How the War in Ukraine is Reshaping CPA Firm Risks

The crisis in Ukraine is impacting the U.S. accounting industry in unexpected ways – including the professional liability and cyber risks accountants face. With that, there are a few key things CPAs should keep in mind as their firms and their clients navigate this unpredictable geopolitical landscape.

Professional Liability Risks

Professional liability risks are evolving on two fronts. First, the war is likely to have a long-term adverse effect on the global economy, exacerbated by further supply chain disruptions and inflation. Historically, negative economic factors increase both claim frequency and severity as clients in financial distress look to blame their professional advisors for their financial losses. Additionally, increased regulatory complexity – driven by the evolving sanctions landscape since the war started – may result in an increase in professional liability claims for failing to advise clients on noncompliance as well as potential fines and penalties levied against them. Additionally, the Public Company Accounting Oversight Board recently released Auditing Considerations Related to the Invasion of Ukraine to highlight important considerations for auditors of issuers and broker-dealers. This document may also serve as a helpful resource for auditors of other entities.

Cyber Liability Risks

Second, online risks are likely to stretch well beyond Russian and Ukrainian borders. The U.S. Department of Homeland Security recently issued a warning to businesses to be on high alert for Russian cyberattacks, as did the U.K.’s National Cyber Security Centre.

For example, schemes involving phishing, social engineering and other email scams purporting to be from organizations supporting relief efforts or those displaced from the war are likely to be deployed as a ruse to dupe unsuspecting employees into allowing hackers access to CPA firm networks. Since the start of the war, certain websites and servers have been targeted by Distributed Denial of Service (DDoS) style attacks by bombarding them with traffic to deny the normal users from accessing, resulting in the website or network being forced offline.

Risk Tips

CPA firms can help mitigate their risks by taking some proactive steps:

·      Adjusting and updating risk management models, including cyber breach planning, so the firm has an adequate plan in the face of these evolving threats.

·      Gaining a thorough understanding of evolving cyber threats as a result of the current crisis and how they can adversely impact the firm and clients.

·      Implementing multi-factor authentication for remote network access.

·      Creating a robust security and breach response plan.

·      Updating anti-virus software on all servers and making sure patches are installed in a timely manner.

·      Using strong controls when working with third party providers such as indemnification clauses in the service agreement in the event of a breach to a third-party platform.

·      Isolating traffic involving clients from Ukraine and Russia from the rest of the network.

For more insights on managing current risks impacting CPA firms, visit: www.cpai.com.

This information is provided for general informational purposes only and is not intended to provide individualized business or legal advice.