September 16, 2019

AICPA: CFOs Want More Input from Auditors on IT Matters

This story is republished from CFOZone, where you’ll find news, analysis and professional networking tools for finance executives.

Certified Public Accountants are increasingly being asked to solve information technology problems for clients and prospective clients, according to a survey by the American Institute of Certified Public Accountants.

But that raises a potential conflict of interest of the sort that led the Securities and Exchange Commission to keep auditing and IT consulting separate. The pressure for auditors to help provide IT solutions will persist nonetheless, says the AICPA.


“The tide has really turned this year with the economy and increasing regulations,” said Joel Lanz, co-chair of the AICPA’s Technology Initiatives task force in a prepared statement.

“As small and medium-sized companies increasingly place IT under their chief financial officers, it’s becoming much more of a broad scope of responsibility,” added Ron Box, Lanz’s co-chair.

With a renewed focus on IT-related issues, the survey makes clear that CPAs need to be literate about information technology in order to collaborate effectively with clients and their IT partners.

Data security clearly is driving the new interest, and CPAs believe the issue will persist in importance for years, the survey suggests.

The biggest surprise from the survey, Lanz told CFOZone, is the fact that “CPAs are not only providing guidance on financial issues, but there is an expectation by audit committees that CPAs could advise on different IT governance issues. CPAs are now commenting to audit committees about business operations in addition to pure financial issues.”

It’s not that CPAs are expected to be the technology expert, but the expectation is that the CPA is able to provide business insight and IT guidance which then enables their clients to effectively leverage their technology to enhance the businesses value, he added.

Is this simply recreating the problem that led to the separation post-Enron and WorldCom of audit services from consulting, much of which was IT oriented? There’s the potential for a conflict of interest here, and a slippery slope toward bad audits as result. SEC rules specifically say audit firms cannot provide IT consulting services on matters that relate to financial reporting for the same client. And the audit committee must sign off on other types of consulting services.

Lanz concedes that CPAs will have to be careful. “It is a fine line,” said Janis Parthun, senior technical manager – IT, for AICPA, but she added that CPAs can help companies avoid problem here. “Sometimes audit committees do need some education in these areas and this is where they can reach out to CPAs that have some understanding of IT to give the audit committee options to make the right decision.”

Lanz adds says that the AICPA has helped on this front with some recent guidelines. “Recent standards provide CPAs with specific criteria for when they need to communicate with audit committees, as well as the type of communication required,” he said.

A spokesman for the Securities and Exchange Commission declined to comment on the trend.

This story is republished from CFOZone, where you’ll find news, analysis and professional networking tools for finance executives.

Certified Public Accountants are increasingly being asked to solve information technology problems for clients and prospective clients, according to a survey by the American Institute of Certified Public Accountants.

But that raises a potential conflict of interest of the sort that led the Securities and Exchange Commission to keep auditing and IT consulting separate. The pressure for auditors to help provide IT solutions will persist nonetheless, says the AICPA.


“The tide has really turned this year with the economy and increasing regulations,” said Joel Lanz, co-chair of the AICPA’s Technology Initiatives task force in a prepared statement.

“As small and medium-sized companies increasingly place IT under their chief financial officers, it’s becoming much more of a broad scope of responsibility,” added Ron Box, Lanz’s co-chair.

With a renewed focus on IT-related issues, the survey makes clear that CPAs need to be literate about information technology in order to collaborate effectively with clients and their IT partners.

Data security clearly is driving the new interest, and CPAs believe the issue will persist in importance for years, the survey suggests.

The biggest surprise from the survey, Lanz told CFOZone, is the fact that “CPAs are not only providing guidance on financial issues, but there is an expectation by audit committees that CPAs could advise on different IT governance issues. CPAs are now commenting to audit committees about business operations in addition to pure financial issues.”

It’s not that CPAs are expected to be the technology expert, but the expectation is that the CPA is able to provide business insight and IT guidance which then enables their clients to effectively leverage their technology to enhance the businesses value, he added.

Is this simply recreating the problem that led to the separation post-Enron and WorldCom of audit services from consulting, much of which was IT oriented? There’s the potential for a conflict of interest here, and a slippery slope toward bad audits as result. SEC rules specifically say audit firms cannot provide IT consulting services on matters that relate to financial reporting for the same client. And the audit committee must sign off on other types of consulting services.

Lanz concedes that CPAs will have to be careful. “It is a fine line,” said Janis Parthun, senior technical manager – IT, for AICPA, but she added that CPAs can help companies avoid problem here. “Sometimes audit committees do need some education in these areas and this is where they can reach out to CPAs that have some understanding of IT to give the audit committee options to make the right decision.”

Lanz adds says that the AICPA has helped on this front with some recent guidelines. “Recent standards provide CPAs with specific criteria for when they need to communicate with audit committees, as well as the type of communication required,” he said.

A spokesman for the Securities and Exchange Commission declined to comment on the trend.

Have something to add to this story? Give us a shout by email, Twitter, or text/call the tipline at 202-505-8885. As always, all tips are anonymous.

Related articles