Cybersecurity and Accounting


In today’s current digital age, a lot of people have at one point wondered if their online accounts have been compromised or have been part of a large store or restaurant data breach. With the constant news cycle, it can become desensitizing but it is imperative, especially for public companies, to be vigilant and educate their employees and stakeholders on proper protocols and procedures for minimizing risk. Accounting professionals are in a unique position to be utilized in the effort to maintain cybersecurity.

SEC Release

The Securities and Exchange Commission (SEC) issued guidance on cybersecurity. In an article produced by Deloitte’s Christine Mazor and Sandra Herrygers that appeared in The Wall Street Journal, they explained that “issued on February 21, 2018, the release largely refreshes existing SEC staff guidance related to cybersecurity and, like that guidance, does not establish any new disclosure obligations but rather presents the SEC’s views on how its existing rules should be interpreted in connection with cybersecurity threats and incidents.”

The rise and scope of these threats is important to note, as well as the varying type of attacks. The compromising of an employee’s password and the complete breach of a major retailer’s financial transactions are difference in degree, but the need for security is the same.

Further detailing the SEC’s release, EY provided this statement from the SEC: “given the frequency, magnitude and cost of cybersecurity incidents, the Commission believes that it is critical that public companies take all required actions to inform investors about material cybersecurity risks and incidents in a timely fashion, including those companies that are subject to material cybersecurity risks but may not yet have been the target of a cyber-attack.”

In a description of the release, EY explains that one of the main components is “clarifying that disclosure controls and procedures should enable registrants to identify cybersecurity risks and incidents, assess and analyze their implications and make timely disclosures.”


Due to the nature and increased sophistication of cyberattacks, PricewaterhouseCoopers stated that “the current US standalone cyber insurance market is estimated at $2.5-$3.5 billion annually…” This alone portrays the vastness and severity of cyber dangers that face companies, specifically public ones.

Lisa Traina lists for AICPA the top 5 cybersecurity dangers that companies and CPAs face:

  1. Ignorance
  2. Passwords
  3. Phishing
  4. Malware
  5. Vulnerabilities

The first, ignorance, is important because accountants and other hired parties cannot help a company if there is no belief that a danger exists. Regarding passwords, Lisa explains that due to the cloud and remote accessing, the need for strong passwords has increased. Furthermore, she advises against employees carelessly storing passwords in places that can be easily compromised, such as a desktop folder. Phishing, malware and vulnerabilities speak to the need for strong IT infrastructure as well as strong employee training on how best to avoid recognizable compromises.

Given the climate of increased technologies correlating to increased risk, Terry Sheridan asserts that “not all that long ago, most companies relegated anything “cyber” to the IT department. But as recognition grows that cybersecurity risks include personnel practices, supply chain management, and operational decisions, more enterprise-wide approaches to managing these risks have evolved.” This includes accountants and finance professionals.

Accounting Attributes

Terry notes that the Center for Audit Quality (CAQ) published a white paper entitled “The CPA’s Role in Addressing Cybersecurity Risk,” which highlights the inherent strengths of accountants to aid with cybersecurity.

  1. Core values and attributes

Terry explains that “CPAs are viewed by management and boards as trusted advisors who have a board understanding of businesses, who receive appropriate annual training, who comply with a code of ethics, and who are subject to rigorous external quality reviews.”

  1. Experience in independent evaluations

The framework has already been laid to make the connection from accounting to cybersecurity, Terry reveals: “…many large and midsized CPA firms have built substantial IT practices that provide attestation and advisory services to organizations on IT security-related matters…”

  1. Multidisciplinary strengths

This point is important as the combination of accounting knowledge and information technology knowledge is being specifically sough after by firms. For students and professionals looking to enrich or advance their accounting career, adding a specialty of IT knowledge would be very useful for public companies.

Unified Framework

Furthermore, there is a need for common language and procedures so companies can have a roadmap to assess their situation and progress. Susan S. Coffey explains that “there hasn’t been a consistent, common language for describing and reporting on the cybersecurity risk management programs organizations put in place. This lack of transparency makes it difficult for stakeholders to determine whether an organization’s cybersecurity risk management plan effectively addresses potential threats.”

For this reason, she described that a framework has been developed by Assurance Services Executive Committee (ASEC) comprised of accountants with IT work history with clients; the framework can be found at

Coffey outlines how the framework helps accountants become further involved in cybersecurity: “management accountants more directly involved with the organization’s cybersecurity efforts can promote awareness and use of the framework as a means of communication those efforts, both internally and externally, and of evaluating the effectiveness of the organization’s controls in achieving its cybersecurity objectives.”

Expounding on the framework, Russ Banham for Journal of Accountancy, specifically outlines the opportunities for accountants:

  • CPAs to perform a consulting engagement to help a client’s management develop a description of its cybersecurity risk management program to provide to the board and other internal parties…
  • CPAs to perform a consulting engagement known as a “readiness assessment” to help a client identify where its cybersecurity processes and controls may need to be shored up.
  • CPAs to perform a System and Organization Controls (SOC) for Cybersecurity examination engagement to assess the client’s cybersecurity risk management program…

The framework’s suggestion that accountants can be on the forefront of providing sensitive information to a company’s Board is important to note, as a Board’s responsibility is to monitor and be made aware of critical issues facing company operations.

Role of the Board

Christopher P. Skroupa, a Contributor to Forbes, has interviewed Michael Yaeger, an expert in cybersecurity. In response to a question about the role of cybersecurity as it relates to the Board, Yaeger explained that “one basic function of a modern corporate Board is to oversee risk management, and many risks do not present themselves as cybersecurity issues.” This is all the more reason to be vigilant on all sides of a company’s operations, including accounting and finance.

Speaking specifically on what the Board can do regarding cybersecurity, Yaeger asserts that “the board must ensure that the company has cyber risk management policies and procedures consistent with its strategy and risk appetite, and the board must ensure that these policies and procedures are functioning.”

It is a given that there are moving pieces when it comes to cybersecurity and the need for employees and a company at large to be secure. For this reason, it is most beneficial when accounting professionals have a multi-layered background that includes cybersecurity so they are able to be an additional line of defense. And as the research has shown, accounting and cybersecurity is a perfect match.



Banham, Russ. “Cybersecurity: A new engagement opportunity.” Journal of Accountancy, 22 May 2018. <>

Coffey, Susan S. “It’s Time to Speak the Same Language on Cybersecurity.” AICPA, 22 May 2018. < http:// html#sthash .aVdMkso8  .pnI16iEE.dpbs>

Mazor, Christine and Herrygers, Sandra. “SEC Issues Cybersecurity Guidance.” The Wall Street Journal, 22 May 2018. <>

Porcelli, Mike et al. “Are insurers adequately balancing risk & opportunity? Findings from PwC’s global cyber insurance survey.” PwC, 22 May 2018. <>

“SEC Reporting Update: SEC issues guidance on cybersecurity.” EY, 22 May 2018. < file:///C:/Users / llestino/Downloads/secreportingupdate_01030-181us_cybersecurity_22february2018.pdf>

Sheridan, Terry. “CPAs Have the Strengths Needed to Address Cybersecurity Risk.” Accountingweb, 22 May 2018. <>

Skroupa, Christopher P. “Cybersecurity And The Board’s Responsibilities—‘What’s Reasonable Has Changed.’” Forbes, 22 May 2018. < /sites/christopherskroupa/2018/04/19/ cybersecurity-and-the-boards-responsibilities-whats-reasonable-has-changed/#6c156c1e3c3c>

Traina, Lisa. “The top 5 cybersecurity risks for CPAs.” AICPA Store, 22 May 2018. < https://www.Aicpa>

Lease Changes and Ramifications

2019 will be a big year for the treatment and reporting of leases and the impacts to the lessee, lessor, and company at large are shaping up to be significant.

Origin of Change

In a news release by the Financial Accounting Standards Board (FASB), it was noted that these changes have been a long time coming and first began in 2006 with the teamwork of the FASB and International Accounting Standards Board (IASB).

Reason for Change

Given the far-reaching effects, the FASB Chair, Russell G. Golden was quoted in the FASB news release explaining what brought about the changes: “the new guidance responds to requests from investors and other financial statement users for a more faithful representation of an organization’s leasing activities. It ends what the U.S. Securities and Exchange Commission and other stakeholders have identified as one of the largest forms of off-balance sheet accounting.”

Lease Importance

In their publication “IFRS 16: The leases standard is changing: Are you ready?,” PricewaterhouseCoopers explained the importance of leases to businesses and why, depending on the industry, they can be essential to operations: “leasing is an important and widely used financing solution. It enables companies to access and use property and equipment without incurring large cash outflows at the start.”

The importance of leases, therefore, directly correlates as to why these changes are consequential.

Old Method

Before delving into the changes and impacting ramifications, Work US detailed the old method of treating leases and explained that the reason the changes were made was due to a quest for transparency: “under the current accounting standards, leases must be defined as either finance or operating leases. Operating leases are treated as expenses on our income statement, leaving the balance sheet unaffected. Finance leases…are treated as both assets and liabilities on the balance sheet.”

Central Change

The deletion of the finance vs operating lease notation is the central change to the leasing standard and the basis for the impacting ramifications.

The FASB made clear in their news release that the “new ASU will require both types of leases to be recognized on the balance sheet” and “will require disclosures to help investors and other financial statement users better understand the amount, timing, and uncertainty of cash flows arising from leases. These disclosures include qualitative and quantitative requirements.”

The significance of this cannot be understated as the effects will be felt by not only the parties to the lease but the accounting and IT departments of the company, as well.

Main Effect

Work US explained that due to the erasing of the finance and operating lease distinction, “all leases will be capitalized” and “trillions of dollars worth of leases are expected to be brought onto company books as a result.”


In their article “New leases standard-effective date and sweep issues,” EY published that the “IASB decided to require entities to apply the new leases standard for annual periods beginning on or after 1 January 2019.”

Work US further detailed that “public companies will be required to retrospectively apply the new standards to their 2017 and 2018 financial statements, with nonpublic companies expected to do the same for 2018 and 2019.”

Further changes

EY included the following decisions as central to the changes:

  • Lease modifications treated as a separate new lease;
  • Reassessment of the discount rate for Floating interest rate leases;
  • Costs associated with returning an underlying asset at the end of a lease;
  • Short-term leases and leases of low-value assets in a business combination;
  • Disclosure requirements for leases within the scope of IFRS 5.

These decisions are worth delving into further for any accountant and or accounting department to understand the true parameters of these changes and how the costs and finances of an entity will be truly affected.

For finance professionals that have just changed companies or are interviewing will new companies, studying the impact of these changes would serve you and the new/prospective company greatly.

Impacts and the way forward

PwC divulged that “the pervasive impact of these rules requires companies to transform their business processes in many areas, including finance and accounting, IT, procurement, tax, treasury, legal, operations, corporate real estate and HR.”

Street Fleet, a courier and logistics company, commented that “those in retail, distribution, agribusiness and logistics are expected to be most affected and should be aware of the potential consequences.” Once implemented, they are hoping for the financial transparency that the standard will require.

Work US suggested that given the likely increase of assets and liabilities for companies, short-term leases should be considered as well as ownership, when possible.

PwC put out the below list of ramifications and they are worth exploring:

  • Financial ratios and performance metrics redefined;
  • Stakeholder awareness and communication;
  • Implementation can be cumbersome and costly;
  • New IT systems and robust processes and controls needed;
  • Benefits to lessees beyond compliance and new opportunities for lessors;
  • Unexpected tax consequences may arise.

As January 1, 2019 is a little less than a year away, affected and interested parties should use the upcoming year to fully grasp the changes and the steps that need to be taken.



“Changes to lease accounting come 1 Jan 2019.” Street Fleet, 24 Jan. 2018. <>

“Changes to leasehold accounting standards in 2019.” Work US, 24 Jan. 2018. <>

“FASB Issues New Guidance On Lease Accounting.” Financial Accounting Standards Board, 24 Jan. 2018. <>

“IFRS 16: The leases standard is changing: Are you ready?” PwC, 24 Jan. 2018. <>

“New leases standard-effective date and sweep issues.” EY, 24 Jan. 2018. <$FILE/Devel114-Leases-Oct2015.pdf>

Ace That Interview

Whether you are pounding the pavement for a new job and/or career change or just want to brush up on your interview skills, Friedman Williams believes that preparation for an interview, whether in-person or via phone, can exponentially increase your chances of moving on to the next step in the hiring process.

How to Prepare Beforehand:

  • Fully read and absorb key content on the company’s website, including:
    • Office locations and ballpark number of employees
    • Names and titles of senior management
    • Names, titles, and background of people you will be interviewing with (including their LinkedIn page!)
    • Mission Statement
    • Company history
    • Recent important news, press releases and/or events
  • Have fresh copies of your resume and any other requested documents
  • Reflect and refresh yourself on your job history and experiences. Have examples prepared of your ability to overcome adversity, work independently and in a team environment, and specific ways your skills and experience match the job
  • Refresh yourself on what your day-to-day is like in your current job and what you are truly an expert in (could be technical skills as well as situational)
  • Have a compelling and sincere reason as to why you want this position at this company. The hiring manager will respond to personality, energy and motivation as much as how technically able you are.
  • Prepare a few questions so you come across as engaged and interested in both the role and company.

Day-Of Essentials

  • Have your resume and any other requested documents with or in front of you
  • Wear a suit, even if it is a phone interview. This will make you feel more confident and in turn your speech and language will come across at a higher level than if you were sitting on your couch in sweatpants.
  • Do not arrive more than 5-10 minutes before the interview and treat everyone you meet with a friendly demeanor. You never know if the hiring manager(s) will ask the receptionist his/her opinion of you or how you behaved.
  • Great the hiring manager with a smile and firm handshake. If a phone interview, smile and answer “This is {your name}.”
  • Answer every question to the best of your ability and do your best to let your personality, ambition, motivation and technical skills match you to the role and company.

 Make Your Impression A Lasting One

  • Follow up with a thank you note for each person you met during your interview. Reiterate your interest in the position and company and why you see yourself successful in their culture and environment.