Auditing Standards Board Update

These New Audit Standards May Require Your Attention







Partner Lisa Ritter has published an article in the Pennsylvania CPA Journal on SAS (Statements on Auditing Standards) Nos. 134 through 140. These standards are:

  • SAS No. 134 – Auditor Reporting
  • SAS No. 135 – Omnibus SAS
  • SAS No. 136 – Employee Benefit Plan ERISA Audits
  • SAS No. 137 – Other Information
  • SAS No. 138 – Amendements to the Description of the Concept of Materality
  • SAS No. 139 – Amendments to Incorporate Changes from SAS 134
  • SAS No. 140 – Amendments to Incorporate Changes from SAS 134 and 137

For more information you can review the article here: 

Information Technology

Cybersecurity Training Resources







Research suggests as much as 91% of cyber-attacks are via email directed at employees.  This statistic would suggest that employee training is one of the most effective ways to combat security threats.  Unfortunately, many organizations do not have in-house IT staff or other resources to provide that training.

In some cases, employee training may be available through cyber- security insurance that an organization has already purchased.  For those organizations that find the premiums for cybersecurity insurance are too high, they may find that mandatory security awareness training can reduce premiums along with the use of best practices like multi-factor authentication and data and device encryption.  It might be worthwhile to contact your insurance agent to find out what discounts might be available and to inquire about training.  This is an area that changes quickly so reviewing cybersecurity polices will need to be completed more frequently than traditional types of policies.

Other training options include purchasing solutions from companies such as KnowBe4, NINJIO and Barracuda.  KnowBe4 provides cybersecurity awareness training and simulated phishing attacks. There are also some free tools and resources available on the KnowBe4 website at  NINJIO provides cybersecurity training and encourages employee competition through quizzes and points awarded.  Barracuda provides an array of services including threat prevention as well as incident response solutions and security awareness training.

The Cybersecurity and Infrastructure Security Agency provides free resources including a ransomware guide with instructions on how to prevent a cyberattack at  CISA MS-ISAC Ransomware Guide. The guide links to a one page document entitled, “ Avoiding Social Engineering and Phishing Attacks”  that is written in plain English and could be provided to employees.  Other resources at this site include a guide on “Using Caution with Email Attachments”, and a Guide on “Good Security Habits”.

The Cyber Readiness Institute offers a free program and starter guide to help small and medium-size organizations prepare for attacks.  The site offers a series of flyers on topics such as “Managing the Relationship with Your Outside Cybersecurity Provider”, and videos on security education and Awareness at  Security Education & Awareness: Preventing Ransomware – Cyber Readiness Institute.

The United States Secret Service publishes several items including a one-page guide to business compromised e-mail accounts and guides on preparing for a cyber incident.   Materials include brochures on email compromise that could be provided to employees at the United States Secret Service.

Given the current risk, cyber security training is extremely important at this time.  Any progress you make in this area will benefit your organization.

Firm News

Passionate About Quality: A Quality Control Update

Lisa A. Ritter, CPA, CFE, CITP








Lisa A. Ritter, CPA, CFE, CITP
Quality Control Partner

Maher Duessel is in the middle of the annual test of our system of quality control.  We are passionate about providing quality services, and we expend significant resources ensuring that quality.  The elements of our quality control system include the following:

  • Leadership responsibilities including tone at the top
  • Compliance with relevant ethical requirements
  • Compliance with polices for acceptance and continuation of client relationships
  • Human Resources policies
  • Engagement performance including compliance with auditing and accounting standards
  • Monitoring of each element of quality control

I would like to thank a very talented team for assisting with the annual process this year including the following who assisted with the inspection:

  • Jennifer L., CruverKibi, CPA, Partner
  • Amy C. Lewis, CPA, Partner
  • Robert A. Belicose, Jr., CPA, Principal
  • Janet L. Feick, CPA, Senior Manager
  • Michelle L. Hoke, CPA, Senior Manager
  • Jonathan C. Mentzer, CPA, Senior Manager
  • Peggy Jo Revay, CPA, Senior Manager
  • Dustin D. Starr, CPA, Senior Manager
  • Natalie Caponi, CPA, Manager
  • James Contrella, CPA, Manager
  • Kristen E. Moss, CPA, Manager
  • Sara Reed, CPA, Manager
  • Allison R. Bozman, CPA, Manager
  • Patrick J. Kline, CPA, Senior Auditor

Michelle Buskey has taken the lead on this project.  Her contributions are invaluable. Partners Elizabeth (‘Betsy’) E. Krisher, CPA, CGFM, and Brian T. McCall, CPA, CGFM also provided significant support to the process, along with administrative support from Kim Phillips, and I am grateful for all of their assistance.

In addition to the annual testing we complete, every three years we engage an independent accounting firm to review the quality of our work.   We will undergo that process approximately one year from now. The results of external reviews are always located on our website here.