1. www.naplia.com Copyright 2013 Risk Management Stephen Vono, Principal NAPLIA

2. Copyright 2013 www.naplia.com The Risk Environment Culture Risk Assessment: Employee & Client Engagement Letters Fraud Cyber Risk

3. Copyright 2013 www.naplia.com Culture

4. Copyright 2013 www.naplia.com Risk Assessment: Employee & Client First line of defense New client acceptance forms Predecessor accountants Background checks

5. Copyright 2013 www.naplia.com Engagement Letters Second line of defense Comprehensive contract: not a fee agreement Purposes: – Define scope of engagement – Mutual responsibilities – Provide for contingencies – Prevent differing expectations

6. Copyright 2013 www.naplia.com Percentage of Audit Claims (By Source of Claim)

7. Copyright 2013 www.naplia.com Who Commits Fraud? Position in the Organization

8. Copyright 2013 www.naplia.com Who Commits Fraud? Median Loss by Position

9. Copyright 2013 www.naplia.com Employee Fraud (Opportunity) Experienced employee Lack of segregation of duties Uninterrupted service – Annual vacations not required Weak management oversight

10. Copyright 2013 www.naplia.com Client Risk Assessment (Centralizing the Process) Risk assessment committee Must be willing to reject prospects and terminate existing clients

11. Copyright 2013 www.naplia.com Cyber Liability

12. Copyright 2013 www.naplia.com First Party vs. Third Party Employees Accountant/Owner Client Non-client First Party Third Party

13. Copyright 2013 www.naplia.com Professional Liability vs. Legal Liability

14. Copyright 2013 www.naplia.com Notification Letter WISP Notification laws Best practices policies – Portal usage

15. Copyright 2013 www.naplia.com Thank you! www.naplia.com Stephen Vono SteveV@naplia.com linkedin.com/in/stevevono @naplia