Latest Blogs

SOC 2 vs. ISO 27001 Audit

As we talk about the two auditing standards, we should keep in mind that both are information security standards and involve an external audit performed with an intent of keeping your and client’s data safe. Both are standards have different fundamental methodologies for providing an assurance. While, ISO 27001 is a certification of an ISMS (Information Security Management System) tested against an established framework, SSAE is an audit of the processes, policies and procedures an organization has in place.

ISO 27001 involves issuing a certificate of compliance by the auditor on completion which confirms that the organization meets the requirements set by the International Organization for Standardization (ISO) and International Electro technical Commission for protecting information and managing risk. A SOC 2 attestation involves a report prepared by the auditor to ascertain whether that a service organization’s security controls meet the relevant Trust Services Criteria set by AICPA. While, both the standards cover most of the similar topics, they focus on differing audit criteria and the details of the two standards are completely different.


SOC 2 Assessment

SOC 2 audit involves evaluating a service organization’s internal controls, policies, and procedures precisely based on the 5 trust services criteria i.e. security, availability, processing integrity, confidentiality, and privacy. The Trust Services Criteria are relevant to the services of organization as follows:

  • Security – Protection of system against unauthorized access
  • Availability – Availability of the system for operation and use
  • Processing Integrity – The system is processing information completely,                              accurately and timely
  • Confidentiality – Information classified as confidential is protected
  • Privacy – Any personal information is collected, used, retained, disclosed, and destroyed in accordance with the entity’s privacy notice.


ISO 27001 Audit

ISO 27001 is an internationally accepted standard for governing an organization’s Information Security Management System (ISMS). The ISMS preserves the confidentiality, integrity, and availability of information by applying a risk management process and induces trust in external parties that information related risks are appropriately managed by the organization.

The ISO 27001 standard regulates how an organization creates and run an effective ISMS through policies and procedures and associated legal, physical, and technical controls supporting an organization’s information risk management processes. An ISMS protects the confidentiality, integrity, and availability of information by applying a risk management process. Following 7 sections of the ISO 27001:2013 standard (from section 4 to 10) provide the core guidelines for compliance with the standard:

  • Section 4: Context of the Organization
  • Section 5: Leadership
  • Section 6: Planning
  • Section 7: Support
  • Section 8: Operation
  • Section 9: Performance evaluation
  • Section 10: Improvement.

Following are few other key differences between SOC 2 and ISO 27001 standards that further enhance your understanding:


The certifying and governing bodies

The SOC 2 report is attested by a licensed CPA (Certified Public Accountant) firm attests whereas an ISO 27001 certification is certified by a recognized ISO27001-accredited registrar. ISO 27001 is managed by the International Standards Organization (ISO) and SOC 2 attestation standards (SSAE 18) are regulated by the American Institute of Certified Public Accountants (AICPA).

Market Relevance

Both the standards are creditable security certifications accepted by clients widely. Precisely, if you are selling services to organizations in the United States, SOC 2 is better suited. However, if you are doing business internationally, ISO27001 is more extensively accepted by clients worldwide.

Certification Renewals

SOC 2 has two types namely Type 1 (which gives a point in time design assessment) and Type 2 (which requires you to demonstrate effectiveness of your security controls for a period of time, typically twelve months). Typically, a SOC 2 Type 2 needs to be renewed on an annual basis. On the other hand, an ISO27001 engagement includes a 3 year commitment where you have a point in time audit every year the certification and gets renewed annually after the successful completion of the audit.


Report Type obtained on completion

SOC 2 gives you a detailed report containing the auditor’s opinion, management’s assertion, description of controls, user control considerations, tests of controls, and the results. However, ISO certification is a single page certification issued to the company.




Applicability and use

A SOC 2 report laid out on the Trust service criteria is applicable to an organization’s overall system while ISO 27001 based on the Information Security Framework is precisely applicable to organization’s ISMS.


Further, SOC 2 attestation being a good industry practice is used measure a Service Organization against static security principles and criteria. The ISO 27001 is considered to be one of the best practices performed to establish, implement, maintain, and improve the ISMS of the organization.



Both SOC 2 and ISO 27001 are effective compliance methods for organizations to accept and can be utilized to get an edge over market competition, demonstrate the design and operating effectiveness of internal controls, and to achieve compliance with regulatory requirements.


One can decide to go through either a SOC 2 or ISO 27001 engagement based on their understanding of markets, customer’s and the regulatory requirements that they need qualify. Hope, you have a clearer picture about the two standards now. Please feel free to reach out to us in case you have any

2020-06-10 03:37:31

Foreign Direct Investment Policy

The Government of India has recently amended its Foreign Direct Investment Policy ("FDI Policy") and barred automatic investment into India by its neighbouring countries. A press release1 dated April 17th, 2020, ("Press Release") issued by the Department for Promotion of Industry and Internal Trade (DPIIT) has revised the FDI Policy to curb opportunistic takeovers or acquisitions of Indian companies in the aftermath of the novel coronavirus outbreak and the looming economic crisis.

Present Position

Prior to the amendment, a non-resident entity could invest in India, subject to the FDI Policy except in certain reserved sectors. However, a citizen of Bangladesh or an entity incorporated in Bangladesh could invest only under the Government route. Whereas a citizen of Pakistan or an entity incorporated in Pakistan could invest in India, but only with prior Government approval in sectors excluding defence, space, atomic energy or any other sensitive/ prohibited sectors.

Amendment of FDI Policy

The revised FDI Policy requires the Government's approval for any FDI made by an entity of any country which shares a land border with India or where the beneficial owner of such an investment is residing in or is a citizen of any such country. India shares its land borders with Pakistan, Bangladesh, Nepal, Myanmar, Bhutan, China and Afghanistan ("Neighbours"). In other words, as per the new amendment, FDI from these Neighbouring countries requires an approval from the Government of India (and cannot go down the automatic route), which will subsequently be able to monitor the extent of these investments and provide its approval on a case to case basis. Two senior Government officials have, subsequent to the Press Release clarified that this restriction shall also apply to Hongkong, which is a Special Administrative Region of China2.

Additionally, the revised FDI Policy retains existing clauses that state that any citizen of Pakistan or an entity incorporated in Pakistan can invest in India only after securing prior Government approval but not in the defence, space, atomic energy or any other restricted sector. The amendment also addresses situations involving a proposed transfer of ownership of any existing or future FDI in an Indian entity benefitting an entity or citizen of a country sharing land border with India. The revised FDI Policy states that such a transfer would also require Government approval.

On the heels of this decision of the Government to revise the FDI Policy, was the Securities and Exchange Board of India's (SEBI) request for data from custodians, with an aim to analyse investment from China, Hongkong and 11 other Asian countries3.

What Triggered the Amendment?

In 1991, the Narasimha Rao government ushered in a slew of new reforms and revolutionised the economy through the revolutionary Liberalisation, Privatisation and Globalisation (LPG) regime4. This marked the beginning of the end of many public sector monopolies with the Government taking a huge step forward by abolishing licensing control on private investment. Since then, India has been on a constant trajectory of liberalizing its FDI Policy. The recent amendment places obvious hindrances in the path of liberalisation reform which seeks to reduce Government control beyond the bare minimum.

However, in the wake of the Covid-19 pandemic and its looming economic implications, India has vide this amendment taken a protective stand towards homegrown and Indian entities from Neighbouring investment. This legislation is in line with the protectionist stances taken by USA & China throughout the brewing trade war last year.

As of December 2019, China's cumulative investment in India has exceeded 8 billion US dollars, far more than the total investments of India's other border-sharing countries5. Earlier this month, it was reported that China's central bank, i.e., People's Bank of China (PBoC) raised its stake in Housing Development Finance Corp. Ltd (HDFC) from 0.8% to 1.01% in the March quarter. This move has raised grave concerns regarding hostile takeovers of marquee Indian companies that have lost significant value in the recent market meltdown by Neighbouring countries such as China.

Looking into history, and using the example of China's acquisition of the Sri Lankan port – Hambantota Port. The port was built with the assistance of money lent to Sri Lanka by China over several years. Struggling to repay the debt, the Sri Lankan government after months of negotiations with the Chinese, eventually had to hand over the port as well as the surrounding land to China for 99 years. This is not the only port that China has a stake in. The Chinese government has a stake in ports in Pakistan (as well as the proposed China Pakistan Economic Corridor), Myanmar and several other countries in as well as outside the Indian subcontinent6, thus being perceived as a threat to India.

Implications of the Amendment

Any fresh investment from China or any of India's Neighbours would now require a Government nod which will lengthen the time required for concluding a transaction. This may cause Indian entities to prefer investments from the US or Europe or other parts of the world.

However, this would also mean that companies with existing Chinese FDI may face severe problems. Chinese companies such as Alibaba, Tencent & Xiaomi are heavily invested in India and several of India Inc.'s big names such as PayTm, Big Basket, Zomato, Ola have large chunks of Chinese investments. 18 out of 30 Indian unicorns are Chinese funded7, and the clamp down on Chinese investment will have implications on future investments. In a market that is already struggling with a severe liquidity crunch, this amendment will exacerbate the cash crisis further.

While start-ups and other debt-ridden entities in India may be wary of the Government's move to change the FDI Policy in an attempt to restrict investment from China, the move could prove beneficial in the long run and protect the Indian economy from opportunistic takeovers. The decision of the Government has been taken as a measure to protect India Inc. as well as address the concerns of many who were worried that Indian companies could be susceptible to a take over from foreign investors, as their valuations have been hit given the correction in equity markets because of the pandemic and the consequent lockdown.

In a latest development, the spokesperson of the Chinese Embassy in India, Counselor Ji Rong stated that "The additional barriers set by Indian side for investors from specific countries violate WTO's principle of non-discrimination, and go against the general trend of liberalization and facilitation of trade and investment. More importantly, they do not conform to the consensus of G20 leaders and trade ministers to realize a free, fair, non-discriminatory, transparent, predictable and stable trade and investment environment, and to keep our markets open. Companies make choices based on market principles. We hope India would revise relevant discriminatory practices, treat investments from different countries equally, and foster an open, fair and equitable business environment. 8"

2020-06-09 06:21:52

FDI Approval

Policy: However, an entity of a country, which shares land border with India or where the beneficial owner of an investment into India is situated in or is a citizen of any such country, can invest only under the Government route. In the event of the transfer of ownership of any existing or future FDI in an entity in India, directly or indirectly, resulting in the beneficial ownership falling within the restriction/purview of such subsequent change in beneficial ownership will also require Government approval. Once approval is taken again approval may not be required in following cases: Additional foreign investment up to cumulative amount of Rs 5000 crore into the same entity within an approved foreign equity percentage/or into a wholly owned subsidiary. Process: (Foreign Investment Facilitation Portal)

Step 1: Create an account by Registering with Log in ID and password

Step 2: Log in to account for making an application-

Step 3: List of documents Which documents need to be uploaded at the time of submission of application?

• Summary of Proposal on Company(Applicant) Letterhead

• Certificate of Incorporation(COI) (Investee/Investor/Downstream)

• Memorandum of Association(MOA) (Investee/Investor/Downstream)

• Board Resolution(Investee/Investor/Downstream)

• Audited Financial Statement of Last Financial Year(Investee/Investor/Downstream)

• Article of Association(Investee/Investor/Downstream)

• LLP Draf

t • LLP Agreement

• Income Tax Return of Last Year

• Passport Copy/ Identification Proof Other Document

• A copy of the JV agreement/shareholders agreement/ technology transfer/trademark/brand assignment agreement (as applicable), in case there are existing ventures.

• Board resolution of any joint venture company(if required)

• Certificates of Incorporation and charter documents of any joint venture/company which is a party to the proposed transaction

• Certification for LLP cases compliance

• Copy of Downstream Intimation

• Copy of relevant past FIPB/SIA/RBI approvals, connected with the current proposal(In case of amendment proposal)

• Diagrammatic representation of the flow and funds from the original investor to the investee company and Pre and Post shareholding pattern of the Investee Company.


• In the cases of investments by entities which themselves are pooled investment funds, thw details such as names and addresses of promoters, investment managers as well as all the contributors to the investment fund.

• List of the downstream companies of the Indian company and the details of the equity held by the Indian Company along with the details of the activities of the companies

• Self Certificate of the documents/ for affidavit.

• The comments of the Indian partners/ technical/ trademerk collaborators about the new venture, on their official letter heads, with name and contact address of the signatory of the comments

. • The No Objection Certificate from the the State Government(in case of repatriation under real estate sector)

• Valuation certificate as approved by a CA Security Clearance Form

• Security Clearance Form (If required) Additional Relevant Document

• Any Relevant Document

2020-05-30 07:24:18

The US and UK attestation standards (SSAE and ISAE)

Usually, when you look out to get an independent controls attestation for your organization by a third party service auditor, you may come across many ways of getting that done. You can either get a SOC 1 or SOC2 audit done (Type I or Type II) based on your requirements and choose your attestation standards for the report i.e. either ISAE (the UK standard, No. 3402 being the latest one) or the SSAE (the US standard, No. 18 being the latest). In this article, we will touch upon both the standards, their managing authorities and the key differences which will help you understand what exactly they are and identify the best one for yourself. ISAE stands for International Standards on Attestation Engagements (the UK standard) which is managed by IAASB (International Auditing & Assurance Standards Board) which in turn reports to IFAC (International Federation of accountants). SSAE stands for Statement on Standards of Attestation Engagements (the US standard) and is managed by AICPA (American Institute of Certified Public Accountants) which reports to FASB (Financial Accounting Standards Board). Principally both the standards are designed to achieve the same objective in terms of reporting the establishment of effectively designed controls over financial reporting and each service organizations may need to provide reports to their clients (user entities) according to different standards. For the service organizations catering services within United States, SSAE18 is best suited. While for the ones providing services outside US, reporting can be done in accordance with the ISAE 3402 standards (termed as a combined report). Further, there are a few key differences when it comes to performance and reporting style of both the standards. Below are the major key differences which one should know: • Investigation of the Intentional Acts Both the standards require the investigation of any deviations identified during the testing. They direct the service auditor to investigate the noted deviations that could have been caused by an intentional act of service organization’s (SO) personnel. The SSAE 18 directs that the auditor should receive a written representation from SO management detailing any actual or suspected intentional acts (like employee committing frauds) that could impact the fair presentation of management’s description of the system. However, the ISAE 3402 does not explicitly require auditors to obtain the written representations. • Dealing with Operating Anomalies Any finding that deviates from the standard is an Operating Anomaly. SSAE 18 treats all deviations in the same manner, rather than as an anomaly. However, ISAE 3402 contains a requirement that allows a service auditor to conclude that any identified deviation while testing a sample of the control can be considered an anomaly. The idea is that when controls are sampled, they are not necessarily representative of the entire population from the samples drawn. • Assistance from Internal Audit Team SSAE 18 enables the use of direct assistance from the service organization’s internal audit function in accordance with the U.S. audit standards guidance. ISAE 3402 does not allows the use of the internal audit function for direct assistance. • Subsequent Events SSAE 18 calls out that the service auditor should report any event that could be significant in order to prevent users from being misled. A subsequent event would be something that could change management’s assertion after the audit period has ended. However, ISAE 3402 restricts the types of subsequent events that would be disclosed in the service auditor’s report to only those that could have a significant effect on the service auditor’s report. • Statement on Restricting Use of the Service Auditor’s Report SSAE 18 requires that the auditor’s report should include a statement restricting the use of the report to management of the service organization, user entities, and user auditors. However, ISAE 3402 requires that the service auditor’s report include a statement that indicates that the report is intended for the service organization, user entities & user auditors but does not require a statement restricting its use. • Acceptance of Engagement and Continuation SSAE 18 directs that management should acknowledge and accept the responsibility of providing the service auditor with written representations at the conclusion of the engagement. However, ISAE 3402 does not requires this acknowledgment. • Disclaimer of Opinion If the service provider does not provide the assessor with specific written representation, ISAE 3402 requires that the auditor deny an opinion after discussing the concern with management. If this happens, the auditor can carry out the required action. SSAE 18 requires that the service auditor takes an action or withdraws from the engagement. The SSAE 18 also contains certain incremental requirements for a situation where auditor plans to deny any opinion. • Elements of the Section 801 Report That Are Not Required in the ISAE 3402 Report SSAE 18 contains certain requirements that are additional to those in ISAE 3402. These requirements are as follows: o The identification of any information included in the documentation that is not covered by the service auditor’s report. o A reference to management’s assertion, and a statement that management is responsible for identifying any of the risks that threaten the fulfillment of the control objectives. o A statement that the examination included assessing the risks that management’s description of the service organization’s system is not fairly presented and that the controls were not suitably designed or operating effectively to achieve the related control objectives. o A statement that an examination engagement of this type also includes evaluating the overall presentation of management’s description of the service organization’s system and suitability of the control objectives stated in the description. We believe, that the article what have enhance your understanding of the two standards and their key differences. Please reach out us if you still have any queries or for any further information.

2020-05-30 07:17:53

The Persisting Challenges of SOC 2 Reporting

Information technology plays an important role in day to day functioning of organisations and in light of recent COVID-19 situation, resilient IT structure proved helpful to carry out basic business operations in IT and service industry. This have also raised concerns regarding information security and scrutiny of service organizations’ control infrastructure and driven demand for attestation reports. As a result, the SOC 2 examination's can provide the service organisation a comfort over service organisation’s information security and their control environment. The SOC 2’s operational and security centric approach, allows for an attestation process that addresses critical security concerns that customers have regarding third party services. The top 3 challenges voiced in the industry and accompanying recommendations are listed below. 1) SOC Report Selection The market place is filled with confusion because of the uncertainty of the potential customer backlash of issuing one report over the other. Even though the Trust Service Principles were recently revised and enhanced, users and service organizations are concerned whether the customer will understand the inherent value found in the criteria. For reporting options including non-SOC reporting, service organizations are strongly encouraged to consult with an experienced and reputable SOC 2 firm. This firm should provide the organization with various choices and paths without requiring any commitment. As a result, service organizations will be more prepared to convey the importance of the provided service, more effective at communicating the positive impact, and the type of control in place with customers and stakeholders. If the SOC 2 is the chosen solution, the benefits and significance of the Trust Service Principles should be emphasized by the service organization. 2) Selection of Trust Service Principles for SOC 2 Engagements Many of the service organizations choosing to have SOC 2 examination are not clear on the exact Trust Service Principle(s) that should be included in the report. In addition, the best method of using the service principles in describing the control environment also represents a grey area. The most common concerns are, "Are the controls in place?", "Will the controls satisfy the required criteria?", and "Should the organization provide a Type 1 or Type 2 report?". The best way to reach a common solution is by starting with the end. In the beginning, communicating and determining the information the user organization will want should guide towards electing the best Trust Services Principles. As a leading provider of SOC 2 reporting, we ensures the most beneficial reporting solutions are chosen. The Persisting Challenges of SOC 2 Reporting 3) SOC 1 and SOC 2 Are NOT Created Equal Don't assume SOC 1 and 2 activities are identical. SOC 2 Principles create a preset baseline standard. From there, service providers commonly identify, adjust or implement new baseline standards for achieving the SOC criteria. In contrast, more flexibility may exist under the control objective framework of the SOC 1. On the path to being successful, SOC 2 service organizations should plan and be prepared. To achieve this, readiness assessments are found to be very helpful. In conjunction, everyone's expectations must be set at the most appropriate level, both internally and externally. It's also equally important to determine the organization's existing controls and commitments to its customers.

2020-05-30 07:16:05

FRRO Registration - A Practical Guide

Global mobility has become an inevitable part of businesses ever since globalization. Employees are very often asked to take up assignments outside their home country. These movements call for various aspects to be taken care of such as tax compliances, immigration-related matters, language barriers etc. Amongst all these considerations, one of the important aspects, which require immediate attention while moving to India, is obtaining a residential permit from the Foreigner Regional Registration office ("FRRO").
Every foreigner who is coming to India on a visa, which is more than 180 days, is required to obtain registration from the respective FRRO office within 14 days of his or her arrival.
As the process of obtaining the registration i.e. Residential Permit is now completely online, here are few important guidelines:-

To initiate the process, an expat is mandatorily required to create his login credentials on the website of e-FRRO. In case expat’s family is also accompanying, the same login credentials will be used for the family members, however, separate application forms will be filed for each member of the family.

Once the login id is created, application form for a fresh/new application to be filled for the requisite service such as registration, registration extension, de-registration, change of address and vi etc. Documents which are required to be furnished for fresh registration are set out below:

- Passport (front and back page) along with page bearing last Indian Immigration arrival stamp.

- Indian Visa

- Photo (as per the specification)

- Residence Proof- Copy of Form C generated by Hotel/ Individual house along with the copy of the notarized lease deed/ utility bill

- Employment Contract mentioning designation, Duration of the employment period, Salary break-up etc.

- Request letter to FRRO office for visa-related service

- Undertaking Letter- duly signed by an Indian host/ authorized signatory

The coloured scanned copy of the above documents (in PDF) is required to be uploaded along with the application.

Once the documents are uploaded, the FRRO office will process the application. In case any additional document is required, the FRRO office through email will intimate the same. The processing of the application typically takes 2-5 days in case the documentation is complete and there is no requirement to visit the FRRO office.

In case, there is a change in address, FRRO office should be intimated by filing the necessary form. Also, in case there is a transfer of employment from one state to another (for example-from Mumbai to Delhi), a de-registration is required to be obtained from Mumbai FRRO. Once the Mumbai FRRO Office grants the transfer certificate, an application for a fresh registration required to be filed with the FRRO office in Delhi as per the procedure mentioned in the foregoing paragraphs.

In order for the smooth processing of the application, it is recommended to furnish all the documents as per the instructions mentioned at e-FRRO portal.

2020-05-15 00:14:59

Outsourcing by CPA Firms

12 reasons why accounting outsourcing is ideal for your CPA firm


Research says CPA firms typically spend 70% of their time administering low-yield, data-intensive compliance functions. The good news is an accounting outsourcing company can do this work! Other than the obvious benefits of cost-savings, outsourcing your accounting functions reduces overheads that come in the form of:

  • Recruiting and training specialist staff
  • Retaining non-core skills
  • Buying and maintaining systems and software, and
  • Dealing with IRS

In addition to the above, the following benefits explain why a CPA firm like yours should stop processing their data-intensive compliance function in-house and move to the model of "accounting outsourcing":

1) Lower operational cost

This is commonly cited as the primary driver. Under an ad-hoc business model, businesses pay for the resources as and when they need them. Even if they sign up for a dedicated resource, substantial reduction in costs is quickly visible. It is not uncommon for businesses to reduce their in-house accounting costs by close to 50%.

2) Increase operations efficiency

This is, after cost reduction, the second most cited benefit. Small and medium sized CPA firms lack access to best practices such as technology and infrastructure to perform efficient accounting functions. However, when they outsource such a task to an outsourcing specialist, they can easily achieve equal if not better efficiency and productivity levels as their big competitors.

An accounting outsourcing service provider can create this leveled playing field only because they are specialists who operate from a location where the overheads are lower than the client country.

3) Improve margins

For CPA firms, running data-intensive compliance functions is generally considered a low-margin activity. Accounting outsourcing not only reduces costs but ups the margin. It is especially beneficial if you have huge volumes of compliance work.

4) Save time

Accounting outsourcing allows you to spend billable time on delivering higher billing work, building and maintaining client relationships and growing the firm. It also frees up managers and partners from time-intensive recruitment, training and compliance duties, leaving time for truly strategic initiatives like budgeting and forecasting.

5) Get a competitive advantage

Gives you an edge over your competitors as you can now expand your firm by offering higher valued services to their clients. An in-house survey of QX’s current clients found that accounting outsourcing had allowed them to take on more profitable work and boost business revenue.

6) Faster turnaround time

CPA firms outsourcing to India gain from the time difference. How, you ask? With India being 10 hours ahead of the East Coast of North America, work sent overnight can be returned the next morning. There’s great value in that service for tax, bookkeeping and financial services accounting and that means you can shorten your response times.

7) Acquire flexible resources

One of the most unique benefits that lets you run a lean operation. Outsourcing nowadays offers the option of scalability with an array of engagement models like shared, ad-hoc and dedicated. Depending on work volumes, you can choose the one that fits your needs.

During peak seasons when you are inundated with work you can easily scale up the outsource team, and when work is slow you can trim it down. Moreover, you don’t have to worry about back-ups to cover holidays, sickness, maternity, together with the time and cost it involves.

8) Tap the best minds in the world

Accounting outsourcing opens access to an articulate, educated, English-speaking workforce that grows with your company without the HR headache. It also allows you to enjoy a larger workforce and increase your firm’s efficiency without increasing headcount.

9) Escape the maze of legislation

Accounting outsourcing companies take care of staying a step ahead of the ever-changing raft of legislation. They take over the complex legislation and work in partnership with IRS and US GAAP so you can concentrate on delivering the primary services of your firm.

10) Share risk

Another less-spoken about benefit which directly affects the growth of your firm. When used as a business strategy, accounting outsourcing allows you to significantly reduce your exposure to risk. To add to that, it reduces the risk of having in-house employees responsible who may not be available at a critical time due to sickness or holidays.

11) Access to a specialist team and industry best practices at a low cost

This is especially beneficial for small and medium CPA firms that are looking for ‘specialist’ employees. Outsourcing opens access to a team of professionals who are specialists at running your data-intensive compliance functions. Particularly in areas of technology, outsourcing provides an instant access to industry best practices that might be too cost-intensive to buy or hire.

12) Level the playing field

It’s a given that small or medium sized firms can’t match the in-house quality of non-core tasks that big firms can maintain. This changes totally when CPA firms get access to a specialist team and technology that in the past was only available to big firms. This further allows you to compete with bigger firms for bigger jobs and generate larger profits by outsourcing portions of the workload.


2020-05-27 00:08:20


On April 8, 2020, the Financial Accounting Standards Board (FASB) proposed the deferral of Accounting Standards Update No. 2016-02, Leases (Topic 842), and subsequent amendments, commonly known as the lease standards, for certain entities. This was decided as a result of global concerns related to the COVID-19 pandemic.


The FASB is proposing to postpone the effective date by one year for private not-for-profit organizations and private companies to fiscal years beginning after December 15, 2021, and interim periods within fiscal years beginning after December 15, 2022. Currently, nonpublic entities are required to comply with annual reporting periods beginning after December 15, 2020 and interim periods within fiscal years beginning after December 15, 2021.

This deferral would also apply to not-for-profit organizations that have issued or are conduit bond obligors for securities traded, listed and quoted on an exchange or over-the-counter market that haven’t yet issued financial statements, according to the proposal released by the FASB. The deferral would move the effective date to fiscal years beginning after December 15, 2019, including interim periods within those fiscal years.

Not-for-profit entities could still adopt the lease standards early.


The FASB included a 15-day comment period in their proposal for organizations to note challenges in adopting this standard during the Coronavirus pandemic.

Topic 842, Leases, was previously delayed in July of 2019 due to companies’ challenges understanding the standard and adopting it.


2020-05-13 23:26:37

Audits, Reviews & Compilations

  Financial Statement Preparation Compliation Review Audit
Assurance Provided None None Limited negative assurance High level of reasonable assurance
Intended Audience Business owners to manage the business Lenders and other outside parties not requiring assurance Lenders and other outside parties desiring a basic level of assurance Creditors, investors, and other outside parties desiring high level of comfort
Appropriate For Potentially some lender’s documentation for small loans Initial or lower amounts of financing with significant collateral in place Growing businesses seeking larger levels of financing Growing businesses seeking high levels of financing or selling a business
Report Issued None Yes Yes Yes
Frequency (Generally) Monthly, quarterly, or annually Monthly, quarterly, or annually Monthly, quarterly, or annually Monthly, quarterly, or annually

2020-05-13 00:39:10


On Dec. 5, 2019, the AICPA Auditing Standards Board issued a new standard related to agreed-upon procedures engagements. The SSAE No.19 , Agreed-Upon Procedures Engagement will supersede SSAE No.18 AT-C Section 215, Agreed -Upon Procedures Engagement. The new standard is intended to loosen current requirements in performing agreed-upon procedures engagements and to further enhance relevancy of reports issued on these types of engagements. Changes to the standard include:

  • The requirement that the auditor request an assertion from a responsible party has been removed.
  • Procedures can now be developed throughout the course of the engagement.
  • Practitioners can develop or assist in developing procedures.
  • In the prior standard, the intended users were required to take responsibility for the sufficiency of the procedures. Now, they are only required to acknowledge the appropriateness of the procedures prior to the issuance of the report.
  • The issuance of a general use report is now permitted.

The standard is effective for agreed-upon procedures dated on or after July 15, 2021 but early adoption is permitted.

2020-05-13 00:36:42