Bob Jensen's Threads On Assurance Services and Security

What is CPA Performance View?
CPA Performance View is the AICPA's branded version of performance measurement. The AICPA has recognized performance measurement as a growing area that is well suited to the skill sets of CPAs. Thus, we see this as a major component of the future for CPAs, both practitioners and members in industry.

Our focus is to explain the concepts of performance measurement and get CPAs to understand how performance measurement will allow them to perform their roles better by using their current skills to focus on more than just the financial side of an organization. To start this process, we have worked with a number of talented individuals and companies to develop two practice guides - one for practitioners and one for members in industry - a training workshop, software and information about performance measurement.

Performance measurement theory has been around for a long time in a number of different forms. The most widely known methodology is probably the Balanced Scorecard, which was started in the early 1990's by two Harvard Business School professors, Drs. David Norton and Robert Kaplan. For more information on their work, you can visit them at Balanced Scorecard Collaborative.
[Please note, links to other Web sites, here and throughout these pages, are provided for your convenience and do not represent an endorsement by the AICPA.]

Many organizations track their success based solely on past financial performance. While an organization's history is an excellent way to see where it has been, it doesn't say much about where it is going. If a company earned $250,000 or $2 million last year, what in the financial statements leads you to believe they will accomplish the same or better next year? Traditional performance tracking methods focus on: sales, net income, gross margin, return on assets, asset turnover etc., but do not provide the needed information to anticipate the future. It is great news that gross margins are remaining high or increasing, but if customers are unhappy with service and switching to competitors, what good is the information on margins? While financial measures provide an accurate and detailed history, they do not provide guidance for the future.

CPA Performance View is a system that merges the standard financial measures with leading indicators, such as: customer satisfaction, employee training and satisfaction, product quality, sales calls and proposals delivered, etc. By joining the two, you will have the ability to identify critical decision points that can lead to organizational change and better performance, and earnings, for a company.

Using an accounting firm as an example, you could measure past performance by looking at collections, measure current performance by looking at cash flow and the change in accounts receivable, and anticipate future performance by looking at the engagements to be completed and proposals submitted. Each of these measures provides a different focus on the same information, but together provide a more complete picture of the firm's performance.

**SysTrust --- http://www.aicpa.org/assurance/systrust/index.htm**
The AICPA/CICA Trust Services principles and criteria will be released January 1, 2003. The effective date of the new Trust Services principles and criteria became effective for engagements beginning on or after January 2003. Earlier implementation is encouraged.
What are SysTrust Services and Why Should I Get Involved? A Brief Introduction on SysTrust Services FAQs about SysTrust --- http://www.aicpa.org/assurance/systrust/faq.htm SysTrust Principles & Criteria What Skills Do I Need to Provide SysTrust Services? Find out what skills are necessary and what resources are available to enable you to offer SysTrust Services. Getting Started Learn about SysTrust licensing agreement and training opportunities. Marketing and Managing a SysTrust Practice Tips on Marketing and Managing Your SysTrust Practice. What's New with SysTrust Services? New standards, product developments, etc. Systems Reliability Assurance Services Task Force Learn about the Task Force's mission and its members. Frequently Asked Questions about SysTrust Press Room Press Releases, Product News, Fact Sheets, Q&As, Case Studies, Spokesperson Biographies, etc. Contact the AICPA
A good source to look at is entitled "SysTrust and WebTrust Technology Assurance Opportunities," by Anthony J. Pugliese and Ronald Halse, The CPA Journal, 2000 --- http://www.nysscpa.org/cpajournal/2000/1100/features/f112800a.htm How SysTrust Works SysTrust is designed to offer assurance to a broad audience—management, boards of directors, customers, and business partners—about the information systems that support a business or one of its segments. In a SysTrust engagement, a CPA performs an examination, similar to an audit, to evaluate the system’s reliability. A positive SysTrust report attests to the system’s reliability and ability to operate without material error, flaw, or failure during a stated period of time in a specified environment. Clients would be interested in a systems assurance examination for some of the following reasons: Internal and external users can lose access to essential services because of system failures and crashes. Systems can be vulnerable to viruses and hackers because of unauthorized system access. System failure can result in loss of access to system services or loss of data confidentiality or integrity. Negative publicity in the wake of high-profile system failures can undermine customer and investor confidence. SysTrust can benefit a business’s day-to-day operations in the following scenarios: A company is trying to win a major contract as a supplier to a corporation that uses just-in-time (JIT) inventory management. A SysTrust report that demonstrates the reliability of the company’s systems and shows its capacity to be a dependable partner in the JIT environment enables the company to differentiate itself from its competitors. A company decides to outsource its human resources, payroll, and other employee-related systems. To ensure smooth operations, it insists that any successful bidder maintain unqualified SysTrust reports on the outsourced systems. A retailer qualifies for a discount on business interruption insurance because its SysTrust report attests to the reliability of its inventory management systems. When technology problems at foreign subsidiaries cause trouble for an international company, its audit committee decides to adopt the SysTrust principles and criteria as a minimum standard for key subsidiaries. In a SysTrust engagement, a system is divided into five elements: Infrastructure, such as hardware and facilities Software, including operating systems, utilities, and business applications software n People, who operate and use the system Procedures, which can include information system backup and maintenance or input procedures. Data, or the information that the system uses and supports. Together, these elements form a system that provides the information that the business needs to function and supports management in long-term decision making. Four essential principles comprise a SysTrust engagement: Availability. Does the system operate in accordance with the business requirements? Is it accessible for routine processing and maintenance? Security. Is the system protected against unauthorized access? Integrity. Does the system process information completely, accurately, in a timely manner, and in accord with the required authorization? Maintainability. Can the system be updated to provide continued availability, security, and integrity? SysTrust standards also include 58 underlying criteria that establish the specific control objectives a system must meet to be considered reliable. Under the version 2.0 SysTrust Principles and Criteria for Systems Reliability exposure draft, practitioners can report on any of the SysTrust principles in an individual engagement, depending on the client’s needs. SysTrust version 2.0 also offers guidance on testing systems in the preimplementation stage. In addition, it covers agreed-upon procedures and consulting engagements. SysTrust examination-level attestation engagements are performed in accordance with Statements on Standards for Attestation Engagements No. 1, Attestation Standards (an examination-level engagement must be performed to issue a SysTrust report), and are also covered by the AICPA Code of Professional Conduct. At the conclusion of a SysTrust engagement, the CPA gives the client a reporting package that includes an attestation report, a system description, and an assertion about the effectiveness of controls over the reliability of the system.

WebTrust --- http://www.aicpa.org/assurance/webtrust/princip.htm

WebTrust

WebTrust is the accounting profession's answer to concerns relating to electronic commerce. WebTrust is based on Trust Services Principles and Criteria, which constitute professional guidance and serve as best practices for electronic commerce. Using these Principles and Criteria either separately or in combination, CPAs can offer a range of advisory and assurance services to help either clients or employers address security, online privacy, availability, and confidentiality needs. Three broad categories of WebTrust include information protection (including customer and employee privacy protection), transaction integrity assurance, and business practice disclosure assurance.

What Are WebTrust Services and Why Should I Get Involved?

An overview of the WebTrust(SM) Service that can be offered to clients who want e-commerce assurance. Learn More>>

Marketing WebTrust Services

Helpful tips for CPAs who wish to market WebTrust (SM) Services to their clients. Learn More>>

What Skills Do I Need to Provide WebTrust Services?

CPAs have skills in evaluating evidence, determining the effectiveness of internal controls, and reporting to third parties on the results of the work performed. Learn More>>

Getting Started

Find out how to get started providing WebTrust (SM) Services to clients. Learn More>>

WebTrust Testimonials From Members and Their Clients

WebTrust (SM) services have helped clients with their e-commerce activities. Learn More>>

FAQs About WebTrust

Review these Frequently Asked Questions and Answers to learn more about WebTrust (SM) Services. Learn More>>

Who competes with Webtrust? --- Click here for comparisons!

Options for Providing Consumer Assurances
CPAs and their clients have three basic options to provide Web-based privacy, reliability, and security assurances to customers.

Self-Reported Assurances. Online businesses can devise policies, implement security measures, and then, if their managers so desire, inform consumers about these actions.
Government Regulation. Government agencies might recommend or regulate Web-based business actions under the guise of consumer protection.
Third-Party Assurance Services. A Web-based business can support online industry self-regulation via third-party certification of Web sites.

In fact, some firms or organizations are actively pursuing each of these options, and each option is associated with costs and benefits.

A Comparison of Third-Party Assurance Services
A number of third-party assurance seals are appearing on various Web sites today. CPAs actively participate in several such programs by offering either the assurance service or by providing dispute resolution services. Commonly found seals offering some level of assurance for customers include WebTrust, TRUSTe, BBBOnline, and BetterWeb. Other seal programs exist but have not yet achieved the recognition for assurance associated with these four.

WebTrust <www.cpaWebtrust.org>
The American Institute of Certified Public Accountants (AICPA) and the Canadian Institute of Chartered Accountants developed one of the older and strongest assurance programs for online businesses, WebTrust, in 1997. This program is the only one that requires the certifier to be a specially trained and licensed reviewing agent. The AICPA has licensed approximately 175 firms in the United States and an additional 75 firms in other countries to perform WebTrust services. WebTrust has an alliance with VeriSign, a company that provides digital identification and a seal for Web sites that have passed the review of the WebTrust agent. VeriSign lists all the firms that have received WebTrust seals on its Web site; as of May 2000, 27 Web sites have been WebTrust certified.

The WebTrust review process is very comprehensive and correspondingly expensive compared to the other assurance seal programs. The cost of obtaining a WebTrust seal can range from thousands to millions of dollars, depending on the number of transactions audited, the complexity of the Web site, and other factors.

Under the WebTrust process, a CPA reviews the Web site's technology, security, and business practices. Business practices encompass, for example, the online business' policies for sales returns, shipping costs, transit time, and so on. The WebTrust agent examines transaction integrity to be sure that the firm actually processes and bills its electronic orders or handles its electronic messages appropriately. Effective controls to provide reasonable assurance of sound business practices are to be in place and are examined. In addition, the Web site must protect consumer information via methods such as encryption, firewalls, physical facility safeguards, and other appropriate controls. Web sites must offer choices to customers about use of their personal information. Either opt-in (e.g., the use of check-off boxes for activities in which the consumer wants to be included) or opt-out (e.g., the use of check-off boxes for activities in which the consumer does not want to be included) choices must be available on the Web site. Further, Web sites must give consumers opportunities to review and contest personal data. Thus, a WebTrust-certified site discloses its actual business practices; it has internal controls that assure satisfactory handling of customer transactions; and, it maintains controls that provide reasonable assurance that confidential consumer information is protected from uses that are not related to the entity's business.

Undergoing a WebTrust certification process helps businesses by enhancing consumer confidence, which should lead to increased revenue. The process also provides a WebTrust-licensed CPA with a basis for providing sound advice for strengthening a client's online business activities. WebTrust seals involve an ongoing review process to ensure that the seal-holder's online business practices continue to meet WebTrust standards. Webtrust CPAs update the certification reports at least once every 90 days. A Web site user who is interested in knowing details about the firm's policies can read the most recent report online. If consumers have complaints about a WebTrust certified business, they can contact the issuing CPA directly, who will act as a liaison to the certified firm.

TRUSTe <www.TRUSTe.org>
Also founded in 1997, TRUSTe's developers were the Electronic Frontier Foundation and the CommerceNet Consortium. TRUSTe is an independent, nonprofit organization whose mission is to build users' trust and confidence in the Internet. To accomplish this mission, TRUSTe is involved with educational efforts, assurance services, and oversight activities. TRUSTe is probably the best known assurance seal service; it issued its 1000th seal in January 2000. Cost is based on the online business' annual revenues, and ranges from $299 to $6,999.

TRUSTe's assurance certifications are focused primarily on the privacy of consumer information. However, TRUSTe defines privacy to include selected security aspects. The organization's procedures assume that no one privacy policy will work for all firms. Thus, TRUSTe requires disclosure of each certified business' particular policies, typically displayed when a site visitor clicks on the "trustmark" or seal. If a firm needs help in creating its privacy policy, TRUSTe has made wizards available to help generate a customized privacy statement for that firm.

TRUSTe's review process examines whether the firm's privacy policies are in line with fair information practices and are posted. TRUSTe expects the site to disclose the information that is being gathered about the consumer, how it will be used, with whom it will be shared, and how to verify, update, or correct personal data. TRUSTe Web sites must allow consumers to opt-out of internal secondary uses of their data and third-party distribution of their data for secondary uses. Further, procedures must be in place to protect a user's information from loss or misuse.

After issuing a seal, TRUSTe monitors the seal-holding Web site on a quarterly basis. The organization plants identifiable records on Web sites and observes the consequences to see if the Web site is violating its policies. All TRUSTe members have agreed to comply with its dispute resolution process, and TRUSTe will act as a liaison between the consumer and the licensed firm in case of consumer complaint. Suspected policy violation investigations may trigger an onsite compliance review.

Currently, TRUSTe arranges for PricewaterhouseCoopers or KPMG to conduct the compliance reviews. In addition, TRUSTe is currently working with Ernst & Young on an enhanced verification approach.

BBBOnline <www.bbbonline.org>
Founded in 1998 with its first seals issued in 1999, BBBOnline is a subsidiary of the Better Business Bureau (BBB). BBBOnline's assurance services benefit from the aura of the BBB, which has nearly ninety years of experience in voluntary self-regulation and consumer-dispute resolution. As with other seal programs, BBBOnline provides an online, searchable database of businesses that it has deemed trustworthy.

BBBOnline offers two different seals for Web sites: a Privacy seal and a Reliability seal. In general, the Reliability seal relates to the "bricks-and-mortar" BBB program. To receive a reliability seal, a firm must be a BBB member. Thus, this seal identifies online businesses that are associated with honest advertising and fair treatment of customers.

An online business must not have an unsatisfactory record with the BBB to be considered for a separate Privacy seal. Then, the review process focuses on the privacy policies of the Web site. An organization's privacy policies must meet BBBOnline's core principles for disclosure, choice, and data security, and the organization must post its policies on its Web site with clear links on Web site pages. Sites must undergo annual self-assessments of their security policies, and BBBOnline monitors sites on a random basis. Certified sites agree to the mandatory dispute resolution procedures of BBBOnline. Annual cost for this assurance service is inexpensive; ranging from $150 to $5,000 based on annual revenue. BBBOnline gives a 50 percent discount to businesses that also participate in the BBB Reliability program. Currently, BBBOnline has granted more than 500 Privacy seals and more than 5,000 Reliability seals.

BBBOnline offers opportunities to professional organizations for co-marketing of the BBBOnline seal. The partnered organization must commit to promoting good privacy practices and to educating their members about the Privacy seal program. Association members then receive discounts on the annual Privacy seal fee, making it even less costly to some online businesses.

BetterWeb <www.betterWeb.com>
PricewaterhouseCoopers has recently developed an assurance seal program called BetterWeb. This program offers certification to firms whose policies are disclosed according to the BetterWeb standards. PricewaterhouseCoopers officially launched BetterWeb in December 1999 and has certified eight sites as of May 2000. BetterWeb is a relatively costly service with an annual fee of approximately $15,000 per site.

The BetterWeb program examines policies regarding sales terms (if applicable to the online business), privacy and security of consumer information, and customer complaints. If a site is certified, BetterWeb assures that policies in these areas exist and are readily accessible to the site visitor. BetterWeb does not provide consumers any assurances about the effectiveness of a firm's internal controls or adherence to its posted policies. With respect to consumer complaints, the online business must post contact information and provide a timely confirmation of complaint receipt to the correspondent. BetterWeb does not act as an intermediary in the dispute process. Table 3 provides a summary of the services and features of the major third party assurance seals discussed above.

Other Third-Party Efforts
Initiated in December 1999, the Secure Assure model is quite different from the previously discussed programs. While these other seal programs all require posting of firm-specific policies, SecureAssure does not permit its affiliates to have independent policies in areas covered by its seal. All seal holders must agree to follow the SecureAssure standards for accountability, security, dependability, and legitimacy in addition to limitations on collection, use, and distribution of personal information.

Many CPA firms also offer online business reviews leading to opinions on the adequacy and reliability of controls related to operational and privacy issues. Except for PricewaterhouseCoopers' BetterWeb Seal, these efforts have not been directed at branding a specifically identifiable emblem. Also, a number of other seals are available that do not include reviews of policies, compliance reviews, or dispute-resolution processes. Some are free, and some require a minimal fee for listing a Web site in what is essentially an online database of members. Examples include Multicheck, PublicEye, and Netcheck Commerce Bureau.

Enonymous.com is a Web site that offers related but somewhat different services to consumers. Enonymous rates online sites on the comprehensiveness of their stated privacy policies. Sites do not have to be members and compliance with stated policies is not examined. Enonymous provides free software that resides on the consumer's computer and places an icon on the computer screen. When the consumer is visiting an online business, a click on the Enonymous icon provides a rating of the online business's privacy policies. Enonymous assigns an online business's privacy policies from one to four stars. As net-businesses grow, consumers should expect additional seal-branding efforts.

Conclusion
Consumer concerns about the legitimacy and operational aspects of online businesses and the use of personal information certainly are warranted. Assurances range from comprehensive to very narrow just as the cost of being certified ranges from inexpensive to costly. At the present time, the more costly assurance services, WebTrust and BetterWeb; have the fewest certified Web sites. Because BetterWeb is relatively new, its market potential is difficult to assess. WebTrust, on the other hand, is one of the oldest Web site assurance services. Evidently, the marketplace does not perceive that the extra value associated with WebTrust is worth the additional cost. The AICPA and WebTrust licensed CPAs need to promote the advantages of WebTrust's more comprehensive assurance services if this program is to grow.

CPAs, with their understanding of assurance services, are in a unique position to assist clients in choosing among competing Web site certification programs. In addition, CPAs can aid clients in developing policies that are appropriate for the assurance seal required. In the event that legislation is passed requiring compliance with online privacy practices, CPAs must be ready to help clients meet the requirements.

**Update on EderCare Assurance Services --- http://www.aicpa.org/pubs/tpcpa/jan98/elder.htm**
Eldercare services were launched in 1998 as assurance services aimed mainly at nursing home clients. CPA firms were urged to provide attestation services with respect to quality of care promised by the nursing homes. Eldercare services since then has expanded into financial planning services for the elderly. This is less of an assurance service and more of a consulting service. The AICPA does not seem to keep its site very up to date regarding eldercare assurance services, but some CPA firms are still providing these "non-accounting" services using specialists other than accountants. Practitioner's Resource Guide --- https://www.cpa2biz.com/CS2000/Products/CPA2BIZ/Publications/CPA+ElderCare+-+PrimePlus:+A+Practitioners+Resource+Guide.htm I snipped this link to http://snipurl.com/EldercareGuide Lessons Learned --- http://www.aicpa.org/pubs/tpcpa/dec2003/lesson.htm

**Financial Statement Assurance in an E-Business Environment**
Risks uniquely present in an e-business environment. Networked transactions Changing technologies that can tank a business overnight Soft assets dominate hard assets Ever-evolving series of mergers and acquisitions Short and high-risk product life cycles Young and inexperienced labor force Success or failure may ride on one person or a few key people Lack of management focus on cost control Successions of losses do not necessarily impair a going concern (provided investors are willing to keep infusing the business with cash) Substantive testing in audits may not be practical or feasible (see Statement on Auditing Standards [SAS] 80, Amendment to SAS 31, Evidential Matter)

**New Forms of Assurance to Facilitate E-Business**
AICPA formed the Special Committee on Assurance Services (SCAS) in 1994. After a careful analysis of demographic and other trends, this committee concluded the following: Your marketplace is changing. Multibillion-dollar markets for new CPA services are being created. Investors, creditors, and business managers are swamped with information, yet frustrated about not having the information they need and uncertain about the relevance and reliability of what they use. CPA firms of all sizes--from small practitioners to very large firms--can help these decision makers by delivering new assurance services. (AICPA Web site, "Assurance Services," www.aicpa.org). The Elliott Committee (named after its chair, Robert K. Elliott) identified six new service areas considered to have high potential for revenue growth for assurance providers: Risk Assessment Business Performance Measurement Information Systems Reliability Electronic Commerce Health Care Performance Measurement ElderCare The work of the Elliott Committee was followed by the appointment of the ongoing Assurance Services Executive Committee, chaired by Ronald Cohen. This committee is charged with the ongoing development of new assurance services and the provision of guidance to practicing CPAs on implementing the services developed. Information Systems Reliability Assurance Electronic Commerce Assurance. Business-To-Consumer Assurance CPA/CA WebTrust (Joint Venture of AICPA and CICA) Business Practices and Disclosure--The entity discloses its business and information privacy practices for e-business transactions and executes transactions in accordance with its disclosed practices. Transaction Integrity--The entity maintains effective controls to provide reasonable assurance that customers' transactions using e-business are completed and billed as agreed. Information Protection and Privacy--The entity maintains effective controls to provide reasonable assurance that private customer information obtained as a result of e-business is protected from uses not related to the entity's business. Proprietary E-Business Audits Privacy Audits Business-to-Business Assurance Assurances against service disruptions and product shipments CPA/CA SysTrust (Joint Venture of AICPA and CICA) Availability--The system is available during times specified by the entity. Security--Adequate protection is provided against unwanted logical or physical entrance into the system. Integrity--Processes within the system are executed in a complete, accurate, timely and authorized manner. Maintainability--Updates (upgrades) to the system can be performed when needed without disabling the other three principles. SAS 70 Reviews of Service Organizations (extended to B2B Risks) SAS 70, Reports on the Processing of Transactions by Service Organizations, was issued to provide assistance in the auditing of entities that obtain either or both of the following services from an external third party entity. Executing transactions and maintaining related accountability Recording transactions and processing data Internal Controls Risk The financial statement assertions that are either directly or indirectly affected by the service organization's internal control policies and procedures. The extent to which the service organization's policies and procedures interact with the user organization's internal control structure The degree of standardization of the services provided by the third-party to individual clients. In the case of highly standardized services, the service auditor may be best suited to provide assurance: however, when the third-party offers many customized services, the third-party auditor may be unable to provide sufficient assurance regarding a specific client. SAS 70 provides for two reports the service auditor can provide to the user auditor concerning the policies and procedures of the service organization: Reports on policies and procedures placed in operation. Reports on policies and procedures placed in operation and tests of operating effectiveness. Other Potential New Services to Facilitate E-Business Value-Added Network (VAN) Service Provider Assurance Evaluation of Electronic Commerce Software Packages Trusted Key and Signature Provider Assurance Criteria Establishment Counseling Services The AICPA's Assurance Services Website is at http://www.aicpa.org/assurance/index.htm

**Major Constraints and Considerations**
Competencies Required Competition Jeopardy to Public Accountancy's Image of Independence and Professionalism Legal Risks

Auditing Firm Revenues and Services (I think the data are suspect in this article) ---
http://www.usubscribe.com/order.cfm?tid=12560&gtse=goog&GTKW=Accounting+Today

August 26, 2005 message from Jim Borden

I was wondering if anyone might be able to help me respond to the following question I received from a student:

"I had a quick question concerning Chapter 1. The text states that consulting is the area of highest growth for public accounting firms. Isn't that misleading considering that most firms gave up their consulting business to conform with SOX?"

I was trying to look for some up to date stats on what percentage of the Big 4's revenues are audit versus non-audit, and how that percentage has changed over the past 2-3 years. Any suggestions? Thanks,

Jim Borden
Villanova University

August 26, 2005 reply from Bob Jensen

Hi Jim,

I’m not a whole lot of help on this, and I would appreciate it if you would let me know what you find out. You might put this one out to the AECM.

I currently do not have great free sources of this information. It is likely to be available to subscribers at http://www.auditanalytics.com/

PwC has a helpful table at http://www.pwc.com/extweb/aboutus.nsf/docid/8f6f5cb458a82d4c85256f350064cd9d
I suspect PwC will share prior-year tables with you.

Aggregated Revenues of PricewaterhouseCoopers Firms by Service Line

Service Line

At FY04
exchange
rates

(USD Millions)

FY04

FY03

% Change

Assurance

8,713

7,433

17.2%

9.6%

Advisory

3.077

2,709

13.6%

6.3%

Tax

4.464

4,197

6.4%

-0.2%

Net Revenue from Continuing Professional Services

16,254

14,339

13.4%

6.1%

Expenses Billed to Clients

1,317

1,137

15.8%

6.3%

Gross Revenue from Continuing Operations

17,571

15,476

13.5%

6.1%

Discontinued Operations

344

-91.5%

-92.3%

Total Gross Revenues

17,600

15,820

11.3%

3.9%

FY04 revenues are expressed in US dollars at average FY04 exchange rates. FY03 revenues are shown as originally reported last year at average FY03 exchange rates.

Fiscal year ends 30 June.

FY03 Service Line revenues have been reclassified to reflect the new Service Line structure, which came into effect in 2004. Tax figures include correspondent law firms where regulations permit.

Discontinued operations represent businesses disposed of during the year, principally affecting Tax services revenues of firms in Europe.

Whereas E&Y and PwC sold their consulting divisions to Cap Gemini and IBM respectively, KPMG went public with KPMG Consulting in an IPO. The company's symbol is KCIN on NASDAQ. It experienced huge cash flow difficulties in 2001 following the IPO --- http://www.businessweek.com/magazine/content/01_21/b3733096.htm
You can get current information in KCIN at http://biz.yahoo.com/ipo/p/kcin.html

As of February 8, 2001, KPMG Consulting, Inc. is an independent consulting company and no longer affiliated with KPMG LLP. Hence, KPMG's subsequent non-tax advisory services exclude consulting revenues of KCIN.

You can download KPMG’s 2004 Annual Report from http://www.us.kpmg.com/microsite/attachments/IAR_04.pdf
On Page 43 of that report, I'm a bit surprised that audit revenues in 2004 slipped to only 48% of total revenue whereas non-tax advisory services hit 29% of the $13.44 billion in revenue after selling off its consulting division.

Similarly, KPMG reported its 2003 non-tax advisory revenues as 27% of its $$11.16 billion in total revenues. The Accounting Today article reports zero KPMG consulting revenues such that I find it hard to reconcile the 27% versus 0%. Since the Accounting Today article reports KPMG's revenue as 67% for audit and 33% from tax

Hi Jim,

I’m not a whole lot of help on this, and I would appreciate it if you would let me know what you find out. You might put this one out to the AECM.

I currently do not have great free sources of this information. It is likely to be available to subscribers at http://www.auditanalytics.com/

PwC has a helpful table at http://www.pwc.com/extweb/aboutus.nsf/docid/8f6f5cb458a82d4c85256f350064cd9d I suspect PwC will share prior-year tables with you.

As of February 8, 2001, KPMG Consulting, Inc. is an independent consulting company and no longer affiliated with KPMG LLP. Hence, KPMG's subsequent non-tax advisory services exclude consulting revenues of KCIN.

PwC has a helpful table at http://www.pwc.com/extweb/aboutus.nsf/docid/8f6f5cb458a82d4c85256f350064cd9d
I suspect PwC will share prior-year tables with you.