From the July 2009 Issue
While the economy may be questionable and forcing reductions in some firms, any down time provides a unique opportunity for all firms to analyze their current production processes and make changes that will position the firm more effectively for the eventual turnaround. Firm’s need to make a concerted effort to plan for the long run, and considering current technology initiatives will help those firms clarify that planning. In that regard, each year, the AICPA Top Technology Initiatives Team surveys hundreds of IT-oriented tax and accounting professionals to get their take on the leading technologies that will impact business in the following 12 to 18 months.
The 2009 list highlighted four primary information technology themes, which is the focus of this month’s IN-Firm article. These four themes are Safe Guarding Information, Managing Data, Remote Access and Competency.
Safe Guarding Information:
The number one, two and three top initiatives on the 2009 list are (1) Information Security, (2) Privacy Management, and (3) Secure Data File Storage, Transmission and Exchange Management, which highlights the concerns of IT professionals about protecting the data entrusted to firms. Also included within the top 10 was (7) Identity and Access Management. Firms must be proactive in locking down their IT infrastructure, which should include, at a minimum, a professionally installed and managed firewall, anti-virus and system updates that are automatically updated on all computer systems, and the use of secured passwords or encryption to protect data.
Firms should log all attempts to access their networks and have their security infrastructure reviewed by qualified IT personnel on at least an annual basis. These professionals should also verify that all network and workstation operating system updates are being done promptly and that software to block viruses, spam and other malware are working properly, as this is the primary means by which hackers access firm systems. Passwords should be changed at least twice per year and whenever there is any concern about a terminated employee by utilizing “hardened” rules and incorporating at least eight characters, with an upper and lower case, a number, and a punctuation character.
For files that firms want to transfer to and from clients, all such transmissions should be encrypted, or they should utilize secure tools such as web-based document portals. The advantage of using a document portal integrated with the firm’s document management system is that most of these products incorporate an audit trail and the capability to notify firm personnel when a file has been uploaded for them. Firms must also be cognizant of how they protect the privacy of the data entrusted to them and the specific requirements of their state in the event of a data breach such as a stolen computer or lost USB fob with confidential data.
To assist firms in developing and implementing a privacy program, the AICPA has set up a very comprehensive resource center (www.AICPA.org/privacy) which includes sample policies, regulation summaries, checklists and response procedures. Firms should also have a plan in place to assist employees in the event that the employee becomes the victim of identity theft, as the personal time and cost can be substantial.
The second major theme of the Initiatives list includes (4) Business Process Improvement, (8) Improved Application and Data Integration, (9) Document, Forms, Content, and Knowledge Management, and (10) Electronic Data Retention Strategy, which revolve around how firms manage the information in today’s digital information systems.
As firms transition more and more source documents and client deliverables to an electronic format, it is imperative that they manage this information effectively to minimize the amount of rework. Today’s managing data mantra is capture data at its “root” source, when it enters the firm in a digital format so that it is available to all those who are authorized to access it, wherever and whenever they need access. This can be done through the use of integrated tax, audit, practice management and document management systems, and firms should evaluate the tools that connect to their primary production applications.
The top three accounting application vendors have integrated digital workflow tools into their “suites,” which makes the sharing of specific types of information easier, so firms should review and implement these tools this year. For those firms that have not formalized their document management strategy, this summer is the best time to evaluate options and update their document retention policies to include electronic files stored on the network. For firm documents such as procedures manuals or firm-created forms that don’t reside within a specific professional application, the use of knowledge management tools such as intranets and integrated search capabilities will make this information easily accessible.
Number five (5) on this year’s list was Mobile and Remote Computing. Once firms have successfully secured their data and stored it in a format that is optimally usable to firm personnel, they want to make it available to personnel from remote sites including client offices, satellite offices, home offices and when the user is in transit. While bigger firms have traditionally found that Citrix and Windows Terminal Server provide the most robust platform to allow a large number of users to securely access firm resources via the Internet, technologies such a virtual private networks and web-based applications (SaaS) have expanded connectivity.
These remote access tools are also becoming more available to smaller firms, which traditionally relied upon remote workstation control applications such as LogMeIn, GoToMyPC and Windows XP Remote desktop. Growth in the broadband digital cellular networks from Verizon, AT&T and Sprint have provided more and more laptop users with virtually anytime, anywhere Internet access via air cards or “tethered” smartphones. In the long run, broadband digital access will allow auditors and other laptop users to process and store all data on the firm’s servers rather than on their laptops to minimize the impacts of laptop theft and the maintenance that firms have on these workstations.
Not to be overlooked on this year’s list, (6) Training and Competency highlights the concern among IT professionals of how firms train their personnel on an ongoing basis. Most firms do a very good job of selecting the optimal applications for their practice, and most even invest in effective training during the roll out of the new tool. Unfortunately, that is where the vast majority of firms stop their training efforts, leaving new hires to “figure it out” on their own. Studies done in the past found that untrained workers take two to six times longer to get up to speed and consume four to six times more IT support than those who are adequately trained.
Many firms’ IT people today will say they spend the majority of their time answering questions and fixing “issues” that are training related, rather than technically related, which further highlights the need for having a training program. Best practices point to firms designating accountability to either a dedicated training coordinator or allocating hours to specific application “power” users to identify, document and train firm personnel on optimally using that program.
The down economy has many firms scrambling to evaluate their practices and
is forcing tough strategic decisions. Before making these decisions, it is imperative
that firms start with a positive outlook, become aware of the full range of
opportunities that are available today, and focus on improving their practices
for the eventual upswing. Reviewing the AICPA Top Technology Initiatives provides
these firms with a targeted listing of considerations. For more information
on how to apply the initiatives to your firm, the AICPA has created a resource
center at www.AICPA.org/TopTech.