Privacy Task Force. Practitioners can help their business clients address privacy issues by offering a full range of value-added privacy advisory services, including:

  • Developing a privacy strategic and business plan
  • Providing a privacy gap and risk analysis
  • Providing privacy advice, recommendations, and training
  • Designing privacy policies and procedures
  • Benchmarking and performance measurement
  • Providing independent verification of privacy controls

Three reasons to offer privacy services
There are three main reasons for firms to consider offering privacy services:

1. The role of firms is changing—It’s time for firms to distinguish themselves. Competitors are chipping away at the services typically offered by CPAs. Clients are turning to financial planners, financial analysts, financial consultants, lawyers, insurance advisers, and real estate professionals for the advice that is also provided by CPAs.

Current and future clients recognize that taking advantage of the opportunities for business growth, cost savings, and operational efficiencies may require expanding into e-commerce. In addition, recurrent data security breaches, some global in scope, have triggered consumer demands for better protection of their personal information.

By offering forward-looking/proactive risk management services, firms can help clients avoid these dangers.

2. Firm practice is changing—It’s time to think ahead. Practices of all sizes, especially small firms, find it increasingly difficult to attract and retain well-trained, experienced, motivated, innovative professionalsin other words, true leaderswho will actively help build the practice.

3. Firm services are changing—It’s time to expand beyond the “commodity box.” With the goal of securing more profitable work, practices often compete on price for time-intensive, unprofitable work. By competing on price, are firms sending the message that their services are easily replaced commodities? New services, such as privacy advisory services, enable CPAs to stretch beyond the commodity box with work that can be priced to reflect that CPAs bring unique skills, technical competence, refined judgment, and valuable discipline to address the business challenges faced by clients.

What is this going to cost?
As with any new service offering, the greatest share of costs is at startup and involves learning how to adapt current skills and apply new ones.

To start out initially, you must become familiar with all the privacy resources available through the AICPA Web site (staging.aicpa.org/privacy) and the reference material listed in the sidebar, “Publications, Tools, and Practice Aids,” on this page. Most of these documents are available for free or at a minimal cost.

The cost to firms of developing and maintaining these skills will depend on the privacy needs of clients’ businesses and the variety of services offered. For example, if your firm has a number of clients in the medical industry, you may decide to become a specialist on Health Insurance Portability and Accountability Act (HIPAA) requirements and how they affect your clients.

Other than the time required to research the privacy resources, costs for the materials to offer privacy advisory services should be less than $500.

How much billable time can you expect?
Initially, you will find that your clients may not recognize the value or the cost/benefit of these services to them. It may be difficult to illustrate the value of these services by drawing parallels to other services; much of the research for privacy protection is carried out to assess customers’ preferences and the potential losses that can be avoided by averting a breach of privacy.

However, CPAs have always maintained positive relationships with their clients by demonstrating their capabilities as they relate to services and industries. For example, clients in the medical or financial industries who are affected by privacy legislation may need help in ensuring the compliance of their privacy programs with all pertinent regulations. For clients in other industries, CPA firms can help ensure that adequate privacy programs are in place to protect the personal information of both customers and employees.

Broaching the privacy issue
The initial approach should be to offer a presentation on why privacy is important to the clients’ businesses. This may not result in immediate billable hours, but, along with raising awareness, gives you an opportunity to demonstrate your knowledge and interest in assisting your clients in this area.

As a result, you may spend some time convincing your client to let you do a privacy assessment. You should understand that an initial privacy assessment may only be a two- to three-hour engagement for a small client with a potential fee of approximately $500 to $750. However, this initial assessment provides a great opportunity to recommend the additional privacy services your client may need.

Privacy—A service for the small firm
Still not convinced? Then consider that the market for privacy services is red hot. Small firms should examine how they cross-sell services and create a plan to add privacy services to their mix. Perhaps now more than at any other time, there is an opportunity to demonstrate your acumen and ability to provide assistance by helping a client understand and implement privacy protection. GAPP is a good start, and, along with Building a Privacy Practice in Small and Medium-Sized CPA Firms, can help interested firms get a leg-up on their competition by pursuing this in-demand service.

Publications, Tools, and Practice Aids

 

Before the small firm can provide privacy services, the practitioner should be familiar with some of the publications, tools, and practice aids available for free or at a nominal charge through the AICPA or CICA. Visit staging.aicpa.org/privacy for more information, or send an e-mail to the Senior Technical Manager—IT, Nancy A. Cohen, CPA, at ncohen@aicpa.org. Nancy is part of the newly formed Specialized Communities and Practice Management Team at the AICPA. The publications, tools, and practice aids include:

 

  • Building a Privacy Practice in Small and Medium-Sized CPA Firms Practice Guide
  • Generally Accepted Privacy Principles (GAPP)—a Global Privacy Framework
  • Privacy Advisory Services Marketing Brochure (part of the Practice Guide above)
  • 20 Questions Businesses Need to Ask about Privacy
  • An Overview of HIPAA: The Role of CPAs in Privacy Compliance
  • Privacy Matters—An Introduction to Personal Information Protection
  • Privacy—Are Your Clients Minding Their Own Business?
  • Privacy—Minding Your Own Business
  • Understanding and Implementing Privacy Services—A CPA’s Resource
  • Privacy Incident Response Plan—Template

 

Philip M. Juravel, CPA, of Juravel & Company, LLC, in Alpharetta, GA, is a member of the AICPA/CICA Privacy Task Force. Contact him at phil@juravelcpa.com.
 
To ensure that you can receive email messages from the AICPA, remember to update your member profile. Also, add the AICPA's email domains ("aicpa.org" and "email.aicpa.org") to your Sender Safe List, or contact your IT administrator to update your firm's email software.

©2006-2009 The American Institute of Certified Public Accountants, ISO 9001 Certified
AICPA Privacy Policy and Copyright Information | Jobs at the AICPA | Contact Us
AICPA, 1211 Avenue of the Americas, New York, NY 10036
Trusted Commerce