From the July 2009 Issue
While the economy may be questionable and forcing reductions in some firms, any down time provides a unique opportunity for all firms to analyze their current production processes and make changes that will position the firm more effectively for the eventual turnaround. Firm’s need to make a concerted effort to plan for the long run, and considering current technology initiatives will help those firms clarify that planning. In that regard, each year, the AICPA Top Technology Initiatives Team surveys hundreds of IT-oriented tax and accounting professionals to get their take on the leading technologies that will impact business in the following 12 to 18 months.
The 2009 list highlighted four primary information technology themes, which is the focus of this month’s IN-Firm article. These four themes are Safe Guarding Information, Managing Data, Remote Access and Competency.
Safe Guarding Information:
The number one, two and three top initiatives on the 2009 list are (1) Information Security, (2) Privacy Management, and (3) Secure Data File Storage, Transmission and Exchange Management, which highlights the concerns of IT professionals about protecting the data entrusted to firms. Also included within the top 10 was (7) Identity and Access Management. Firms must be proactive in locking down their IT infrastructure, which should include, at a minimum, a professionally installed and managed firewall, anti-virus and system updates that are automatically updated on all computer systems, and the use of secured passwords or encryption to protect data.
Firms should log all attempts to access their networks and have their security infrastructure reviewed by qualified IT personnel on at least an annual basis. These professionals should also verify that all network and workstation operating system updates are being done promptly and that software to block viruses, spam and other malware are working properly, as this is the primary means by which hackers access firm systems. Passwords should be changed at least twice per year and whenever there is any concern about a terminated employee by utilizing “hardened” rules and incorporating at least eight characters, with an upper and lower case, a number, and a punctuation character.
For files that firms want to transfer to and from clients, all such transmissions should be encrypted, or they should utilize secure tools such as web-based document portals. The advantage of using a document portal integrated with the firm’s document management system is that most of these products incorporate an audit trail and the capability to notify firm personnel when a file has been uploaded for them. Firms must also be cognizant of how they protect the privacy of the data entrusted to them and the specific requirements of their state in the event of a data breach such as a stolen computer or lost USB fob with confidential data.
To assist firms in developing and implementing a privacy program, the AICPA has set up a very comprehensive resource center (www.AICPA.org/privacy) which includes sample policies, regulation summaries, checklists and response procedures. Firms should also have a plan in place to assist employees in the event that the employee becomes the victim of identity theft, as the personal time and cost can be substantial.
The second major theme of the Initiatives list includes (4) Business Process Improvement, (8) Improved Application and Data Integration, (9) Document, Forms, Content, and Knowledge Management, and (10) Electronic Data Retention Strategy, which revolve around how firms manage the information in today’s digital information systems.