SaaS Security is Not a Threat, Your Client Is
Accountants need to protect their CPA license, just as lawyers have to avoid the risk of being disbarred, and physicians must shun a variety of activities that may lead to their medical license being revoked or suspended.
The CPA license attests to protecting the public interest by providing reasonable assurance of a baseline level of technical knowledge and skills in the accountant delivering the service. In the current SaaS era, how do CPAs protect their license when clients expect to login to their general ledger at any time on demand, print reports regardless of completeness, then represent to investors and creditors as prepared by their CPA of record?
When the revenue data, but not all the expense data is included in the general ledger because the accountant does not yet know of the additional expenses, a condition under the client’s control, profitability is overstated which misrepresents the picture to investors and creditors who believe a CPA has prepared the report. When investors and creditors provide capital to a company based on incomplete or inaccurate financials…who is to blame?
In the fast-moving, venture-funded technology environment where young, tech-savvy CEOs expect instant gratification in a self-service setting, this risk is very real. Earlier this year, I listened to a panel of young emerging CPA firm owners who were asked what risk they worried about in the SaaS environment. While one firm owner brought up the potential risk of data security breach, no one brought up this risk of simple misrepresentation. Are we at risk of being robbed through the open front door while focused on the locked back door?
The problem is not data center security or the security in these SaaS applications that you and your clients are working in. The problem lies in the client access and ability to change the general ledger any time they want even after the CPA has closed the books.
It regularly happens, especially in industries or companies where the business owner needs to show better financials than reality for funding. It happens every day. And who is blamed when an audit occurs? The CPA.
The endless cycle of blame game against the accounting professional needs to stop. But when will it stop? When we identify the true risks to our profession and start making changes in the way apps work so that they protect us, not make our firms vulnerable.