Technology
IN-Firm Impact of the 2009 AICPA Top Technology Initiatives
Column: Technology IN Practice
Jul. 01, 2009
From the July 2009 Issue
While the economy may be questionable and forcing reductions in some firms,
any down time provides a unique opportunity for all firms to analyze their current
production processes and make changes that will position the firm more effectively
for the eventual turnaround. Firm’s need to make a concerted effort to
plan for the long run, and considering current technology initiatives will help
those firms clarify that planning. In that regard, each year, the AICPA Top
Technology Initiatives Team surveys hundreds of IT-oriented tax and accounting
professionals to get their take on the leading technologies that will impact
business in the following 12 to 18 months.
The 2009 list highlighted four primary information technology themes, which
is the focus of this month’s IN-Firm article. These four themes are Safe
Guarding Information, Managing Data, Remote Access and Competency.
Safe Guarding Information:
The number one, two and three top initiatives on the 2009 list are (1) Information
Security, (2) Privacy Management, and (3) Secure Data File Storage, Transmission
and Exchange Management, which highlights the concerns of IT professionals about
protecting the data entrusted to firms. Also included within the top 10 was
(7) Identity and Access Management. Firms must be proactive in locking down
their IT infrastructure, which should include, at a minimum, a professionally
installed and managed firewall, anti-virus and system updates that are automatically
updated on all computer systems, and the use of secured passwords or encryption
to protect data.
Firms should log all attempts to access their networks and have their security
infrastructure reviewed by qualified IT personnel on at least an annual basis.
These professionals should also verify that all network and workstation operating
system updates are being done promptly and that software to block viruses, spam
and other malware are working properly, as this is the primary means by which
hackers access firm systems. Passwords should be changed at least twice per
year and whenever there is any concern about a terminated employee by utilizing
“hardened” rules and incorporating at least eight characters, with
an upper and lower case, a number, and a punctuation character.
For files that firms want to transfer to and from clients, all such transmissions
should be encrypted, or they should utilize secure tools such as web-based document
portals. The advantage of using a document portal integrated with the firm’s
document management system is that most of these products incorporate an audit
trail and the capability to notify firm personnel when a file has been uploaded
for them. Firms must also be cognizant of how they protect the privacy of the
data entrusted to them and the specific requirements of their state in the event
of a data breach such as a stolen computer or lost USB fob with confidential
data.
To assist firms in developing and implementing a privacy program, the AICPA
has set up a very comprehensive resource center (www.AICPA.org/privacy)
which includes sample policies, regulation summaries, checklists and response
procedures. Firms should also have a plan in place to assist employees in the
event that the employee becomes the victim of identity theft, as the personal
time and cost can be substantial.
Managing Data:
The second major theme of the Initiatives list includes (4) Business Process
Improvement, (8) Improved Application and Data Integration, (9) Document, Forms,
Content, and Knowledge Management, and (10) Electronic Data Retention Strategy,
which revolve around how firms manage the information in today’s digital
information systems.
As firms transition more and more source documents and client deliverables
to an electronic format, it is imperative that they manage this information
effectively to minimize the amount of rework. Today’s managing data mantra
is capture data at its “root” source, when it enters the firm in
a digital format so that it is available to all those who are authorized to
access it, wherever and whenever they need access. This can be done through
the use of integrated tax, audit, practice management and document management
systems, and firms should evaluate the tools that connect to their primary production
applications.
The top three accounting application vendors have integrated digital workflow
tools into their “suites,” which makes the sharing of specific types
of information easier, so firms should review and implement these tools this
year. For those firms that have not formalized their document management strategy,
this summer is the best time to evaluate options and update their document retention
policies to include electronic files stored on the network. For firm documents
such as procedures manuals or firm-created forms that don’t reside within
a specific professional application, the use of knowledge management tools such
as intranets and integrated search capabilities will make this information easily
accessible.
Remote Access:
Number five (5) on this year’s list was Mobile and Remote Computing. Once
firms have successfully secured their data and stored it in a format that is
optimally usable to firm personnel, they want to make it available to personnel
from remote sites including client offices, satellite offices, home offices
and when the user is in transit. While bigger firms have traditionally found
that Citrix and Windows Terminal Server provide the most robust platform to
allow a large number of users to securely access firm resources via the Internet,
technologies such a virtual private networks and web-based applications (SaaS)
have expanded connectivity.
These remote access tools are also becoming more available to smaller firms,
which traditionally relied upon remote workstation control applications such
as LogMeIn, GoToMyPC and Windows XP Remote desktop. Growth in the broadband
digital cellular networks from Verizon, AT&T and Sprint have provided more
and more laptop users with virtually anytime, anywhere Internet access via air
cards or “tethered” smartphones. In the long run, broadband digital
access will allow auditors and other laptop users to process and store all data
on the firm’s servers rather than on their laptops to minimize the impacts
of laptop theft and the maintenance that firms have on these workstations.
Technology Competency:
Not to be overlooked on this year’s list, (6) Training and Competency
highlights the concern among IT professionals of how firms train their personnel
on an ongoing basis. Most firms do a very good job of selecting the optimal
applications for their practice, and most even invest in effective training
during the roll out of the new tool. Unfortunately, that is where the vast majority
of firms stop their training efforts, leaving new hires to “figure it
out” on their own. Studies done in the past found that untrained workers
take two to six times longer to get up to speed and consume four to six times
more IT support than those who are adequately trained.
Many firms’ IT people today will say they spend the majority of their
time answering questions and fixing “issues” that are training related,
rather than technically related, which further highlights the need for having
a training program. Best practices point to firms designating accountability
to either a dedicated training coordinator or allocating hours to specific application
“power” users to identify, document and train firm personnel on
optimally using that program.
The down economy has many firms scrambling to evaluate their practices and
is forcing tough strategic decisions. Before making these decisions, it is imperative
that firms start with a positive outlook, become aware of the full range of
opportunities that are available today, and focus on improving their practices
for the eventual upswing. Reviewing the AICPA Top Technology Initiatives provides
these firms with a targeted listing of considerations. For more information
on how to apply the initiatives to your firm, the AICPA has created a resource
center at www.AICPA.org/TopTech.