Implementing the processes and systems for compliance is no small task, in part because the standards are new, and there’s no consensus on implementation specifics. No matter how the new standards are interpreted, compliance will require integrating risk and finance; building, testing and managing new models; and managing a new level of data complexity.
Ethical Hacking sometimes called as Penetration Testing is an act of intruding/penetrating into system or networks to find out threats, vulnerabilities in those systems which a malicious attacker may find and exploit causing loss of data, financial loss or other major damages.
Large accounting firms are increasingly called upon to test cyber security for their clients. PwC, for example, employ a team of ethical hackers who attempt to break into clients’ systems in order to expose their weaknesses. This spans from the very basic attempts, such as leaving a USB memory stick loaded with “safe” malware in the office and monitoring if it gets used, to more sophisticated, which is where air gapped systems come in.
Will Rimington, who heads up PwC’s penetration testing team, explains that the firm is experimenting with ways in which to breach an air gapped computer. The team’s methods predominantly revolve around using light sensors and sound waves to control malware on the machine.
He says: “It will look to all intents and purposes like nobody’s touched it, yet it’s controlled to the touch of a laptop’s light or sound waves, and the ability to actually pass commands from those sorts of media to extract specific bits of data. We’re looking at proof of concept at this stage.”
The PwC penetration testing team is trying to push past the hacking techniques are already in the public domain. By experimenting with new hacking methods, they are able to keep ahead of cyber criminals.
“It would be very easy to become a bit too complacent,” he says. “We had a recent exercise involving phishing emails. We’ve now taught all our people to ignore phishing emails, but therefore it will evolve further and faster, with more intricacies, over the next couple of years.”
Many companies hire ethical hackers to play the role of an adversary who’s looking to hack into them to penetrate their defenses. Companies need to think about whether the company that they’re hiring, or their individuals are hiring are properly vetted.
There are plenty of what I would call smaller organizations out there whose individuals might have operated on the other side of the fence for a period of time and may have turned good now but you don’t know necessarily what else they may also be doing on their off hours, and so I think it’s really important to ensure that anybody that you’re looking to really work with you for any cybersecurity advice or consulting or implementation or testing has individuals that are both skilled, that they have a strong development program that supports those individuals, that they have background checks that you can validate, and that they have a strong track record in the market of providing that service to organizations which can be validated through discussions with those organizations.
The growth of robotic process automation (RPA) is a part of technological disruption and transformation of tax practices' and departments' internal processes, client services, and interactions with regulatory agencies. Organizations of all sizes can use RPA to streamline operations, increase efficiency, and improve quality as part of their automation strategy.
A Fourth Industrial Revolution (after the revolutions in water and steam power, electrical power, and electronics and information technology) is underway globally, a digital revolution characterized by converging technologies that are blurring the lines between the physical, digital, biological, and industry sector spheres, while at the same time transforming client and employee expectations and experiences. The increasing use of blockchain general ledgers, artificial intelligence (AI), machine learning, and cloud computing is changing the way tax functions and jurisdictions perform traditionally manually intensive activities such as accessing and manipulating source financial data for analysis, reporting, compliance, and improving controls. As an example, the United Kingdom in recent years launched its Making Tax Digital initiative, with a goal of fully digitizing the U.K. tax system by 2020 to substantially increase the efficiency and quality of tax administration.
RPA is a key technology in this digital disruption and transformation. According to Karen Osmundsen et al. ("Organizing Robotic Process Automation: Balancing Loose and Tight Coupling," paper, Hawaii International Conference on System Sciences, 2019), RPA enables the automation of repeatable business processes: A software bot can mimic human activities by performing recurring tasks and processes associated with structured data and clear action rules. According to a Gartner report, "[t]actically focused robotic process automation (RPA) projects may improve quality and decrease activity cycle times by assisting or removing labor in or from activities" ("Robotic Process Automation: 8 Guidelines for Effective Results," Gartner Inc., 2018). With the use of AI and machine learning, RPA can enable more complex, intelligent process automation. These "bots" are increasingly playing an important role in automating routine processes and workarounds that otherwise would be inherently inefficient, time-consuming, and error-prone.
EXAMPLES OF TAX-RELATED APPLICATIONS IN PUBLIC ACCOUNTINGTax practitioners have already started using RPA to facilitate common compliance functions. For instance, tax preparers often receive pertinent financial information, including tax reporting forms, in PDFs. Preparers traditionally spend a significant amount of time manually extracting data from these PDFs and loading it into spreadsheets and systems. The authors recently interviewed a PwC tax professional who built a bot that automatically reads and extracts data from such PDF files, freeing up time for more strategic, valuable activities including review and analysis. In describing the impact of this improved process, the tax professional could highlight hours saved, enhanced quality, and reduced risk of manual errors. This is a simple yet powerful example of how RPA can streamline a structured process, creating efficiencies for the tax function.
In another example, a PwC tax professional used an RPA tool to prepare and file return filing extensions during the 2019 tax filing season. Prior to RPA, the process required tax staff to prepare extensions using third-party applications, convert the extensions to PDFs, then submit them for review. Enabled by RPA, the bot takes a control sheet populated by the user with client information, enters that information in the third-party tax preparation software, and generates tax extension forms. Time trials performed by multiple users of the automation versus the manual process showed time savings of 70%. An added benefit is the ability to use this automation year after year, perhaps with only minor updates and to thereby reduce recurring manual hours. Other applications of this kind can be used for preparing estimates and tax returns and for e-filing. We are also seeing many applications of RPA in administrative functions that support the tax function or practice but are not limited to it, such as:
- Time reporting from calendar to finance systems;
- Billing and invoice generation;
- Employee records administration in HR systems; and
- Compliance tracking regarding an organization's key metrics (e.g., CPE compliance, billable hours, vacation hours).
IMPLEMENTING RPAAn RPA implementation project can seem intimidating, since it must address many moving parts and issues. Organizations need to fully understand current processes to assess the scope of needed change and develop effective deployment and change-management strategies. Important aspects of this work plan include securing organization buy-in, identifying software and its vendors, and developing the knowledge and skills of tax professionals.
In this context, CPAs embarking on an RPA journey should ensure that it is aligned with business and tax strategies. Are you hoping to reduce costs and gain efficiencies? Companies and tax firms that develop their deployment and change-management strategies with objectives clearly in mind will explore different vendors, develop proofs of concept, and work with various cross-functional teams to discover how to best implement RPA and realize successful outcomes. Once the benefits of these automations become clearer, organizations can decide how to begin or expand the use of RPA to meet their longer-term strategies.
Recognizing that not all organizations have dedicated technology resources, they can take any number of approaches to develop their RPA strategies:
- A citizen-led approach, where tax professionals are provided the technology and training required to develop RPA solutions themselves;
- A center-of-excellence approach, where a central business unit focused entirely on RPA builds automation tools that are pushed out to tax professionals; and/or
- An outsourcing approach, where third-party vendors develop and deploy RPA solutions for a discrete engagement, a branch of the business, or a broader enterprise solution.
To complement the strategies above, there are a number of critical success factors to highlight:
- Change management: Drive awareness and support in disrupting the status quo.
- Personal identification: Understand the end user to support different levels in the robotics journey.
- Process optimization: Review processes and identify opportunities for improvement and standardization.
- Governance and controls: Embed policies and procedures to ensure quality and mitigate risk.
- Training and enablement: Prioritize providing protected time to train and enable personnel at all levels.
- Continuously monitor for return on investment: Assess results against goals and adjust the approach accordingly.
TAX TECHNOLOGY STRATEGY AND WORKPLACE READINESSIncreasingly, corporate transactions and operations strategies are being considered to manage costs and address regulatory requirements. Customers, tax authorities, and other key stakeholders continue to stress digitization as a mandate for conducting business and collaborating across enterprise functions. Tax functions are being forced to rapidly go digital.
It is important to note that RPA is one tool within a suite of technology tools that companies should consider implementing together. In this context, a rapid evolution of advanced RPA capabilities is emerging, including the integration of RPA with cognitive analytics, AI, machine learning, and virtual agents. In this disruptive and transformative context, RPA and emerging technologies can address organizations' business and tax objectives now and into the future.
Diversity Trust is offering a $500.00 an Hour opportunity for Trustees/Notaries/Agents that are interested.
Send an email the Trustee attached to this Article.