Skip to Main Content

As we find ourselves in a fast-moving, strong business growth environment, there is no better time to consider the controls needed to enhance your IT security as you implement new, high-demand technology and software to allow your organization to thrive and grow. Here are five risks you need to take care of if you want to build or maintain strong IT security.

In light of the recent cyberattacks in higher education across the US, more and more institutions are finding themselves no longer immune to these activities. Security by obscurity is no longer an effective approach—all institutions are potential targets. Colleges and universities must take action to ensure processes and documentation are in place to prepare for and respond appropriately to a potential cybersecurity incident.

Who has the time or resources to keep tabs on everything that everyone in an organization does? No one. Therefore, you naturally need to trust (at least on a certain level) the actions and motives of various personnel. At the top of your “trust level” are privileged users—such as system and network administrators and developers—who keep vital systems, applications, and hardware up and running.

Law enforcement, courts, prosecutors, and corrections personnel provide many complex, seemingly limitless services. Seemingly is the key word here, for in reality these personnel provide a set number of incredibly important services.

Best Practices for Educating Your Financial Institution’s Board of Directors on Cybersecurity

According to Cybersecurity Ventures, cybercrime will account for $6 trillion annually by 2021—that’s more than the global trade of all major illegal drugs combined.  Data breaches and other information security events adversely impact organizations through significant losses in revenue, erosion of customer trust, substantial remediation costs, increased insurance premiums, and more.

With the rise of artificial intelligence, most malware programs are starting to think together. Fortinet recently released a report that highlights some terms we need to start paying attention to:

Texting has become a simple, convenient, and entrenched component of our everyday lives. We use it with family, friends, coworkers—and clients. My wife and I text to coordinate day care pickup and drop off of our kids every day.

Of course, we’re all suffering from “data breach fatigue.” But some breach announcements carry considerably more risk to the victim than others. For example, if I had received a letter saying a credit card of mine had been compromised, the end result would be simple:

People love the idea of being able to conveniently charge their phones without a cable or having to hunt for a plug. Free charging stations are popping up everywhere.

Read this if you're a broker-dealer. 

On July 25, 2024, the Public Company Accounting Oversight Board (PCAOB) issued its 2023 Annual Report on the Interim Inspection Program Related to Audits of Brokers and Dealers. The PCAOB can essentially be considered “the auditor of the auditor” and thus performs various inspections of audit firms that conduct broker-dealer audits on an annual basis. These inspections are conducted with the intent of enhancing audit quality to ultimately protect investors. Each year, the PCAOB summarizes their inspection results for the previous year within its annual report. Although these inspections are conducted of audit firms and thus the results primarily relate to deficiencies in audit procedures performed, this annual report can still provide useful information to broker-dealers, as it provides insight into the expectations of audit firms, which will ultimately drive the requests and expectations from audit firms during broker-dealer audits. Therefore, we share our key takeaways from the annual report: 

  • The PCAOB continued to identify a high deficiency rate in the audits that they inspected. At least one deficiency was identified in 70% of the 103 audit engagements on broker-dealer financial reports reviewed during 2023. This was an increase from 58% in 2022. However, one of the reasons for the increase, as cited by the PCAOB, was an increase in the number of inspections performed of audit firms that have not been previously inspected. The PCAOB typically sees higher deficiency rates in audit firms that are being inspected for the first time. 
  • The areas with the highest numbers of deficiencies were, in order: revenue, evaluating audit results, net capital, and related party relationships and transactions. The PCAOB identified deficiencies in revenue in 48% of the audits inspected in 2023, which was by far the largest deficiency rate for those areas inspected – 42 of 87 audits had deficiencies in the revenue area. Consideration of an entity’s ability to continue as a going concern had the next highest deficiency rate at 33%; however, only 2 of 6 audits had a deficiency in this area. This was also the first year that the PCAOB broke out journal entry testing as its own audit area. Journal entry testing, as required by AS 2401, has been a heightened area of focus for the PCAOB not only in their broker-dealer audit inspections but also their issuer audit inspections. Auditors are not only required to test specific journal entries but are also required to obtain an understanding of a broker-dealer’s controls over journal entries. We often find requiring an independent review of journal entries to be an effective internal control. And many accounting systems now require journal entries to have evidence of preparation and review before posting. 

    Testing the accuracy of the amount of the revenue recorded, including the accuracy of inputs that determine revenue was determined to be a common deficiency for revenue, regardless of the type of revenue (the annual report specifically mentions commissions, investment advisory fees, merger and acquisition and other advisory fees, and other revenues). ASC 606, which was adopted back in 2018, continues to remain an area of focus for the PCAOB, with particular focus on testing of performance obligations and ASC 606 disclosure requirements. Learn more about ASC 606 here. 

    Related party relationships and transactions are often a significant audit area given the subjectivity and judgement involved with such relationships and transactions. The PCAOB identified audits where audit procedures were not performed to evaluate whether allocated revenues and expenses were consistent with the terms of the written agreements between the related parties, and the financial capability of the broker-dealer’s affiliate to satisfy a significant uncollected balance. Read more about expense sharing in this previous article.  
  • Most of the deficiencies on examination engagements related to testing the design and operating effectiveness of controls important to the auditor’s conclusion regarding the effectiveness of internal control over compliance for financial responsibility rules. Broker-dealers that do not claim an exemption from Exchange Act Rule 15c3-3 are required to file a compliance report. Broker-dealers that typically cannot claim an exemption are those that carry customer accounts, maintain custody or control of customer cash and securities, or clear securities transactions on behalf of customers. The audit firm must perform an examination engagement over this compliance report that is filed by the broker-dealer. The examination engagement primarily involves testing the broker-dealer’s internal controls over compliance with the financial responsibility rules.  

    One particular deficiency was surrounding “testing controls with a review element, particularly the nature and extent of management’s review, including criteria used by management to identify matters for investigation and how such matters were resolved.” This appears to be a common focus area for the PCAOB, as we have seen this deficiency surface in the PCAOB’s inspections of issuer audit engagements as well. Specific to broker-dealers, two common areas that have management review controls are the review of the net capital computation and review of the customer reserve calculation. Management should clearly document its review process, including how it identified any items for further investigation. 
  • Many broker-dealers rely on service organizations for various facets of their operations. These service organizations are often integral to the broker-dealer’s operations and thus to their financial statements and possibly even the financial responsibility rules. The PCAOB identified certain deficiencies in audit firms’ procedures over these service organizations. It is important for audit firms to gain an understanding as to how broker-dealers are utilizing service organizations and what implications this usage may have on the audit firms’ audit procedures. There will likely be an expectation that, for service organizations integral to the broker-dealer’s operations, a SOC 1 report is being retained and reviewed by management, including complementary user entity controls, on at least an annual basis. To learn more about SOC reports and review best practices, read this article. 
  • Audit firms did not perform, or sufficiently perform, tests of compliance with the Reserve Requirement Rule as of the end of the broker-dealer’s fiscal year, including testing the accuracy and completeness of the stock record allocation reports and other information used to prepare the customer reserve computation. Although an examination engagement primarily involves testing internal controls over compliance, it also includes testing compliance with the Net Capital and Reserve Requirement Rules as of the end of the broker-dealer’s fiscal year. This should involve detailed testing of the various inputs into these calculations. For the Reserve Requirement Rule, this will likely include detailed testing of free credit balances, including gaining an understanding of their sources, as well as free debit balances, if any. The audit firm should also be testing the balance held in the broker-dealer’s special reserve bank account. 
  • Audit firms did not perform required inquiries as part of their review procedures over a broker-dealer’s claimed exemption from Exchange Act Rule 15c3-3. For those broker-dealers that do not file a compliance report, they will file an exemption report, claiming their exemption from Exchange Act Rule 15c3-3. Audit firms are still required to perform procedures over this exemption report; however, they are less in-depth than those procedures performed over a compliance report. With a compliance report, an audit firm performs an examination engagement. With an exemption report, an audit firm performs a review engagement. This review engagement primarily consists of inquiries of the broker-dealer. These inquiries primarily include gaining an understanding of the broker dealer’s operations to determine if there were any exceptions to the exemption provisions during the broker-dealer’s fiscal year and gaining an understanding of the controls the broker-dealer has in place to maintain compliance with its claimed exemption. The audit firm is also required to consider any evidence obtained during the financial statement audit to determine if it contradicts any of the responses received from management as part of the review engagement. For instance, the audit firm could identify that the broker-dealer did hold customer cash through its cash audit procedures. If such evidence were to be identified, this would need to be considered when conducting the review engagement and modifications to the broker-dealer’s exemption report may be necessary. 
  • Audit firms did not perform, or sufficiently perform, procedures to evaluate whether allowable assets and assets not readily convertible into cash, including commissions receivable and cash equivalents held in a securities account with a clearing broker-dealer, were appropriate. Read more about allowable assets, particularly unsecured receivables. This evaluation is essential because, if an audit firm were to identify an asset that was inappropriately being treated as allowable, it could have implications on the broker-dealer’s compliance with the Net Capital Rule.  

We hope you find these takeaways useful – again, although they specifically relate to deficiencies identified by the work performed by audit firms, they still do provide useful information for broker-dealers and can provide management indications of some of the questions or procedures audit firms will likely ask or perform. As always, if you have any questions, please don’t hesitate to reach out to the BerryDunn broker-dealer team. We’re here to help! 

Article
Audits of broker-dealers: The PCAOB's 2023 annual report

Communities are constantly adapting to the demographic shifts, economic fluctuations, social trends, and other factors that influence how they evolve, grow, and prosper over time. Fortunately, there is a powerful tool to harness that change and shape your community’s future: your economic development strategic plan.

The seven key success factors outlined below address the essential elements of an economic development strategy––a roadmap for the actions your community will take to encourage economic growth, create jobs, and improve the quality of life.

1. Understand the current economic landscape

The first step in planning for your community’s future economic growth is to undertake a comprehensive assessment of the current economic landscape. What are the local economic conditions, demographics, and industry trends impacting your community today? Use a data-driven approach to highlight what is working, what needs attention, and what is possible. Tell the story of your community in a way that fosters a shared narrative and invites community engagement.

2. Build effective stakeholder partnerships

For your strategy to be effective, it’s essential to nurture meaningful collaboration and partnerships with stakeholders in your community. Actively engage with local business owners, government agencies, educational institutions, community organizations, residents, and others with an interest in how your community grows and develops. Integrate these diverse interests into your plan to ensure greater buy-in and support for your economic development strategy.

3. Develop a shared economic vision

The purpose of your plan is to help your community achieve its goals for a prosperous economic future. By laying out a clear vision that is backed by well-defined strategic goals and actions, your plan will bring the community together and direct investments toward meaningful economic growth. It’s essential to develop your economic vision using a methodical approach that links the vision to key focus areas to ensure that all efforts align with your community’s aspirations.

4. Create an effective implementation plan

Your implementation plan is an essential tool for delegating responsibilities, tracking progress, and supporting the long-term sustainability of your community’s economic development efforts. An effective plan will include actionable steps and clear timelines that transform goals into manageable tasks. Detail the resources, partners, timelines, and actions necessary to execute your plan and establish measurable performance metrics and benchmarks to gauge its success.

5. Build resilience through scenario analysis

Scenario analysis is a forward-looking “what if” approach that helps communities evaluate the potential impact of future events and develop plans that can withstand uncertainty. Anticipating and preparing for future economic changes enhances your community's ability to adapt and remain resilient in the face of challenges. Recognize that your economic development strategic plan is not just a set of static objectives but a living framework that evolves with changing circumstances.

6. Establish key performance indicators (KPIs)

Establishing well-defined KPIs is essential for monitoring and measuring progress toward economic goals and enabling your community to make informed decisions about ongoing initiatives. Select relevant and impactful KPIs and regularly monitor them to enable timely assessment of progress and effectiveness. This data-driven approach facilitates transparency and accountability, ensuring that initiatives remain aligned with your community's economic objectives.

7. Be willing to pivot

Having a process for continually evaluating and adapting your strategies based on feedback ensures that the economic development plan remains effective. Design your plan to facilitate adaptability, enabling organizations and participants to respond effectively to changing circumstances. By being proactive, communities can transform a static plan into a dynamic playbook that provides direction to all stakeholders when conditions change, and their roles and responsibilities need to evolve.

BerryDunn’s economic development team can help you analyze, strategize, and plan for both the known and the unknown to create a thriving community in any economy. From strategic planning to market analyses to community outreach and engagement, we have firsthand experience in local government and understand what you need and how to best achieve your goals. Learn more about our services and meet our team.

Article
Economic development strategic planning: Seven keys to success

The COVID-19 pandemic taught our public health systems a number of critical lessons about how we should engage, communicate, partner, and share data with other agencies and our communities. It also reinforced the importance of applying an intentional health equity lens to the system to better support vulnerable communities in times of crisis.  

While the pandemic may have elevated these issues, vulnerable communities have faced inequities in our health systems for decades. If agencies do not center equity in all public health goals and operations, they continue to risk creating policies and services that further those inequities. Applying an equity lens requires public health agencies to consider systemic causes of health disparities (i.e., poverty, education, racism) and how they operationalize policies, practices, and programs that improve health for all. 

Centering health equity across your organization 

BerryDunn’s public health consulting team believes health equity should be an overarching goal of a public health system—not just a standalone program or a one-time initiative. Achieving health equity requires public health systems to be intentionally inclusive and equitable; all organizational areas need to work together to promote the attainment of the highest level of health for every person.  

Our approach to health equity starts with the goal of creating inclusive and equitable public health systems, and takes into account a wide range of considerations: 

In any community, the health of individuals is influenced by many factors, including the environment in which people live, work, learn, and recreate. To address the different factors at play, meaningful efforts to achieve health equity can’t exist in a silo. These efforts must be integrated across all departments of a public health agency. From frontline staff working directly with community members to finance staff working behind the scenes, all members of the organization are critical to successfully implementing a sustainable health equity approach.  

As an example, centering health equity within human resources and workforce development processes helps promote the recruitment and retention of a diverse public health workforce, and could include: 

  • Recruiting public health specialists who reflect the focus populations and/or the communities receiving services to better support cultural and linguistic needs.  
  • Hiring local community members serving as community health workers to help create rapport and trust with marginalized communities.  

Health equity approaches can also be implemented in areas such as budget and resource allocation, data collection, and other organizational processes, policies, and procedures. Some strategies include: 

  • Establishing language standards to help ensure information is clear and accessible to everyone.  
  • Using plain language in budget documents to help community partners understand how public health funds are limited or restricted.  
  • Implementing processes such as a health equity lens review of all existing and new organizational policies to help identify hidden systemic or structural implications and open the way to new, more equitable approaches. 

Incorporating a health equity lens in strategic planning 

An equity-centered approach can be integrated into any public health strategic planning effort, such as state health improvement planning and programmatic strategic planning. A key component of any strategic planning project is community engagement to reach historically marginalized populations and members of communities that may be disparately impacted by certain health conditions or environmental factors. A standard practice is to recruit key community members, disparate populations, and/or people with lived experience who can help provide input on public health services.  

The following example draws on our team’s experience supporting West Virginia’s State Health Improvement Plan development process. 

In West Virginia, our Public Health team hosted in-person and virtual listening sessions with the public as part of the state health improvement plan development process. These sessions were publicized through a wide range of community partners and scheduled to accommodate varying availability and work schedules. Sessions were held in accessible and familiar public settings, as well as online to maximize opportunities for diverse participation, perspectives, and input. Centering health equity in this approach to strategic planning helped ensure that the final product represented the voices and experiences of those who are most affected.  

Determining how and when to apply a health equity lens across a public health system can be challenging. The first step is to assess current organizational conditions that may be creating or fostering the root causes of disparate outcomes. Some questions to ask include: 

  • How are public health resources shared?  
  • Who has the power or authority to make decisions?  
  • What assumptions influence how the system functions, or the services are delivered?  

Understanding the answers to these questions can help you build a plan for operationalizing health equity principles across programs, the workforce, and finance. It can be useful to have a third party conduct an independent review of your agency’s policies, practices, and processes through an equity lens. Our team provides recommendations based on best practices from the field, as well as effective change management and equity-centered approaches.   

Article
Health for all: Applying an equity lens to public health systems

Read this if you're a broker-dealer. 

The implementation of Financial Accounting Standards Board (FASB) Accounting Standards Codification (ASC) 606, Revenue from Contracts with Customers, which has been in effect since 2018 for broker-dealers, has had a profound impact on financial reporting across various industries. For broker-dealers, the adoption of this standard has introduced new challenges and considerations in recognizing revenue accurately and in accordance with the principles outlined in ASC 606.  

FASB ASC 606 provides a comprehensive framework for recognizing revenue from customer contracts. The standard replaces the previous industry-specific guidance and aims to create consistency and comparability across different sectors by establishing a five-step process for recognizing revenue. For broker-dealers, who engage in a wide range of financial transactions, the standard requires a careful assessment of revenue recognition practices.  

The ASC 606 five-step process for broker-dealers  

  1. Identification of contracts with customers

Broker-dealers must identify contracts with customers, which can include various financial instruments and transactions. The standard emphasizes the importance of assessing whether an agreement creates enforceable rights and obligations between parties.  

  1. Performance obligations

ASC 606 introduces the concept of performance obligations, which are promises to transfer goods or services to customers. For broker-dealers, this may involve analyzing the various components of financial transactions to determine distinct performance obligations.  

  1. Determine the transaction price

Determining the transaction price is crucial and should only reflect the amount of consideration to which a broker-dealer expects to be entitled in exchange for goods or services transferred. The transaction price includes only those amounts to which the reporting entity has rights under the present contract.  

  1. Transaction price allocation

The transaction price needs to be allocated to each performance obligation in a manner that reflects the stand-alone selling price.  

  1. Timing of revenue recognition

ASC 606 provides guidance on when revenue should be recognized. Factors to consider include the transfer of control, delivery of services, or the satisfaction of other identified performance obligations.  

There were many challenges faced by broker-dealers with the implementation of ASC 606.  BerryDunn’s broker-dealer team is well positioned to bring tailored, innovative solutions and a proactive approach to help clients overcome these challenges, ensuring measurable results and open communication throughout the process. 

Challenges faced by broker-dealers in implementing ASC 606

  • Complexity of financial transactions: Broker-dealers engage in a wide array of complex financial transactions, involving multiple components and varying terms. Identifying distinct performance obligations and accurately allocating transaction prices to each component can be challenging.  

  • Variable consideration and contingent fees: Financial arrangements often include variable consideration, such as contingent fees, performance-based incentives, or market fluctuations. Determining the appropriate estimation methods for variable consideration introduces challenges in accurately reflecting the total transaction price.  

  • Identification of performance obligations: Defining performance obligations in broker-dealer transactions requires a nuanced understanding of the services provided. Determining whether services are distinct and should be accounted for separately can be subjective and may vary based on the specifics of each transaction.  

  • Technology and data management: Many broker-dealers rely on sophisticated trading platforms and systems for their operations. Implementing ASC 606 often necessitates adjustments to these systems to capture and track the required data for accurate revenue recognition.  

  • Transition from industry-specific guidance: Broker-dealers were accustomed to industry-specific guidance for revenue recognition before ASC 606. The transition to a more principles-based approach requires a shift in mindset and the development of new processes to align with the standard's overarching principles.  

  • Documentation and disclosures: The standard introduces enhanced disclosure requirements, demanding comprehensive documentation and transparent reporting. Broker-dealers must invest time and resources in developing robust documentation processes to meet these disclosure obligations.  

  • Impact on key financial metrics: Implementing ASC 606 can lead to significant changes in reported revenue figures and other key financial metrics. Broker-dealers need to anticipate and communicate these changes to stakeholders, managing potential concerns or misunderstandings about the impact on financial performance.  

  • Training and education: The adoption of ASC 606 requires a solid understanding of the standard's principles among finance and accounting teams. Broker-dealers need to invest in training programs to ensure that their staff is equipped to apply the standard correctly and consistently across the organization.  

  • Contract modifications and changes: Broker-dealer contracts are dynamic and may undergo modifications over time. Managing changes in contract terms and assessing their impact on revenue recognition adds another layer of complexity to compliance with ASC 606.  

  • Audit and compliance assurance: Ensuring compliance with ASC 606 requires thorough audit processes. Broker-dealers need to work closely with auditors to address any complexities, provide documentation, and demonstrate adherence to the standard's requirements.  

ASC 606 has brought about a paradigm shift in how broker-dealers recognize revenue. Adhering to the principles outlined in ASC 606 requires a thorough understanding of complex financial transactions and the ability to apply the standard's provisions accurately. Successful implementation not only ensures compliance with accounting standards but also enhances transparency and consistency in financial reporting for broker-dealers.  

As the industry continues to evolve, staying abreast of regulatory changes and refining revenue recognition practices will be crucial for navigating the dynamic landscape. Let BerryDunn’s broker-dealer team help you navigate the effects of ASC 606, contact us with any questions.   

Article
Revenue recognition: Implications for broker-dealers

Read this if your parks and recreation agency has recently completed a master plan or is ready to update its master plan.

Your parks and recreation master plan was created with the goals and values of your community at its core. It’s part of what makes your community a great place to live, work, and play. It’s also a living document, designed to meet both current and future community needs—and to evolve as those needs change.

Establishing an ongoing process for updating your master plan helps your department keep pace with the priorities and interests of your community and builds strong support for your master planning efforts. Tracking and reporting progress on your master plan, utilizing a well-defined work plan is key to long-term, continuous improvement—and a master plan that helps your community thrive.

Below are six strategies to ensure a successful parks and recreation master plan implementation. These strategies reflect the commitment and discipline required to engage your staff and integrate the process into your daily operations, now and in the future.

1. Embed the plan

Your master plan becomes the roadmap for your department. It serves as a reference point that will guide decision-making as well as community response when new issues arise—it is a framework within which to evaluate potential changes or updates. To embed the master plan into your organizational knowledge base:

  • Make the plan part of your new employee orientation program.
  • Post the executive summary of the plan on your department website and track its progress. This helps the community at large understand the department’s strategic direction and its commitment to results.
  • Make printed copies of the executive summary available to interested partners and community members to provide a quick snapshot of the plan.

2. Conquer and divide

Begin the implementation process by creating a project management team or assigning a staff member who will “champion” the project. Your project leader will be responsible for monitoring and reporting on the plan’s progress and working with other staff, county management, and other departments to effectively integrate the plan within your operations.

  • Assign accountability for each master plan recommendation to a staff member or team. The project manager will have responsibility for tracking the progress of the master plan implementation.
  • Divide the plan into separate fiscal years and track progress one year at a time as part of an ongoing work plan.
  • Develop strategies for each action item in the plan. Strategies are developed prior to the start of each fiscal year by the staff members who are accountable for completing the action item.

3. Report and format

The department should regularly report on the progress of the master plan project. The formatting suggestions below will facilitate quarterly and annual reports from staff and/or team leaders.

  • A best practice is to develop a spreadsheet or use strategic planning software to list the goals, objectives, action items, start dates, and completion dates for each fiscal year of your plan. Include the names of the staff members responsible for completing the action items.
  • Each accountable team or staff member is responsible for reporting on the progress of their action item on a quarterly basis.

4. Tell the master plan story

It’s important to assess the progress of your master plan project and share updates with your staff, as well as your stakeholders and community, on a regular basis. Tell the story of your progress and accomplishments.

  • Conduct staff meetings on a quarterly or semi-annual basis to review your progress.
  • At the end of the year, perform an annual review of the master plan and document any changes to the objectives and action items in order to reflect changes in your department's priorities.
  • This process can be included in an annual review meeting in which the next years’ objectives and action items are discussed as part of the annual budget process. Action items will tie into both the operating and capital budget process.
  • Update your major stakeholders and the community on the plan’s implementation and results every year.

5. Monitor and revise the master plan

To keep the master plan actively on your staff’s radar—and embedded in your department’s knowledge base—visual aids can be an important tool.

  • Post a chart of each year’s recommendations and action items on office walls in administrative areas, with a check-off column designating completion, as part of a visual management program.
  • If new ideas surface during the year, include them on a written “parking lot” and review them as part of the annual project review to evaluate whether they should change or replace any existing strategies or action items.

6. Review and renew your master plan

The five-year mark is a good time to review and renew your parks and recreation master plan, which you have been tracking each year using the suggestions above.

  • Conduct a shortened update process, which includes repeating the statistically valid survey and demographic projections that informed your current plan.
  • Adjust existing recommendations as necessary, based on your review.

These six strategies for implementing your parks and recreation master plan will ensure that your master plan will continue to align with the needs and priorities of your community and become firmly embedded in the knowledge base and culture of your department.

BerryDunn works with parks, recreation, and library agencies across the country to help them strengthen their operations, innovate, and enhance services that benefit their communities. Learn more about our services and meet our team.

Article
Implementing your parks and recreation master plan: Strategies for success