Information technology is integral to every aspect of production within tax
and accounting firms, and to help practitioners understand and benefit from
current technology opportunities, the AICPA created the Top Technologies initiative
beginning in 1989 to deliver a list and resources for members. The 2008 list
continues this tradition with two central themes that firms should take note
of: better safeguarding of confidential information and leveraging the investment
in IT resources. While the list is also designed to apply to accountants in
industry and education, this article will focus on how the items on the list
apply to tax and accounting firms and further identify resources to help sharpen
their awareness and ability to take advantage of these initiatives.
Information Security
Not surprisingly, the top item is security, which becomes increasingly important
as firms transition to a digital environment where every document is stored
on the firm’s network. It is the responsibility of the firm to protect
this information, and firms are doing this internally with document management
systems that have an audit trail to ensure they are aware of who is accessing
which files.
Having real time anti-virus, anti-spam and malware protection is important
to minimize the opportunity for outsiders to take control of individual workstations
as well as having a firewall that is protecting the firm from external Internet
threats. Firms should regularly run a port test such as ShieldsUp! from GRC.com
to see which ports are open and discuss this with their external network integrator,
particularly when a change in Internet connectivity or server infrastructure
occurs. Firms should also be cognizant of physical security into their building
and have unique access codes or cards for each person, as well as securing the
server room and physically locking down equipment (i.e., using cable locks on
all laptops).
IT Governance
IT Governance consists of the processes and relationships that direct and control
the firm as they service clients including policies, procedures and managing
the IT budget. Firms should have their IT person or committee take a look at
all policies including Internet and computer usage, e-mail and document retention,
remote access, and security to make sure they are updated to include new processes
and applications that the firm may implement.
It is also suggested that the firm provide an annual educational session to
all personnel to make sure they are aware of these changes and remind them of
firm policies. The IT person or committee is also responsible for being aware
of evolving technologies and making sure that firm management is aware of current
and future requirements by monitoring the firm’s budget and technology
plan. The AICPA was involved with developing the CoBIT framework, and an organization
called the IT Governance Institute recently released its 2008 IT Governance
survey on attitudes and awareness from senior IT and non-IT related executives.
The survey is available on their website (ITGI.org) and can help IT departments
get a handle on this concept.
Business Continuity Management and Disaster Recovery Planning
This technology initiative focuses on what your firm needs to do when things
go really wrong. The first component that every firm should have in place is
an immediate response document that identifies who should be notified immediately
in an emergency, how the firm will communicate with employees and the media,
and where personnel will congregate when the firm’s building is inaccessible.
The AICPA has a document entitled “Disaster Response — a Plan for
CFOs and Controllers” that helps firms address disaster planning, and
Dr. Bob Spencer’s site, www.TSIF.com, has a template available for firms
to download. Firms should have a written plan that is updated and tested annually
and stored offsite in a format that is readily accessible.
Privacy Management
Privacy management is tough in a “world without privacy;” and while
some firms have privacy policies, they may not be following them, particularly
in regards to marketing efforts and business partners that may have access to
some of this data. To understand this initiative better and to help firms protect
their data, the AICPA has developed guidelines at AICPA.org/privacy including
Generally Accepted Privacy Principals.
Business Process Improvement, Workflow and Process Exception Alerts
One of the hottest technologies to hit firms is the integration of workflow
processes, particularly in the area of tax automation. Today’s scanning
tools are not only organizing client source documents (such as CCH’s ProSystem
fx Scan and Copanion GruntWorx), but also pulling the data off and populating
tax returns, as SurePrep is doing. While workflow tools are being integrated
with virtually all document management tools, there are strong stand-alone tools
such as Xpitax’s XCM product that are raising the bar for workflow. Today’s
practice management programs also integrate alerts to notify firm members of
events such as a receivable hitting 90 days or a project hitting 50 percent
of budget, so the firm can be notified immediately. (See The CPA Technology
Advisor’s recent webcast on workflow at www.CPATechAdvisor.com/webcasts.)
Identity and Access Management
Initiative number six deals with the hardware, software and processes to authenticate
users and only allow access to those authorized to do so. The first step is
to mandate “hardened” passwords to access the network that are at
least eight characters; include an upper and lower case, punctuation, and numerical
character; and that change at least every 90 days. Some firms are also using
multi-factor authentication that includes security keys or fobs, and it is expected
that biometrics will eventually be utilized.
Conforming to Assurance and Compliance Standards
With all the regulations impacting how data must be managed within a firm, it
is important to not only be aware of what the firm is responsible for protecting,
but also ensure that it is doing so properly. HR records including medical and
insurance forms with personal data must be in compliance with HIPAA standards,
credit card and banking information may have issues with Graham Leach Bliley
regulations, and state cyber security laws are being passed that may already
affect the firm. To assist with this, the AICPA has developed an IT Risk Assessment
Framework, and firms should contact their state society to find out about current
rules.
Business Intelligence
The applications and technologies used for accessing and analyzing the firm’s
data to help owners make better decisions are referred to as business intelligence
tools. While today’s practice applications have limited capabilities and
rely heavily on third-party report writers such as F9 or Crystal Reports, the
next generation of practice products have integrated dashboard capabilities
to notify firm members as significant events occur. Microsoft is also getting
into the picture with its SQL Reporting Services to compete with products such
as SAP’s Business Objects to access the firm’s future practice management
applications.
Mobile and Remote Computing
Tax and accounting professionals must be able to work from any place and at
anytime, so one of the ongoing technology initiatives is the utilization of
remote access tools. For larger firms, Citrix and Windows Terminal Server continues
to be the dominant tool of choice, while in smaller firms the technology is
centered around workstation options such as GoToMyPC and XP Remote. Firms are
using digital cellular aircards and tethering their “smart phones”
to their laptops to provide remote access that does not rely on a client providing
an Internet connection.
Document, Forms, Content, and Knowledge Management
The final initiative on this year’s list is the transition to a “less
paper” environment utilizing the tools and technologies to capture information
at its “root” source as it enters the firm in a format that is available
to anyone that needs it. Firms are transitioning their faxes and voicemail to
digital unified messaging and using scanners to capture all information electronically
at the first point of contact.
E-mail and portals are being utilized to move and manage data that is already
in an electronic format. Most firms are building their content management around
a document management product that integrates with their tax production and
has integrated workflow as described in Initiative #5. In the future, it is
expected that Microsoft’s SharePoint platform could become a content/knowledge
management tool that could compete with the best document management tools available
today.
While the AICPA’s Top Technology initiatives are numbered in a traditional
“Top Ten” format, the AICPA points out that the results must be
weighted according to each firm’s current needs. To best use this list,
firms should have their IT teams meet and discuss the status of each initiative
and identify projects to implement based on that firm’s priorities. To
assist in this, the AICPA has developed a PowerPoint presentation, a 90-minute
audio webinar, and a Top Techs Toolkit for members of the AICPA IT Membership
Section.
Thanks for reading CPA Practice Advisor!
Subscribe Already registered? Log In
Need more information? Read the FAQs
Tags: Technology