Does your accounting firm have a reliable process in place to evaluate new business opportunities and weigh the risks those opportunities present to the firm?
Without a defined risk evaluation process, your firm may not be applying the appropriate risk lens to new business. Or worse, your firm may not even be aware of which risk lens to apply.
To establish a reliable risk management process, your team must ask these key questions:
- How do you define risk?
- How do you determine risk?
- How do you decide on risk?
How do you define risk?
To be able to accept the right clients and business, your firm must be able to define what the right clients and business are – that is, the metrics by which your firm measures new business risk. For example, a new region, an emergent industry, or a growing service within the firm could pose outsized risk to the firm. New business that falls within these areas should be accepted only after careful consideration by the proper approvers.
These firm-defined risk boundaries are the foundation upon which two other key processes — risk assessment and risk decision-making — are built. To carry out these processes correctly, a firm must understand its current level of expertise; how its expertise applies to its services, regions, and industries; what areas of business the firm wants to enter; and which business it intends to avoid.
Several accounting firms are now under increased scrutiny by the Securities and Exchange Commission as a result of providing services for cryptocurrency exchanges. Some, but likely not all, of these firms may have defined for themselves what “too much” risk looked like before they took on this business.
The most strategic firms we speak with avoid these kinds of problems by first defining their risk boundaries. They understand that if they don’t have a strong internal definition of risk, then the risk processes they build won’t work. These firms are able to assess the risk of regulatory scrutiny, malpractice lawsuits, or reputational harm in potential new business, and closely examine that new business, to make an informed acceptance decision.
How do you determine risk?
Once a firm has defined what risk looks like, it is now in a position to assess the risk of new business in relation to that definition of risk. How do the best firms do this? Typical methods include the following:
- Asking thoughtful questions designed to draw out the risks that the potential new client could pose that may not be readily obvious.
- Using third-party data providers to ingest information to better understand the potential client. (For example, which North American Industry Classification System (NAICS) code applies to this client? Who is the client’s ultimate parent company? Will this client be solvent for the foreseeable future?)
- Integrating this technology with internal firm systems to ensure you’re incorporating firmwide data that may inform decision-making.
Firms operating in emerging spaces need to carefully consider the questions they ask of themselves and their potential clients in order to build a holistic risk picture of the new opportunity. Without this comprehensive picture, firms can make critical risk decisions based on inaccurate premises.
We see this playing out today in the uncertainty and fallout surrounding several cryptocurrency exchanges and their auditors. Indeed, some firms are saying they won’t serve these exchanges going forward. That is an example of firms establishing risk guardrails.
The best firms leverage technology that facilitates this decision-making process and enables them to assign well-informed risk scores to new business. By quantifying and categorizing risk, and by automating related workflows such as review and escalation, technology that is purpose-built for risk management can improve information gathering, workflow routing, and decision-making around all aspects of new client risk.
How do you decide on risk?
For a firm’s approvers to make informed risk decisions, they must be presented with the full picture of a potential client in digestible formats, such as dashboards with drill-down capabilities and reporting providing clear data visualization. Firms also need to ensure that professionals with the correct depth and breadth of expertise are available to appropriately staff new engagements.
Forward-thinking firms build forms into their risk assessment processes to develop this full picture, verify their own capabilities, uncover potential areas of exposure, and choose to address these risk factors proactively or decline the risky new business altogether. Some firms also set up automatic notifications to firm leadership to provide visibility into new business acceptance decisions at the executive level.
The path forward
In the wake of events transpiring in the cryptocurrency exchange space, it is clear that accounting firms must have robust risk management processes in place that help them define risk, assess risk, and act on those assessments. If any of these processes are skipped or given short shrift, firms can find themselves at the center of a storm of negative regulatory and media attention.
Learn more about how Intapp can help your firm build a risk-based new business acceptance system based on leading technology used by many of the world’s largest accounting firms.