From the July 2009 Issue
While the economy may be questionable and forcing reductions in some firms, any down time provides a unique opportunity for all firms to analyze their current production processes and make changes that will position the firm more effectively for the eventual turnaround. Firm’s need to make a concerted effort to plan for the long run, and considering current technology initiatives will help those firms clarify that planning. In that regard, each year, the AICPA Top Technology Initiatives Team surveys hundreds of IT-oriented tax and accounting professionals to get their take on the leading technologies that will impact business in the following 12 to 18 months.
The 2009 list highlighted four primary information technology themes, which is the focus of this month’s IN-Firm article. These four themes are Safe Guarding Information, Managing Data, Remote Access and Competency.
Safe Guarding Information:
The number one, two and three top initiatives on the 2009 list are (1) Information
Security, (2) Privacy Management, and (3) Secure Data File Storage, Transmission
and Exchange Management, which highlights the concerns of IT professionals about
protecting the data entrusted to firms. Also included within the top 10 was
(7) Identity and Access Management. Firms must be proactive in locking down
their IT infrastructure, which should include, at a minimum, a professionally
installed and managed firewall, anti-virus and system updates that are automatically
updated on all computer systems, and the use of secured passwords or encryption
to protect data.
Firms should log all attempts to access their networks and have their security infrastructure reviewed by qualified IT personnel on at least an annual basis. These professionals should also verify that all network and workstation operating system updates are being done promptly and that software to block viruses, spam and other malware are working properly, as this is the primary means by which hackers access firm systems. Passwords should be changed at least twice per year and whenever there is any concern about a terminated employee by utilizing “hardened” rules and incorporating at least eight characters, with an upper and lower case, a number, and a punctuation character.
For files that firms want to transfer to and from clients, all such transmissions should be encrypted, or they should utilize secure tools such as web-based document portals. The advantage of using a document portal integrated with the firm’s document management system is that most of these products incorporate an audit trail and the capability to notify firm personnel when a file has been uploaded for them. Firms must also be cognizant of how they protect the privacy of the data entrusted to them and the specific requirements of their state in the event of a data breach such as a stolen computer or lost USB fob with confidential data.
To assist firms in developing and implementing a privacy program, the AICPA has set up a very comprehensive resource center (www.AICPA.org/privacy) which includes sample policies, regulation summaries, checklists and response procedures. Firms should also have a plan in place to assist employees in the event that the employee becomes the victim of identity theft, as the personal time and cost can be substantial.
Managing Data:
The second major theme of the Initiatives list includes (4) Business Process
Improvement, (8) Improved Application and Data Integration, (9) Document, Forms,
Content, and Knowledge Management, and (10) Electronic Data Retention Strategy,
which revolve around how firms manage the information in today’s digital
information systems.
As firms transition more and more source documents and client deliverables to an electronic format, it is imperative that they manage this information effectively to minimize the amount of rework. Today’s managing data mantra is capture data at its “root” source, when it enters the firm in a digital format so that it is available to all those who are authorized to access it, wherever and whenever they need access. This can be done through the use of integrated tax, audit, practice management and document management systems, and firms should evaluate the tools that connect to their primary production applications.
The top three accounting application vendors have integrated digital workflow tools into their “suites,” which makes the sharing of specific types of information easier, so firms should review and implement these tools this year. For those firms that have not formalized their document management strategy, this summer is the best time to evaluate options and update their document retention policies to include electronic files stored on the network. For firm documents such as procedures manuals or firm-created forms that don’t reside within a specific professional application, the use of knowledge management tools such as intranets and integrated search capabilities will make this information easily accessible.
![[Get Copyright Permissions]](http://license.icopyright.net/images/icopy-w.gif){kind=small}
Click here for copyright permissions!
Copyright 2010 Cygnus Business Media
