Welcome to Luca!globe
CPA Journal Current Issue!    Navigation Tips!
Main Menu
CPA Journal
Professional Libary
Professional Forums
Member Services



By Joel G. Siegel, PhD, CPA, and Anique Qureshi, PHD, CPA, Queens College

There are many risks and uncertainties that the CPA must assess in performing the attest function and providing recommendations to clients. Examples of such risks are economic, corporate, industry, political, technological, currency, social, environmental, employee, product liability, and financial. The CPA should also be able to offer recommendations to clients on how to curtail or even eliminate such risks. There is software available to assist in assessing, evaluating, and controlling the risks facing clients.

Risk Management Software

The CPA may be in a position to assist clients in establishing a business risk management information system (RMIS). Although such a system includes hardware and software components, this discussion only focuses on the software.

Risk Software Packages And Products

The Expert Business Impact Analysis System from Decision Support Systems provides risk appraisal factors and protection strategy recommendations. It has a database of global threats and vulnerability assessments with comparative analysis and reporting capabilities. It contains threat probabilities with documented statistical sources, outage durations, and regional segmentation. It has interactive "what-if" analysis features for scenario planning to evaluate the benefits of alternative solutions and to perform comparisons with the current and historical backgrounds. (For information telephone (800) 788-6447, e-mail BIAsys@aol.com, or write to Decision Support Systems, 380S. State Road 434, Suite 1004-117, Altamonte Springs, Florida 32714).

Strohl Systems offers contingency planning software products to plan for unexpected disruptions in operations. It is better to anticipate interruptions before they turn into major problems. BIA Professional is a business impact analysis tool that allows the client to quickly and easily define the effects of a disaster and helps target critical functions for contingency planning. Living Disaster Recovery Planning Systems (LDRPS) is continuity (recovery) planning software including a question and answer feature, sample documents and diagrams,
graphics, report writer, recover strategies and contingency planning, and presentation of recovery activities in the form of program evaluation and review technique (PERT) and Gantt charts. Plans and procedures cover emergency response, crisis management, notification, facilities relocation, security,
asset management and retrieval, vital records, contamination, safety,
and health. (For information write
Strohl Systems, 500 North Gulph Road, King of Prussia, PA 19406; telephone (610) 768-4120, fax (610) 768-4138,
or Web http://www.strohl-systems.com)

Recovery PAC from CSCI is business recovery planning software that includes comprehensive business impact analysis and risk assessment. It identifies critical business functions and applications and sets priorities for recovery. It also identifies risk exposures that can potentially turn into a disaster. (For information telephone (800) 925-CSCI).

Internal Operations Risk Analysis from Business Foundations Software evaluates a company's areas of risk and internal control structure. It is an expert system developed around 180 interview questions. Based on answers to questions, the software prepares a management report highlighting the strengths and weaknesses in the operations of the business. A risk rating (high, medium, low) is assigned to categories of transactions. Operational areas evaluated by the software include working environment, objects planning, and personnel. It recommends corrective steps for problem areas. There is an upgrade for industry-specific components.

Controls from Price Waterhouse assists in risk analysis by documenting, evaluating, and testing internal controls. Areas of risk exposure are identified. Control weaknesses are highlighted with resultant recommendations for improvement. Control effectiveness may be evaluated at
different levels within the company
(e.g., by activity, by business unit).
A comparison and analysis may be
made of the relative control performance of different operating units. (For
information fax (201) 292-3800 or Web http://www.pw.com).

Safety Compliance Assistant from CCH Incorporated is interactive software to comply with the U.S. Occupational Safety and Health Administration (OSHA) General Industry Standards. It provides inspection and training checklists, detects OSHA compliance violations, maintains required documents, and corrects violations. (For information telephone: (800) 228-8353).

Back Track from CIC Incorporated verifies employees' background for hiring purposes. (For information telephone: (800) 321-HIRE extension 126, or fax: (813) 559-0232).

Risk Modeling Software Applications

Risk modeling is a decision-making aid to CPAs and their clients. Models may be used in analyzing risks while financial models can evaluate the financial consequences arising from accidents or other adverse developments. Risk models may be developed for measuring the financial impact due to catastrophes (e.g., fire, flood, earthquake, nuclear accident). The probable loss arising from the accident, disaster, or other event may be estimated. The model may also determine the probable effects on business activities as well as possible competitive reactions. A contingency model may help in planning an appropriate strategy and response. A "what-if' scenario analysis may be formulated to see the end-result effects of changing input variables and factors. An example of a scenario modeling analysis is to simulate the possible operating and financial consequences from a hurricane. The risk vulnerability from such an event may be mapped and appraised. The best-case, worst-case, and likely scenarios may be depicted and reviewed. The model simulation has the benefit of aiding in determining beforehand how to best minimize the damage operationally and financially and how to provide proper protective measures.

The software enables the CPA and client to determine the areas, types, and degrees of risk facing the business. A minimum-maximum range of loss figure may be derived.

Risk modeling may be used to identify and define the type and amount of risks related to various exposures. A priority ranking based on risk and uncertainty may also be prepared and studied. Risk problem areas may be analyzed along with a set of appropriate alternative responses.

Risk Management Information Systems (RMIS) Testing Laboratory

Deloitte and Touche LLP has started the first independent risk management systems testing laboratory that tests software, develops systems solutions, evaluates software usefulness, provides benchmarking information, and customizes applications. Deloitte and Touche LLP compares software products and reporting and application features and appraises effectiveness in meeting perceived needs. (For information contact David Duden, RMIS/lab Director (860) 543-7341, dduden@dttus.com, or Web http://www.rmislab.com). *

Paul K. Warner, PhD, CPA
Hofstra University

L. Murphy Smith, DBA, CPA
Texas A&M University

The CPA Journal is broadly recognized as an outstanding, technical-refereed publication aimed at public practitioners, management, educators, and other accounting professionals. It is edited by CPAs for CPAs. Our goal is to provide CPAs and other accounting professionals with the information and news to enable them to be successful accountants, managers, and executives in today's practice environments.

©2009 The New York State Society of CPAs. Legal Notices

Visit the new cpajournal.com.