Become a Creator today!Start creating today - Share your story with the world!
Start for free
00:00:00
00:00:01
Play next
Cool Careers in Accounting Ep. 23 - Cybersecurity, AI, and the Modern CPA with Paul Perry image

Cool Careers in Accounting Ep. 23 - Cybersecurity, AI, and the Modern CPA with Paul Perry

E62 · Becker Accounting Podcasts
Avatar
346 Plays11 days ago

Host Mike Potenza sits down with Paul Perry, a CPA turned cybersecurity leader, to explore how a passion for data analytics and risk management reshaped his career.  Starting as a financial auditor, Perry evolved to lead Warren Averett's Risk Advisory and Assurance Services group, specializing in cybersecurity, data analytics, and IT controls. Perry demonstrates how combining accounting knowledge with technology skills creates exceptional value in today's business environment, while maintaining that AI will enhance rather than replace the accounting profession. If you’re an aspiring or seasoned accountant eager to future-proof your skills, this conversation is for you!

Earn CPE by listening to this podcast through a Becker Prime CPE subscription.

Listen to this episode through your Becker LMS platform to complete practice questions, pass the final exam, and earn CPE credit.

Already a Becker Prime CPE customer?  Login here.

Have access to Becker CPE through your employer? Earn CPE credit for this podcast however you consume Becker CPE, either through your company’s LMS or via the Becker platform. Not sure where to log in? Check with your CPE admin.

Learn more about CPE Podcasts from Becker: https://www.becker.com/cpe/becker-podcasts

Recommended
Balancing the Future Ep. 29 - From Brand to ROI: A Guide to Modern CPA Marketing with Eric Elmore image
Balancing the Future Ep. 29 - From Brand to ROI: A Guide to Modern CPA Marketing with Eric Elmore
E63 · Becker Accounting Podcasts
00:36:42·4 days ago
Tax News Now Ep. 11 - Beyond the Numbers: Family-Centered Succession and Estate Planning Strategies with Martin Finn image
Tax News Now Ep. 11 - Beyond the Numbers: Family-Centered Succession and Estate Planning Strategies with Martin Finn
E61 · Becker Accounting Podcasts
00:55:48·18 days ago
Balancing the Future Ep. 28 - Navigating the World of Cannabis Accounting with Naomi Granger image
Balancing the Future Ep. 28 - Navigating the World of Cannabis Accounting with Naomi Granger
E60 · Becker Accounting Podcasts
00:40:18·25 days ago
Cool Careers in Accounting Ep. 22 - From Wall Street to World Impact with Rachel Harrison image
Cool Careers in Accounting Ep. 22 - From Wall Street to World Impact with Rachel Harrison
E59 · Becker Accounting Podcasts
00:34:49·1 month ago
Balancing the Future Ep. 27 - Empowering Communities Through Accounting and Leadership with Shakor J. Jukes image
Balancing the Future Ep. 27 - Empowering Communities Through Accounting and Leadership with Shakor J. Jukes
E58 · Becker Accounting Podcasts
00:36:27·1 month ago
Tax News Now Ep. 10 - Mastering IRS Challenges: Strategies for Advocacy, Tools, and Communication with Melissa Wiley image
Tax News Now Ep. 10 - Mastering IRS Challenges: Strategies for Advocacy, Tools, and Communication with Melissa Wiley
E57 · Becker Accounting Podcasts
01:00:52·1 month ago
Cool Careers in Accounting Ep. 21 - Beyond Billable Hours: A Formula for Success in Accounting with Mike Maksymiw image
Cool Careers in Accounting Ep. 21 - Beyond Billable Hours: A Formula for Success in Accounting with Mike Maksymiw
E56 · Becker Accounting Podcasts
00:50:47·1 month ago
Balancing the Future Ep. 26 - Unlocking Leadership and Purpose with Jesse Rhodes Jr. image
Balancing the Future Ep. 26 - Unlocking Leadership and Purpose with Jesse Rhodes Jr.
E55 · Becker Accounting Podcasts
00:41:10·1 month ago
Cool Careers in Accounting Ep. 20 - Innovating the Future of Public Accounting with Chris Vanover image
Cool Careers in Accounting Ep. 20 - Innovating the Future of Public Accounting with Chris Vanover
E54 · Becker Accounting Podcasts
00:46:01·2 months ago
Balancing the Future Ep. 25 - Shaping the Future of Internal Audit with Elizabeth Sullivan image
Balancing the Future Ep. 25 - Shaping the Future of Internal Audit with Elizabeth Sullivan
E53 · Becker Accounting Podcasts
00:37:34·2 months ago
Tax News Now Ep. 9 – Community, Collaboration and R&D Tax Incentives with Randy Crabtree image
Tax News Now Ep. 9 – Community, Collaboration and R&D Tax Incentives with Randy Crabtree
E52 · Becker Accounting Podcasts
00:49:51·2 months ago
Balancing the Future Ep. 24 - Blueprint for Belonging: A Guide to Human-Centric Work with Nzinga Shaw image
Balancing the Future Ep. 24 - Blueprint for Belonging: A Guide to Human-Centric Work with Nzinga Shaw
E51 · Becker Accounting Podcasts
00:40:16·2 months ago
Balancing the Future Ep. 23 - Intentional Branding and Growth with Kaplan Mobray image
Balancing the Future Ep. 23 - Intentional Branding and Growth with Kaplan Mobray
E50 · Becker Accounting Podcasts
00:42:26·3 months ago
Cool Careers in Accounting Ep. 19 - From CFO to Whistleblower with Andrew Jordan image
Cool Careers in Accounting Ep. 19 - From CFO to Whistleblower with Andrew Jordan
E49 · Becker Accounting Podcasts
00:40:45·3 months ago
Tax News Now Ep. 8 - Tax Topics with Brian Lovett image
Tax News Now Ep. 8 - Tax Topics with Brian Lovett
E48 · Becker Accounting Podcasts
01:08:15·3 months ago
Cool Careers in Accounting Ep. 18 - At the Intersection of Expertise and Creativity with Kelly Richmond Pope image
Cool Careers in Accounting Ep. 18 - At the Intersection of Expertise and Creativity with Kelly Richmond Pope
E47 · Becker Accounting Podcasts
00:58:44·3 months ago
Cool Careers in Accounting Ep. 17 - Charting a New Path as an Entrepreneur in Accounting with Ryan Watson image
Cool Careers in Accounting Ep. 17 - Charting a New Path as an Entrepreneur in Accounting with Ryan Watson
E46 · Becker Accounting Podcasts
00:49:14·4 months ago
Balancing the Future Ep. 22 - Adaptation and Growth as an Internal Auditor with Mark Salamasick image
Balancing the Future Ep. 22 - Adaptation and Growth as an Internal Auditor with Mark Salamasick
E45 · Becker Accounting Podcasts
00:45:34·4 months ago
Tax News Now Ep. 7 - Tax Topics with Kasey Pittman image
Tax News Now Ep. 7 - Tax Topics with Kasey Pittman
E44 · Becker Accounting Podcasts
01:00:31·4 months ago
Balancing the Future Ep. 21 - What It Takes: Success from Technical to Personal with Sam Johnson image
Balancing the Future Ep. 21 - What It Takes: Success from Technical to Personal with Sam Johnson
E43 · Becker Accounting Podcasts
00:48:26·4 months ago
Transcript

Introduction to Paul Perry's Expertise

00:00:00
Speaker
Thank you.
00:00:09
Speaker
Hey everyone, Mike Potenza from Becker Cool Careers in Accounting Podcast. And I have a really interesting guest today. His name is Paul Perry. And Paul, like a lot of us out there, is a CPA, but he's really dived into another area, the area of technology. So we're gonna hear a lot of great and very interesting things related to cybersecurity,
00:00:30
Speaker
technology risk.

Paul's Educational Journey and Early Career

00:00:32
Speaker
And if you're working for a firm or maybe running a firm, there's a lot of information that he's going to share that you're going to want to know about. So I'd like to introduce my ah friend and our guest, Paul Perry. Paul, thanks so much for being here. Mike, thank you for the opportunity. Glad to be here. Look forward to discussion.
00:00:46
Speaker
I appreciate that. So one of the things I like to do, you know, we kind of sit down and just, you know, having these conversations, you like to get to know somebody a bit. So, you know, I'm a New York guy, but, you know, we meet a lot of people from all over the country. So maybe just give the audience a little information. Where'd you grow up? about Where'd you go to school?
00:01:02
Speaker
Right. So as a kid, I grew up in Tennessee, several cities. My father was in retail, so we traveled a lot. Middle school, high school, I was in South Alabama, a city called Dothan, home of the most peanuts ever farmed comes from Dothan.
00:01:16
Speaker
ah You have to learn to like peanuts when you live there. guess so. And then after graduating from the high school there in Dothan, I went on to college and ah started my career that I'm now into today.
00:01:28
Speaker
Where'd you go to school? Yeah, school. I went to ah Troy University. So it's in South Alabama, actually about 45 minutes away from where I grew where i grew up. And then ah as soon as I went to school, my parents moved to back to Tennessee and they didn't want to have me around anymore. right So in Troy, in Alabama, do they have their own football team? Are you like roll tide? What do you do?
00:01:49
Speaker
Right, so you actually can live in the state of Alabama without being an Alabama fan or an Auburn fan. I didn't know that was allowed. Yeah, you have to sign a waiver. um But the Troy University, smaller school, right? We have a football team. If anybody is listening to this that went to Oklahoma State, we beat you in 2013.
00:02:08
Speaker
13. you remember when Mike Gundy went kind of crazy and he said, I'm a man, I'm 40. That was after the Troy loss of Oklahoma State. Next year, we beat Missouri. We've beaten LSU. So small but mighty school.
00:02:20
Speaker
Excellent. Excellent. Now, big accounting program in Troy. where you Did you know, hey, when I'm going to Troy, I'm going to be an accounting major? Or is this something you decided later on in school? When did you know?

Transition to Professional Life and CPA Success

00:02:30
Speaker
Yeah. So actually, I knew in high school.
00:02:31
Speaker
So in 11th grade, I took an accounting class from ah a teacher who had retired from E&Y. Mm-hmm. and when i took that class i didn't miss a single question on a test um everything that we were supposed to do i got right and that was kind of my entree into okay maybe this is something i can do 12th grade i took another accounting class there were only four of us in the class and um i said you know what this is what i'm going to do and so once i got to troy they have a really good accounting program uh if you remember the um
00:03:02
Speaker
The professor who did a lot of ah CPE training, ah Dr. Tom Ratcliffe, famous for many years. He was the dean of the accounting school. And so went to Troy, great accounting program.
00:03:15
Speaker
He was one of my professors. He wrote a lot of the SARS. And so bringing that into the classroom was really helpful. I can imagine. Wow. And it's pretty good that ah was high school. Was that Tennessee or was that? That was Yeah. OK, that was in Dothan. But I mean, I know a lot of high schools to this day in New York don't have accounting classes. So the fact that you were able to do that and help guide your decision on what you're going to want to do, that's pretty impressive. yeah that was that was really my father and i were sitting there thinking about the electives that we wanted to take and again i to i said he was in retail and he said one day he said you know you should probably understand what deficit credits are you probably need to understand the accounting side he grew up in a family who owned businesses and so they always did all of the accounting for themselves and he said you probably want to learn this and so it was his advice for for that that gave me the ability to jump in do that loved it and
00:04:03
Speaker
went on. But when I got to Troy, i didn't stop with accounting. I had a love of technology. And so I actually graduated Troy with 150 hours, having both a degree in a accounting and information systems.
00:04:16
Speaker
Wow, that was a pretty full docket you had. Yeah, it was. i would go from a I would go from a tax class to a coding class back to an audit class. And so you had to use both left and right side of your brain all day long. Amazing.
00:04:28
Speaker
And the fact that you had a retired EY partner teaching you this, I mean, yeah you can't ask for better than that. No, you can't. and And they really tried to give the love of accounting that they had.

Career Growth at Warren Averitt

00:04:40
Speaker
right And so it really was just one of those things that I was in the right place at the right time. and ah took the class and really fell in love with it and then once once I got to once I got to Troy it just continued on so you graduated was it just bachelor did you do your master's i did not do my master okay so you but you had all those credit I had all the credit hours just sit right and then you go out and you get your first job right so what's your first job out of school so my first job uh was actually working at a bank
00:05:08
Speaker
and i was there for maybe six months um just trying to make ends meet and trying to get by and and it was after that that um i had a old friend who used to recruit me while i was in school um he's a great friend of mine now he actually recruited me to come to his firm and i worked for his firm for about six months and then after that that's when warren avert where i am now called me and and i showed up and been there 21 years now wow two decades later so you have a job or two just a few months till you figured out what's going to be my long-term job so to speak i would even when you took that job you didn't know always was going be that long you did you never know right and and so once i got in there um great place great culture great people and um
00:05:52
Speaker
you You don't stay somewhere 21 years without it being a great place to be. So before we go into that firm, where does the CPA exam fit into all of this and how'd you prepare for that? Yeah. So um CPA exam was one of those things that it took me. I remember calling for my last to set up my last test and and like I had the guy on the phone and I said, hey, can you tell me how many times I've taken this test?
00:06:17
Speaker
And there was too long of a pause for me. and And he gave me the number of how many times I'd taken it. And it was one of those things is like, okay, this is something that's really important. And so it was about a three or four year journey ah to get my CPA exam. And it was one of those things that working with a family, um trying to travel, I was a financial statement auditor, right? So you know how many nights I was out on the yeah on the road and then having to do it all. I mean, it's a real struggle and people still struggle with it today.
00:06:45
Speaker
but Preparing for that, I had some really good colleagues that said, you know what, let's study together. And we would spend you know four and five nights ah four and five hours a night ah every night of the week studying for the exam, ah going over the Becker questions, watching the videos.
00:07:02
Speaker
I got to say, it's surreal for me sitting here talking to you because I remember sitting there going, I really appreciate this guy, but I'm sick and tired of hearing his voice, right? Because it it it was so long and you're so stressed when you're trying to take that exam.
00:07:14
Speaker
ah Come out on the end of it, you know, that was I remember when I passed it I was at a client's office and I stood up I realized I had passed and um the client walked in said hey we got a problem let's go so solve the problem i was like well I didn't really get to celebrate it like I wanted to yeah really right so later on I celebrated it with family but The CPA exam ah means everything and

Specialization in Risk Advisory and Certifications

00:07:36
Speaker
until you get it. And once you get it, it's the it's one of the, if if i had if you had to say, Paul, what are the top two or three accomplishments you've had in in your life?
00:07:45
Speaker
um The family is is one of those. Faith is one of those. And I got to admit, passing the CPA exam, right? And and jumping into this profession that I now love, I i knew I was going to like it. didn't realize how much I was going to love it, right?
00:07:58
Speaker
So that was my CPA journey. It took a while. Yeah, and and that's a testament to perseverance, right? Three to four years. i tell, you know, candidates all the time, sometimes life gets in the way, right? Sometimes people have a lot of times they could pass four parts in six months and yeah, and more power to them. But we're all different. We all have different things going on professionally, you know, personally. So it's just as long as we do it, right? As long as we climb that mountain, that that's ah still the gold standard. And we love to hear those stories. And and it's one of those things where you, there's there's no shortcut.
00:08:30
Speaker
There's no shortcut to something that is that um broad of information and and difficult. And I think what I learned about myself is I have to have a complete deep knowledge of something.
00:08:42
Speaker
because I was never a really great test taker and in in high school or in college, um but outside of accounting, really. right But I have to understand everything from start to finish, and i and I have to have a deep knowledge so that I can answer any question that comes my way. And I think that's what I've learned about myself. And if the CPA exam and studying for it changed anything in me, it was, okay,
00:09:06
Speaker
You're going to tell me to go understand something. I'm going read every book that's ever written. I'm going to understand it so that I can answer any questions given. That's great. So talk to me about Warren Averitt and, you know, the type of work you you do there. Now, I know you're there 20 plus years, so I'm sure it's changed over the years.
00:09:21
Speaker
But maybe give us a walkthrough how your career morphed from auditing into technology. And are there any steps in between? And, you know, what are you doing now for the firm? Yeah, so when I first started, I was a financial statement auditor. So for 11 years or so, I did financial statement audits.
00:09:37
Speaker
I was industry agnostic, so I really didn't have a specialty. A little bit of healthcare care just based on the timing of when I got in there in 2004 and 2005. A lot of healthcare, care but that's how I started my career. But having the IT degree, having the information systems degree, I always looked at things a little bit different. And one of my quick loves became data analytics.

Winning Clients with Expertise

00:09:58
Speaker
Mm-hmm.
00:09:58
Speaker
And our firm at the time didn't really have a data analysis group. And with a colleague of mine oh at the firm, we came up and we created a data analysis group, which is really just a group of individuals within the firm that understand data analytics and can apply it to all clients.
00:10:13
Speaker
Right. And so we're kind of that specialist that that comes in and does those data analytics. And so data analytics was the first. entree into quote unquote technology, right? I'm ah i'm a huge fan of things like Benford's analysis and a relative size factor and all those analytical tools that people will use ah within their day.
00:10:32
Speaker
and That was the entree. And then ah i had the opportunity to raise my hand and take over what's considered, what's called today risk advisory practice, right? Risk advisory and assurance services group. So the risk advisory and assurance services group, anything controls related, our team handles. I got a great team of colleagues ah that we do everything from SOC reporting to cybersecurity assessments, it t exams, ah internal audit, internal controls.
00:10:58
Speaker
ah Peppered in there is as a little bit of ESG when when requested. So if it's a control to an organization, our team understands it, understands how to report on it, understands how to give recommendations, best practices on it.
00:11:11
Speaker
and And that's how it's morphed

Commitment to Education and Cybersecurity Awareness

00:11:13
Speaker
into it. Right. So when they said who can do the IT audits, I said, well, I understand audit and I understand IT. t Let me raise my hand. Foreshadowing. If my father were were're alive today, he would say, I told you those two together were going to be a ah ah great thing in the future.
00:11:28
Speaker
None of us knew that. Right. yeah None of us knew that. But now it is. It's all we can ever talk about is how technology is not changing our profession, how it's adding to the profession. So having that deep knowledge of technology has really helped. So that's what I do for for for Warren Averitt.
00:11:43
Speaker
Yeah. And just the fact, like you said, I mean, we don't know what new technology is coming out next year, the year after. When you raised your hand for that first time, you didn't really have any idea what it's going to lead to, but you raised your hand. Right. And those opportunities really just kind of paved the way to future and to rising in organizations. That's pretty great. Yeah.
00:12:02
Speaker
Now, I just want to take a minute because if I look at your name, we have a whole bunch of letters after your name, right? Now, we all know what CPA is, right? So we're going to skip that one. Now, CITP, CISM, CDPSE. Now, I know the audience is not familiar with all of these. So can you walk me through these three designations?
00:12:23
Speaker
What are they? How do you get them? Why do you need them? Yeah, absolutely. So the CITP, Certified Information Technology Professional. It is an add-on certification that the the AICPA has for what we like to call tech-savvy CPAs, right? We're at the intersection of business. I understand business. I understand finance.
00:12:41
Speaker
But I also understand technology from different aspects. It may be AI. It may be cybersecurity. It may be data analytics. But when I go to a conversation and somebody sees that and they understand it, they're like, okay, this guy can talk to me about finance. This guy can talk to me about accounting, debits and credits, auditing, but maybe he can talk to me about IT t as well.
00:13:00
Speaker
And so that's really why I got that um credential. I now volunteer with the AICPA in in helping with that credential because I think it's extremely important to promote it. But it's one of those that we hope ah is is really helpful for people to say, okay, this person is a tech savvy CPA.
00:13:17
Speaker
ah The other two, CISM, Certified Information Security Manager, and I'm going to butcher this next one, but I'll try to get it right, CDPSE, and I'm putting them together

AI, ESG, and the Future of Accounting

00:13:26
Speaker
for a reason, Certified Data Privacy Solutions Engineer.
00:13:30
Speaker
ah Both of those are are put out by ISACA. It's a great organization around all things IT, t all things technology ah from that perspective. And so As I sat back and I said, I'm doing IT audits.
00:13:43
Speaker
i I understand how to audit. I've got my CITP. I went for the others to show that I understand what business and industry is doing from an information security perspective or a data privacy perspective. right So I wanted to show that I understand that. I don't just come in and audit.
00:14:02
Speaker
maybe I've never worked in an IT department, right? you You do also get a lot of calls, hey, can you come fix my computer? Can you come fix my AV? You know, that kind of stuff. But when it comes to working with our clients, when I'm asking them about ah something information security related.
00:14:18
Speaker
i want them to know that I have the background, that I understand what it is, and I'm not just trying to audit something I don't understand. So I think that was really important. And oddly enough, ah it took me only one try to pass all of those after my after my debacle, if you will, with the CPA exam, ah because again,
00:14:37
Speaker
I said, OK, if I'm going to do this, I've got to learn the body of knowledge. I've got to understand that thing back in front, back to front. And I'm going to pass pass these exams. So that's what those certifications mean. I think it's important. I had a client one time who who made a statement that he said certifications mean that at one point you knew something well enough to pass an exam.
00:14:56
Speaker
And if you kept them, that means you have to do some sort of continuing education to show that you understand that information now. Certifications mean a lot. and And there's a lot of people out there that get them just to get them. um I think they they show what is what is the body of knowledge that I bring to the table for a discussion.
00:15:14
Speaker
and you know when you we you were just talking about the citp and on that very thought that you can talk about anything you share with me a really interesting story about trying to get a new client right and why they decide to go with you on the spot and so maybe you could just kind of retell that so the the story was that we were at at the table we were doing a um proposal and part of it was financial audit part of it was internal controls and part of it was technology And we were at the table and they said, OK, you've told us about the the audit piece. You've told us about the internal controls.
00:15:45
Speaker
ah Can you tell us about the technology? Or can you can you call your technology people to come in and and have that discussion? Because that's apparently what they had to do with the other people proposing. And I said, let's have the conversation right now. I'm all of those things. Right. And so when you put yourself in that position to be all those things to somebody, it's really beneficial in your career.
00:16:04
Speaker
And so I would say that we won that client because I had that ability to have all of the discussions that maybe others had to bring others to the table. Yeah, that's great. And you know being so well-rounded, I mean, there's such a value to that.
00:16:17
Speaker
And that's one of the things I just hope that people out there listening you know always look to increase your skillset. Absolutely. That's what it's all about. Now, you've been doing this for a long time in the working with the AICPA on the CITP and so forth.
00:16:32
Speaker
I believe you are giving a lot of presentations all the time. So Tell me, you know who what audience do you present to? And how do you balance all of those demands with you know running the whole risk advisory and assurance group? Yeah. So um for me, it started out, giving presentations started out as I'd written an article about data analytics. And somebody read the article and said, well, can you can you present this to a group?
00:16:56
Speaker
And I said, sure. And so what came out of that, I was quite nervous at the time. um What came out of that was people asking me specific questions and people coming up to me saying, I didn't understand X. Now I do. Thank you for that nugget.
00:17:10
Speaker
And I think that awoke in me

Vendor Management and Security

00:17:12
Speaker
the opportunity to whatever else I know, and need to educate others, right? It's it's not about anything other than i walk into a room, ah do a presentation, I'm giving, I'm having a conversation.
00:17:24
Speaker
and that's really what I want it to be is a conversation. There's a topic that I understand a little about. maybe i understand a lot about it i walk into a room i give that and if one person walks away with doing something different or if i i get an email or a phone call within a week after that and somebody says hey you told me x we've started doing this this is how it has changed myself my business that's a success for me right and and I've been in this profession 20 plus years, two decades.
00:17:50
Speaker
And when you say it like two decades, it seems like a long time, but I've been in this profession for 20 years. This is my opportunity to give back, right? This is my opportunity to help others understand certain things.
00:18:00
Speaker
And that's really why I do the presentations. ah And people always ask, are you ever going to be an educator in a university? And at the moment, the answer is no, doesn't mean that won't change. But right now,
00:18:12
Speaker
We do a lot of work with clients around IT, t around internal controls. We see a lot of good, man, we see a lot of bad, right? And so the bad is what, or the not done well, is what fuels my presentations.
00:18:25
Speaker
I want to go out there and educate others so that they're not doing that. Learn from others' mistakes, right? And so ah that's really why I do the presentations. And as far as how do you balance that with work, it's just kind of intertwined.
00:18:36
Speaker
um I have found that I am a better um speaker for a proposal for a client or just in general at a conference like the AICPA conference or any other conference I go to because I do presentations, because everything to me is a conversation. Everything to me is just we're having a discussion. We're talking about a topic.
00:18:55
Speaker
I may understand it. And if I do, we can have a discussion. And so it really is an intertwined piece. I am trying to get to the point where you know, I, do I pick and choose sometimes?
00:19:08
Speaker
Um, but you also have to, you know, family comes first. And so you've got to make sure that family is taken care of. You got to make sure work is taken care of. I've got a great set of colleagues that are in my group that, uh, help do what we do and,
00:19:22
Speaker
allows me that opportunity to get out there and speak and do podcasts like this or or others. So that's really why presentations are extremely important to me. So two things you just said in that answer. One was you see a lot of bad out there.
00:19:34
Speaker
And another thing was in your presentations, people get some nuggets.

Leadership and Advocacy in the CPA Community

00:19:38
Speaker
So let's put them together. Give me some nuggets on the bad right now. Cybersecurity, what are some things you see that are happening that should not be happening? Like what are some non-negotiable items that you tell everyone you must do this? Right. Right. So I'm going to go with multi-factor authentication. That's an easy one, right?
00:19:55
Speaker
Everybody says, and I realize the stat sounds made up, but it's true. 99% of all breaches or hacks could probably be stopped with multi-factor authentication. That's one.
00:20:05
Speaker
The other one is education this kind of stuff doing those presentations i've mentioned several times my father was in retail he always used to tell me that the most the three most important things in retail are location location and location and so let's let's take that to uh cyber security awareness the three most important parts of the three most important things you can do in cyber security awareness is education education education you cannot stop having the conversation the companies that i see that have the bad that don't do it well they have not created a culture of awareness
00:20:37
Speaker
because you know what, it's just another topic. It's it's another breach. It's another hack. And it they become numb to it. That's the wrong way to do it. And so I think one of the big nuggets and one of the takeaways is educate yourself, find a podcast, read an article.
00:20:52
Speaker
The article is going to tell you what happened. And you will get to the point of almost playing like article bingo. I know these seven things are going to be talked about. When I find them, I yell bingo. It's it's a weird thing. and and um'm I'm a nerd and I have a degree in accounting and IT. I'm a pretty big nerd.
00:21:07
Speaker
You joined the club. Yeah, yeah, yeah. And so ah that kind of um that kind of conversation has to continue you have to have that and so the companies that we talk to it's all about education and it's all about creating that culture of awareness a lot of presentations i do are around culture i have always said culture eats policy and strategy for lunch right you can have all the policy you want in place you can have all the controls you want in place if your culture is not there you do not have anything right because nobody's you know if if it's how many times have i seen an organization where
00:21:40
Speaker
The president doesn't have to change or the CEO doesn't have to change their password like everybody else does. Right. Now you've created a culture where you're not doing the same thing. You're not held to the same standard. I would say those are the two big negotiables. um If I had to to get into so maybe one more, um it's this.
00:21:58
Speaker
Cybersecurity is not a technology problem. It is a people problem. The technology works the way it's supposed to. It's our misuse. It's our misunderstanding of that technology that creates the breaches and the hacks and things like that. So if you're an organization, education is important. Multi-factor authentication important.
00:22:16
Speaker
But your people are the most important because we're only as strong as our weakest link. We've always heard that. It's kind of cliche, but it's really true in cybersecurity. And if somebody doesn't understand technology, misuses it, then we're all in trouble. Sure.
00:22:29
Speaker
Okay. Now, I don't know if this is in your specific area of expertise, but you're in technology. We know we're on the forefront of ai right now. And one of the things I you know see articles all the time on who says, well, we're not going to need as many accountants in industry anymore because ai is going to do so much of that. What are your thoughts as far as AI, accounting, people, where you see it going? Yeah, and I guess this is the point where I say these are my opinions and mine alone, yeah not those of Becker, AICPA, or Warren Avert, or anybody else.
00:23:00
Speaker
I do a lot of presentations on AI, and I usually start those presentations with a list of the movies where AI has taken over. Mm-hmm.

Personal Insights and Hobbies

00:23:09
Speaker
And humans have solved the day.
00:23:12
Speaker
Think about them. I, Robot, you can name every single movie out there where Eagle Eye was one. Terminator Terminator one, right? It's always the human at the end that has to come back and fix the problem.
00:23:24
Speaker
That's no different than that's almost that we're almost to the point of reality. um What's the term where reality is really what the arts are saying it is right. And this is this is one of those things.
00:23:37
Speaker
A.I. ai is ah is misunderstood. um And two people thinking about AI the same way, one is on chapter two and one is on chapter 20, yet both of them try to apply ai the same way to their day.
00:23:52
Speaker
That is not possible. There is an inequality of understanding, right? So from an AI perspective, we don't all understand the same thing, but we try to use it the same way. And that's where we get bit with AI.
00:24:03
Speaker
To your question, is AI taking our jobs? I have always said, AI is not going to take your job. Somebody using AI might take your job.
00:24:15
Speaker
It's helpful. It's a tool in your tool belt. Do we at some point get to the point where it is thinking like us? Sure. I'm sure somebody listening to this is going to send me a message and they're going to argue and say, we're already there.
00:24:29
Speaker
We're already there in some instances, but it's not widely used. Right. And it's not widely used in that manner. Sure. So AI. Yeah. great thing to understand don't don't put your head in the sand i was speaking to a college one time and uh two people in the front said ai scares me i don't i don't read about it i don't use it i don't talk about it i'm like you're gonna get left behind right you've gotta at least understand what everybody else is talking about so that you can see how it fits into your day and how it can make you a little bit more
00:25:02
Speaker
um Efficient, effective, whatever you want to call it. But you can't you can't ignore something that the world is talking about. Absolutely. That's very well said. Now, another topic you touched upon is you know ESG and sustainability. And we know these are you know relatively new areas where we're trying to improve.
00:25:21
Speaker
But they're also affected by cybersecurity and internal controls. So what do you deal with with respect to the cyber risk

Encouragement for Future Accountants

00:25:30
Speaker
you know in sustainability and ESG? Yeah. So um ESG and sustainability is one of those things that gets polarized for lots of different reasons. And I'm not going to get into the politics of that today because I don't usually do that.
00:25:41
Speaker
When I when I speak on ESG and sustainability, it's middle of the road. It's fact based. Right. There's lots of things. Like if you take the universe of ESG topics or sustainability topics, there's probably 25 or 26 of them.
00:25:54
Speaker
Obviously, environment's one, obviously social, there's governance. But inside governance, you got things like ethics, you got things like culture, right? And so when you think about those things, they help and ah they help people understand how an organization is structured and how an organization is growing and how they are, quote unquote, sustainable, right? Because generations look at organizations and businesses in different light.
00:26:20
Speaker
Some people want to understand everything. Some people say, if it makes me money, I don't care about anything else. Completely hear you and I understand you. Inside the social aspect is cybersecurity.
00:26:31
Speaker
You can't tell me that you want to work with an organization that doesn't care about cybersecurity. We all do. Sure. Right. So you can't tell me that ESG

Conclusion and Acknowledgments

00:26:38
Speaker
or sustainability is not important. There may be one out of 25 that you think, hey, what? Very polarizing.
00:26:44
Speaker
Something I don't want to talk about. Something I don want to be a part of. But at the end of the day, and we're seeing it in Europe, we're seeing it in California, um and it's going to start spreading at some point, is that understanding the sustainability, or now the new word is resilience. The resilience of an organization and how will they be around in 20 years?
00:27:02
Speaker
It's not always about making money anymore. And so you have to understand that. And so from an internal controls perspective, why we're called risk advisory and assurance we look at the risks of a business cyber security control environment and and sustainability and resilience um is is one of those risks that you have to think about and so that's what i would say is is is how they all fit together is understand the risks of your business but understand what you're doing to respond and prepare yourself for those risks excellent now talking still about risks
00:27:36
Speaker
third party vendors, right? we we We know a lot of companies don't have enough resources to do everything on their own. So they're outsourcing different, you know, areas of the business or, you know, bringing in different third party vendors.
00:27:48
Speaker
And there's, of course, a risk there. So what are you seeing, you know, when dealing with all of the controls and the cybersecurity and, you know, the SOC reports that are the biggest risks when dealing with third parties? Yeah, I think the biggest risk with dealing with third parties, and and if you can't tell education is a soapbox of mine. Mm-hmm.
00:28:05
Speaker
The second soapbox is vendor management. A lot of companies don't do it right. And the reason they don't do it right is they don't have the resources. They don't have the understanding. They don't have the time sometimes to do vendor management well. And what that means is when I'm working with a third party, I'm asking them to handle a process or handle information for me.
00:28:24
Speaker
Now, most people will stick their head in the sand and go, their problem, their responsibility. And I always say you cannot you can outsource processes all day long. The thing you cannot outsource is the responsibility.
00:28:36
Speaker
And over the years, I've added the accountability of knowing who you're working with and then understanding. following up with them, right? How many times do we read an article where a company's information got breached, but it had nothing to do with the company, but it had to do with the third party that they didn't know didn't have the right controls, right? So from a third party risk management perspective, and a vendor management perspective, we really have to understand who we're using.
00:29:00
Speaker
and we We're having a conversation at the AICPA engage conference on SOC reporting and third-party risk management, one of the questions was, how far down the chain do I go? right I have third parties. Those are the people that I work with.
00:29:12
Speaker
My fourth parties are the people that work with the people I work with. Fifth party, sixth party. When does it stop? right right And at some point, you have to say, okay, I need to understand who I'm working with. But one of those things is I need to understand how they're understanding who they're working with. Right. If I don't get comfortable, I may say I need to talk to your fourth party. I need to talk to their fifth party.
00:29:33
Speaker
Right. So vendor management, when done well, is is very thorough. You're doing a lot of testing. You're doing a lot of inquiry. ah You're following up with them. You're having conversations, whether it's monthly or quarterly.
00:29:47
Speaker
What you don't want to happen is you don't want to have a third party. that let's just say they do your backups and ah you get you get breached, you have ransomware, you call your third party who does your backups and they say, you know what, we had an issue and we haven't been backing you up for six months. Like you don't you don't want to have that discussion. right and And if I was in the room with the company, I would say, well, how many times did you pick up the phone and call your third party that was doing your backups?
00:30:14
Speaker
If the answer is never, Well, that's on you. That's your accountability. That's your responsibility. So vendor management is extremely important and people need to do it well. A lot of resources out there on how to do that.
00:30:26
Speaker
um But that's just one thing that we see sometimes is not going real well. OK, so you're running this, you know, risk advisory and assurance and you have all these letters after your name and you're dealing with these clients and you're. giving presentations. It sounds pretty demanding.
00:30:41
Speaker
So then you decide, well, you know what? Maybe I will become part of the Alabama State CPA Society and even be the chair of it. Right. Are you kidding me? Is this really something that's happening? And how do you find the time to do that? So um over the years, I have, I guess people would say, and my wife would say that I don't know how to say no. Mm-hmm.
00:31:00
Speaker
um The way I like to look at it more positively is I like to give back. Right? Again, I've said it several times. This profession has given me so much and I want to give back to it. And there's no better way to give back to the profession than to have a voice in different perspectives. Right? Why do I volunteer with the AICPA?
00:31:16
Speaker
Because I have a voice. um So I had the opportunity to to get on the board of the Alabama Society of CPAs. ah This year I was named chair. So I'll be spending the next year as chair. and then after that, a year as vice as as past chair.
00:31:28
Speaker
And for me, it's again, another way to give back, another way to add my voice to the conversation. If you want to make change. show up, be present, talk. so Do you have any passion or change you're looking to do anything on the agenda? Yeah. so I think as chair, one of the things I hope to do is add clarity to what the society does for its members. I think in any association that we're a part of, a value proposition is important.
00:31:55
Speaker
I pay some money. I want to make sure that I'm getting a value for that money. And so I would say over the next year, I hope to add clarity to what the the society does for its members in the state.
00:32:07
Speaker
um One of the big things advocacy, right? Working with lawmakers, trying to understand how we can have a voice, change that voice both locally and nationally. And so I think it's the unsung hero of every association is the advocacy piece.
00:32:23
Speaker
We always see the results. We don't always see how the sausage is made. Right. And so I think adding clarity to that and showing people this is what we are doing on behalf of you.
00:32:34
Speaker
Right. And again, we want to hear from them. We want to talk to them. But ah giving back, it's it's going to be fun. I'm looking forward to it. It's just started. So I look forward to maybe following up with you in a couple of years and let you know what we did.
00:32:48
Speaker
That would be great. I would love to know that. And if there's other people out there that are interested in saying, hey, you know, I don't think our laws are what they should be. I think we do need change, be that voice of change. What's the best way to go out about to influence legislation? Is it the state society or the other other paths? What would you advise? I would advise a state from a from this profession perspective, the state society does a lot of that. Every state society is working with their Capitol Hill on laws for their state. And then once a year or once every two years, all those state societies come together and go to D.C. I got the chance to do that back in.
00:33:22
Speaker
um March of this year and go to Capitol Hill and have those discussions. Right. And so I would say get a part of your state society or find who is influencing, find who is having those conversations with those legislators.
00:33:36
Speaker
um And again, show up, talk about it, um have a passion. There's nothing worse than people showing up and having a passion for nothing. right sure uh we have at our firm we have a bunch of fundamentals 30 fundamentals my favorite one is a passion to win because for me you can show up and work but if you show up with passion man that's something oh yeah right and that's that's that's purpose for people you can feel that passion absolutely people have that without a doubt so All right. So you said, all right, I'm really busy at work, but I'll, you know, chair the state society. But on top of it now, correct me if I'm wrong. I hope I'm wrong.
00:34:11
Speaker
You have two different podcasts you do, The Wrap and Tactical Cyber. Yeah. So talk to me. What's The Wrap and what's Tactical Cyber? Yeah. So I do Education, education, education.
00:34:25
Speaker
And you've got to meet people where they are. You practice what you preach. You practice what you preach. You have to meet people where you are. You have to write articles. You have to do podcasts. You have to do webinars. You have to show up, do in person, because everybody learns differently.
00:34:37
Speaker
We all know that, right? um So I had the opportunity several years ago to co-host with one of my colleagues at Warren Averitt, our Warren Averitt podcast called The Wrap. And what we've said is ah we want to spend 15, 20 minutes talking about a topic, and we want there to be actionable items at the end.
00:34:53
Speaker
We want to tell you what's going on. We want to tell you how to use this information in your own business, in your own firm, whatever it was, whoever was listening. ah We just wanted good business conversation ah with experts, whether they were internal or external, um guest guest speakers to come in on the podcast. And so we have done about 70 or 80 episodes over the years.
00:35:15
Speaker
um it's it's It's still out there. It's still available available to be listened to. on all your favorite podcast platforms. ah We're changing the format a little bit going forward. So it's going to have a ah different name. and It's going to have some other co-hosts.
00:35:30
Speaker
um But again, we have information. We want to educate others. And so we did that. And then Tactical Cyber only has ah started up in the last year. ah very good friend of mine, Darren Mott, he is a retired FBI agent.
00:35:43
Speaker
did a lot of work in the cybersecurity space. ah He has a couple of podcasts and he called me up and he said, hey, i want to do one that's tactical about cybersecurity. There's a lot of talk. There's a lot of policy. Policy can't do anything other than educate us. We want to talk about the tactical, the practical piece. And so we get guests on who are doing something. They have a software, they have a service.
00:36:05
Speaker
They are providing true tactical responses to the cybersecurity threats that society faces. And so they're they're fun. They're fun for me. I enjoy ah that that conversation, that education.
00:36:17
Speaker
Again, just meeting people where they are. you Great. And I am definitely, I want to hear that tactical one that's yeah That's a good That's interesting. um So next thing, you and I, we were having a conversation and we realized we share something in common. We both have a disease. And if you're ever going to have a disease, this is the best one to have because if you eat right, you're okay. It's called celiac disease. Right. We can't eat gluten. We can't eat, you know, wheat, pizza, pasta, things like that.
00:36:42
Speaker
And it sounds pretty bad. And, you know, sometimes it is, but it's not the worst thing in the world. So tell me, how long did you find out about that? And how has that affected your life? Yeah. So um ah one of my daughters um was having a lot of issues where she hurt whenever she ate.
00:36:57
Speaker
And we couldn't figure out the problem. Right. And so we took her to some specialists and some doctors. And we had some some tests run. And it turned out that she had celiac disease. And got me thinking about my childhood. we Nobody used the term celiac disease, right? And I can remember issues that I had growing up.
00:37:15
Speaker
um And so once she determined that she needed to change her diet, um I didn't want her to do it alone, right? And I and i really wanted to kind of be that... that parent that said, I'm going I'm going to walk this journey with you.
00:37:27
Speaker
And so I started, I started that. And by gosh, like the first three to four weeks, I felt so good. It's amazing. It's amazing what happens when you, when that's the problem and you and you don't know it. And then they got me thinking like, wait a minute, like, is this my problem? Right. Cause I've heard it's a hereditary disease. And so it's coming from somebody. And so I went and got tested and ah right on the border, but still an issue. And um so and that's how it's affected me and and you and you say it sounds bad not to eat those things i think a cookie is probably the one thing that i want to have right right and if there is a day where i just want to have a craving i know i'm going to suffer but it's going to be worth it because i'm going enjoy it right that kind of thing so um it's it's a it's it's a it's impacted us in a way that we just have to look at things differently um my daughter
00:38:14
Speaker
she's cringing listening to this right now. But um so she uses that platform when she does pageants. Right. And so the The knowledge, she has a project, it's called the CARE Project, Celiac Awareness Research um Project, and so education project.
00:38:30
Speaker
And so what she does is she educates people on what the disease is. ah And ah food insecurity is something that growing up was always important to me. i had ah i have a stepmom that ran a food bank, and so I got to see the poorest of the poor grow.
00:38:45
Speaker
cry over two bags of food because they didn't they had food insecurity right and so when my daughter was looking for her project and then the celiac thing came up we said you know food is important it's the it's the one thing that as as humans as a society you need to survive there's a lot of people that don't get the adequate food But now with celiac, there's a lot of people that don't get the adequate food that can help save their life.
00:39:09
Speaker
Right. And so it's a lot of education, lot of food donations. We've done some gluten free food drives for local food banks and ah pantries and things like that. And so it's ah it's impacted our family in that. um We now, you know, we we always gave back in certain aspects, but we found something that was passionate because it was dear to us. Right. And so um we want to educate others and help others wherever we can. Love that story. Love that. Give back.
00:39:35
Speaker
So tell me something now about Paul that I don't know. maybe Give me give me a fun fact about Paul or a hobby or something we'd never even think. Yeah. So Paul's Paul's pretty boring. He likes to he likes to read. He likes to play golf when he when he gets the chance.
00:39:47
Speaker
um he He loves spending time with his family. I mean, you know, nothing gives me more joy and, you know, I don't work. I don't live to work. I work to live. Sure. um And i have a wonderful family that supports me in all things. And um they're missing me right now as with the travel. Right. Oh, yeah. um Fun fact, you know, I started my first job was the back end of a bowling alley.
00:40:12
Speaker
i Really? yeah I'm not a. you I'm not a sports guy. Like I didn't play baseball. didn't play basketball, football, things like that. i was a bowler. Um, and so my first job was in the back of a bowling alley. After that, my, my, my next job was retail. I sold men's suits and ladies shoes.
00:40:29
Speaker
Um, and service has always been ah key for me. as if If there's, you know, a couple of things my father taught me, it's service above self. He was a Rotarian, um, and serve others.
00:40:43
Speaker
And it comes back tenfold. And that's kind of how I live my life now is I would much rather sit and sit in the shadows and help others be successful, succeed and serve. And that's that's really um i would say a quote unquote fun fact about me is I love to serve others.
00:40:59
Speaker
Excellent. Excellent. All right. So, you know, just kind of bringing this to a close. Now, you have a whole successful career in the world of accounting. You had a great mentor in high school, which a lot of young students don't have. Right. So if there's someone or, you know, maybe there's a parent out there with children in high school and they're trying to figure out, do I want them to go into accounting?
00:41:19
Speaker
What's the advice you have on what you see as the career in accounting? Is it still a good thing for kids to go into? What kind of advice would you give? Yeah, I would say that it's still, and and i I wouldn't be involved and I wouldn't give back if I didn't think it had a future, right? And so I think accounting, um specifically auditing, specifically debits and credits, the whole notion of what we do on ah on a daily basis, it's not going to stop.
00:41:42
Speaker
what is going to change is what we audit or what we count right because at the end of the day if somebody were to say ai takes over everything well know what ai needs to be kept in check i need to audit that the inputs and the outputs are right i need to audit that the machine's doing what it should be doing so at the end of the day it's a great profession um it is one of the coolest professions around right i saw your your post from the other day and um It really is. And because it's so resilient.
00:42:10
Speaker
I heard ah somebody with the AICPA said, we're usually the last ones to get into a recession, but we're the first ones to come out. That's right. Right. And because we are so resilient and because the calculator, the 10 key all those years ago, you know didn't put us out of business. The spreadsheet didn't put us out of business. AI is not going to put us out of business.
00:42:29
Speaker
ah We just have to keep evolving. And so what I would tell folks that are trying to determine a career, it's it's it's a great one. It's a resilient one. um And ah you can do so much with it.
00:42:41
Speaker
That's what I love about it is um I have colleagues who do something absolutely 180 degrees different than I do. And we're both CPAs. It's amazing. it's And it's amazing. And and that's why ah that's why I've loved this profession. and you know, spoken like a true auditor where I'm a tax guy. and I'm like, you didn't even touch the whole tax side of it. Right. right and And I don't I don't even know spell tax and they won't let me do my own tax. So it's it's one of those things where um it's a great profession to be a part of. You can pick what you do within that profession ah to some degree. It's where your passion lies.
00:43:11
Speaker
And that's where you get the most out of it. Yeah, it's so true. And, you know, just the fact that there's so many people out there that don't realize it's not just sitting in front of a computer and looking at numbers and things like that. I mean, we run businesses and and that's why it's so great. And it's never going away. And I don't care what they say about AI. nope I know we're going have jobs for a long, long time. That is true. That is true. Well, I cannot thank you enough for taking the time out of your schedule to really go over all of this information with us.
00:43:35
Speaker
It was fascinating. I love the whole technology and cybersecurity and how the risk all comes into play. So thanks again for sharing all of your experiences with the audience. Well, thank you very much for the opportunity. I got to tell you, it's a pleasure to sit across the the the table from you and um have this discussion. I look forward to more in the future. So thank you very much, Mike. So do I, Paul. Thank you so much.
00:43:56
Speaker
And for everyone else out there, just remember that if you'd like, you can get CPE credit for this. You just have to go to the link in the show notes. Unless you're a Prime CPE subscriber, then you can just log into your account, finalize it, and you get your credits no problem at all. So hope you enjoyed this episode of cool careers in accounting, and we hope to see you at another episode in the future. Thanks everyone.