Security-first strategy: Protecting data in tax and advisory workflows

Failure to safeguard sensitive data in tax advisory business relies on an organization’s ability to remain aware. The focus of this text is to assess ways data might be insecure in tax and advisory workflows and identify ways to mitigate this risk. Tax and advisory community members who manage confidential data understand the consequences of data getting into the wrong hands. Involved with engagement workflows that ultimately handle tax returns, M&A information, and legal documents, businesses are exceedingly aware of the potential damage through lost business, reputational damage, or even fines and legal action. Encryption, two-factor authentication, and email activity monitoring systems have become prevalent discussion topics.

In preparing the text for publication, additional commonplace pieces of knowledge were uncovered. The woke metaverse has arrived. Controllers that anticipatively close records are far more favorable than those that are retrospective or forensic. The next generation of software audit tools is daughter company-backed. Not one but three intrusive reviews at the same time may very well happen. Data co-ops will enable deeper analytics outside internal firewalls. The audit may end up being a taxpayer capability. For the tax and advisory community, “excellent solutions” applying such commonplace knowledge must be considered. Protecting valuable data before a breach occurs is far superior to examining it afterward.

Security-first strategies that afford complete assurance against breach were evaluated and the protective autonomy envisioned of “excellent solutions”, however unlikely, is understood. The world is likely to be a bit safer regardless of whether the 10,000th fixed penalty comes to pass. When the tax advisory industry as a whole gets hacked, it is clear it will turn into an “afterward” industry. Some discussions on improved engagement and assurance workflow safety rely on existing technology, just not implemented yet.Subject trust is an agent’s level of belief in the competency of another agent, something that is taken for granted between audit firms and their clientele. Trust though does not come easy, nor is it something which can solely be relied upon. Rather, trust is a two-way street, requiring an ardent upkeep given a heavy reliance on cloud-based systems and the continuing pace of change in the adversarial capabilities of hackers. That maintenance depends upon communication with clients about new risks and adherence to security practices. External communications are critical, though they are not the terminus of the maintenance of trust. Building on a foundation of trust requires internal maintenance through continual engagement with elements of the audit process. Otherwise, honesty, integrity, and strong vigilance over security practices begin to falter, and behind-the-scenes, untrusted systems can proliferate rapidly, deleteriously affecting client trust and relations.