Reading summary

profileRpsenhztt
readings.pdf

Print

Interviewing as an Auditing Tool

By Linda M. Leinicke, Joyce A. Ostrosky, W. Max Rexroad, James R. Baker, and Sarah Beckman

FEBRUARY 2005 ­ In response to the increased emphasis on fraud prevention, deterrence, and detection connected with recent corporate failures, the AICPA issued Statement on Auditing Standards (SAS) 99, Consideration of Fraud in a Financial Statement Audit. SAS 99 is effective for periods beginning on or after December 15, 2002, and it significantly changes how CPAs must consider fraud in their audits of financial statements. In light of this increased emphasis on uncovering fraud, auditors may want to consider the benefits of interviews as an audit tool.

Interviews are a useful audit tool to gather information about internal controls and fraud risks for several reasons. First, employees involved in the day­to­day operations of a functional area possess the best knowledge of that area. They are in an excellent position to identify weak internal controls and fraud risks. Second, although most employees are not directly involved in fraud, they may have knowledge of suspected, or actual, frauds that interviews can bring to light. Third, employees may be reluctant to tell management about needed internal controls and suspected or actual fraud, even when a company has an ethics hotline, a compliance officer, or other reporting mechanisms. When interviewed, however, employees are often willing, even relieved, to talk about these issues.

Obtaining the Information Needed

A primary difference between SAS 82 and SAS 99, which superseded it, is that the latter includes expanded requirements for inquiries of management. Making inquiries of management is important because senior management is often in the best position to perpetrate and conceal fraud. In obtaining information necessary to identify the risk of fraud in a financial statement audit, SAS 99 requires auditors to ask the following questions:

Does management communicate its views on ethical business behavior to its employees? Does management have programs and internal controls designed to prevent, deter, and detect fraud? Does management discuss with the audit committee of the board of directors how its internal control system serves to prevent, detect, and deter fraud? Does management understand the fraud risks specific to its business? Does management monitor fraud risks relevant to specific components or divisions within the entity? Does management have any knowledge or suspicion of fraud? Is management aware of any allegations of fraud?

In addition to management inquiries, SAS 99 also requires an auditor to inquire of the audit committee and of internal audit personnel about their views on the company’s fraud risks. Significantly, SAS 99 mandates that other individuals within the company also be questioned about the risk of fraud. Paragraph 24 of SAS 99 states:

The auditor should use professional judgment to determine those others within the entity to whom inquiries should be directed and the extent of such inquiries. In making this determination, the auditor should consider whether others within the entity may be able to

9

provide information that will be helpful to the auditor in identifying risk of material misstatement due to fraud.

SAS 99 suggests that auditors inquire of operating personnel with varying levels of authority, of in­ house legal counsel, and of others knowledgeable of fraud risk. Because employees are often aware of where specific fraud risks lie, auditors should understand employees’ views on the risk of fraud. Additionally, auditors should look for discrepancies in information received from various interviewees. Unusual situations or conditions identified through interviews with management and others can be revealing.

The Mechanics of a Good Interview

Inquiries of management and others in the form of fact­finding interviews can be highly effective in obtaining “the information needed to identify the risks of material misstatement due to fraud” (SAS 99). For these interviews to be useful, effective, and efficient, the following techniques are recommended.

Training. Audit staff must be trained in how to conduct an effective fact­finding interview. Conducting professional interviews is a learned skill; only through training and practice does one become proficient at it. Generally, a three­to­five­day training course will be necessary to get an auditor started. Then, the more interviews auditors conduct, or observe along with a skilled interviewer, the better they will become at interviewing. A combination of both classroom training and on­the­job training is another excellent approach. CPAs that already possess good interpersonal and verbal communication skills are ideal candidates.

The AICPA’s CPA2Biz (www.cpa2biz.com) offers interviewing courses such as “Finding the Truth: Effective Techniques for Interview and Communication.” Additional interview training resources include the Association of Certified Fraud Examiners (www.cfenet.com) and the Institute of Internal Auditors (www.theiia.org).

Interviewing versus interrogation. Understanding the difference between an interview and an interrogation is important. The typical audit interview is a question­and­answer­formatted discussion normally conducted at the interviewee’s workstation. The purpose of the interview is to learn new facts or to confirm previously obtained information. An interrogation, or “truth­seeking interview,” is in many ways the opposite. The primary difference is the state of mind of the interviewee. In an interview, the interviewee is generally a willing participant assisting the interviewer in the process of determining the facts. An interrogation occurs only when a suspected fraudster has been identified. The interviewer’s task is to persuade the individual to admit to an act or omission that he has no intention of divulging.

Interviewing requires the ability to organize thoughts and discussion along a logical path. Interrogation requires those skills coupled with the ability to persuade an individual to say something that runs contrary to his survival instincts.

Conducting the interview. The interview should have a tone that is formal, friendly, and nonthreatening; should follow a predetermined structure; and should result in meaningful fact­finding. An interviewer should prepare a set of questions and an introductory statement that explains the purpose of the interview. This preparation will set the tone for a serious, purposeful, and effective interview.

The interviewer should be matched to the interviewee. Building a rapport with an interviewee is partially a function of who interviews whom. For example, it is more difficult for a staff auditor to build rapport and connect with an intimidating CEO or CFO than for the engagement partner to do so. But for the engagement partner to conduct every interview is simply not cost­effective, so partners or

10

experienced audit managers might interview most senior management. Managers, seniors, and staff accountants can be matched to other interviewees, as appropriate.

The interview should always be conducted in private. If the interviewee’s workstation is not sufficient, then the interviewer should use a meeting room. An interview is most successful when the subject is comfortable and at ease. Most people are more comfortable in their own work environment and when they can answer questions without concern that a coworker might be eavesdropping.

It is essential in the early part of the interview for the auditor to build a rapport with the interviewee in order to encourage an open discussion. Structuring questions to progress from the general to the specific allows the interviewer to first build a rapport, and then observe changes in an interviewee’s behavior that may signal a suspicious or sensitive topic as the questions become more focused. Skilled interviewers are always cognizant of indicators of deception that may be displayed by any individual attempting to mislead the interviewer. False statements, however, are not always indicators of fraud; they may be covering up an individual’s perceived personal or professional deficiencies.

Making a false statement during an audit interview is stressful for most people. When a false statement is made, the interviewee releases the stress verbally, nonverbally, or in both ways. Indicators of deception vary from individual to individual. They can be as subtle as a change in voice tone or as obvious as a sudden change in complexion. A skilled interviewer must be trained to identify these indicators and have a thorough understanding of their potential significance.

Because the main purpose of the fact­finding interview is to seek information, open­ended questions should be emphasized. Questions should be structured to encourage the interviewee to volunteer information. For example, “What internal control problems do you have in your department with respect to cash receipts?” will likely provide more information than the closed­ended question, “Are all daily cash receipts deposited intact?” Interviewers should be good listeners and never interrupt an open­ended response. One of the last questions asked in each interview should be very open­ended; for example, “Is there anything else you would like to tell me regarding the operations of your department?” or “Have I failed to discuss an important topic with you?” Joseph Wells, chairman and founder of the Association of Certified Fraud Examiners, advises that the last question should be whether the interviewee has participated in any fraudulent activities against the company. Asking this question provides documentation that may prove invaluable if a lawsuit involving financial statement fraud or asset misappropriation occurs later.

To minimize legal risk, auditors should gear the discussion solely toward fact­finding questions or statements and away from accusatory questions or statements. For example, asking, “Have you stolen any inventory from the company?” is acceptable, but asking, “You have stolen inventory in the past from the company, haven’t you?” is not, due to the embedded accusation.

Interview Subjects

SAS 99, paragraph 6, identifies the two types of fraud that auditors should be aware of as “misstatements arising from fraudulent financial reporting and misstatements arising from misappropriation of assets.” As a result, inquiries should be directed toward individuals concerned with financial reporting as well as those with direct or indirect access to the company’s assets.

The CEO and the CFO should be carefully interviewed by a partner or experienced audit manager about their knowledge or suspicion of fraud. These executives have the power to override internal controls, and therefore are in a position to perpetrate and conceal fraud. Their administrative assistants may be privy to sensitive information and may suspect or be aware of fraudulent activity, and should also be

11

interviewed. Individuals may be aware of fraudulent activities but not disclose them unless specifically asked.

Fraudulent financial reporting. To obtain information about misstatements arising from fraudulent financial reporting, the following people could be interviewed: the controller; all employees involved in “initiating, recording, or processing complex or unusual transactions”; and the vice president of sales and selected subordinates.

Financial statement fraud is usually due to the overstatement of sales revenues. The vice president of sales and the sales staff could be under direct pressure to misrepresent sales transactions for individual or company­related purposes. According to SAS 99, paragraph 41, “the auditor should ordinarily presume that there is a risk of material misstatement due to fraud relating to revenue recognition.”

Misappropriation of assets. When inquiring about the possibility of financial­statement fraud due to misappropriation of assets, interviews should be conducted with employees that handle cash, which is frequently misappropriated. Employees involved in inventory management are knowledgeable about proper inventory control procedures, and they could be aware of any inappropriate handling of inventory. Employees involved in purchasing may be aware of kickbacks, fictitious vendors, and similar schemes. Employees involved in similar areas with direct or indirect access to significant corporate assets should be interviewed as well.

Interview the CEO first. Although senior management may be in the best position to perpetrate fraud, employees in lower positions are often aware of such fraud. Auditors should interview senior management first, and then follow the corporate ladder downward. The audit committee must be aware of, and approve of, the use of interviews as an audit technique. In addition, if the CEO is informed of and endorses the use of fact­finding interviews, his approval can be conveyed to subordinates, who would then be more likely to cooperate. Auditors do not want the CEO to be blindsided about interviews being used to obtain information about the risk of fraud. The engagement letter should indicate that the audit team will use fact­finding interviews to help identify the risk of material misstatement due to fraud.

Documenting the Interview

During an interview, note taking is a function of the style and memory of the interviewer. A consistent pattern of note taking—either taking many notes or taking very few notes—should be maintained throughout the interview. The goal is not to distract the interviewee and not to disrupt the flow of the interview. A sudden change in note­taking style might affect the interviewee’s answers. Once the interview has been completed, however, the interviewer should immediately write a memo documenting the proceedings. This memo satisfies the requirement in SAS 99, paragraph 83, that an auditor should document the “procedures performed to obtain information necessary to identify and assess the risks of material misstatement due to fraud.” Interviewers should keep their handwritten notes, which will corroborate the formal memo in case of subsequent litigation.

Using the Interview in the Audit

Once all interviews have been completed, the audit manager should read all of the interview documentation memos, looking for themes and patterns. If the interview results indicate a lack of internal controls, overrides of internal controls, potential fraudulent activities, or other specific risks of material misstatement due to fraud, the auditor should expand procedures in the identified areas. In addition, according to SAS 99, paragraph 83, “specific risks of material misstatement due to fraud that were identified … and a description of the auditor’s response to those risks” should be documented.

12

Click here to see the accompanying Sidebar.

Linda M. Leinicke, PhD, CPA, and Joyce A. Ostrosky, PhD, CMA, CPA, are professors of accounting, and W. Max Rexroad, PhD, CPA, is an emeritus professor of accounting, all at Illinois State University, Normal, Ill.  James R. Baker, CFE, is investigator for the Royce City Police Department, Royce City, Texas.  Sarah Beckman is a master’s of science in accountancy student at Illinois State University, Normal, Ill.

Close

13

T here was a time, seemingly not all that long ago, when the array of professional credentials that seasoned accounting professionals could pursue was relatively narrow; many chose to work toward the CPA certification. Although this certifi-

cation provides its holder with the only licensed accounting des- ignation in the United States, financial professionals can now choose from among a wide variety of additional certification opportunities and career paths in order to differentiate them- selves within the marketplace.

Expertise in specific areas—such as business valuation, foren- sic accounting, information systems, financial services, internal

auditing, and management accounting, among others—has become an option for all and a necessity for many. Certification creden- tials evidencing such types of expertise have proliferated, creat- ing an ever-broadening array of certification possibilities. Researching the key attributes of the myriad of professional orga- nizations and the benefits of their respective certifications and cre- dentials is a significant undertaking, for which most accounting professionals lack the necessary time; thus, this discussion pro- vides professionals with a guide to the more prominent U.S.-based professional organizations (i.e., those with memberships of more than 10,000) and the certifications they offer.

Navigating the Maze of Today’s Professional Credentials

R E S P O N S I B I L I T I E S & L E A D E R S H I P p r o f e s s i o n a l d e v e l o p m e n t

JUNE 2013 / THE CPA JOURNAL62

By Douglas M. Boyle, Robyn Lawrence, and Daniel P. Mahoney

14

Such organizations include the AICPA, the Institute of Internal Auditors (IIA), the Certified Financial Planner (CFP) Board of Standards Inc. and the Financial Planning Standards Board (FSPB), the ISACA, the Association of Certified Fraud Examiners (ACFE), the Institute of Management Accountants (IMA), and the Accreditation Council for Accountancy and Taxation (ACAT). A streamlined discussion of these organizations (in descending order of mem- bership size) and their respective certifica- tions is followed by a discussion of essen- tial implications and questions for profes- sionals to consider, including potential ben- efits and costs. (The Exhibit provides an overview of the organizations discussed below.)

AICPA Founded in 1887 and consisting of near-

ly 400,000 members, the AICPA is the longest established and arguably most recognized among the U.S.-based account- ing organizations. It publishes the Journal of Accountancy; The Tax Adviser; CPA Letter Daily; AICPA Weekly Update; CPA Client Bulletin; six e-newsletters; and numerous online guides, alerts, and spe- cialty-area articles. Although the AICPA is often associated specifically with the Uniform CPA Examination, it actually serves the accounting profession in a rather broad capacity, as stated on its website:

The AICPA is the world’s largest asso- ciation representing the accounting pro- fession, with nearly 386,000 members in 128 countries and a 125-year heritage of serving the public interest. AICPA members represent many areas of prac- tice, including business and industry, public practice, government, education and consulting. The AICPA sets ethical standards for the profession and U.S. auditing standards for audits of private companies, nonprofit organizations and federal, state and local governments. It develops and grades the Uniform CPA Examination. (http://www.aicpa.org) The AICPA offers five different spe-

cialty credentials to those who already hold the CPA designation: Personal Financial Specialist (PFS); Accredited in Business Valuation (ABV); Certified Information Technology Professional (CITP); Certified in Financial Forensics (CFF); and, most recently, Chartered Global Management

Accountant (CGMA). These credentials offer qualified CPAs the opportunity to fur- ther distinguish themselves and thus advance their careers and enhance the value of their practices.

PFS. This credential, established in 1987 for CPAs who have or seek expertise in personal tax and financial planning, is pro- vided to qualified CPAs who meet certain experience requirements, earn 80 hours of personal financial planning continuing pro- fessional education (CPE) within the five- year period preceding the PFS application date, pass the six-and-one-half–hour PFS Exam (or have passed either the Certified Financial Planner [CFP] Exam or the Chartered Financial Consultant [ChFC] Exam), complete the PFS application, and pay a $400 fee. The content of the PFS exam includes professional responsibilities, the personal financial planning process, fundamentals of financial planning and income tax planning, insurance planning, financial independence (retirement plan- ning), employee benefits, estate planning, charitable planning, and other personal financial planning issues.

ABV. Established in 1998 for CPAs who have or seek expertise in the area of valuation services, the ABV credential is available to qualified CPAs who meet cer- tain experience requirements, pass the six- hour ABV Exam (or hold a current Accredited Senior Appraiser [ASA] or Accredited Member [AM] credential pro- vided by the American Society of Appraisers), complete the credential appli- cation, and pay a $350 fee. The ABV Exam includes content in the areas of qual- itative and quantitative analysis, valuation analysis, and related topics.

CITP. This credential was established in 2000 for CPAs who have or seek exper- tise in the areas of business systems report- ing, IT audit and attest services, internal controls, fraud considerations, and risk assessment. The credential is offered to qualified CPAs who meet experience requirements, complete the CITP applica- tion, and pay a $400 application fee. In addition, since July 25, 2012, applicants are required to pass the four-hour CITP Exam that covers risk assessment; fraud considerations; internal control and IT gen- eral controls; evaluation, testing, and report- ing; and information management and busi- ness intelligence.

CFF. This credential, established in 2008 for CPAs who have or seek exper- tise in forensic accounting, is provided to qualified CPAs who meet certain experi- ence requirements, earn 75 hours of foren- sic accounting–related CPE within a 10- year period (with a minimum of 50% with- in a five-year period) preceding the date of CFF application, pass a four-hour exam, complete the CFF application, and pay a $400 fee (for AICPA members). The CFF Exam includes content related to pro- fessional responsibilities and practice man- agement, fundamental forensic knowledge, and specialized forensic knowledge.

CGMA. This designation was established in 2011 through a joint venture between the AICPA and the London-based Chartered Institute of Management Accountants (CIMA). The CIMA, founded in 1919, describes itself as “the world’s leading and largest professional body of management accountants, with 183,000 members an stu- dents operating in 168 countries, working at the heart of business” (http://www. cimaglobal.com/About-us/Press-office/Press- releases/2011/March-2011/cima-aicpa-jv/).

The CGMA designation is designed for CPAs specializing in the area of manage- ment accounting and members of the CIMA. As described on the CGMA website:

The AICPA and CIMA have joined together to form a joint venture which powers a new designation for manage- ment accountants, the Chartered Global Management Accountant (CGMA). The CGMA is designed to elevate manage- ment accounting and further emphasise its importance for businesses worldwide. The CGMA recognises the unique role played by management accountants in businesses around the world who are guiding critical business decisions and driving strong business performance. It sets a new standard for global recogni- tion of management accounting by building on the longstanding foundations and thought leadership of the AICPA and CIMA. United by global quality standards for ethics and performance, the CGMA maintains distinct credibility and positioning among worldwide business designations. Through a wide range of resources and learning opportunities, the designation further elevates CGMAs’ management accounting expertise, skills, ethical standards, commitment and

63JUNE 2013 / THE CPA JOURNAL 15

JUNE 2013 / THE CPA JOURNAL64

dedication. (http://www.cgma.org/ AboutUs/Pages/default.aspx) Current CIMA members are automati-

cally accepted as CGMAs. CPAs who are not CIMA members are required to meet certain financial and management account- ing experience requirements, complete an application, and pay a $150 designation fee. No exam is currently required as part of the acceptance process; however, begin- ning in January 2015, successful comple- tion of an exam will be required.

IIA Established in 1941, the IIA has approx-

imately 176,000 members in 165 countries. It publishes Internal Auditor, an online ver- sion of the magazine (http://www.theiia.org/ intauditor/), and IIA Today. The IIA provides five certification opportunities in various spe- cialty areas of auditing. As described on its website, the IIA is the considered the premier organization for internal audit professions:

The Institute of Internal Auditors (IIA) is an international professional association with global headquarters in Altamonte Springs, Florida, USA. The IIA is the internal audit profession's global voice, recognized authority, acknowledged lead- er, chief advocate, and principal educa- tor. Generally, members work in internal auditing, risk management, governance, internal control, information technology audit, education, and security. Globally, The IIA has more than 170,000 members. The IIA in North America com- prises 159 chapters serving more than 70,000 members in the United States, Canada, the Caribbean (Aruba, Bahamas, Barbados, Cayman Islands, Curacao, Jamaica, Puerto Rico, and Turks & Caicos), Bermuda, Guyana, and Trinidad & Tobago. Members enjoy benefits offered by the North American Service Center including local, national, and glob- al professional networking; world-class training; certification; standards and guidance; research; executive develop- ment; career opportunities; and more. (https://na.theiia.org/about-us/Pages/About- The-Institute-of-Internal-Auditors.aspx) The certifications offered by the IIA

include the Certified Internal Auditor (CIA), Certified Government Auditing Professional (CGAP), Certified Financial Services Auditor (CFSA), Certification in Control Self-

Assessment (CCSA), and Certification in Risk Management Assurance (CRMA). Although all of these certifications can add value to a professional’s career, the CIA des- ignation is the one for which the IIA is best known. Few would argue with the IIA’s assertion that the CIA is “the only globally accepted certification for internal auditors and remains the standard by which individuals demonstrate their competency and profes- sionalism in the internal auditing field” (https://na.theiia.org/certification/CIA- Certification/Pages/CIA-Certification.aspx)

CIA. In order to obtain the CIA certifi- cation, a candidate must be a member of the IIA, hold a four-year postsecondary degree (or higher) from an accredited uni- versity or its equivalent, exhibit high moral and professional character as evidenced by a character reference form, have at least 24 months of internal auditing experience (holding a master’s degree can substitute for 12 of these months), and pass an exam consisting of four two-hour-and- twenty-five–minute sections (internal audit activity’s role in governance, risk, and con- trol; conducting the internal audit engage- ment; business analysis and information technology; and business management skills). The application fee for an IIA mem- ber is $100 and the exam part fee is $150.

Other IIA certifications. The CGAP, CFSA, and CCSA specialty certifications provide opportunities for accounting pro- fessionals to demonstrate their knowledge and expertise in specific content areas. These certifications require that the candidate be a member of the IIA and have a four-year postsecondary degree (or its equivalent) or a two-year degree and defined experience (depending upon the designation). In addi- tion, the candidate must complete a charac ter reference form and pass a three-hour-and- fifteen–minute specialty exam for each cer- tification. The CGAP Exam includes four “domains” (i.e., topic areas): standards, gov- ernance, and risk/control frameworks; gov- ernment auditing practice; government auditing skills and techniques; and govern- ment auditing environment. The CSFA exam likewise includes four domains—financial services auditing, auditing financial services products, auditing financial service process- es, and the regulatory environment—and allows the candidate to select from one of three disciplines (banking, insurance, secu- rities). The CCSA Exam includes six

domains: CSA fundamentals, CSA program integration, elements of the CSA process, business objectives and organizational per- formance, risk identification and assessment, and control theory and application.

The CRMA certification is the most recent addition to The IIA’s specialty offerings and will have requirements similar to the other certifications discussed. The administering of CRMA is planned to commence in mid- 2013. The IIA previously allowed candidates to apply for the CRMA based upon a point system, whereby candidates could obtain cer- tification depending upon the professional experience and credentials that they pos- sessed. This opportunity expired on September 30, 2012, and new candidates are subject to the exam procedures. The appli- cation fee for all specialty certifications is $100 for IIA members and the specialty exam fee for the CGAP, CFSA, and CCSA is $325, and it is $350 for the CRMA.

FPSB The FPSB, formed in 2004, consists of

approximately 140,000 members in 24 ter- ritories worldwide, approximately 64,000 of whom are located in the United States. The FPSB’s publications include FPSB’s Update and It’s Your Turn. As noted on its website, the FPSB works to promote competency, ethics, and standards for financial planners across the globe:

Financial Planning Standards Board Ltd. (FPSB) is a nonprofit association that manages, develops and operates certifi- cation, education and related programs for financial planning organizations so that they may benefit the global com- munity by establishing, upholding and promoting worldwide professional standards in financial planning. … FPSB works in conjunction with its members to develop and promote rig- orous international competency, ethics and practice standards for CFP profes- sionals in member territories to ensure that consumers looking for qualified financial planners understand and value CFP certification. (http://www.fpsb.org/ fpsbincreasesrepresentation.html) The FPSB offers the CFP credential

through agreements with nonprofit (or equivalent) organizations that become FPSB members. Following FPSB stan- dards, these members administer the CFP certification standards and can adapt the

16

JUNE 2013 / THE CPA JOURNAL 65

certification process to address the regula- tions, laws, and products of local areas. The CFP Board established the eight major domains of the CFP Exam: establishing and defining the client-planner relationship, gathering information necessary to fulfill the engagement, analyzing and evaluating the client’s current financial status, devel- oping recommendations, communicating the recommendations, implementing the recommendations, monitoring the recom- mendations, and practicing within profes- sional and regulatory standards.

The exam, which costs $595, may include one comprehensive exam or a series of exams; formats for the exam may vary depending upon location and the preferences of each FPSB member. In order to be qual- ified to sit for the CFP Exam, a candidate must be an FPSB member and demonstrate completion of courses at the upper division undergraduate or graduate (master’s degree) level (or its equivalent) in financial planning. In addition, a condition of obtain- ing initial certification is that the candidate holds at least a bachelor's degree from an accredited institution. The CFP Board has an experience requirement, defined as “the supervision, direct support, teaching or per- sonal delivery of all or part of the personal financial planning process to a client” (http://www.cfp.net/docs/default-document- library/purpose_of_cfp_board.pdf?sfvrsn=2).

ISACA Formed in 1969 and previously known

as the Information Systems Audit Control Association, ISACA has a global member- ship of more than 100,000, representing more than 180 countries. Its publications include ISACA Journal and JournalOnline, which features online-only articles available to ISACA members in the months that the bimonthly ISACA Journal does not appear in print. The ISACA’s website describes the organization as follows:

A nonprofit, independent membership association, ISACA is a leading global provider of knowledge, certifications, community, advocacy and education on information systems assurance, control and security, enterprise governance of IT, and IT-related risk and compliance. Founded in 1969 as the EDP Auditors Association, ISACA helps its members and their employers ensure trust in, and value from, information systems.

ISACA … has more than 100,000 con- stituents in more than 180 countries in Asia, Latin America, Europe, Africa, North America and Oceania. Its members include internal and external auditors, CEOs, CFOs, CIOs [chief information officer], educators, information security and control professionals, business man- agers, students, and IT consultants.

(http://www.isaca.org/About-ISACA/ P r e s s - r o o m / P a g e s / I S A C A - F a c t - Sheet.aspx) The certifications offered by ISACA focus

on various systems-related specialties: Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified in the Governance of Enterprise IT (CGEIT), and

17

JUNE 2013 / THE CPA JOURNAL66

Key Information Certifications Offered

American Institute of Certified Public Accountants (AICPA) n Accredited in Business Valuation (ABV) Website: http://www.aicpa.org n Certified in Financial Forensics (CFF) Offices: New York, N.Y.; Durham, N.C.; Ewing, N.J.; and Washington, D.C. n Certified Information Technology Professional (CITP) Established in: 1887 n Chartered Global Management Accountant (CGMA) Membership: 377,000 members in 128 countries n Personal Financial Specialist (PFS) Publications: Journal of Accountancy (printed monthly), The Tax Adviser (printed monthly), CPA Letter Daily (free daily e-newsletter), AICPA Weekly Update (e-newsletter), CPA Client Bulletin (printed 10 times yearly), six Insider e-newsletters (CPA, career, corporate finance, corporate taxation, tax, and wealth management). Monthly online guides: IFRS Report; InfoTech Update; Forensic & Valuation Reporter; Financial Planning Digest; BusIndNews; and numerous other specialty-area publications, alerts, and guides.

Institute of Internal Auditors (IIA) n Certified Internal Auditor (CIA) Website: http://www.theiia.org n Certified Government Auditing Professional (CGAP) Office: Altamonte Springs, Fla. n Certified Financial Services Auditor (CFSA) Established in: 1941 n Certification in Control Self-Assessment (CCSA) Membership: 176,000 members in more than 165 countries n Certification in Risk Management Assurance (CRMA) Publications: Internal Auditor, an online version of Internal Auditor, IIA Today (bimonthly)

Certified Financial Planner Board of Standards Inc. (CFP Board) n Certified Financial Planner (CFP) [Financial Planning Standards Board (FPSB)] Website: www.cfpb.net [www.fpsb.org] Office: Washington, D.C. [Denver, Colo.] Established in: 1985 [2004] Membership: FPSB has 140,000 members in nonprofit organizations from 24 territories worldwide Publications: FPSB’s Update (bimonthly e-newsletter), CFP Board’s It's Your Turn (monthly e-newsletter)

ISACA n Certified Information System Auditor (CISA) Website: www.isaca.org n Certified Information Security Manager (CISM) Office: Rolling Meadows, Ill. n Certified in the Governance of Enterprise IT (CGEIT) Established in: 1969 (EDP Auditors Association) n Certified in Risk and Information Systems Control Membership: More than 100,000 members in 180 countries (CRISC) Publications: ISACA Journal (printed bimonthly), JournalOnline, (online-only articles bimonthly, alternating with ISACA Journal)

Association of Certified Fraud Examiners (ACFE) n Certified Management Accountant (CMA) Website: www.acfe.com Office: Austin, Tex. (headquarters); Singapore; London; Tokyo Established in: 1988 Membership: More than 60,000 members Publications: Fraud Magazine (bimonthly), Fraud-Magazine.com (e-newsletter), The Fraud Examiner (e-newsletter), Blogs: ACFE Insights and FraudInfo

Institute of Management Accountants (IMA) n Certified Fraud Examiner (CFE) Website: www.imanet.org Office: Montvale, N.J. Established in: 1919 (National Association of Cost Accountants) Membership: 60,000 members internationally Publications: Strategic Finance (monthly), Management Accounting Quarterly (online); IMA Educational Case Journal (quarterly, online); IMA Online News (weekly, e-newsletter; specialized e-newsletters on technology, careers, CMA certification, and students’ interests.

Accreditation Council for Accountancy and Taxation (ACAT) n Accredited Business Accountant (ABA) Website: www.acatcredentials.org n Accredited Tax Advisor (ATA) Office: Alexandria, Va. n Accredited Tax Preparer (ATP) Established in: 1973 by the National Society of Public Accountants (now the NSA, which was established n Accredited Retirement Advisors (ARA) in 1945) NSA Membership: 10,240 Publications: Action News (ACAT's e-newsletter), Main Street Practitioner, formerly NPA Magazine (digital six times per year, printed quarterly by NSA); NSA Practice Advisor, formerly NSA Technology Advisor (published eight times per year by NSA); NSAlert (biweekly e-newsletter by NSA); MemberLink (biweekly e-mail newsletter by NSA)

EXHIBIT U.S.-Based Accounting Organizations with More Than 10,000 Members

18

JUNE 2013 / THE CPA JOURNAL 67

Certified in Risk and Information Systems Control (CRISC). All of these certifications require ISACA membership and three to five years of related specialty experience (depend- ing upon the certification), with certain allow- able waivers that depend upon the candi- date’s educational credentials. Although a candidate’s education might be used toward a waiver of certain experience requirements, ISACA does not state any edu- cational requirements needed to obtain cer- tification. In addition to having experience, candidates must pass the related specialty exam and adhere to ISACA’s Code of Professional Ethics in order to obtain a cer- tification. The early exam registration fee for ISACA members is $410 per certification.

The specialty exams cover various domains. The CISA includes five topic areas: the process of auditing information systems; governance and management of IT; information systems acquisition, devel- opment, and implementation; information systems operations, maintenance, and sup- port; and protection of information assets. The CISM exam covers four domains: infor- mation security governance, information risk management and compliance, information security program development and man- agement, and information security incident management. The CGEIT exam consists of five domains: strategic alignment, value delivery, risk management, resource man- agement, and performance measurement. Finally, the CRISC exam covers five domains: risk identification, assessment and evaluation, risk response, risk monitoring, information systems control design and implementation, and information systems control monitoring and maintenance.

ACFE The ACFE was established in 1988

and has an international membership of more than 60,000. The ACFE publishes Fraud Magazine, Fraud-Magazine.com, and The Fraud Examiner. The ACFE iden- tifies itself as follows:

The ACFE is the world's largest anti- fraud organization and premier provider of anti-fraud training and education. Together with nearly 65,000 members, the ACFE is reducing business fraud worldwide and inspiring public confi- dence in the integrity and objectivity within the profession. (http://www. acfe.com/about-the-acfe.aspx)

The ACFE offers the Certified Fraud Examiner (CFE) designation. In order to obtain this credential, a candidate must be a member of the ACFE, agree to comply with the CFE’s bylaws and Code of Professional Ethics, meet professional and educational standards, and complete the 10-hour CFE exam. The professional minimum experience requirement is at least

two years of related experience in the field of fraud examination; generally, applicants must have at least a bachelor’s degree or its equivalent. Ultimately, the profession- al and educational requirements are determined based upon a point system, whereby the candidate is awarded credit according to certain education, profes- sional affiliations, and experience criteria.

The editors invite readers to continue their interaction with The CPA Journal online by joining our LinkedIn group, at www.linkedin.com/groups/CPA-Journal- 1866117. Connect with top accounting and auditing professionals and discuss hot topics confronting the profession—from forthcoming accounting standards and recent tax legislation to financial planning issues, educational and regulatory requirements, and much more. Join the conversation with other readers and NYSSCPA members now.

The CPA Journal Online

19

JUNE 2013 / THE CPA JOURNAL68

The CFE Exam, which costs $300, includes the topics of fraud prevention and deterrence, financial transactions, fraud investigation, and legal elements of fraud.

IMA The IMA was founded in Buffalo, New

York, in 1919; it was originally known as the National Association of Cost Accountants and later as the National Association of Accountants, but it adopted its current name in 1991 in order to signify its “broad- er role as the association for accountants and financial professionals working inside orga- nizations” (http://www.imanet.org/ about_ima/our_history.aspx). The IMA has a global membership of more than 60,000 members. Its publications include Strategic Finance; Management Accounting Quarterly; IMA Education Case Journal, IMA Online News; and various specialized e-newsletters pertaining to technology, careers, CMA certification, and students’ interests. The IMA’s website clearly states its mission “to provide a forum for research, practice development, education, knowledge sharing, and the advocacy of the highest ethical and best business prac- tices in management accounting and finance” (http://www.imanet.org/about_ima/our_ mission.aspx).

In 1972, the IMA established the Certified Management Accountant (CMA) credential. CMA candidates are required to join the IMA, hold at least a bachelor’s degree from an accredited institution, have a minimum of two years of professional management accounting or financial man- agement experience, and successfully com- plete the two-part, eight-hour CMA exam. The exam content for the first part includes planning, budgeting, and fore- casting; performance measurement; cost management; internal controls; and pro- fessional ethics. Content for the second part includes financial statement analysis, cor- porate finance, decision analysis and risk management, investment decisions, and professional ethics. There is a $225 certi- fication entrance fee and a $350 fee for each exam part.

ACAT Established in 1973 as a nonprofit inde-

pendent testing, accrediting, and monitoring organization, the ACAT has a membership of more than 10,000. It publishes Action

News, Main Street Practitioner, NSA Practice Advisor, NSAlet, and MemberLink. As noted on its website, the ACAT targets accounting professionals servicing small to mid-sized businesses:

The Council seeks to identify profes- sionals in independent practice who spe- cialize in providing financial, account- ing and taxation services to individuals and small to mid-size businesses. Professionals receive accreditation through examination and/or course- work and maintain their accreditation through commitment to a significant pro- gram of continuing professional educa- tion and adherence to the Council's Code of Ethics and Rules of Professional Conduct. ACAT programs are governed by a Board of Directors that includes practitioners, educators and a public member. (http://connect.nsacct.org/ ACAT/About1/AboutACAT/) ACAT certifications include Accredited

Business Accountant (ABA), Accredited Tax Advisor (ATA), Accredited Tax Preparer (ATP), and Accredited Retirement Advisor (ARA). None of these certifica- tions has educational requirements.

The ACAT identifies the ABA as its trade- marked designation that meets state regula- tory requirements to practice public accounting in the states of Delaware, Iowa, and Minnesota. For this certification, a can- didate must have at least three years of related professional experience. The ABA exam consists of two parts, each lasting three- and-one-half hours. The content of the first part of the exam includes financial account- ing and financial statement preparation, pre- sentation, and reporting. The content of the second part includes taxation, managerial accounting, business law, and ethics.

The ATA and ATP designations require a candidate to have at least five years of tax experience and three years of tax experience, respectively, whereas the ARA credential does not have a stated experience require- ment. All three of these designations require candidates to pass an exam consist- ing of 100 multiple-choice questions. The topical areas for the questions on the ATA exam include tax preparation, planning, client services, and ethics. The ATP exam covers tax preparation and ethics. The ARA exam includes content in the areas of retirement plans, benefits, and distribution; insurance, healthcare, and senior and long-term care

options; estates, trusts, estate planning and taxation; personal residence issues; and ethics. The cost to take both parts of the ABA exam includes a $285 exam fee and a $50 registration fee. If the parts are taken separately, the cost is $200 for the exam and $50 for registration. The ATA, ATP, and ARA exams cost $200 each, along with a $50 registration fee.

Implications for Professionals Accounting professionals have long had

the opportunity to pursue one or more pro- fessional designations, each designed to reflect an individual’s competence and inter- ests and to help with career advancement. Of course, the CPA designation commands significant respect. But today there are many other additional certifications that one might choose to pursue. Indeed, in an era that demands new levels of specialized knowledge, it seems intuitive that both novice and veteran members of the profes- sion would be well served by securing the kinds of credentials that reflect such knowl- edge. The obvious question for profession- als to consider is whether the benefits of obtaining the certification exceed the relat- ed costs. Although all of the organizations discussed above readily cite in their mar- keting material a vast array of benefits in obtaining their certifications, formal research on this topic has found mixed results.

In “Costs and Benefits of APFS Accreditation,” a survey of approximately 320 accredited personal financial specialists (AFPS) found that the majority of partici- pants believed that benefits of certification were equal to or exceeded the related costs (John E. Elsea, The CPA Journal, 1992). Key benefits included improved profes- sional image, skills, expertise, and com- petiveness. Although preparing for and tak- ing the examination were cited as the top two costs, they were not viewed as major obstacles. Yet, respondents noted that their certifications did not have a significant impact on billings and that certain state restrictions on promotion of specialty ser- vices likewise limited the incremental rev- enues that one might logically expect from having such certifications.

In contrast, another study, “Costs and Benefits of Personal Financial Planning Accreditation,” pointed to an increase in billings and hourly rates; however, on the downside, it also highlighted a potential addi-

20

JUNE 2013 / THE CPA JOURNAL 69

tional cost of increased legal liability and related insurance premiums (Joseph G. Donelan, Journal of Accountancy, vol. 176, no. 3, 1993). This cost may have been an overstated perception, because only 6% of participants had indicated that they had actu- ally experienced an increase in premiums.

Interestingly, studies that surveyed hold- ers of a particular certification have iden- tified a wider array of perceived benefits than those that focused on executives who did not hold such certifications and worked outside of the specific functional area. In other words, those who are certi- fied in a specific functional area and work in that area seem to perceive greater benefit to their respective certifications than those who work outside of that specific functional area. In “Practitioners’ and Users’ Perception of the Benefits of Certification of Internal Auditors,” survey participants included directors of internal audit and executives outside of internal audit, such as CFOs and members of the board of directors (Audrey A. Gramling, Accounting Horizons, March 1997, pp. 39–53). This study found that although the CIA designation is perceived to represent a high level of competence and support for advancement within the internal audit profession, it is not generally perceived to be important to management’s acceptance of internal audit’s recommendations, nor does it provide career advancement advan- tages outside of the internal audit function. This study further noted the fact that prior research found that other non-CPA desig- nations in accounting might not be per- ceived by business executives as being par- ticularly beneficial to the organization. The article thus indicates that the primary ben- efits from obtaining a non-CPA designa- tion might be a personal sense of accom- plishment, a perceived competence within the specialty area, and greater potential for advancement within a particular func- tion; however, with respect to matters external to the holder’s specific function- al area, the benefits of such certification are quite limited.

Accordingly, those considering the pur- suit of certifications in specific function- al areas should consider whether such certifications are congruent with their spe- cific career goals. For example, an inter- nal auditor whose goal is to become director of the internal audit function

would very likely benefit from the CIA certification; in contrast, an internal audi- tor whose goal is to become a CFO might find that obtaining the CIA certification has limited value.

One key benefit that warrants further dis- cussion is the potential effect a non-CPA cer- tification might have on compensation. A broad survey of IMA members, “IMA 2011 Salary Survey: What Does This Recovery Feel Like?,” found that the aver- age total compensation for participants who held neither the CMA nor CPA designation was $103,960, as compared with $131,093 for participants who held the CMA designa- tion and $145,712 for participants who held the CPA designation (Lee Schiffel, David L. Schroeder, and Kenneth A. Smith, Strategic Finance, vol. 93, no. 12, 2012). Participants who held both the CMA and CPA designations reported an average total compensation of $149,484. In the ACFE’s Compensation Guide for Anti-Fraud Professionals, 2010/2011 Global Salary Study, antifraud professionals indicated that the average total compensation for partici- pants who held the CFE designation was $90,500, as compared to $74,500 for partic- ipants not holding the designation. The study did not provide information comparing par- ticipants who held the CPA designation.

The results of these various studies indicate that holders of non-CPA certifi- cations typically find value in such des- ignations and often receive personal sat- isfaction, peer recognition, and career advancement within the specialized area of the certification; however, these hold- ers might not enjoy such benefits out- side of their particular specialty areas. In addition, non-CPAs can benefit from increased compensation if they acquire a non-CPA designation (e.g., CMA, CFE), but the compensation increase for those holding a CPA license is marginal, and thus should not serve as a significant factor in considering the pursuit of addi- tional professional credentials.

The available professional certification areas provide accounting professionals with a host of potential choices. Depending upon a professional’s particular career goals and objectives, one or more such certifi- cations could prove beneficial. But one should not pursue a particular certifica- tion without considering all of the poten- tial costs and benefits. The accounting pro-

fession is hardly “one size fits all”; what well serves one particular individual might offer little or no benefit to a colleague. Accounting professionals should ask them- selves the following questions: n Do the benefits identified above out- weigh the costs? In particular, will the cer- tification serve long-term career goals? n Which specific areas of specialization do I truly find interesting? n Which areas of specialization could help me and my firm better serve current and potential clients? n Which certifications flow most logi- cally from my answers to the first and sec- ond questions? n Do I possess the education and expe- rience requirements for the certifications identified in the third question? If not, are the steps to meet the requirements feasible? n What kind of testing (or other) pro- cess is necessary in order to obtain such certification? n How can I allot time from my schedule to prepare for this process in such a way that maximizes my likelihood of success? n Does my employer typically support this kind of endeavor via financial support, study time, or change in the nature of the work experience, or might it be to my advantage to develop a formal request? n Once I obtain the new credentials, what are the continuing education requirements and maintenance costs? Will my employ- er be supportive in this respect?

Once these questions are answered, accounting professionals are ready to begin the application process via the organiza- tions discussed above.

Taking time to consider the pursuit of new credentials can be one of the most important career moves that an accounting professional makes. Of course, identify- ing areas of specialization that are of gen- uine interest—rather than just financially lucrative—is an essential part of this pro- cess. It is most certainly time well invest- ed, because the result can be a career path that is rewarding in a variety of ways. q

Douglas M. Boyle, DBA, CPA, CMA, is an assistant professor of accounting, Robyn Lawrence, PhD, CPA, is an associate pro- fessor of accounting, and Daniel P. Mahoney, PhD, CPA, is a professor of accounting, all in the Arthur J. Kania School of Management, University of Scranton, Scranton, Pa.

21