170 likes | 254 Views
Caveat. This presentation is designed to provide some guidance on risk management within a public practiceIt is not intended to be a substitute for, or comprehensive outline of the requirements of, your compliance with relevant professional standardsIt is strongly advised that you familiarise yo
E N D
1. Risk Management: the foundation of your quality assurance
2. Caveat This presentation is designed to provide some guidance on risk management within a public practice
It is not intended to be a substitute for, or comprehensive outline of the requirements of, your compliance with relevant professional standards
It is strongly advised that you familiarise yourself with your professional obligations on an ongoing basis
3. Professional Obligations All members of CPA Australia holding a PPC must demonstrate compliance with:
APES 320 – Quality Control for Firms
RMS 1 – Risk Management Statement
These, along with other professional pronouncements, are assessed as part of the Quality Review Program
4. APES 320 – Quality Control for Firms Professional Standard on Quality Control – mandatory compliance by all firms
Issued by APES Board in May 2006; effective 1 July 2006
Replaced APS 4/5 and incorporates additional mandatory requirements which set a higher benchmark and demonstrate best practice in the profession
Provides a more rigorous framework to mitigate and manage risk
Provides assurance to the public that there are controls in place for their protection
5. APES 320 - Content Elements of a system of quality control:
leadership responsibilities for quality within the firm
ethical requirements
acceptance and continuation of client relationships and engagements
human resources
engagement performance
monitoring
Overarching requirement for documentation
6. RMS 1 CPA Australia requirement
A practice must develop, implement and maintain a process to ensure that management of risk becomes an integral part of the planning management process and culture of the practice
A documented Risk Management Statement must be in place
7. Risk Management The following constitute areas to consider in your own practice:
integrity
services offered
marketing and communication
staff and HR issues
information and resource management
tax obligations and lodgements
IT issues and security
management collapse (succession planning)
acceptance / continuance of clients
cash flow management
8. Integrity Questions to consider:
Do you review client files?
How often do you review each client’s files?
Do you have operational notes in client files (e.g. software, postal preferences, etc)?
Do you have criteria for new clients and for client retention? Are they documented?
Do you use an engagement letter? To whom are they sent and how often? (Note that for all engagements an engagement document is mandatory)
Do you have checklists and do you have a list of these? Who uses these in the office? How often are they updated and by whom?
Do you have documented procedures such as manuals, standard letters, etc? If so, where are they kept?
Who is the responsible person in the practice for managing the procedures of quality control to ensure all work is performed to a high quality (e.g. Principal, Partner or CEO)?
9. Services Offered Questions to consider:
Do you know what services your practice offers? They should be listed somewhere (e.g. financial planning, investments, etc)
Do you offer services that you are not qualified to offer?
Do you ensure that the services you offer are well known to the clients in the form of an engagement letter?
Are your staff members who are allocated clients’ work capable and trained in the required area?
Are the services right for your practice profile and resources?
Do you have the resources to meet delivery of the services to be performed?
Do you have a referral network and how do you ensure quality control?
Do you outsource any part of your work and do you ensure quality control (e.g. bookkeeping, auditing, etc)?
10. Marketing and Communication Questions to consider:
Do you have a marketing and/or strategic plan suitable for your practice (big or small)? If so, how is this monitored and appraised for any risks?
Is this plan documented and communicated to any or all of your staff? (this is highly recommended)
Every practice has a culture. Have you identified your practice culture and are your staff (if applicable) aware of it?
Do your clients understand the culture of the practice and, if not, do you see the need for communicating it to them?
Have you considered competition in your marketing plan? Consider other professionals and other areas in the accounting profession and related professionals
11. Staff and HR Issues
Questions to consider:
Do you have staff and have you identified each of their roles?
Do you have employee work contracts or something similar for your staff? If not, this is highly recommended
Have you considered your staff security and personal safety?
Do you have an OH&S Policy and is it enforced and practised?
Does your practice have a complaint resolution policy?
Do you have a staff induction procedure? (this is highly recommended)
How do you monitor staff performance? When is this done and how often?
How do your staff get training or updated on important office and government changes?
Are your staff members properly supervised and is their work reviewed?
Do they give advice to clients and are you aware of that? Are they covered under your PI insurance policy?
If they give advice, is that monitored and recorded for future reference?
Do you ensure that you or any of your staff are properly qualified to give the advice to the clients?
12. Information and Resource Management Questions to consider:
What sort of electronic medium do you use to communicate with the ATO, ASIC or any other government body that you interact with?
Do you take reasonable care when advising clients and interacting with the various legislative requirements?
Do you keep up-to-date with all the latest changes that may affect your practice and that of your clients? Is your staff kept informed?
Do you take reasonable care to ensure that you are not professionally negligent?
Where do you obtain your information that you rely upon? Are your information sources reliable? Do they support your obligation to take reasonable care?
Do you know what your obligations are with regards to professionalism?
Do you and your staff comply with CPD requirements? How do you keep up-to-date and how is this monitored?
13. Tax Obligations and Lodgements Questions to consider:
What is your procedure for lodgement of practice forms to all government bodies?
Do you have a client list? Do you know what role you have for each client?
Do you monitor your client list according to the lodgement program? (Add and delete as appropriate)
Workflow for your practice – do you know what is to be completed and the current status of each job at any given point in time? How do you do this?
Do you communicate with your clients regarding their lodgement obligations and your work flow?
Do you measure your performance and how do you do this?
Do you identify any risks associated with late lodgements and penalties and do you communicate with your clients once any risks are identified?
14. IT Issues and Security Questions to consider:
How secure is your hardware, software, and information stored electronically?
Is all your software licensed? If not, have you looked at the risks to your business?
How do you guard your business against pirating / copying of your software?
Backups –
What backup plans do you have in place?
Do you know whether your backup restores successfully?
Do you test your backups?
Who is responsible for this function in your practice and is this documented anywhere?
15. IT Issues and Security (cont.) Questions to consider:
Internet –
What virus protection (if any) do you have?
How frequently is this updated?
What policies do you have regarding information downloads that are inappropriate? Is this documented?
Do you have a fire wall?
Do you have anti-spam software?
Emails –
Do you have policies and procedures to manage email traffic of your staff?
Do you have a disclaimer outlining the ‘limited liability scheme’ and the ‘privacy statement’?
Do you have immediate assistance or technical specialists on hand, or easily available, if you suffer computer or software failure?
16. Management Collapse (Succession Planning) Questions to consider:
Who is the principal of the practice? Does the same person have the responsibility of office management? If not, then who has that responsibility?
Is there anyone else in the practice who can manage this responsibility in the event of the primary person being unable to?
What about time required if the principal person is unavailable for long periods? Is there a backup person able to carry on?
If you are a sole trader, have you thought about contingencies that would put you out of action (so to speak) for a short or long period of time?
Do you have any plans for when your staff are sick for long periods of time?
In the case of fire, do you have contingency plans for your practice?
Delegation – are there any areas of practice that only one person knows how to do? This is a risk and consideration should be given to staff training and delegation. One example would be to have two people knowing a particular job
17. Acceptance / Continuance of Clients Questions to consider:
How often do you review your clients and whether they meet your acceptance criteria?
How do you evaluate retention of clients from time to time?
Do you note any client disputes that could potentially lead to a Professional Indemnity issue? Do you then inform your insurance company?
Have you ensured that your objectivity and integrity are not jeopardised?
What about client confidentiality, are you maintaining good professional conduct?
18. Cash Flow Management Questions to consider:
Every practice needs to have good cash flow management
Do you have a credit management policy and who in your practice is responsible for this?
Do you have contingency plans to cover you in a deficit cash flow position?
Do you have sufficient working capital to sustain your practice, now and in the future?
Is your business trading solvent?