For the past 18 years, the AICPA Top Technologies task force has surveyed members of the accounting community to identify those technologies that they feel will impact our profession in the year ahead. While the top techs list is designed to apply to all accountants, including those in industry and academia, this month’s column looks at the impact of the Top Technologies specifically on accountants in public practice.
Information Security and Management
With almost weekly headlines of IT security breaches, it is not surprising that Information Security Management is the number one issue, with security being a top concern for the past five years. This year’s definition has focused on the approach that firms must put into place to manage their people, processes and systems to safeguard critical systems and information. With IT staff often overworked and having little time to focus on the intricacies of IT security as a whole, it is often better to outsource the implementation of all “one shot” items such as firewalls and VPNs, or partner with integrators that have focused experience and current security certifications. These integrators can also review the firm’s overall security infrastructure and make recommendations through a formal security audit, which should also teach the firm what items to monitor as well as ensure that network and workstation security patches are properly implemented.
-
Identity and Access Management
Tax and accounting firms are notoriously lax in enforcing recommended controls for not only access to their networks, but also physical access into the office. At a minimum, every person should change passwords at least four times per year with “hardened” passwords that include upper and lower case letters, numbers, and punctuation characters. This should be enforced by the firm’s network policies, and there should also be standardized and tested procedures to ensure that both the password and building access codes are terminated with employees. Some firms are beginning to use additional user authentication techniques such as tokens, Public Key Infrastructure (PKI), and biometrics to verify that people are who they say they are, and today’s network operating systems and document management applications are further defining the files to which users can have access.
-
Conforming to Assurance and Compliance Standards
Major shake-ups have affected assurance and compliance standards, and it is imperative that firms create a formal process to make sure they remain in compliance with current and evolving standards. There is no silver bullet here, and it is up to firms to integrate new standards into the firm’s procedures, using their existing audit document container applications and other collaborative firm applications. This will require assigning the responsibility of monitoring changes, assessing risk, adjusting firm procedures, and allocating an adequate number of hours to an assurance champion. The burden of keeping current can be minimized by subscribing to publications focusing in this area, as well as participation in CPE and assurance forums, particularly within the CPA Firm Associations where information is shared freely.
-
Privacy Management
Tax and accounting firms are transitioning to completely digital formats where all files are stored on the network including scanned images of all client documents (along with Social Security numbers and other personal information), and it is the responsibility of firms to protect access to this information, as well as to stay in compliance with local and national privacy legislation. The firm’s Human Resources department also needs to review its data access and privacy procedures in regards to all information stored on the network to ensure that access controls are in place to protect the privacy of all individuals.
-
Disaster Recovery Planning (DRP) and Business Continuity Management (BCM)
Firms must have a process to recover lost data or facilities regardless of the cause, which I feel should consist of two parts. All firms should first create an immediate response document that details who (and how) key individuals should be notified, procedures to assess the situation and minimize further loss, and specifics on notifying and accounting for all personnel. The second part should consist of a written document that details the information infrastructure and procedures to restore the system. The AICPA’s Disaster Recovery center has templates and resources to assist in this area, and much of the technical information can be collected via automated tools.
-
IT Governance
IT Governance consists of the personnel and processes that manage the IT infrastructure within the firm. This would include an understanding of the firm’s strategic objectives and how information technology will assist in achieving these objectives. For effective IT Governance within a firm, a person must be designated as the champion with the responsibility of developing, implementing and monitoring a three-year technology plan and budget, as well as participate in CPE or industry forums to keep abreast of accounting technology.
![[Get Copyright Permissions]](http://license.icopyright.net/images/icopy-w.gif){kind=small}
Click here for copyright permissions!
Copyright 2008 Cygnus Business Media
