CPA Exam Changes: Business Processes
Big changes are coming to the CPA Exam beginning July 1, 2021. Under the new CPA Exam Blueprint, which outlines “the minimum level of knowledge and skills [candidates] must have to qualify for initial licensure,” candidates must be able to demonstrate “an understanding of business processes from inception to completion,” according to the AICPA. As such, new testable content on business processes will be implemented on exams, and is detailed in the AICPA Practice Analysis Final report and the new CPA Exam Blueprint. These updates are designed to reflect the evolution of the CPA profession, particularly the impact of technology, analytics and automation on the work of newly licensed CPAs.
In the context of the CPA Exam, business processes span a business’ operations, from information systems to information and data flows, as well as the risks and related internal controls around these processes.
Focus on technology
Technology is a crucial part of testable business process content. Technology increasingly plays a key role in a business’ financial interests and day-to-day operations, so the AICPA says it is essential that CPAs “understand the flow of transactions within business processes and information systems,” both critical players in the accounting technology landscape. The AICPA also notes the need for future CPAs to have a digital and data-driven mindset. That includes “understanding where and how [data] may be accessed,” and the ability “to converse with clients about data and its potential uses.” Ultimately, the goal is for newly licensed CPAs to understand the availability, reliability, completeness and accuracy of data, and the potential financial impact of all these factors.
As the ability to accurately utilize technology in an accounting context is imperative for any 21st century CPA, including newly licensed CPAs (nlCPAs), technology is closely tied to the businesses processes that nlCPAs need to be familiar with.
Where are these changes occurring?
Due to the scope of these changes, the two sections that have been adjusted in relation to business processes are the Auditing and Attestation (AUD) and Business Environment and Concepts (BEC) sections.
Business processes: What do these entail?
AUD section revisions
“The AUD section generally is more focused on risk assessment and testing of internal controls,” according to the Practice Analysis Final report. One important change occurs in Area II of the Audit Blueprint, the group titled “Understanding an entity’s control environment and business processes, including information technology (IT) systems,” and has been revised to more broadly cover content related to the IT systems that are used for financial reporting. This includes requirements for:
- Understanding IT systems that are directly or indirectly the source of financial transactions
- Evaluating whether relevant internal controls are effectively designed and placed in operation
- Understanding the limitations of internal controls and the potential impact on the risk of material misstatement of an entity’s financial statements
The goal of these revisions is to illustrate how CPAs should consider technology’s impact on an entity and its environment during an audit engagement.
BEC section revisions
The BEC section, according to the AICPA, is more focused on governance and the design of internal controls. One of the major changes occurs in Area IV of BEC Blueprint, titled “Information Technology,” which requires candidates to demonstrate an understanding of IT and its associated risks. It now includes requirements for:
- Identifying the controls associated with protecting sensitive and critical information within information systems
- Recognizing the legal, ethical, business intellectual property and customer sensitivity considerations that should be included in a data governance program
- Understanding the importance of business resiliency for an entity, as well as the key strategies, resources, business functions, employees, and steps involved in IT planning
These changes are designed to assess a candidate’s knowledge of the risks involving controls, applications and data integrity, including risks introduced by relationships with third parties.
The revisions outlined above are just some of the changes the AICPA is making to the CPA Exam. They’re important adjustments, as they reflect the new realities of a CPA’s job—particularly, understanding how technology and data, and their associated risks, can impact an organization’s finances. The changes are significant, but they’re also manageable, and being on top of important CPA Exam changes can only help you when exam day arrives.
You can get a complete picture of all of the changes in the AICPA’s Uniform CPA Exam Blueprints, which details the topics covered in each of the CPA Exam’s four sections.