Latest News

A Win For BAS Agents

TPB turns around on its Cloud Accounting Position

In what is seen as a turnaround on their original Cloud Accounting position (which we described at the time as BAS Agent/Tax Agent unfriendly), a fresh Exposure Draft / Practice Note has just been released by the Tax Practitioners Board (TPB). Gone are the objectionable aspects:

• A huge responsibility shift to Agents
• An inefficient process of assessment of Cloud providers by Agents
• A time pit of red tape placed on Agents
• A risk to PI insurance cover.

Additionally, Australian Bookkeepers Association worked directly with the Board to clarify and modify the wording around the general factors that BAS Agents may wish to consider when entering into cloud computing arrangements.

Australian Bookkeepers Association (ABA) is pleased with the substantive changes that have been made which alter the tone of the document from instructional to informational, and we thank the Board for making the changes.

We also thank the hundreds and hundreds of BAS Agents who gave us their views about the original Exposure Draft and the adverse effect it would have had on their business if unamended. We took all of your views forward and they were heard.  

The Details of the Change

As you may recall, the Tax Practitioners Board late last year released for comment an Exposure Draft Information Sheet Cloud Computing and the Code of Professional Conduct. The Australian Bookkeepers Association made clear in our written submission to the Board earlier this year, the Exposure Draft was decidedly ’BAS Agent-unfriendly’ in that it  shifted the responsibility for client Cloud security to BAS Agents. By bracketing the choice to use Cloud accounting with any other outsource choice that a bookkeeper may make (like a subcontractor), the Board potentially made it a Code of Conduct violation by the BAS Agent for client information security breaches that may occur as a result of security failures by Cloud providers. Before we filed our submission with the Board, we sought your feedback which was overwhelming supportive of our view – urging that the Board soften its position, and remove this onus from BAS Agents. This feedback from our members was then collated and attached to our submission.
 
The good news is our voices have been heard! Following public consultation (including taking on board our submission and your feedback), the Board has now just released its revised  Practice Note which addresses the concerns raised in our submission as follows:

• It largely removes the onus on Agents to assess the security credentials/practices of Cloud providers – something for which Agents are not qualified to do, and would likely not do anyway. The amended Paragraph 7 of the Practice Note has been ‘watered down’ and now only stipulates that an Agent ‘may’ wish to consider various IT security factors ( 10 factors are listed at Paragraph 7) before using a Cloud provider. The original version of the Exposure Draft used the word ‘must’, while a later version used the word ‘should’. The watering down of this requirement transforms this aspect of the Exposure Draft from instructional (i.e. you ‘must’ or you ‘should’ consider the various listed factors) to informational (i.e. you now ‘may wish to’ consider the various listed factors…there is now no compulsion) – thus relieving Agents of a responsibility for which many are not qualified to undertake.

• The removal of the requirement by Agents to conduct a rigorous assessment of a Cloud provider’s security practices (by reference to the 10 factors listed at paragraph 7), saves Agents significant time and hassle. There is now no strict requirement to get answers to these questions from Cloud providers, and then (assuming the answers can even be obtained) weigh these various factors before using a Cloud provider.

• In relieving this onus on Agents, the revised Exposure Draft removes what may otherwise have been a PI insurance risk for BAS Agents. If the Exposure Draft had proceeded in its original form, it could have had adverse insurance outcomes in the sense that when a statutory authority like the Board prescribe a wide interpretation on a professional conduct issue (as had been done in the original Exposure Draft) then this could expose gaps in cover in existing policies. This risked an Agent’s cover in the event of a claim and potentially may have left some Agents exposed.  

• The inefficient process involved in some 70 000 registered Agents across Australia seeking answers to and information from a limited number of Cloud providers on their IT security practices has now been largely eliminated. No longer ‘must’ Agents consider and get answers from Cloud providers to the various factors listed at paragraph 7 as part of their obligations under the Code of Conduct.

 
Action Plan for BAS Agents as a Result of the Amended Exposure Draft?

With the bookkeeper-unfriendly provisions gone, where does the amended Exposure Draft leave bookkeepers in terms of their Code of Conduct obligations vis-a-vis the use of Cloud Accounting?
 
Code Item 6 of the Code of Conduct says that Agents are still required to disclose to clients that they are using a Cloud provider and obtain client consent before putting a client’s information ‘in the Cloud’. Why? By way of background, Code Item 6 states:
 
     “unless you have a legal duty to do so, you must not disclose any information relating to a client’s affairs to a third party without your client’s permission.”
 
In terms of the method of disclosure, the Exposure Draft at paragraph 12 stipulates that the Client Engagement Letter is an appropriate medium. To this end, in terms of wording, you may wish to review your Engagement Letter for adequacy or adopt the clause contained in our Client Engagement Letter Template which is available on our website. For those of you who do not use Engagement Letters (and, for a whole range of reasons, we strongly recommend that you start doing so) alternatively disclosure will need to be made by some other (preferably written) means e.g. email (and be sure to obtain a record of client acknowledgement).    
 
Where to from here with the Exposure Draft?

Together, with our submission and your feedback, we’ve contributed to achieving some major  ‘BAS Agent -friendly’ changes to the Exposure Draft – changes which it must be said were largely not sought and fought for by all industry associations. However in our view there are still a number of minor aspects of the latest Exposure Draft that could have clarification/improvement for bookkeepers before the Board finalises its position later this year on how the Code of Conduct applies to Cloud computing. We will take these matters up with the Board in our final submission on the latest Exposure Draft over the next few weeks.