Case studies for advisory & audit practices | Fieldguide

Aprio drives digital transformation with PCI & HITRUST engagements - Case Studies - Fieldguide

Written by Admin | Oct 3, 2024 12:05:00 PM

Aprio is a premier business advisory and accounting firm that delivers assurance, tax, and advisory services to clients across the globe. With over 1,800  team members, it is a nationally recognized business advisory and CPA firm that has ranked #26 on the IPA Top 100 Firms list and #1 as the Fastest-Growing Firm in the U.S. by Accounting Today. As one of the few firms that can offer ISO, SOC reporting, HITRUST, and PCI Data Security Standard compliance, Aprio’s Information Assurance Services practice is uniquely suited to streamline reporting for clients that must manage multiple certifications.

Increasing cyberattacks, resource challenges, and new technologies such as artificial intelligence (AI) are driving dramatic changes in the accounting and advisory industry. Yet one of the most significant trends that Aprio has seen in their work is the exponential increase in client expectations. This shift in client expectations is evidenced by the way business buyers are increasingly adopting a consumer mentality, expecting their B2B customer journey to mirror the modern, frictionless experiences they have with B2C vendors like Amazon, Spotify and Zoom.

Trends and Challenges

While Aprio has always placed a premium on a stellar client experience, Shane Peden, Managing Director of Information Assurance Services, elaborated that there are several specific shifts that the firm is seeing with their clients:

  • Integration: “Clients are now placing a greater emphasis on integrating or working within newer security audit and compliance management tools to streamline the assessment process.”
  • Automation: “We see clients striving to drive more automation and reduce “heat loss” - wasted effort or non-value added work - that typically occurs with manual processes or interactions.”
  • Multiple standards: “With the proliferation of standards, our clients are making a huge push to leverage a unified control set across multiple assessment requirements like HITRUST and PCI DSS, so clients are not as burdened with assessment testing and information requests.”

Shane and his Information Assurance Services team faced a few challenges in optimizing a great client experience. While the team had been successful with their own custom-built application, it was becoming increasingly difficult to automate manual assessment work with their HITRUST and PCI engagements. PCI and HITRUST engagements are unique from other Aprio engagements since they have specific reporting requirements and use proprietary reporting and software platforms. These challenges resulted in sub-optimal automation processes and an unnecessary QA burden across the practice to ensure their engagements were meeting their standards.

The advent of PCI DSS v4.0, notably the extensive 500-page PCI Report on Compliance (ROC) template, underscored the necessity for an upgraded approach to accommodate evolving complexities of not only their PCI engagements but all other work that the Information Assurance Services team was driving. According to Shane: “We recognized the need to transition from our home-grown platform to maintain an exceptional client experience. Devoting time to updating and managing our custom solution would divert resources from client interaction."

The Solution

Aprio employs a series of strategies to address these challenges in their Information Assurance Services practice, particularly in the context of PCI and HITRUST engagements:

  • Streamline client communication by presenting clients with a common set of milestones and objectives across all their engagements.
  • Increase team effectiveness by automating and templating practices and processes as much as possible, which enables anyone on the team to excel and manage engagements. According to Shane: “Standardizing helps our more junior staff hit the ground running, while senior members and partners have more free time to pursue strategic work, including working more closely with our clients.”
  • Improve engagement quality and firm agility by replacing custom home-grown tools with best-in-breed engagement software.
  • Gain economies of scale on large enterprise clients by cross-mapping common requirements, processes, and documents across engagements.
  • Drive staff productivity and retention through a robust training program that reinforces best practices across the organization.
  • Differentiate the firm by showcasing highly leverageable, repeatable best practices to attract additional work from both existing and prospective clients.

Fieldguide is the cornerstone of Aprio’s client-centric strategy, enabling the firm to standardize best practices and transform the client experience. Fieldguide is critical in helping the Information Assurance Services practice to completely redefine their service delivery approach. Shane stated: “What makes Fieldguide unique in solving our challenges is its cloud-based platform approach, as opposed to a more rigid offering we’ve seen from others. Fieldguide has really allowed us to think outside the box and leverage the platform in many ways that we never thought of to transform the client experience.”

Results

Because Fieldguide has helped the firm standardize their best practices, Aprio has been able to lower their overall costs through the automation of previous manual processes, freeing up work from senior members and partners to less experienced teammates, and reducing the QA burden that previously required Director or Partner review. Fieldguide has also been instrumental in helping the Information Assurance Services team achieve their goals of streamlining security and privacy compliance reporting and certifications for clients.

‍“We work with many clients across multiple engagements and different types of engagements, so having an easy way for clients to see what’s going on is essential for smooth communication and managing client expectations. Making sure multiple Aprio teams have a standard way to manage engagements further ensures that our clients have a five-star experience."

Aprio's journey exemplifies how digital transformation and adherence to client expectations can revolutionize service delivery. Through strategic alignment, the adoption of cutting-edge platforms like Fieldguide, and the fostering of a culture of excellence, Aprio has achieved its goal of delivering stellar client experiences while optimizing internal processes. According to Shane: “I would definitely recommend Fieldguide to any of my peers looking to drive a client-centric strategy. We have benefited tremendously from the additional structure, automation, and improved assessor and client experience Fieldguide adds to our PCI and HITRUST engagements.”

APRIO, the Aprio pentagonal pinwheel logo and “PASSIONATE FOR WHAT’S NEXT”, are registered marks of Aprio, LLP.