Domain: aicpa.org
Stories and comments across the archive that link to aicpa.org.
Comments · 15
-
Re:nothing "low" or "desparate" about it
Come on, this is
/. not the AICPA. Give a nerd a break on bad math skills!Seriously, you would not believe how often accountants hear 'laypeople' talk about how much of a 'scam' charitable donations are for the rich. It is a popular meme that just will not die, mores the pity.
-
CPA + IT
If you were good in your accounting/finance classes go this route... http://infotech.aicpa.org/Memberships/Overview+of+The+Certified+Information+Technology+Professional+Credential.htm
-
Tax Patents Considered
Yes, you read that right. You just may owe royalty or license fees to file your taxes.
Article itself is from July 2007, but apropos considering the season:
http://www.aicpa.org/PUBS/jofa/jul2007/cathey.htm -
You're probably witnessing a scam.
Remember Enron? WorldCom? Both had major telcom billing fraud components. You may be looking at a fraud.
If there's an internal audit department, they should know about this. They have Sarbanes-Oxley responsibilities to check that internal audit controls are sufficiently tight.
Sarbanes-Oxley has whistleblower protection: "Sarbanes-Oxley creates severe criminal penalties (including substantial fines, and up to 10 years in prison) for retaliation against whistleblowers who raise concerns about violation of any federal criminal statute, not simply laws limited to financial fraud." So if your boss threatens you, you can threaten back.
Also, "Congress required corporate Audit Committees to create mechanisms for receiving anonymous employee concerns about financial improprieties." Find out how that channel works and make a report.
The burden of proof is on the employer in these cases. This law has real teeth.
Here's a lawyer who specializes in Sarbanes-Oxley whistleblower claims.
-
More info on SOX
In case you have no clue what "Sarbanes-Oxley" is, you can check out official info and the Wikipedia article. Basically it is a set of laws that place limits on what companies (and those working for them, especially upper management) can do. This has mostly to do with declaring assets and transfers of money. It tries to prevent companies from defrauding investors and so on. These laws were enacted after the Enron scandal.
Wasabi's complaint is that under these laws, you have to declare all assets, including intellectual property. Their rationale is that using open-source software, you may be in violation of the law if you do not review and declare that usage.
As was pointed out last time this was discussed on slashdot, a company would only be in trouble if they were already doing something illegal: violating the GPL. If you violate the GPL, then you're misrepresenting your ownership of IP (claiming to have a license you don't), and thus are also violating Sarbanes-Oxley.
So what's the problem? If a company follows the GPL, then everything is fine. They have nothing to worry about. If they violate the GPL, then they're breaking multiple laws. So, as always, companies should make sure that what they are doing is legal. This in no way diminishes the extent to which GPL software can be used in commercial environments. Wasabi acts as if there is some tremendous additional legal burden to using GPL software. However it seems that Sarbanes-Oxley would equally apply if you mis-represented your ownership of non-GPL software. So there's no difference. (You can read the Software Freedom Law Center white paper for a more complete explanation.) -
Re:One of the oldest
Actually, auditing is NOT fraud detection. The following wording is taken from a standard audit opinion letter:
http://www.dsbcpas.com/services/accounting/audit/o pinionaudit.html
Notice that fraud is NOT included in the opinion. The idea of fraud is to go undetected, and you cannot audit for collusion. Therefore, unless the environment suggests fraud is taking place, fraud is discovered by the company or auditor in the normal course of operations or the audit, or if the company reports to the auditor that fraud is taking place, it is extremely difficult to audit for fraud, if not impossible.
The following link is to the auditing standards by the AICPA
http://www.aicpa.org/members/div/auditstd/auditing _standards.htm
See:
SAS 1 - Responsibilities and Functions of the Independent Auditor
SAS 99 - Consideration of Fraud in a Financial Statement Audit -
Re:Data loss... or ... data collection?I mean, it's probably more likely that some law got passed in the past few years that's forcing companies to highlight all these incidents of compromised data, but it seems pretty spooky that we just recently hear about all these stories...
Sarbanes-Oxley Act (SOX) of 2002. This act was a response to the corporate/financial malfeasance of Enron and Worldcomm. Every publicly traded company is required by law to have SOX controls in place, with corporate executives asses (and financial fines to the company) on the line if they are not in compliance.
I know this because it's currently my own personal hell. The deadline for SOX compliance has been pushed back several times (most recently this past friday when the SEC gave another 6 month extension depending on a company's fiscal year end) but for most companies with a market cap >$42 million the deadline is June 30. Publicly traded companies with a market cap The Act is a Good Thing but it is definitely not an easy thing to implement due to the depth of controls needed and the nebulous definitions the SOX act provides as guidelines. Most companies in the process of becoming SOX-compliant are looking at major hits to their financial bottom line getting this up and running. Cisco, IBM.. ouch.
On a side note, if you have security and/or financial systems background the job market for SOX specialists is red hot.
-
Re:Good or bad?
Most large US corporations are by necessity moving to a "BDUF" configuration because of the Sarbanes-Oxley legislation,the regulatory fallout from the Enron and MCI/Worldcom debacles that is intended to ensure that no corporate hanky-panky/book-cooking is going on.
Among other things, the legislation requires that developers not have access to production apps/data, and that rigorous controls are in place to ensure accountability for any changes made to the system. See Section 404 (appropriately enough).
The company I work for is going through the process of "SOx" compliance right now...we used to be a very "from the hip" organization, rapidy responding to the whims of the business. Change the app in production, and move the changes to Dev, that sort of thing. No more.
So BDUF if essential in this new age of accountability...get the requirements from the business, then design design design until the business signs off...then test test test test test until you know it won't break. Cover your bases, think critically, and build a solid app.
I feel that stored procs are very BDUF-friendly.
So, as Golgotha says... "neener, neener." -
Re:Caveat: what does it cost to be "trusted?"
As someone who HAS gone through both of these processes (WebTrust, Microsoft), let me shed some truth on some of the speculations here.
1) Microsoft doesn't charge anything to be "trusted"; they've primarily let the AICPA manage that through their "WebTrust for Certification Authorities" do that. (Microsoft will also allow the requestor to use another audit, but it's up to the CA to determine equivalency to WebTrust's audit.
Microsoft posts their requirements to get included in their Trusted Root List here: microsoft.com
Once you get a WebTrust audit seal and can prove to Microsoft that your CA will issue certs to something OTHER than your enterprise, you should be fine.
The WebTrust CA criteria was designed to help CAs follow a set of standardized evaluation criteria. Like an RFC tries to enforce that protocols are standard. The WebTrust criteria is available for free at the AICPA website (AICPA). There are almost 400 criteria that a WebTrust auditor will use to evaluate your CA (not just the "host" but all your CA company's policies, practices, and processes).
To the person who said that you could just "hire a bunch of lawyers" for $250,000 and pass, I say "I highly doubt that". The WebTrust audit requires their auditors to actually see and verify the CA complies with the requirements. A box of lawyers can't create CA issuance log files, show how you maintain your HSM, or prove that you keep your /etc/password file clean of employees who have left your company since the last audit.
2) Once CAcert gets a WebTrust Seal, then they can fill out the application at Microsoft's site. If they're accepted, they get into the next quarterly Root List update issued by Microsoft (next update: this month).
After they're "in the list", WinXP machines will automatically download the new root cert whenever IE/Outlook performs a certificate path validation operation and sees the CACert root. It's automagic. Older Windows OSes will need to get the new root list from the WindowsUpdate site. -
Re:Caveat: what does it cost to be "trusted?"$250,000. Just put that kind of money on the table and hire a few lawyers to do the paperwork, and you're "trusted".
But it isn't Microsoft that's doing this, it is the American Institute of Certified Public Accountants. But I feel strongly it is just a rubberstamp, in spite of that there is a long spec you need to comply with.
The question one should ask yourself about the whole workings of the CA stuff is "what would it take for a cert to be revoked?" When you realize there is probably nothing Verisign can do that would revoke their certificates, becuase it would wreak havoc with pretty much everything, it is time to get scared....
The Mozilla bug for the inclusion of CACerts certificate is http://bugzilla.mozilla.org/show_bug.cgi?id=21524
3 Please vote for it, but please also understand that it is no point in posting more comments to the bug. Discussion is now going on in netscape.public.mozilla.crypto.Also, have a look at this KDE bug.
-
Re: Harvard MBA
But that's already the case. Having a Harvard MBA won't land you a job as an accountant without the CPA designation.
The certifications are useful for the uneducated to know the person they are hiring is sufficiently competent to pass a test developed by industry experts. I wish there was a certification; it would give me specific goals to learn and distinguish me from those who've only dropped a SuSE distro onto an old box in stand-alone mode.
Of course to be useful it would need an organization similar to the American Institute of Certified Public Accountants to create the test and keep it current. This is no small undertaking (follow the link and see all the stuff AICPA does). If it were as rigourous and respected as a CPA the dues needed t osupport the organization would be well worth the higher salary the certified could command. -
You Need an Accounting DegreeAn AC said:All CPA's must have a degree before they can take the CPA exam.
Tim C responded: A degree, or a CS degree? There is a difference, you know.
You need an Accounting degree. Something that says you have the basic foundational skillset to perform the function. I'll quote from this page on the AICPA web site:
To qualify for certification, you must:
It's the first qualification listed. It's not just an accounting degree. The profession recently changed to a "150 hour" standard that requires at least 150 hours of total coursework (most of that being gained during your Bachelor's of Accounting degree) which must contain a specified "Common Body of Knowledge" (CBK) before you can even TAKE the exam to become a CPA.
* complete a program of study in accounting at a college/university (the AICPA recommends at least 150 semester hours of college to study to obtain the common body of knowledge for becoming a CPA.) [SNIP]The idea here being the AICPA wants to make sure you have a certain core background before you get branded with their certification. Time was, anyone could take the exam. The new standard kicked in just in time to impact 1998 collge graduates.
I think that's what the original poster is after. How do you tell if the person fixing your computer is qualified to do so? It's great that an earlier poster can fix any computer they come across because they have a "knack" for it. How do I know you've got that "knack"? Can I depend on you to honestly tell me if you didn't have that "knack"? If you're out sick or on vacation, how do I know if the person taking your place has that "knack"? How do I know if your "knack" isn't confined to IDE and I've fot a SCSI system?
Posters keep talking about using "common sense", but knowledge of the workings of a PC or being able to judge a person's competence to fix a PC (or perform any other task) by "eyeballing" them ISN'T COMMON SENSE.
That's why certifications exist. That's why Public Accounting Firms are reluctant to hire anyone who's not already (or very close to being) qualified to take the CPA exam and they won't keep folks around who don't PASS the exam. The original poster seems to be looking for some way to ensure a more consistent level of quality in PC techs.
-
GAAP: Generally Accepted Accounting Principles
"RH says they're now following the Generally Accepted Accounting Principles, developed in the wake of recent accounting troubles at some companies."When I last checked GAAP-based accounting has been around since the 1930s although they were not known by that name. In the USA, FASB is reponsible for establishing US GAAP. If Red Hat previously chose not to follow these standards and cook their books instead, we should hardly applaud them for finally doing what they should have done all along... especially now that deceptive accounting practices are no longer in fashion in the corporate world.
From the American Institute of Certified Public Accountants:
Between 1938 and 1959, the AICPA's Committee on Accounting Procedure (CAP) issued fifty-one authoritative pronouncements known as Accounting Research Bulletins that formed the basis of what became known as generally accepted accounting principles, or GAAP. In 1959, the CAP was replaced by another part-time body, the Accounting Principles Board (APB), which during the next fourteen years issued thirty-one new standards.From the Financial Accounting Standards Board:
Since 1973, the Financial Accounting Standards Board (FASB) has been the designated organization in the private sector for establishing standards of financial accounting and reporting. Those standards govern the preparation of financial reports. -
Re:flawed logic
Simply put: If a Linux Distro Co [LDC] takes the code and GPLs it, every LDC is NOT going to start using it!
The LDC may modify the code all it wants and create an excellent product that worked well in THEIR distro. People would choose that distro because of the default capability of the product.
Redhat defaults OpenOffice.org in their distro-- nontechnical magazines (the kind businessmen read, like Journal of Accountancy) LOVE THIS!
Buying the source and GPLing it could very well be profitable for this reason.
You just have to realize that some of your target audience wants one solution from one partner. -
Legitimate Business
Anyone can generate their own SSL certificate, but what assurance does the customer have that you are who you say you are. It doesn't much matter if your transactions are done securely if they aren't go to a legitimate company.
The implication here is that if a company has a Verisign certificate, there is some kind of certification of their business practices. This is a misconception. ...The have already done the footwork to ensure that the company you are dealing with is legitimate and not just some scam artist looking to collect credit card numbers.
The use of the word "legitimate" in this case refers to the identity of the organization who have recieved the certificate. Verisign has gone to some length to verify that the certificate has been issued to the correct organization. So sure, Versign will ensure that the certificat they issue to Visa is actually being isued to Visa and not some Joe Scamartist looking to fish for credit card accounts.
But once again - this does not mean the business in question has legitimate business practices. Just because the Verisign certificate was issued to Joe's Imports, it doesn't guarantee that Joe's Imports will really honor the order for a PS2 I just placed and paid for with my credit card.
It might be worthwhile to point out that Verisign DOES support an ADDITIONAL program called WebTrust ( http://www.aicpa.org/webtrust/index.htm ). This seems to be a further step to linking a legitimate identity to a legitimate business practice.