www.naplia.comCopyright 2013

Risk ManagementRisk ManagementStephen Vono, Principal

NAPLIA

Copyright 2013www.naplia.com

The Risk EnvironmentThe Risk Environment• Culture• Risk Assessment: Employee & Client• Engagement Letters• Fraud• Cyber Risk

Copyright 2013www.naplia.com

Culture

Copyright 2013www.naplia.com

Risk Assessment: Employee & Client

• First line of defense• New client acceptance forms• Predecessor accountants• Background checks

Copyright 2013www.naplia.com

Engagement Letters• Second line of defense• Comprehensive contract: not a fee agreement• Purposes:

– Define scope of engagement– Mutual responsibilities– Provide for contingencies– Prevent differing expectations

Copyright 2013www.naplia.com

Percentage of Audit Claims(By Source of Claim)

Copyright 2013www.naplia.com

Who Commits Fraud?

0

10

20

30

40

50

60Percent

Employees Management Owners

Position in the Organization

Copyright 2013www.naplia.com

Who Commits Fraud?

0

100

200

300

400

500

600

700

800

900

Employees Management Owners

Median Loss by Position

Copyright 2013www.naplia.com

Employee Fraud(Opportunity)

• Experienced employee• Lack of segregation of duties• Uninterrupted service–Annual vacations not required

• Weak management oversight

Copyright 2013www.naplia.com

Client Risk Assessment(Centralizing the Process)

• Risk assessment committee• Must be willing to reject prospects and

terminate existing clients

Copyright 2013www.naplia.com

Cyber Liability

Copyright 2013www.naplia.com

First Party vs. Third Party

Employees

Accountant/Owner

ClientNon-client

First Party Third Party

Copyright 2013www.naplia.com

Professional Liability vs. Legal Liability

Copyright 2013www.naplia.com

Notification Letter• WISP• Notification laws• Best practices policies– Portal usage

Copyright 2013www.naplia.com

Thank you!

www.naplia.com

Stephen VonoSteveV@naplia.com linkedin.com/in/stevevono @naplia