Latest News

Data hosting and independence

Written on Jul 31, 2020

By Laura Hay, CPA, CAE, OSCPA executive vice president

A new interpretation ET §1.295.143 of the Nonattest Services section of the AICPA Independence rule becomes effective Sept. 1, and addresses a CPA providing data or records hosting services for clients. Safeguarding data or records is considered part of the client’s system of internal control, and when provided by the external CPA, is considered an unacceptable management participation threat.

In a world of cloud computing, defining “control” of data presents new challenges addressed by the interpretation. Access alone does not equate to control, but acting as the sole host or source for disaster recovery would impair independence.

Read more at:

Related Upcoming Events