25 minute read
Kudos | members in the news
Joseph Boucher Mitch Davis Jeffrey Lemmermann
Joseph Boucher, CPA, MBA, JD, founding shareholder of the Madison law firm of Neider & Boucher S.C., was awarded the Excellence in Entrepreneurial Education award by the Wisconsin Technology Council, recognizing his career in law, accounting and teaching and his decades-long support for the startup and investing sectors in Wisconsin. Erin Breber, CPA, a senior manager with SVA Certified Public Accountants, has been named a Rising Star in Finance and Accounting by the Biz Times of Milwaukee. Mitch Davis, CPA, MPA, a senior manager with Wegner CPAs, has been named a Rising Star in Finance and Accounting by the Biz Times of Milwaukee. Connie DeKemper, CPA, has been hired by Yavapai County, Arizona, as their new finance director. Keith Jochims, CPA, chief financial officer at QPS Employment Group, Brookfield, has been named a 2021 CFO of the Year by The Milwaukee Business Journal. Paul Krejcarek, CPA, MBA, has joined Fisher Barton, a leading metallurgical science innovation company based in Watertown, as chief financial officer. Richard J. Kutch, CPA, has joined the Racine CPA firm of Berkley, Iselin, and Lotz SC as a new partner.
Jeffrey Lemmermann, CPA, CITP, CISA, CEH,
information assurance auditor and consultant for SynerComm Inc., on Wednesday, Nov. 3, presented a session on “Business Email Compromising Terrorism” as part of UW–Green Bay’s “Countering Terrorism” community training program. Mark Linzmeier, CPA, owner of Linzmeier Business Solutions LLC, shared his insights in an interview for a recent article in Ag Update, an online source for agriculture and farming news. Christine Robinson, CPA, has been promoted to partner in the audit and assurance practice at Deloitte in Milwaukee. Patti Schauer, CPA, MBA, SPHR, chief financial officer at Core Creative Inc., Milwaukee, was named a CFO of the Year by The Milwaukee Business Journal.
Patti Schauer Tim Seidel Tom Weller
Mark Scheunemann, CPA, owner at Legacy Accounting & Financial Services LLC, Wisconsin Rapids, has joined the Prevail Bank board of directors.
Tim Seidel, CPA, MPA, has been promoted to partner with Wegner CPAs. He has been with the firm since 2009. Tony Staniak, CPA, will be promoted to CFO at Quad/ Graphics Inc., effective Dec. 31. Eli Steimle, CPA, was promoted to regional president at Bank First, headquartered in Manitowoc. In April, Steimle founded Hipp Juice, an unpasteurized cold press juice bar committed to enhancing the health movement in in the Manitowoc community. Joseph Toonen, CPA, COO/CFO of PRN Home Health & Therapy LLC, has joined the board of directors of Worzalla, an employee-owned printing company specializing in highquality custom products, including books for children and coffee table books.
Matt Vanderloo, CPA, a principal and shareholder with SVA Certified Public Accountants, has been promoted to CEO of the SVA Companies. Robert Wedel, CPA, MBA, has joined the law firm of Davis|Kuelthau s.c. as director of finance. Tom Weller, CPA, PMP, has been promoted to senior director at Oracle, in the Advanced Customer Services business unit.
ORGANIZATION NEWS
Hawkins Ash CPAs, a full-service regional CPA and business advisory firm, announced in August that Roberts, Ritschke & Tyczkowski, Ltd. (RR&T), Neenah, would be joining them effective September 1. The addition of RR&T expands Hawkins Ash to seven offices in Wisconsin, three offices in Minnesota, 20 partners and more than 160 professionals serving clients throughout the United States.
Want your new job, promotion or award mentioned in Kudos?
H Email your announcement and photo in JPG format to mtzinzow@icloud.com. H
The Next Normal: Preparing for a Post-Pandemic Fraud Risk Landscape
An organization’s fraud risk landscape is constantly evolving, and ongoing assessments can be the key to protecting your organization from all sorts of fraud threats. But this moment is different — and it’s critical for companies to take steps to be proactive.
State of fraud
Fraud is like an iceberg: Its deceptive nature means that it is unknown until discovered, and some of its greatest threats lie beneath the surface. The Association of Certified Fraud Examiners (ACFE) estimates that organizations around the world lose an estimated 5% of their annual revenues and funding to fraud. Applied to the 2019 Gross World Product (GWP), this amounts to $4.3 trillion in potential global fraud losses. Due to new government funding and the changing work environment, fraud is on the rise in frequency and in cost. In fact, a recent joint survey by
By James D. Ruotolo
Grant Thornton and ACFE revealed that 71% of organizations expect the overall level of fraud to increase over the next year. On top of that, risks continue to shift as technology and security evolve, which provides threat actors the opportunity to create and sell new methods and penetrate organizations from the inside or outside. To combat these threats, organizations need to keep an eye on both internal and external fraud threats to devise a mature anti-fraud framework. While the pandemic has brought attention to many external fraud schemes, internal fraud risks remain. Statistically, the most well-respected employees are four times more likely to commit fraud than someone with a poor reputation. Fraudsters are also more likely to have been with their organizations a long time — and the longer they’ve been there, the more they tend to take. Surprisingly, only 4% of perpetrators have a prior fraud conviction, so background checks alone are not sufficient to pick up red flags. The most important tip for profiling fraudsters is to be emotionally intelligent and be aware of employees who display increased rationalizations for behaviors, changes in lifestyle or uncommon patterns like increased privacy or social anxiety. Fraudsters are displaying increased technical know-how, and they have expanded their arsenal to more commonly include credential-stuffing, web conference hacks, creating fictitious audio and video (“deep fakes”), DIY fraud “how-to” guides and system hacks wherein they sell stolen data on the dark web. In fact, dark-web activity has skyrocketed over the past few years. The dark web offers anonymity to bad actors to conduct their illicit business. Every second, 69 records are stolen or lost — and a majority are ending up for sale in darkweb marketplaces to be bought and used for future crimes.
Internal fraud risk
Insiders have so much access to data that it’s easy for them to take advantage of organizations. Keeping what we call the Fraud Triangle in mind (more on that later) can help identify these perpetrators early. At some point, at least 85% of all fraudsters exhibit at least one behavioral red flag. A troubled economy and the shift to remote work brought on by COVID-19 has also created new fraud opportunities. Added financial pressure due to unemployment and rising health care costs may cause some fraud actors to rationalize that they are protecting their families or trying to make ends meet. They might even feel entitled because they’ve been working hard under stressful conditions.
Cyberthreats
Cyberthreats in particular are on the rise as over 70% of the workforce operates remotely. Cyber and ransomware attacks are up substantially since the onset of the pandemic. A lack of control over home networks, inconsistent monitoring, increased personal device usage, relaxed enforcement and a shift to crisis management have all contributed to the rise in cyberfraud. Knowing the growing trends and profiles of fraudsters can help improve fraud risk identification and the maturity of an anti-fraud framework.
Fraud risk identification
Understanding the types of fraud your organization is vulnerable to is imperative to developing the right antifraud controls. A key first step is developing a fraud risk map that identifies potential fraud schemes and other related information for each scheme, such as the type of fraud actor and fraud risk entry points. The map should consider external and internal fraud, whether individual or collusive. When generating or updating a fraud risk map, it helps to “think like a fraudster” with the Fraud Triangle in mind. (See graphic.) The Fraud Triangle is a useful model for explaining the factors that cause individuals to commit fraud and can be useful when identifying fraud schemes.
When identifying fraud schemes, consider the perpetrator and the fraud risk entry points (e.g., the function or process the actor capitalizes on to carry out the fraud scheme). And do so in a group — brainstorming sessions on how one can penetrate the organization at every level are a great way to deepen your understanding of the fraud risk landscape. Extrapolating the information into potential fraud schemes can help you effectively understand the types of fraud your organization is most vulnerable to.
Response to emerging risks
Organizations should implement simple, cost-effective anti-fraud controls to mitigate their fraud risks. The top control weaknesses are lack of internal controls, lack of management review and the override of existing controls. These can all be addressed with consistent communication of an organization’s culture and by promoting a clear tone at the top, as well as performing ongoing evaluations of controls, conducting reviews and revisions of fraud detection programs, and the regular communication of fraud risks. Another key tool is fraud training and awareness. The trainings should cover topics such as behavioral red flags, the punishment for dishonest acts, how to report fraud, how fraud damages the organization and how to identify financial and transactional red flags. These trainings could save organizations money, support employee morale, alert employees to red flags, support the tone at the top, strengthen prevention and detection and reinforce reporting channels. To further enhance your anti-fraud framework, you can also utilize industry-leading frameworks such as the Committee of Sponsoring Organizations’ Fraud Risk Management Principles1 and “The Anti-Fraud Playbook”2 developed by the Association of Certified Fraud Examiners in coordination with Grant Thornton. These two guides provide practical tools for building impactful anti-fraud programs.
Call to action
It is up to organizations themselves to be aware of their fraud risk landscape and to adapt to the ever-changing environments they operate in. Complacency will always be a silent killer, but understanding the weak links and the evolving threats can help stop the bad guys from winning at the end of the day. Lastly, communication is key, and a great corporate culture is a core anti-fraud asset. At all levels, your employees’ morale has a direct impact on the success of your anti-fraud program. Your employees have a voice, and they can play a major role in detecting and preventing fraud. You should listen to them.
James Ruotolo, CFE, is a senior manager in the fraud & financial crimes practice at Grant Thornton LLP. He is a certified fraud examiner, the co-inventor of two patented fraud detection models, and a frequent author and speaker on fraud analytics technology. Contact him at james.ruotolo@us.gt.com.
You're Not Alone With Wiley
We've got you covered with our awardwinning learning platform, up-to-date study materials, and top professors like Pam Smith
9 out of 10 Wiley CPA candidates pass all 4 section of the CPA exam on their first try - we've already helped nearly a million users succeed!
www.efficientlearning.com/partner/wicpa
1 https://www.coso.org/documents/coso-fraud-risk-management-guide-executive-summary.pdf 2 https://www.acfe.com/uploadedFiles/ACFE_Website/Content/fraudrisktools/Antifraud-Playbook.pdf
Interpretations of the National Labor Relations Act (NLRA) have ebbed and flowed based on the composition of the National Labor Relations Board (NLRB). With the Biden administration selecting its NLRB membership, there will be changes in interpretation coming. On August 12, new General Counsel (GC) Jennifer Abruzzo issued General Counsel Memorandum GC 12-04, Mandatory Submissions to Advice, 1 identifying issues that she believes warrant a fresh look. The memo identifies areas where change in interpretation can be expected and serves as a roadmap for employers to review. NLRB case law is expected to follow GC Abruzzo’s priorities and goals in establishing labor policy. Below are several of the key issues suggested for re-evaluation.
Employee handbook rules
The NLRB has long held that facially neutral workplace rules — rules that do not on their face restrict union or protected concerted activity — may be unlawful if they interfere with employees in exercising their NLRA rights. Prior precedent often subjected many common workplace rules to close scrutiny on a case-by-case basis. In The Boeing Co., 2 in an effort to provide clarity and predictability, the NLRB created a new framework for determining the legality of workplace rules and handbook policies, placing the rules into three categories: (1) presumptively lawful rules, (2) rules requiring a case-by-case analysis and (3) unlawful rules. Under this new framework, the NLRB classified a number of rules as presumptively lawful on subjects such as confidentiality, nondisparagement, social media, media communication, civil and respectful conduct, offensive language and no-camera rules. GC Abruzzo plans to re-examine cases involving the application of Boeing. Employers can anticipate that workplace rules on subjects such as those listed above will be subject to closer scrutiny. It is important for employers to review their employee handbooks and published policies for areas of exposure. Simple changes in language may mean the difference between a fully enforceable policy and a policy that will subject the employer to damages for unlawful conduct. Remember, this is not a union/employer issue, and the NLRB is a viable source for the adjudication of employee termination and dissatisfaction issues in nonunion employer situations.
Management rights and unilateral changes
Collective bargaining agreements (CBA) routinely include management rights clauses that allow the employer to take unilateral action with respect to certain terms and conditions
By Robert J. of employment without first bargaining with the union. For Simandl, CPA, JD and many years, the NLRB employed a “clear and unmistakable waiver” standard3 for determining whether a CBA permitted an employer’s unilateral change under a management rights clause. This standard required that the CBA contain a great degree of specificity as to the matter on which the union has agreed to waive its decision rights as well as its waiver of the right to discuss the consequences of the decision on the employees. If the CBA failed to specifically refer to the type of employer decision at issue, the NLRB’s position was that no clear and unmistakable waiver existed. This exacting standard rendered most management rights clauses unenforceable unless they John A. Rubin, JD contained an arguably unrealistic degree of specificity. This standard was abandoned in MV Transportation. 4 There the NLRB abandoned the clear and unmistakable waiver standard in favor of a “contract coverage” test, allowing a CBA to be interpreted using ordinary principles of contract interpretation to allow an employer to take unilateral action. For example, under the contract coverage standard, if a management rights clause permits the employer to implement rules and policies, the employer may be able to make unilateral changes on a wide range of workplace policies without bargaining with the union. By contrast, under the clear and unmistakable waiver standard, specificity as to the waived right would be required, at a minimum, to take unilateral action. It is anticipated that GC Abruzzo will restore the clear and unmistakable waiver standard. Employers should be cautious in relying upon generalized language in a CBA to take unilateral action. A re-evaluation of bargaining strategies and objectives should be undertaken to assess the potential risks associated with unilateral acts in the operation of the business.
Other areas of anticipated change
The Trump-era NLRB-issued decisions were perceived to be more employer-friendly. GC Abruzzo will likely seek to overrule or limit those decisions in favor of greater protection of employee rights. GC Abruzzo will also be seeking to revisit other precedent to expand the scope and coverage of the NLRA. Charges will be brought against employers who may have relied on past NLRB pronouncements. Employers are well advised to revisit policies and practices to assess the following:
• Lawfulness of workplace investigative confidentiality rules5 • Scope of activity viewed as protected for mutual aid and protection6 • Employee use of employer email and IT systems for union organizing7 and communications • Lawfulness of separation agreements containing confidentiality and nondisparagement clauses8 • Degree and type of evidence of motive required to prove an unlawful discharge or discipline9 • Standards for the extent to which offensive or abusive conduct remains protected10 • Definition of “employee” versus “independent contractor”11 • NLRA jurisdiction over religious institutions12 and employee rights to organize • Whether and under what circumstances an employer, when presented with “authorization cards,” may decline to recognize the union and insist on an election13 Revisiting current policies and positions, including policies on maintaining union-free status, may minimize liability or undesired outcomes.
5 See Apogee Retail LLC d/b/a Unique Thrift Store, 368 NLRB No. 144 (2019); see also Watco Transloading, LLC, 369 NLRB No. 93 (2020). 6 See Alstate Maintenance, LLC, 367 NLRB. No. 68 (2019). 7 See Rio All-Suites Hotel and Casino, 368 NLRB No. 143 (2019). 8 See Baylor University Medical Center, 369 NLRB No. 43 (2020). 9 See Tschiggfrie Properties, Ltd., 368 NLRB No. 120 (2019); see also Electrolux Home Products, 368 NLRB No. 34 (2019). 10 See General Motors, 369 NLRB No. 127 (2020). 11 See Velox Express, Inc., 368 NLRB No. 61 (2017). 12 See Bethany College, 369 NLRB No. 98 (2020). 13 See Joy Silk Mills, Inc., 85 NLRB 1263 (1949).
Robert J. Simandl, CPA, JD, is a shareholder with von Briesen & Roper s.c. Contact him at 262-923-8651 or rsimandl@ vonbriesen.com. John A. Rubin, JD, is an attorney in the Labor and Employment Section at von Briesen & Roper. Contact him at 262-923-8655 or jrubin@vonbriesen.com.
Mandatory COVID-19 vaccines in the workplace
On July 6, 2021, the U.S. Department of Justice (DOJ) opined that mandatory workplace vaccine policies are permissible under the federal Food Drug and Cosmetic Act (FDCA). Section 564 of the FDCA permits covered employers to impose COVID-19 vaccination as a condition of employment even when the vaccine is subject to Emergency Use Authorization. This opinion applies to both public and private employers outside the context of the armed forces. The DOJ emphasized that vaccine mandates are not coercive: They do not strip employees of their rights to refuse or accept a vaccine. Rather, they provide employees with information on the conditions for employment with the employer. Although Section 564 states that recipients must be informed of “the option to accept or refuse administration” of the vaccine, Section 564’s mandates are merely informational. The employer meets the requirements of law under the FDCA when it provides notice to the employee of the employer’s expectations for employment. As with other conditions of employment, discipline up to termination can be an acceptable consequence for employee refusal to adhere to an otherwise valid employer vaccination policy. Employees can freely choose to accept or refuse a COVID-19 vaccine but will need to work elsewhere if they refuse vaccination against the employer’s policy. This information should be clearly set forth in the employee communication. There have been several other federal directives issued since the DOJ opinion that are more global in reach. While executive orders can be effective immediately, others will take time to produce legal expectations for employers. It is suggested that employers evaluate the legal dictates that may be applicable to them and review or set acceptable policies that are consistent with the anticipated requirements for legal compliance. Now is the time to consider the strategies and expectations to achieve legal compliance. Whether aggressive or passive approaches are desired, an assessment of vulnerabilities and the creation of a plan of action will be crucial for employers in the near future. — Simandl and Rubin, von Briesen & Roper s.c.
YOUR WISCONSIN TAX RESOURCE
The Tax Section of von Briesen & Roper, s.c. has the knowledge and experience to address any state and local tax matters. Our strategic approach to state and local tax issues allows us to minimize the impact of property tax valuations and assessments, provide tax audit support, handle Resolution Unit appeals, litigate cases in the Wisconsin Tax Appeals Commission and resolve collection issues. The bottom line? We get results.
To learn more about our Tax Section, please contact Robert Mathers at rmathers@vonbriesen.com.
vonbriesen.com/tax
Tech-Driven Audit Approach:
What You Need to Know
By John Colthart
Deciding on the best audit approach isn’t a cookiecutter process. While a long-standing relationship with a client or in-depth industry knowledge can give auditors a leg up, defining an effective audit approach requires careful consideration and planning for every engagement. After all, your audit teams understand that every client is unique. So, deciding on the best ways to approach an audit will be, too. Everything from the client’s objectives and business operations to known or unknown risks, internal controls and much more will determine how you and your team go about any particular audit. However, there’s something else you may need to think about that often goes unmentioned: the role of technology in your audit approach. As this pandemic continues to propel widespread digital transformation and standards evolve to embrace new technologies, there is a growing need for auditors to consider updating their audit methodology, too. After all, a tech-driven audit approach can not only help auditors work more efficiently, but it may also allow them to deliver greater value to their clients. Whether it’s AI auditing software or other financial automation tools, technology serves to complement traditional auditing processes and lays a foundation for even better financial insights over time.
How does a tech-driven audit approach differ from a traditional audit?
A tech-driven audit approach considers the use of technology right from the get-go. It means there’s already some level of buy-in from management about auditing technologies, so your people are trained on the tech you’re using. You might even have data-handling processes set up to fully leverage the capabilities of the new auditing solution. While reaching this level of technological adoption might seem overwhelming, it shouldn’t have to be. With a little support on your side from the right vendor and a solid change management plan, you’ll be able to easily trial new technologies and reach higher levels of adoption at your own pace. Then, as you go into new audit engagements over time, it’ll become second nature for you to think about the role of technology, how it will complement your existing methodologies and how it may support your resources. From the planning stages right through to completion, you’ll consider how to automate manual tasks, get extra validation and assertion and perhaps even uncover new insights that are buried in the mounds of client financial data.
In other words, implementing a tech-driven audit approach means you’re thinking ahead about how to best use the technology to deliver a quality audit. And you’re identifying the specific procedures or tasks where the auditing technology will be most beneficial.
What are the key factors to consider in a techdriven audit approach?
Defining a tech-driven audit approach isn’t entirely different than a traditional one. It just requires another layer of consideration about how the technology fits into your methodologies. Below, we’ll explore what a tech-driven audit approach might look like and the areas where technological considerations can be made.
Whether you use technology in your audit or not, getting to know your client is a given. You’ll need to consider the industry they’re in, their business operations, their audit objectives and other unique factors that pertain to the organization to achieve an effective assessment. When defining objectives, it’s also important to consider those beyond the financial statement audits. In fact, in a recent Deloitte report, 95% of the 351 C-suite, finance and Audit Committee executives polled said that audits should provide additional value beyond an independent report on the historical financial information. Essentially, clients are looking for deeper insights, analysis and recommendations. When you implement a tech-driven audit approach, your audit team will be able to automate manual tasks and work more efficiently. That’ll allow you to assign extra resources to added-value services such as helping your client uncover new insights. Using technology, you’re essentially able to broaden your service offering and point your clients toward new opportunities that will positively impact their business. At this stage, you’ll also need to understand what financial software your client is using and how you’re going to best access the information you need. With all this in mind, here are a few questions to ponder to map out your tech-driven audit: • How will the technology you’re using offer your clients more insights and value beyond the initial scope of objectives? • Can your auditing technology support remote audits?
Does the technology you have enable easy access to the financial statements and information? • Does the technology ensure full ownership over the data and keep your client’s financial information secure?
Conducting the preliminary risk assessments
Identifying risks of material misstatement and their relative significance is an integral part of defining your audit approach. When you have a good understanding of the potential risks at play, you’re better able to plan for and execute a comprehensive and high-quality audit. At this stage, auditors will look over balance sheets and income statements to spot any obvious inconsistencies. They might also dive into subledger data and run some preliminary testing on journal entries. The challenge here is that a traditional audit approach will leave so much data untouched and unexamined. In a tech-driven audit approach, this is a key area where your audit technology can really make a difference. For instance, if you’re using an AI auditing platform, you’ll be able to test 100% of your client’s financial data and dive into accounts receivable and accounts payable subledgers to see if any other anomalies stand out. This allows your team to conduct a deeper level of preliminary risk analysis and potentially uncover risks that weren’t on your radar. Consider the following on risks assessment when building a tech-driven audit: • How can you use your auditing technology to get a clearer picture of the financial risks? • Does your technology allow you to filter results and dive into your client’s financial data to get a better understanding of those risks?
• If you save time by automating risk assessment procedures, where else can you apply resources to offer your clients more value?
Evaluating the company’s internal controls
Evaluating the effectiveness of the company’s internal control over financial reporting is another critical component in your audit. Your auditors will likely perform a series of tests to validate how well internal controls are being upheld within the company. In a tech-driven audit approach, the technology can either complement or replicate manual testing procedures to achieve higher levels of assurance. The technology might also point your team to riskier data that will then open up new conversations with your clients about potential weaknesses in internal controls. For example, our AI auditing software automatically identifies control points to spot high-risk transaction data. The auditing team can also adjust these control points and use other capabilities within the platform to recreate traditional control testing models. All of this will allow your team to move forward with greater confidence in the audit engagement while ensuring high levels of accuracy and diligence. Here’s more to think about: • Does your technology complement internal control testing or replicate manual processes? • What control testing models can you effectively carry out using your technology? • Can you adapt control points and testing to different clients and industries?
Building the plan for the audit engagement
Putting together the audit plan outlines why, how and when you’re going to execute the audit procedures. These include everything from the planned nature, timing and extent of risk assessment procedures; controls tests; substantive procedures; and any other relevant audit tasks. When putting together the audit plan, an auditor will usually provide examples and reports that justify why certain procedures will be critical for the audit. In a tech-driven audit, it’s important to consider how your technology can back up your findings and assessments and help you build a more complete plan. This could include exporting powerful visual graphs and data that support your audit plan and substantiate the details of specific procedures. Ultimately, this gives the client a snapshot view of where the auditors have identified risks and why certain procedures are warranted. Here are some tech-focused questions to consider when creating your audit plan:
• Does your technology allow you to easily export information to build a better audit plan? • Can you customize graphs or visuals to support the findings of your preliminary risk assessment? • Can you easily share information with your client to help steer conversations about the audit plan or other potential opportunities?
Are you ready to embrace a tech-driven audit approach?
The role of technology in audits is growing every day. Not only are more auditors embracing new tools such as AI auditing software to support their audit strategies, but industry standards are also evolving to accommodate higher levels of automation in audit practices. Even the AICPA has announced the Dynamic Audit Solution Initiative, promising to create a new, innovative process for auditing using technology. Auditors who stick with the traditional audit approach for fear of change are going to be left behind.
John Colthart is SVP of Strategic Insights for MindBridge, a company that supports clients through the technology adoption process and offers value-add services to help reach companywide success.
This article reprinted with permission from the Connecticut Society of CPAs.
