Contemplating Outsourcing? Take Heed of These Risk Management Considerations.

• Author: Holl, Suzanne M.

the challenges associated with firms attracting and retaining talent are expansive and include issues such as staffing qualified professionals for complex engagements, employee burnout, unrealistic and "heavy" workloads, as well as limitations on the ability to maintain and foster high-touch client relationships.

As firms evaluate options to get work done efficiently and effectively with limited resources, more firms are considering outsourcing. There are two primary outsourcing scenarios:

Onshore: Work is outsourced domestically to a third-party service provider and work is not disclosed in any manner outside U.S. borders.

Offshore: Work is outsourced to individuals or companies outside U.S. borders. This includes the use of an onshore company that utilizes offshore employees. Note: A firm may also choose to establish an office abroad in lieu of using a third-party service provider.

Due diligence is a critical first step when considering outsourcing, as not all outsourcing entities are created equal. For example, CPAs are responsible for protecting their clients' data and, as such, must ensure the third party has appropriate security protocols and safeguards to protect confidential information.

As part of that due diligence, firms need to assess the adequacy and reasonableness of the entity's administrative, physical and network security to prevent breaches. This includes (but is not limited to) determining whether the entity's safeguards are reasonable to prevent the potential misuse or unauthorized disclosure of confidential information to comply with applicable data and privacy laws, professional standards and the firm's contractual terms. There should be explicit written terms in any contractual agreement with the third party that confirms the responsibility of the outsource entity to maintain the security and confidentiality of client information.

CAMICO encourages CPAs to review-proposed outsource agreements to understand the implications of the agreement's legalese to make an informed assessment of terms and conditions that may place undue burden or unacceptable liability exposure on your firm. Make sure you are comfortable with the agreement and be willing to reject outsourcing options if unable to negotiate the terms and risk to your satisfaction.

Risk Management Considerations

Important risk management considerations firms should address include:

Security: Consider the added security exposures associated with outsourcing and...