The .CPA Domain: A Bright Line for Security and Trust in the Digital World

It’s easy to grasp the branding advantages the new Internet domain for the CPA profession, .cpa, can offer. Less obvious but just as important is the enhanced security it delivers.

.CPA is a high-value restricted internet domain with verifications and controls. A restricted domain means not everyone can apply for it: in this case, you must be a licensed CPA firm (starting in January 2021, licensed individual CPAs can also apply). Why is this important? Unrestricted domains are unmanaged and uncontrolled. Users are not verified and there is no implementation of security best practices. Essentially, any fraudster can sign up for an unrestricted domain such as .com and closely mimic a legitimate business site. Not so with .cpa.

It’s no surprise Internet crime is rising, even more so as people increasingly work from home. A recent Ponemon Institute survey found that 57 percent of small businesses reported instances of phishing or social engineering attacks in the past 12 months, many tied to fraudulent look-alike or spoofed domain addresses (also known as imitator domains). More than 114,000 individuals reported being a victim of a phishing scam in 2019, incurring collective losses of almost $60 million, the latest FBI statistics show.

Security - .CPA vs .COM


Phishing involves bogus emails that appear to come from reputable companies, trusted co-workers or bosses, with the goal of gleaning usernames, passwords or credit card details. A common strategy is to use combinations of numbers (a zero where an “O” should be, for example), letters and foreign characters to mimic existing domains to deceive end users. The good news is most phishing attempts fail – but for CPA firms that deal with sensitive client data, a data breach or other information security lapse can be devastating.

Here’s how .cpa can help strengthen your firm’s defenses:

  • Unlike open domain extensions, only licensed firms and individual accountants can register and use a .cpa domain. License verification will take place at the time of purchase through, and at other random periodic times. This will reduce a scammers ability to purchase lookalike domains on a large enough scale to make it worth their while.
  • The verification process should also effectively limit the proliferation of spam in the .cpa space. Spam is a preferred delivery tool for ransomware, malware, and phishing.’s policy is to not post domain owners’ names and registration information on publicly listed registry records, so spammers will be unable to collect long lists of .cpa domain holder addresses to send out email blasts.

Of course, CPA firms will still responsible for the everyday, routine blocking and tackling of data security. The AICPA’s firm management section has excellent advice on how to improve vigilance and follow best practices in this area, including this checklist and recent explainer article. But the move to restricted domains is a step many progressive businesses and professions are taking to improve trust and curb fraud in their online operations.

To learn more about the .cpa domain, read our position paper or visit to view FAQs or apply for your preferred domain.

Checking in on the innovators: the 2020 Startup Accelerator companies

When it comes to early-stage companies chosen for our Startup Accelerator program, we’re a little like proud parents. “They grow so fast,” we say.

The Association of International Certified Professional Accountants and created the program in 2017 to promote innovation in the accounting profession and provide more visibility into disruptive trends from emerging technologies. Finalists get a nominal funding investment and guidance from our senior leaders, as well as access to a panel of experts who can advise on marketplace needs and opportunities within the profession.

Our 2020 cohort faced special challenges this year because of the pandemic. However, the progress they’ve made is a testament to the power of their ideas and solutions. Attendees at ENGAGE 2020 this summer were able to hear their remarkable stories firsthand. Below is an update on their activities that draws on remarks from that virtual gathering.

The Climate Service

What it does: The North Carolina company has developed a cloud-based solution to help companies measure, manage and disclose climate-related financial risks. Four Nobel prize winners sit on its advisory board.

What the profession should know about its area of focus: “There are reporting guidelines now on climate exposure, but these will become mandatory eventually,” said Joey Lake, the company’s chief operating officer. “Regulation is one of the big drivers for our services. The other is investor pressure.” The Climate Service’s platform looks out 80 years and identifies assets with the greatest climate-related financial risk, either due to physical threats such as flooding or deforestation or the financial implications of transitioning to less carbon-intensive operations. The commercial real estate sector, for one, has shown early interest in its risk modeling and mapping.

Noteworthy developments: The Climate Service closed on Series A financing of $3.825 million in April. Given this was in the early onset of the pandemic, it’s a huge vote of confidence for the company.


What it does: The New Orleans company offers seamless invoicing, payments, and accounting for global businesses, powered by blockchain.

What the profession should know about its area of focus: “The current process for digital payment is slow, clunky and requires extensive knowledge,” said Joey Ryan, CPA, the company’s co-founder and CFO, adding that most traditional accounting systems don’t really support it. Gilded has solved this problem by integrating its blockchain-powered digital payment and invoicing into existing back office systems. Gilded reduces a process that can take days or hours into minutes, and can cut international payment fees by 75 percent, he said.

Noteworthy developments: Deployed a digital payment solution for CoinMarketCap, a price-tracking website for crypto assets. Ryan said the company is also benefiting from the growing validation of digital payments – the federal government initially considered paying out some stimulus checks through this method, so widespread adoption is closer than you think.


What it does: The European company uses intelligent algorithms to automate document processing, accounting and finance management for small to medium-sized enterprises.

What the profession should know about its area of focus: “Many accounting applications are far from being accounting-centric,” said Tadeusz Chrusciel, the company’s founder and CEO. Scanye is targeted to small and medium-sized businesses and champions “stress-less” accounting. “With Scanye, we save the world from paperwork,” Chrusciel said. “With our platform, every document in is one place.”

Noteworthy developments: The company is weighing a timeline for introduction of an English-language version of its service. Chrusciel said he’s targeting the first quarter of 2021, or less than a year.

Tally Street

What it does: The Boston-based startup created a “virtual analyst” to help businesses boost cash flow by using accounting data to find opportunities and anticipate problems before they happen.

What the profession should know about its area of focus: Many smaller businesses don’t have insight into critical metrics, such as cash flow, net revenue retention and customer retention – yet much of that relevant information is hidden in their accounting data. “We started Tally Street in the belief that small and medium-sized businesses can do better,” said Brian Suthoff, the company’s CEO, adding that Tally Street’s service can immediately reveal KPIs from existing data. “Customers begin to see accounting data as a value-add rather than an expense.”

Noteworthy developments: The company is integrating with major accounting software providers including QuickBooks Online, Xero and Sage Intacct. and the Association are already searching for early-stage companies for our 2021 cohort. Interested companies can get information about the accelerator program and application details at

Top 3 Blockchain Use Cases of 2020

Blockchain technology has exploded into the FinTech ecosystem and various industries over the last few years, evolving well beyond the buzz of Bitcoin. Already incorporated into a range of business and financial applications, its impact and use cases continue to improve as the technology matures.

For most industries, blockchain presents opportunities around increased transparency, efficiency, and innovation. At its core, blockchain is an accounting technology, an immutable ledger that tracks the transfer of ownership of assets; and as such, it’s poised to play a significant role in audit, tax, cybersecurity, accounting, and advisory services.

Each year, the AICPA and host in partnership with the WSBA a Blockchain in Accountancy Symposium where some of the profession’s brightest minds and blockchain experts convene to explore strategize on how the community as a whole should think about, plan for and respond to the blockchain wave. In December, we published a special report, 2019 Blockchain Symposium: Experts’ Insights Indicate Growing Use Cases and Value for the Technology. Due to the technology evolving and maturing at an exponential rate, we decided to take a look at the most prevalent use cases for a mid-year update.

As more enterprises use blockchain technology, they will require practitioners who not only understand its implications but can provide broader guidance on how it will impact their businesses and industries moving forward. “Even though they are still uncertain of the impact blockchain will have on their businesses, 60% of CIOs in the Gartner 2019 CIO Agenda Survey said that they expected some level of adoption of blockchain technologies in the next three years” said David Furlonger, research vice-president at Gartner. “However, the existing digital infrastructure of organizations and the lack of clear blockchain governance are limiting CIOs from getting full value with blockchain.”

The technology is evolving at a rapid pace, which is why a mid-year update on some key use cases is important.

Supply Chain

Supply chains contain complex networks consisting of multiple stakeholders that have lots of touch points through a bill of sale. This creates a perfect use case for blockchain to drive cost-savings down while providing previously unattainable traceability. A centralized infrastructure that delivers greater visibility into the process and transfer of goods for high risk products like leafy green vegetables and beef, to high value goods like cars is only going to increase in the coming years. It may have started with an E Coli outbreak that wiped store shelves clean, but it is expanding to every corner of commerce including wine and consumer shipments.

Walmart created a food traceability mandate, which aims to prevent food-borne illnesses by identifying the source of contaminated products quickly. The food giant’s announcement is part of a larger trend: the digitization and movement of data, such as goods and services, intellectual property, credentialing, and trademarks, onto the blockchain. Most supply chains are tailor-made for blockchain, because the technology can be used to create transparent, immutable records.


Despite the potential of its underlying technology, blockchain for many people is still synonymous with Bitcoin and the cryptocurrency’s spectacular rise in value. There are however over 5,400 cryptocurrencies available globally today and that number is only expected to grow. Mainstream payment processors PayPal and Venmo recently through their hat into the crypto buying and selling ring, which could trigger adoption by a large percentage of their 325 million users that previously have not transacted on a blockchain network.

Robert Materazzi, co-CEO, LukkaTax - "As all businesses across all industries embrace blockchain, crypto offers an enormous opportunity to learn how to manage blockchain data as use-cases are adopted in other industries, particularly as it relates to governance, risk, and audit frameworks."

Health Care

In our looking ahead to what’s the next big industry that will be transformed by blockchain, we evaluate the health care system – both patient records as well as prescriptions dispensed.

“Blockchain technology continues to evolve and become a strategic solution for a growing number of industries. The global healthcare industry is beginning to look to blockchain to help solve some of the entrenched problems of cost, privacy and inefficiency that have plagued healthcare for generations,” explained Ron Quaranta, chairman of the Wall Street Blockchain Alliance. “From patient records to prescription tracking, to pandemic monitoring, and more, we can expect blockchain technology to be a core part of how the global healthcare industry evolves in the future.”

In an important way, blockchain’s maturation aligns with the profession’s shift from recordkeepers to advisors. This transition is by no means limited to accounting and finance; as automation grows more sophisticated, professionals including lawyers, doctors, and insurance providers are relying more on personal, advisory-style relationships with clients and/or patients, hence the shift in multiple use cases to a more sophisticated technology platform.

Download the infographic here:
Top 3 Blockchain Use Cases of 2020 Infographic

Engagement Letters: New Risks Addressed, Best Practices for Firms

Engagement Letter 1

Engagement Letters: New Risks Addressed, Best Practices for Firms

That’s a conclusion you can draw from the number of CPA firm engagements that are conducted without one. It’s also supported by the number of engagements conducted in which the engagement letter does not accurately detail the scope of the engagement and key details, including the standards that the firm is going to follow, the limitations of the service, and the client responsibilities.

Engagement letters are incredibly important.

That’s the conclusion you’ll draw from analyzing data from claims filed against CPA firms or speaking with experts involved in handling claims, potential claims, and lawsuits against CPA firms. In 2018, nearly one-third of claims against CPA firms (31%) involved engagements with no engagement letter at all. I learned that when interviewing an expert on claims made against CPA firms for the Modernizing Your Practice podcast series.

There are also far too many times where the engagement letter is not doing the job of minimizing risks to the firm, and those risks include liability risk and reputation risk. While the client and firm may seem perfectly aligned during the pre-engagement meetings, things that were discussed but not recorded and included in the engagement letter become points of contention and add unnecessary risk. When there is a difference of opinion on the scope, client requirements, etc., perhaps the client will defer to the firm’s recollection and notes from those face-to-face meetings. Perhaps they won’t.

The good news is there are foundational best practices regarding engagement letters and there are risk liability experts willing to share their experiences, insights, and recommendations to help you and your firm mitigate professional liability risk. The better news is that my colleague Matt Towers captured all that in a recent interview with Stan Sterna, JD, a vice president at Aon Insurance Services, and Sarah Ference, CPA, risk control director of accountants professional liability at CNA.

There are also far too many times where the engagement letter is not doing the job of minimizing risks to the firm, and those risks include liability risk and reputation risk. While the client and firm may seem perfectly aligned during the pre-engagement meetings, things that were discussed but not recorded and included in the engagement letter become points of contention and add unnecessary risk. When there is a difference of opinion on the scope, client requirements, etc., perhaps the client will defer to the firm’s recollection and notes from those face-to-face meetings. Perhaps they won’t.

Engagement Letter 2

Key Elements to Capture

  1. Scope of Service: What you have been engaged to do, and exactly which services you are going to be delivering to the client
  2. Professional Standards: Detail the standards that the firm is going to follow when delivering the service (including the limitations of that service)
  3. Client's Responsibilities: Include what the client needs to provide (and by when), and if applicable lay out the fact that it is the client’s responsibility to make decisions and to implement or respond to any advice or recommendations provided by the firm

The three elements Sarah lays out above may seem both obvious and simple to capture but claims data and the experiences and examples she and Stan shared with Matt tell a different story. Consider an engagement letter stating the firm will prepare and file the client’s “tax return.” Does that include sales-and-use-tax calculation? Which jurisdiction? State and federal returns? A gift tax return? Months later is not when you want to be clarifying the scope, hastily doing unplanned work, or working with an attorney to defend against a claim.

In the assurance space, the risk liability can go way up. For example, Sarah brought up a common scenario where for the vast majority of services a CPA firm delivers, there may be no responsibility to detect theft or fraud at a client organization or to detect a weakness in the client’s internal controls. If that is the case for an engagement, she recommends you state it in the engagement letter or you’re taking on unnecessary risk. If fraud or another problem is later found at the client company, a claim or lawsuit against the CPA firm should not be a surprise. As Stan and Sarah shared, if the scope of the engagement is not clear and detailed, the client’s attorneys will make their own interpretation.

The claim, lawsuit, and payout data make it clear that a firm’s first line of defense when it comes to risk liability is the engagement letter. Stan, the lawyer in the discussion, also shared three key takeaways which I’ll summarize this way:

Three Takeaways/Process Recommendations for Firms

  • Engagement Letter Process: Have a process that ensures every engagement has an engagement letter capturing key elements of the work anticipated for the client
  • Annual Review: Review them annually, for each and every client
  • Document and Amend All Changes: Whenever the scope of the services change, document that change and then either issue a new engagement letter or amend the existing letter accordingly

Another takeaway I’ll add is there are new tools and resources available to guide you and your staff when drafting engagement letters including, for example, OnPoint PCR and its unique engagement letter drafting tool for preparation, compilation and review engagements.

Finally, as you and your clients find ways to stay connected in this new era of remote working, and while you’re evolving the pre-engagement meetings, the engagement wrap-up meeting, and everything in-between, consider evolving your approach to engagement letters too. They’re incredibly important.

Listen to the full podcast episode: Engagement Letters: Foundational Best Practices

About the Author:

Steven A. Menges, Assurance Team and Modernizing Your Practice Lead,

A business-to-business (B2B) innovator and products executive with 20 years’ progressive experience, Steven Menges is a frequent industry author and speaker on enterprise computing, data analytics, managed service providers (MSPs), IT Security, regulatory compliance, EdTech, and buyer’s journey-based engagement.

The IRS requires reporting crypto assets this season. Do your clients even know?

How many of your clients with crypto assets are aware the IRS requires them to include crypto transactions on their 2019 taxes? If your clients are like most, the answer is probably “not enough.” Especially at this moment, when issues such as Paycheck Protection Program (PPP) loans are dominating client conversations at firms, reporting of crypto assets may not even make the top 10 list of concerns about their taxes and finances. Yet clients with crypto assets can’t afford to let other issues push crypto reporting off the agenda.

Additional Income and Adjustments to Income

Today’s challenges have created an unlikely opportunity to help your clients navigate this issue. With the tax season being extended this year, there is still an ample window of time in which you can help clients become aware of the need for reporting crypto assets and help them comply with the IRS. But you’ll need to move quickly before that window closes. Here are some of the most important steps you should take, starting today.

Reach out to clients now

Do you know which clients have engaged in crypto trading over the past few years? Because there hasn’t been explicit instruction from the IRS to report these transactions until now, this may never have come up in client conversations. You may be surprised to find out just how many own crypto assets. For 2019, there are an estimated 20 to 40 million crypto filers, and three-to-eight million are expected to refile for 2018 alone. Some of those are probably your clients.

It’s your responsibility to put crypto reporting issues on their radar, if you haven’t already done so. Clients often provide the same tax data year over year, given no major changes. If they didn’t provide crypto reporting information last year, why would they think to do it this year? To help you get the word out, we’ve highlighted some practical ways to get your clients up to speed:

  • Update Organizers: Don’t just ask if the client has traded crypto – explain the importance of properly reporting these transactions and why there is a change in reporting requirements for 2019 compared to previous years. You should also explain the implications for clients if they don’t report properly.
  • E-mail blast to your client list: This can be an educational and informational e-mail blast updating clients on the reporting requirements and the importance of properly notifying the firm if they are trading crypto currencies.
  • Client Newsletter: Many firms provide their clients monthly or quarterly newsletters that not only provide firm updates but also update clients on new tax requirements. These crypto requirements should be considered front-page news.
  • Virtual Client Conversations: Due to today’s uncertainty, what used to be face-to-face meetings have now shifted to virtual meetings. In these meetings, don’t forget to add a “crypto” line item to your agenda for tax return review discussions. It’s not too late for one final mention or reminder about crypto reporting.

The tax season extension has provided firms additional time to prepare for the shift in crypto tax reporting. But the window is closing for clients to register this as an issue worthy of their attention, gather whatever information they need for filing, and coordinate with your team in order to ensure accurate reporting this season.

Evaluate crypto-focused tax technology packages

Crypto tax reporting isn’t just difficult for clients – it can be difficult for firms, too, at least those that aren’t taking advantage of technologies developed specifically for crypto reporting tasks. The IRS isn’t offering much by way of guidance on crypto, either. Plus, there are no standards in the crypto ecosystem. The reporting of crypto trading can be particularly complex due to the thousands of unique types of crypto assets, causing a range of inconsistent data formats. Unlike traditional currencies and investments, crypto assets are held and transferred between hundreds of independent exchanges that may each call the same asset by a different ticker symbol. This makes manual calculations, establishing cost basis, and assigning fair market value (FMV) far more difficult than other transactions. It is risky to assume that traditional tax preparation software is capable of correctly handling crypto transactions.

For firms looking to help crypto clients, having the right technology in place can make all the difference. Software packages can streamline the ability to track thousands of different crypto assets, automatically standardize transaction data from hundreds of independent exchanges, and properly assign FMV to transactions that do not have U.S. dollar denominations – a task that is virtually impossible for any single firm. Crypto-focused software can also automate key processes, such as properly calculating the cost basis of digital assets when commission and fees are paid in crypto assets.

Not all crypto tax packages are the same, however –most are built by pure tech companies with little input from CPAs or other tax professionals. For example, one popular crypto tax package fails completely to adjust the cost basis for fees/commission (such as those charged when purchasing a crypto asset), resulting in higher capital gains taxes for filers. Perhaps even more important, this type of oversight can trigger an audit, particularly as the IRS cracks down on the misreporting of crypto assets and transactions.

The tools you use are a measure of your ability to look after your clients’ interests on crypto issues. Make sure you select tools that ensure you are accurately calculating crypto gains and losses. Equally important, look for a tool that is built on a tested, secure SOC 1 Type 2/SOC 2 Type 2 infrastructure.

Shift your mindset

Crypto reporting is here to stay. If anything, it’s only going to grow in importance as cryptocurrency use becomes more widespread. So don’t allow your own team or your clients to fall into the trap of treating this as a one-off issue – even in the midst of this unprecedented environment, which has introduced new challenges and issues to clients and firms alike. Clients still need to embrace the idea that accurate crypto reporting is important now – and for many, that requires a shift in mindset. Enabling that shift will require constant, clear communication on your part, in client conversations, in document reviews, and (of course) in tax preparation itself. The time for that shift is not sometime in the near future. It’s right now.

Does this feel overwhelming? It shouldn’t – especially since the tax season extension has given firms and clients precious time to get on top of crypto issues. Just as important, there are plenty of tools and technologies that can help. For starters, if you or anyone in your firm needs more education on crypto-related issues, here are some helpful resources:

There are plenty of powerful, proven cloud technology solutions available to you as a trusted advisor that can enhance your relationships with clients, extend your capabilities, and make it easier to tackle new issues. We work with the leading providers of cloud-based crypto tax software and can help connect you with the resources you need to help clients navigate this important new dimension of tax reporting.