No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • CCI Magazine
    • Writing for CCI
    • Career Connection
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Library
    • Download Whitepapers & Reports
    • Download eBooks
    • New: Living Your Best Compliance Life by Mary Shirley
    • New: Ethics and Compliance for Humans by Adam Balfour
    • 2021: Raise Your Game, Not Your Voice by Lentini-Walker & Tschida
    • CCI Press & Compliance Bookshelf
  • Podcasts
    • Great Women in Compliance
    • Unless: The Podcast (Hemma Lomax)
  • Research
  • Webinars
  • Events
  • Subscribe
Jump to a Section
  • At the Office
    • Ethics
    • HR Compliance
    • Leadership & Career
    • Well-Being at Work
  • Compliance & Risk
    • Compliance
    • FCPA
    • Fraud
    • Risk
  • Finserv & Audit
    • Financial Services
    • Internal Audit
  • Governance
    • ESG
    • Getting Governance Right
  • Infosec
    • Cybersecurity
    • Data Privacy
  • Opinion
    • Adam Balfour
    • Jim DeLoach
    • Mary Shirley
    • Yan Tougas
No Result
View All Result
Corporate Compliance Insights
Home Internal Audit

Growing Pains: Mid-Sized Auditing Firms Are Seeing an Influx of New Clients, But at What Cost?

As top-tier firms shed clients and shift business focus, mid-tier shops are poised for rapid growth

by Jey Purushotham
January 25, 2023
in Internal Audit
growth what next

The era of exponential growth among mid-tier accounting firms is upon us, driven largely by the trend of top-tier firms pushing to expand their advisory/consulting businesses. To manage the number of audits that could trigger independence impairments across service lines, they have taken steps to shed the bottom 10% to 20% of their audit clients. Meanwhile, mid-tier firms suddenly find themselves the recipients of these new business opportunities — opportunities that must be managed carefully, writes Jey Purushotham of Intapp.

Mid-tier firms may encounter many challenges when scaling to support such sudden growth. Among these challenges is the lack of ability to manage the influx of welcomed but unexpected new business from a compliance perspective. Once-sufficient risk and compliance processes might not properly detect independence impairments or conflicts before partners make new business decisions during a sudden influx, possibly exposing the firm to associated regulatory consequences.    

At the same time, increasingly stringent audit and regulatory requirements that vary around the world are pressuring firms to modernize conflict-clearance processes. Some large, forward-leaning firms have already designed systems that enable compliance with current regulations and incorporate the ability to scale as regulations evolve, such as through the use of automation. However, many mid-sized firms try running new business through old systems that leave them awash in compliance risk.

audit transparency
Cybersecurity

What Matters in Audits — Alleged Independence or True Transparency?

by Justin Beals
January 4, 2023

In decades past, independence (a flawed measure even in good times) was considered the gold standard of audit. But Strike Graph’s Justin Beals argues that it’s well past time to catch up with technology and instead rely on transparency as a marker for security audit.

Read moreDetails

5 key risk triggers

The environment is rapidly changing for mid-sized accounting firms and, possibly for the first time, introducing business triggers that force them to answer hard questions about risk processes.

Finding independence impairments at various stages

Historically, mid-sized firms lacked focus on automating the evaluation of conflicts clearance and waivers. Some independence checks processes were simply emails asking if any partners had an independence issue with a new client the firm wanted to sign. 

These processes may have been sufficient when firms were smaller. But when a client windfall is created by a combination of industry split-ups, M&As and audit-needy clients who were denied or shed by the Big Four, the old method falls apart. 

The idea that risk processes need to be automated rarely arises until some conflicts start to occur. Whether as subtle as a general unease with the current process, or as traumatic as having a regulator find issue and force changes — conflicts take center stage during rapid growth. Mid-size firms are starting to ask: How will risk processes keep up?

More private equity ownership of clients

The challenges that private equity poses are revealed in its name — this is a private market. This private nature ensures difficulty when attempting to capture all relationships and ownership stakes across any particular PE fund.  

And as private equity funds continue to buy more stakes in more companies, independence rules (which extend to all portfolio companies within PE funds) become more difficult to adhere to. Searching, tracking and monitoring complex private equity ownership data presents a perennial challenge to mid-tier accounting firms in their efforts to maintain independence with respect to a growing audit client base. 

Progressive mid-tier firms are beginning to employ third-party data sources to ensure structure around how they incorporate PE data into their risk management processes. Other firms are adopting a big-firm practice — namely, quarterly calls with the PE funds themselves to understand their changing portfolio company structure. 

Growth on steroids through acquisition

In some cases, accounting firms feel the need to race through the vetting process in order to begin billable work on the influx of new client opportunities from a buyout. Without an automated risk process, exponential growth can quickly overwhelm a firm’s legacy manual risk management processes. It also impedes the ability to make informed decisions about which clients of a newly acquired firm to keep and which ones to shed. 

Firms might even venture into new industries or new geographies that come with their own unique considerations from both a risk and regulatory perspective. If risk processes can’t scale to handle the flow of acquisitions today, they certainly won’t manage the increasing rate of acquisitions tomorrow.

Hitting the threshold number for audit companies

Accounting firms hit an increased level of scrutiny once their public audit client count crosses 100. For example, regulatory inspections increase from once every three years to once a year. As such, accounting firms try to balance their business between public and private companies. 

They want constant visibility into their audit client growth, so they can make informed decisions on how many and which audit clients to accept. These decisions depend partly on a firm’s appetite for public company audits and ability to address the extra level of scrutiny.

Accepting the wrong clients

If robust risk processes do not exist, an accounting firm might unintentionally take on the wrong clients, opening itself up to a malpractice suit. While accounting firms are often subject to expensive malpractice insurance premiums, they have the opportunity to cut costs by demonstrating that they have robust, centralized risk processes in place that ensure firms will take only the right clients.

Automation can help answer the question: Who is the right client?

Effective processes help to confidently answer the big question at the heart of the acceptance issue: Who is the “right” client? To more easily answer this question in the future, the firm must define multiple factors: What is the ideal risk profile for a client? What is the firm’s risk appetite? What industries or geographies does the firm want to be involved in? Do the industries (such as cryptocurrency or cannabis) or geographies carry unique risks and unknowns? Anytime these questions are ill-defined or unable to be properly answered, the firm is opening the door to unidentified and therefore unmanageable risk.

Risk processes are only as good as the data that feeds them. Unfortunately, at many firms siloed data — caused by multiple sources of truth, legacy databases from past acquisitions, and a growing number of internal systems with no associated data strategy — prevents a unified approach to risk management. Therefore, accounting firms must also create a data strategy in parallel with their risk and compliance strategy. Firms find they need to centralize their proprietary client and engagement data (often housed in separate and siloed systems) and develop a plan to keep this data maintained and updated over time. 

Process automation also creates a competitive edge in the war for talent. Young people hired today expect an easy experience with technology and are increasingly less tolerant of manual processes and data entry. When firms lack an updated and automated risk process, they face a different kind of risk: the loss of new talent before they have a chance to grow into tomorrow’s top talent. Even worse, firms can miss out on the next class of top talent if employees report back to their alma mater that their firm’s technology stack is outdated and inefficient.

Leverage the opportunity

Forward-thinking mid-tier firms are using a simple equation to drive their thinking around processes: increased business + legacy systems = increased compliance and reputational risk. The savviest risk manager sees the current accounting firm landscape as a major impetus for transforming their data management and conflicts processes without losing out on new business opportunity — and their business counterparts agree.

The right transformation changes the growth/risk equation by meeting the challenges and compliance demands inherent in rapid growth and building an effective independence process. Only then can mid-tier firms successfully capture newly available audits, integrate clients from a merged firm and move into a new realm of success, without facing existential risk.

 

 


Previous Post

Directors: Don’t Approve a Tech Purchase Without Asking These Questions

Next Post

Survey: CCO Pressure High, Resources Low

Jey Purushotham

Jey Purushotham

Jey Purushotham is the practice group leader in risk and compliance at Intapp. Jey partners with accounting and consulting firms to drive technology adoption with an enhanced focus on Intapp’s risk solutions. Prior to joining Intapp, Jey worked at Grant Thornton, Moody’s and the New York Stock Exchange driving risk and compliance initiatives across business and regulatory groups.

Related Posts

doj distorted

FCPA Enforcement Back on at DOJ — With a New Look

by Jennifer L. Gaskin
June 18, 2025

After a shorter-than-expected pause, officials with the DOJ have formally renewed the department’s enforcement of the FCPA. CCI’s Jennifer L....

toxic positivity concept melting smiley face

Good Vibes Do Not Always Mean Good Ethics

by Vera Cherepanova
June 18, 2025

Sound ethics can’t exist without a culture of accountability

robot nurturing a good idea

Innovation vs. Compliance: In the Age of AI, Why Not Both?

by Asha Palmer
June 17, 2025

As governments scramble to regulate AI, forward-thinking companies are writing their own compliance playbooks

human robot working as team pie chart

Smart Machines, Smarter Humans: Why Compliance Still Needs a Human Touch

by Roman Eloshvili
June 17, 2025

From the 2008 financial crisis to everyday judgment calls, the case for keeping humans in the compliance loop

Next Post
cco pressure

Survey: CCO Pressure High, Resources Low

No Result
View All Result

Privacy Policy | AI Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Research
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2025 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT
No Result
View All Result
  • Home
  • About
    • About CCI
    • CCI Magazine
    • Writing for CCI
    • Career Connection
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Library
    • Download Whitepapers & Reports
    • Download eBooks
    • New: Living Your Best Compliance Life by Mary Shirley
    • New: Ethics and Compliance for Humans by Adam Balfour
    • 2021: Raise Your Game, Not Your Voice by Lentini-Walker & Tschida
    • CCI Press & Compliance Bookshelf
  • Podcasts
    • Great Women in Compliance
    • Unless: The Podcast (Hemma Lomax)
  • Research
  • Webinars
  • Events
  • Subscribe

© 2025 Corporate Compliance Insights