Event Description

Taxpayer data is one of the most valuable—and most targeted—assets in any CPA firm. This session focuses on how risk actually occurs in day-to-day CPA workflows and how firms can apply practical safeguards to reduce the likelihood of preventable incidents.

Objectives

1. Explain how key regulatory guidance and requirements relate in practiceDescribe how IRS Publication 4557, the FTC Safeguards Rule, and a WISP collectively support safeguarding taxpayer and customer information.2. Identify common risk scenarios in CPA firm workflowsRecognize how incidents can occur through routine activities such as email communication, credential use, data transmission, and vendor interaction.3. Describe appropriate safeguards across administrative, physical, and technical areasExplain the role of policies, training, physical protections, and technical controls in reducing risk within a CPA firm environment.4. Evaluate the structure and purpose of a Written Information Security Plan (WISP)Identify core WISP components and assess whether documentation aligns with actual firm operations and responsibilities.5. Apply verification and workflow controls to higher-risk activitiesDescribe procedures such as out-of-band verification, defined escalation paths, and controlled approval processes for sensitive requests.6. Describe key elements of an incident response processOutline common trigger events and the sequence of actions used to contain risk, preserve information, and coordinate internal response.