October 2022

minute read


Automation and adoption with intention

With tax season just behind us—well, almost—remember that one tax return where the client digitally uploaded all their source tax documents, those documents were added to your document identification software, you dropped the numbers in the return, finalized it, and produced your digital copies along with the copies for the client’s digital signature on the 8879 and then they paid you electronically?

Wow. Now those are the kinds of returns you like; it took just about an hour, start to finish, and you billed the client $600.

You know the return I’m referring to: nice automation, strong profitability and not too taxing (heh, a little play on words there) for the staff.

But the reality of a perfect return is that in most firms, it’s not the norm. It just doesn’t happen that way every time on every return. Why not? Because, to be honest, we don’t take the time to train clients appropriately. We mostly let them do what they want. On occasion, they do it just right and it turns into the perfect return. But in today’s technological environment, the opportunity is even better than described above, because there’s more automation available than we know and/or are taking advantage of—and the result is tough tax seasons.

I’ve been pushing hard against too many tax returns during tax season for several years now. I think it’s destroying firm culture and ultimately leading to a staffing shortage. But before you can truly get a handle on the right amount of tax returns for your firm, you first need to maximize the end-to-end automation of the return and ensure complete adoption of the process by your firm and clients.

However, the typical firm I see half-asses (there, I said it) automation and adoption, which arguably leads to only a slightly better outcome. That’s why I think it’s time to go all in by maximizing efficiency to gain a real read on exactly how much time it takes to complete a return and just how many returns is the optimal amount for your firm. The first step is not necessarily to fire or sell off most of your tax returns, although that may end up being a part of the solution. The first step is to address efficiency and adoption.

If you don’t go all in, you’re leaving a lot of time, energy and money on the table. Especially if you’re trying to create a culture where your team is not being overwhelmed by busy season.

The all-in

To go all in, you need to do two things:

  1. Adopt an end-to-end tax return preparation technology stack designed for a modern tax preparation practice. This will require changing the way you do things today. Automation efficiencies are only gained when you take as much friction out of a process as possible. Be open-minded, and then do the work to train your team and your clients in your tax process.
  2. Assign a person (or persons) in your firm to be the Smart Client Manager and Client Communications Manager. These are the person(s) who thoroughly understand the process, and whose job it is to make sure there is complete adoption and communication across every client.

Note: What I’m talking about here is not necessarily for every single firm, but if you’re a tax-heavy firm, it’s definitely worth considering.

With those two things out of the way, we’ll talk about the process next. Before we do, though, another note: Rarely do I include in my column a technology that I believe is essential. However, the technology you choose really does matter, so in this article, I’m going to be very prescriptive about a vendor who has tax automation figured out—because to be honest, most vendors don’t. But this vendor is celebrating their twentieth year of being sure they get things right, and in my opinion, they’re far ahead of other vendors in the space.

The process

One of the keys to making the process work so well is SurePrep’s TaxCaddy—a cloud-based solution and mobile app that your clients can use to manage everything about their tax returns in relation to working with your firm. This is essentially a client-facing tax return preparation application.

One of the first things to consider, though, is your client experience. My thinking on this topic has evolved from the recommendation for a single portal all your clients—business and individual—can use to work with your firm, to considering whether a 1040 tax client can, and probably should be, treated differently than your small business client.

If you go down this path, it’s very important that your Smart Client Manager makes sure that every existing and new 1040 client has been educated on how to use TaxCaddy on their smartphones and computers.

Let’s take a look at what the tax preparation process will look like based on maximizing technology and automation within the following four steps:

Step 1: Gather — Standardize and streamline the gathering of data and documents from the client. Make it easy for taxpayers to upload their documents throughout the year, instead of waiting around while your clients stack the documents in a pile and then mail them in all at once. TaxCaddy creates an automated document request list based on the proforma data in your tax software, an electronic organizer. Both your staff and your clients can easily see which documents have already been uploaded to the tax client portal and which are still outstanding.

  • Paper and PDF organizers are eliminated.
  • Clients have a tax return app to capture documents throughout the year.
  • All tax documents are stored in one place and delivered to the firm digitally.
  • Your clients can even connect their financial institutions to automatically retrieve many of their 1099s.

Step 2: Prepare — You’ve standardized the gathering of all the tax information from your clients with a digital process. No more drop-off papers to be scanned. Once the documents are gathered using TaxCaddy, leverage SurePrep’s next step in the process by using their 1040SCAN Pro product to organize all those digital documents into a binder and automatically populate the tax software with the information.

  • No need to scan documents.
  • Data entry efficiency is improved.

Step 3: Review — Utilize SurePrep’s binder product to digitally review the tax return—that is, if it needs a review at all. I’ve mentioned many times that not every tax return is created equal. For simpler returns with experienced preparers, create a Level One tax return project that doesn’t include a review step. For all those returns that need a review? Simply do it onscreen.

Step 4: Deliver — Simplify the delivery process. The return is pushed back to TaxCaddy, making it easy to deliver the final tax return, tax payment vouchers and your firm’s invoice. Clients can render KBA e-signatures, make tax payments and pay their invoices directly from the TaxCaddy app.

The summary

What I’ve just outlined is a much more automated process from end to end. Most firms today are using multiple solutions to get to an inferior process. As I mentioned, rarely have I done an article where I so clearly advocated for a technology solution, but over SurePrep’s 20-year history, I’ve watched them perfect this solution consistently year after year.

Putting a new process in place is never easy; change requires effort. Automation and adoption are key drivers of efficiency improvements—which is why I sincerely believe the strategy I’ve laid out is a winner.

Remember that one tax return I mentioned at the beginning of this article—the one that was super-profitable? How much more profitable could that return have been if you’d used the process I just described?

Now think about how much time can be saved during the busy season if you standardize every return using this process, with your firm’s Smart Client Manager leading the way!

Creating a culture of security and trust

As a leader, your ability to inspire and motivate starts with trust and security. Your clients trust your firm, feel confident in your decisions and follow your leadership because they feel secure not only in your firm’s clarity, but also in the follow-through they expect.

But as we often say, your firm’s two most important assets are your people—and that means both clients and staff. Since clients are only half of the equation, to solve the entire equation, you need to create the same trust and security for your team as you do for your clients.

Leaders’ words and actions impact the perception of safety and trust staff have in the firm. When there’s a disconnect between their words and actions, staff members are less likely to feel engaged and secure at work.

If you want to earn employees’ trust and build a culture of security, create an environment where all firm staff—including leaders—feel safe to freely share their thoughts and ideas, expect follow-through with integrity, and trust their leaders’ words and actions.

How to create security and trust

Provide clarity; be more decisive than what feels comfortable. While you should offer your people autonomy, don’t shy away from remaining steadfast in the lines you draw in the sand. When it comes to the firm’s vision, policies and values, transparency is the kindest thing you can do—even if it’s unpopular. When staff can anticipate what’s happening, they’re able to make their best choices.

Make it okay to make a mistake—lead by example. What would happen in your firm today if someone made a mistake? For staff to feel emotionally secure, they need to know that if they make an error, people won’t think any less of them for owning up to it—and, in fact, for owning it, too.

More importantly, as a leader, when you make a mistake, do the same: own and own up to the error. Share the situation with staff, tell them what happened and then follow through to correct the error with actions that mirror your words. Bringing staff with you on the journey of acknowledging an honest mistake, communicating the error and then following through to fix it creates a culture of safety and security without fear of repercussion. Choose to embrace mistakes, own up to them and learn from them.

Understand and embrace personality diversities. Significant personality differences on a team may seem like a roadblock, something we prefer to avoid discussing and hope to remove. However, differences in perspective can drive innovation and accelerate working together to accomplish goals. Instead of ignoring differences, learn about them and then act on them. Recognize those who typically speak up without being prompted and give them space to share. For more introverted personalities, let them know when you’ll encourage them to share and allow them time to prepare their contribution.

Since staff expect to hear leaders’ voices more often than others, stay alert for opportunities to step back and allow staff to lead the room. You expect to hear from the firm’s bolder, more assertive personalities, but it’s inevitable that there will be staff reluctant to speak up unless there’s a clear sense of psychological security in the firm’s culture.

Ways to take action

We know this may seem like a lot to take in. But there are small, easy and relatively quick actions you can take now that encompass these keys to creating security and trust.

One of the most important actions? Consistent, weekly meetings that are structured to include:

  • Clarity: Bring all staff together for a weekly check-in meeting and require attendance from all staff, whether in-person or remotely.
  • Consistency: Do your best not to cancel. If you aren’t able to lead it, have a backup plan.
  • Leadership: Require all staff to participate. Provide an agenda with discussion points. Lead by example; for instance, share something you’ve learned in the last week based on an error you made.
  • Awareness: Recognize personality differences. Give everyone ample time to prepare. Be aware of the team and how they typically interact during meetings to draw everyone out.

Security is about consistency, knowing what to expect and not being caught off guard. When leaders consistently listen to staff voices with open ears and minds, issues that arise are less likely to become a source of stress when the staff knows they have support to help them solve problems. Ambiguity is where insecurity happens. Clarity solidifies security.

Rightworks Academy members with access to the Online Learning library can access our Staff Management Business Model Basics for more practical ideas to increase psychological security and build a culture of trust.

Assessing your cybersecurity risk

Risk. It’s everywhere—and often, it’s unavoidable. There are, however, ways you can manage and mitigate the risks within your firm, including cybersecurity risk.

A cybersecurity risk assessment not only helps your firm identify risks. It also helps your firm recognize the impact those risks could have on your firm, as well as the likelihood of a high-impact event occurring. As with many things, a risk assessment or risk management plan isn’t a “one and done.” Once created, it will need to be reviewed on a periodic basis, so start simple and then go into more detail with each review.

What’s the worst that could happen?

If you haven’t given much thought to that question, chances are your firm hasn’t completed a cybersecurity risk assessment or implemented a cybersecurity risk management plan. Whether you outsource a cybersecurity risk assessment or conduct one internally, the purpose of this tool is to identify opportunities to strengthen your firm’s security and protect your firm—as well as your clients—against risks.

What does a cybersecurity risk assessment include?

The risks. These are all the “What can go wrong?” scenarios. While it would be impossible to list every single risk that exists, the list of risks should include as many as you can think of. This can include everything from employees storing passwords under their keyboards to malware attacks.

The impact. The potential impact of an event is measured based on how easy or challenging it would be for your firm to recover. The impact of an encrypted laptop being stolen is much less than the impact of your in-house servers being damaged during a natural disaster (e.g., wildfire, tornado, flood) without an off-site backup.

The likelihood. The likelihood of events occurring can vary greatly. Let’s look at the same example scenarios used above. The likelihood of a laptop being stolen is probably much higher than the likelihood of your servers being sucked into the vortex of a tornado, right?

The risk scores. These can be numerical (such as 1, 2, 3) or tiered (such as low, moderate, high) and can be illustrated in a matrix or as a numerical score. To demonstrate, we’ll go with a numerical score. For each risk you’ve listed, you’ll assign a score for potential impact (e.g., 1 = low impact, 2 = moderate impact, 3 = significant impact) as well as a score for likelihood of a risk event to occur (1 = very unlikely, 2 = somewhat likely, 3 = extremely likely).

Once you have these scores, you’ll multiply the impact score by the likelihood score to obtain your overall risk score.

Compare risk scores for each of the various risks to determine which risks are the highest—and therefore warrant the most consideration—within your firm.

The risk response. For every cybersecurity risk identified, the firm will need to choose how it will manage that risk. There are five primary risk responses, some of which may be used in conjunction with one another:

  1. Avoidance. This response isn’t always possible; however, in certain circumstances it may be an option to alter your strategy to avoid the risk completely. For example, to avoid the risk of in-house servers being destroyed by a natural disaster, the firm may choose to store data in the cloud.
  2. Mitigation. Risk mitigation includes actions taken to reduce the impact and/or likelihood of the risk event. For example, to mitigate the risk of a data breach, the firm could implement regular security awareness training to reduce the risk of a staff member clicking on a malicious link.
  3. Transfer. Risk transfer is commonly used in conjunction with risk mitigation. A common example of this would be cybersecurity insurance, along with security awareness training for employees.
  4. Accept. Risk acceptance means your firm is aware of the risk and chooses to assume it. For example, if a staff member receives a client’s W-2 by text and saves the image and/or forwards it as an email to themself, rather than immediately deleting the image and requesting that the document be uploaded to the secure portal, the firm has assumed the associated risks.
  5. Share. Risk sharing is essentially the same as dilution. Let’s say a firm has one staff member who’s responsible for ensuring that payroll is run for all applicable clients. There’s a risk that payroll could be missed if this person is out unexpectedly and no one else knows how to perform this function. An example of sharing, or diluting, this risk would be cross-training another firm member and/or having detailed written procedures, allowing another staff member to complete this function in the primary person’s absence.

At the end of the day, technology is essential to success in your modern firm. While it does come with risks, those risks can be assessed and managed to better protect what’s most valuable to you—your firm, your staff and your clients.

Fun with security awareness (really!)

About a year and a half ago, in this column of Thought Leader, we shared a video from a series on security awareness (episode 3, for those who like full disclosure).

Because the conversations around security seem to get gloomier by the month, let’s celebrate National Cybersecurity Month by lightening things up a little, with the entire series of Security Awareness videos by the National Cybersecurity Alliance. The eight videos are short, informative and (bonus!) fun to watch.

As we head toward January, the videos would be great reminders for your staff on how vital it is to remain aware and alert when files, emails and texts begin flying back and forth during tax season. Why not add a group viewing to the agenda for one of your fourth-quarter 2022 staff meetings?

Watch the Security Awareness videos here

Cybersecurity awareness? Huh?

Susan Danker


Yeah, I asked the same question the first time I heard the words. In layman’s terms, cybersecurity awareness is knowing how to identify security hazards and acting responsibly to avoid potential threats. Since social media is my game, I’ll stay in my lane and discuss a Facebook trickster you need to watch out for.

The latest hack: Fake Facebook reps

A not-so-fun hack happening to victims right now is false communication from a hacker attempting to gather login and password information by posing as a Facebook representative. If you fall for this scheme, I assure you that trying to recover your account will not be good times.

Here’s how it works: A phishing email is sent to the user from the hacker claiming to be from “The Facebook Team,” with a warning about immediate removal of an account if action isn’t taken right away. The text content of the email is engineered to create fear of account loss that initiates a quick reaction. There’s a call-to-action link embedded in the email that offers an option to appeal the account removal. And once that link is clicked, the user will be asked to provide sensitive information such as full name, email address and password.

This data is shared with an attacker, who then tries to gain access to the Facebook account and any other accounts protected by login security. This is the number one reason we caution you to never use the same password twice. If several of your platforms use the same password, the attacker will easily be able to access every account protected by that particular password.

Don’t forget your Instagram

Want more good news? (My tongue is placed firmly in my cheek. You get that, right?) Instagram accounts can be logged into with Facebook accounts. If the hacked Facebook account is used to log into an Instagram account, BLAMMY! The attacker just gained access to that account, too.

And holy moly, the feats you’ll be asked to perform to recover an Instagram account are no joke—plus, they don’t always ensure recovery. Some of the challenges include:

  • Arriving at a place within Instagram where you can actually find recovery instructions.
  • Submitting a video of your face—moving in different directions.
  • Sending a picture of yourself holding up a written message.
  • Proof of citizenship with a federal ID (Okay, maybe I’m exaggerating on this last bullet. Wink-wink.).

Above all, remember: DNR. Do. Not. Respond.

Do not respond to urgent or threatening emails, do not click on links within these emails, and do not give out your login and password.

Facebook reps do not have email addresses ending in Beware of email addresses like these or addresses resembling a Facebook URL with numbers or characters that don’t belong. It’s good practice to report strange emails to as soon as you receive a suspicious communication.

Then, get your Zen in check with a nice deep cleansing breath and log into your account. If something is wrong, the problem will be evident there. You’ll be provided with guidance on how to secure your account, and you’ll have prevented password sharing with a cybercriminal. (Take that, ya cyberjerk!)

Put on your cybersecurity armor and kick…well, you know

You’ve worked hard to present a professional image to the public across your firm’s online presence. The security requirements a modern firm should have in place for protection of sensitive data in their online platforms may feel like a pain in the you-know-what, but a data breach could potentially cost considerable time and money if strict security measures aren’t implemented.

Set strong passwords, change them frequently, make use of dual authentication options whenever possible and encourage your staff to do the same. Lock up your online reputation with every security measure available. You’ll thank yourself.

Now that you’re equipped with this cybersecurity armor, how about you go ahead and be proactive about your social media defense? Learn more about securing, recovering or checking on your Facebook account here.

Selling Just Got A Whole Lot Easier: New Insights into Natural Influence and Conditioned Human Behaviors
by Joe Camilleri

The Essential Guide for Effective Team Management: The rules and tools for achieving High Performance Teams
by Wendy K. Michelsen

How to Be an Inclusive Leader: Your Role in Creating Cultures of Belonging Where Everyone Can Thrive
by Jennifer Brown

How to Get Organized and Get Stuff Done: 10 Productivity Tips for Business People
by Carson Byers

Events for Rightworks Academy members

Check out these upcoming October webinars exclusively for Rightworks Academy members.

  • October 19: Staff training: Evaluating your fees
  • October 26: Staff training: You know your numbers, what’s next? (Part 2 of the Firm Management series)

And look for our Smart Team Management and Smart Client Management Thought Leader webinars in October and November!

See the entire member webinar schedule and register at Resources > Events > Webinars in your account.

Events for members and non-members

Not a Rightworks Academy member yet? We have you covered with live and on-demand events where you can learn more about Rightworks or the latest hot topics in the profession.

Visit for a continually updated schedule of events.

Taking control of your firm’s tax season with the help of automation

Join Darren Root, Chief Strategist for Rightworks, and Sean Hanthorn, Education Services Director for Rightworks, as they address proven ways firms can leverage automation to improve workflows, processes and business operations.

  • October 19, 2:00 pm ET

For more information and to register, visit

Visited the Rightworks blog recently?

Pssst: If you haven’t checked out the Rightworks blog lately, Darren’s got a brilliant (as always) new post on how you can get to year-round revenue by optimizing your services with data-driven insights. And we’re adding new posts on a regular basis, so don’t forget to bookmark the blog so you can stay up to date!

Read the latest post at

Member anniversaries

It’s time to recognize this month’s Rightworks Academy member anniversaries! Help us wish the following firms a Happy Anniversary:

1 year
Robert M Garretson, CPA
James A. Lucas and Company, LLP
Chatterton & Associates Inc.
Douville Goldman & Herod
Professional Business Management Inc.
Nuttall & Patel LLP

5 years
Modern CPAs, Inc.
Richard A Magley CPA LLC
M.J. Vandenbroucke Inc.

10 years
Bailey, Smith & Associates, LLP
Hutson Gobble LLC
Little Accounting Services
Strategis CPAs & Consultants, PA
Lucas Group CPAs + Advisors

Congratulations on your success, and we look forward to celebrating many more anniversaries with you and your teams!