Technology
Seize this Pre-Filing Window of Opportunity to Keep Your Tax Practice Compliant with IRS Requirements for a Written Security Plan
Reduce the risk for your firm and your clients this tax season by getting your Written Security Plan in place this week! Having a Written Security Plan in place is not only smart practice for your firm, but it also will limit your risk of exposure to ...
Feb. 08, 2021
Here we are…literally days away from the IRS opening up e-filing of tax returns for another season—and definitely a little later than what most of us who operate firms with a significant tax practice are used to. Not that having a little extra time to prepare for the upcoming onslaught of filing deadlines is something I am complaining about.
In fact, to me, it’s the perfect opportunity to make sure you are ready to hit the ground running. Given the routine nature of tax season for many of us, it’s easy to be complacent which can lead to things being overlooked—such as the IRS requirement to have a Written Security Plan in place. That’s right…once you renew your PTIN, you are required by the IRS to have that plan in place.
In case you need a refresher, here are the requirements as set out by the IRS:
- Pick one or more employees to coordinate the information security program.
- Identify the risks to customer information.
- Evaluate the safety measures for controlling these risks.
- Design and implement a safeguards program.
- Select service providers that can maintain proper safety measures.
- Make sure the contract requires the provider to maintain safety measures and oversees their handling of customer information.
- Regularly monitor and test the program.
- Change the security program as needed. This should happen if any part is outdated, or when employees leave or join the company.
There’s still time for your firm to meet the IRS requirements for a written security plan this tax season. Personally, I didn’t have a specific written plan that met the criteria that the IRS is looking for. I had many of the fundamentals covered in my own Business Continuity Plan, but the IRS is looking for a current Information Security Plan based on a Risk Assessment as per the GLBA (Gramm-Leach-Bliley Act) Safeguards Rule.
This rule states that your firm is required to conduct a thorough and accurate Risk Assessment, providing the basis for a detailed Information Security Program (ISP). The ISP needs to be clearly documented in writing in order to comply. Failure to do so can result in some hefty penalties including: imprisonment for up to five years, steep fine (up to $100,000 for each violation; with officers and directors potentially being fined up to $10,000 for each violation)—or both. This is nothing to mess around with!
The good news, as I discovered, is that establishing a plan to cover your bases on the requirements is relatively easy, especially if you utilize a third-party service that will handle the details for you. After doing some research, I found Securex. Securex is a company that specializes in providing accounting firms with exactly what they need, in the right format, to satisfy the IRS guidelines for a written security plan. Also, check with your tax software provider – some of the software companies are offering this as a service.
You can reduce the risk for your firm and your clients this tax season by getting your written security plan in place this week! Having a written security plan in place is not only smart practice for your firm, but it also will limit your risk of exposure to IRS fines and penalties (not a good look for any tax practitioner especially during tax season!), and doing so can provide a critical layer of trust and peace of mind for your clients. As our clients’ trusted tax professional, it is our fiduciary duty to protect their sensitive personal and financial data to the fullest extent possible. At its core, this is what the IRS Written Security Plan requirement is all about.
Take advantage of this window of opportunity that the late start to the tax filing season is offering your firm to get on top of all of the responsibilities and requirements that come with our professional credentials. Take two hours in the next few days and get your written security plan completed and filed with your PTIN documentation. You’ll have peace of mind and a higher level of security, and your clients and their data will be better protected, too.
=========
Dawn W. Brolin, CPA, CFE is the founder of Team Brolin an organization dedicated to helping accounting professionals and small businesses optimize their operations and reduce their fraud risks. She is also the owner of Connecticut-based CPA firm, Powerful Accounting Inc.
Dawn’s extensive accounting expertise and personal entrepreneurial experiences fuel her passion for helping other business owners succeed through the application of smart technology solutions, effective financial management, and comprehensive business continuity and fraud mitigation strategies.
Dawn’s in-depth knowledge and down-to-earth, entertaining approach make her an in-demand trainer, speaker, and thought leader. She has worked with prestigious partners including Fundera, Intuit, TSheets by QuickBooks, AbacusNext, ADP, MineralTree and many more.
In addition, Dawn’s contributions to the accounting profession are continually recognized with many top awards. She was named “2020 Top Niche Practice ProAdvisor: Forensics” as well as one of the “2018, 2019 & 2020Top 100 Most Influential People in Accounting” ~ by Accounting Today, “2012-2017 Top 25 Most Powerful Women in Accounting” ~ by CPA Practice Advisor, “2017 MP Elite Accounting Firm Leaders” ~ by Accounting Today, and “Top 40 Under 40 Class of 2009” ~ by CPA Technology Magazine. Dawn has also been published on many blogs and in books such as “The World’s Most Inspiring Accountants.”
Dawn has also appeared on the MSNBC show Your Business and has spoken at national conferences including CPA Academy, Cleveland Ohio Society of CPA’s, Intuit QuickBooks Connect Conference, Live Your Legacy, Scaling New Heights, AbacusMaximus, Spark & Hustle, TD Bank, and many others.