According to the Harvard Business Review, “Startup accelerators support early-stage, growth-driven companies through education, mentorship, and financing. Startups enter accelerators for a fixed period of time, and as part of a cohort of companies. The accelerator experience is a process of intense, rapid, and immersive education aimed at accelerating the life cycle of young innovative companies, compressing years’ worth of learning-by-doing into just a few months.”
There are thousands of startup accelerators in the world. Industry-focused, founder-focused, startup stage-focused, or location-based accelerators. Each type of accelerator serves its purpose depending on the needs of the startup. At ByteChek we had our eyes set on one accelerator in particular:
Why AICPA and CPA.com instead of a traditional accelerator?
It’s no secret that Jeff and I have spent a significant portion of our careers focusing on SOC 2 examinations. SOC 2 examinations are governed by the AICPA, and the standards that outline how SOC 2 examinations should be conducted were developed by the AICPA. While we are expanding the ByteChek platform into other frameworks and standards, the foundation of our tool is SOC 2.
With this focus and our experience, we knew that any funding, support, or growth decisions needed to come from organizations and individuals that understand the accounting industry and specifically SOC 2 examinations. The AICPA and CPA.com startup accelerator is the only startup accelerator that offers an intense focus on the accounting ecosystem.
There is a lot of noise (FUD) out there with respect to cybersecurity compliance and SOC 2 software tools. It is easy to forget or misunderstand the role CPAs play in these examinations since most of the SOC 2 automation tools in the industry are only focused on the service organizations undergoing the examination. “Complete your SOC 2 audit in weeks” or “Put SOC 2 on Autopilot” are a few of the catchphrases that you’ll find in the industry. While this sounds great, the reality is that these software tools fall short of their promises. A SOC 2 examination can not be completed on “autopilot” because SOC 2 examinations must be issued by a CPA. CPAs know this can’t be completed on “autopilot” because of the standards that govern SOC 2, and what is required for a complete workpaper (supporting) file.
Since launching ByteChek, we have made it clear that we are focused on both the customer (service organization) and service auditor (CPA). A rare focus in this industry but we are well aware that:
You can’t automate cybersecurity compliance assessments without auditors.
So when we set out to identify the best startup accelerator for us to join, we knew this was the only accelerator for us. We’ve built ByteChek to empower and enable CPA firms to perform SOC 2 examinations in a more secure and technically accurate manner by leveraging an automated software solution built by a team that has performed over 500 SOC 2 examinations. The AICPA and CPA.com startup accelerator is the only accelerator that allows ByteChek to speak directly to the CPAs that are issuing SOC 2 reports.
There are other accelerators that offer more money (most accelerators award cash to winners in exchange for equity), more access to venture capitalists, and in some cases, there are accelerators that offer a pipeline of customers. These are important considerations for many startups out there. However, for a cybersecurity compliance startup focused on SOC 2, the only accelerator that made sense to invest and help grow ByteChek is the AICPA and CPA.com startup accelerator.
What does this mean for CPA firms?
It means when deciding on which SOC 2 automation tool to use, the AICPA, CPA.COM, and ByteChek have made that decision really easy for CPA firms. Every CPA is well aware of SSAE 18, peer review, and other specific AICPA standards or requirements that go into SOC 2 examinations. CPAs don’t take shortcuts on ethics and independence standards in SOC 2 examinations, so working with a tool that not only understands and respects those standards but has the support and investment of the governing body for SOC 2 is a no-brainer.
There are a number of factors to consider when evaluating these tools but one immediate consideration for CPA firms should be understanding who has invested in or backed the startup. This matters because the direction of the startup will be shaped by the guidance, advice, and mentorship provided by these individuals and organizations.
CPA firms are well aware of the digital transformation underway in the cybersecurity compliance space. Accountants are well-positioned to take advantage of the power of cloud computing, automation, and streamlined auditing. However, there has been a slow adoption of these tools due to a lack of trust in the tools being able to make CPAs more efficient but also meet AICPA standards.
CPAs can rest assured knowing that the SOC 2 tool built specifically by a CPA, for both client and CPA firm will be working directly with the AICPA and CPA.com to bring ByteChek directly to the accounting profession. Our work this year with the Association will ensure we remain focused on empowering CPAs to get back to being trusted advisors. We believe that CPAs should provide value, not just spend time on mundane, repetitive tasks. Our platform, as evidenced by being selected for this accelerator, is the only platform dedicated to the efficiency, quality, and accuracy of SOC 2 reporting by CPAs.
What about companies earning a SOC 2 report? What does this mean for these companies?
While CPAs are extremely important and SOC 2 reports cannot be issued without the CPA - we still need a service organization to undergo the examination. Software companies and other service organizations have been clamoring for automated solutions to help streamline and speed up the cybersecurity compliance process. The governance, risk, and compliance (GRC) market is a 32-billion dollar industry because organizations are investing significant money in making compliance easier.
A misconception is that the hardest part of compliance audits is evidence collection. This may have been true years ago since collecting evidence from technical environments was traditionally manual and time-consuming. However, nowadays, you will be hard-pressed to find a cybersecurity compliance automation tool that does not include integrations to help automate evidence collection. It’s table stakes to connect to AWS, Azure, GitHub, JIRA, or other applications where compliance evidence lives. What then is important?
What’s important is whether or not your auditor can leverage the tool to complete your examination. A cybersecurity compliance solution that does not consider the auditor won’t make your life easier as a service organization, in fact, it will make things more difficult. This is due to the duplicative nature of testing that was supposed to be automated. Auditors will request additional evidence and waste key resources time because they cannot utilize the tool to perform their assessment. Is there a clearer indication that a tool will be accepted and widely used than the support and backing of the governing body that your auditors follow?
The ByteChek platform goes well beyond automating evidence collection - within the ByteChek platform, service organizations can complete a NIST CSF-based risk assessment, create system descriptions, create section 4, annual vendor reviews, access reviews, annual policy tests, and much more. We’ve intentionally built our platform to solve the entire compliance process and our participation in this accelerator will keep us on the mission to Make Compliance Suck Less.
We are beyond thrilled to be a part of the 2021 AICPA and CPA.com startup accelerator cohort. The impact this will have on the accounting profession and our customers will be felt for years to come. Reach out to our team today to learn more about what this accelerator program means for ByteChek and the future of SOC 2 examinations.
About The Association of International Certified Professional Accountants and CPA.com
The Association of International Certified Professional Accountants is the most influential body of accounting professionals, representing 657,000 members and students across 179 countries and territories in public and management accounting.
CPA.com is a subsidiary of the American Institute of CPAs and also part of the Association of International Certified Professional Accountants.
"The accounting and finance profession of the future will look very different than it does today. We’re already having to adapt to changes related to regulatory compliance, task automation, AI, blockchain, and more.
The Association and CPA.com Startup Accelerator helps grow startups throughout the accounting ecosystem so the innovators and cutting edge solutions can help transform the profession. Our aim is to strengthen the ability of individual accountants and finance teams to be the go-to analysts, strategists, and consultants that are indispensable to organizations across the globe."
“The best way to predict the future is to create it.”
— Peter Drucker