Information technology is integral to every aspect of production within tax and accounting firms, and to help practitioners understand and benefit from current technology opportunities, the AICPA created the Top Technologies initiative beginning in 1989 to deliver a list and resources for members. The 2008 list continues this tradition with two central themes that firms should take note of: better safeguarding of confidential information and leveraging the investment in IT resources. While the list is also designed to apply to accountants in industry and education, this article will focus on how the items on the list apply to tax and accounting firms and further identify resources to help sharpen their awareness and ability to take advantage of these initiatives.
Not surprisingly, the top item is security, which becomes increasingly important as firms transition to a digital environment where every document is stored on the firm’s network. It is the responsibility of the firm to protect this information, and firms are doing this internally with document management systems that have an audit trail to ensure they are aware of who is accessing which files.
Having real time anti-virus, anti-spam and malware protection is important to minimize the opportunity for outsiders to take control of individual workstations as well as having a firewall that is protecting the firm from external Internet threats. Firms should regularly run a port test such as ShieldsUp! from GRC.com to see which ports are open and discuss this with their external network integrator, particularly when a change in Internet connectivity or server infrastructure occurs. Firms should also be cognizant of physical security into their building and have unique access codes or cards for each person, as well as securing the server room and physically locking down equipment (i.e., using cable locks on all laptops).
IT Governance consists of the processes and relationships that direct and control the firm as they service clients including policies, procedures and managing the IT budget. Firms should have their IT person or committee take a look at all policies including Internet and computer usage, e-mail and document retention, remote access, and security to make sure they are updated to include new processes and applications that the firm may implement.
It is also suggested that the firm provide an annual educational session to all personnel to make sure they are aware of these changes and remind them of firm policies. The IT person or committee is also responsible for being aware of evolving technologies and making sure that firm management is aware of current and future requirements by monitoring the firm’s budget and technology plan. The AICPA was involved with developing the CoBIT framework, and an organization called the IT Governance Institute recently released its 2008 IT Governance survey on attitudes and awareness from senior IT and non-IT related executives. The survey is available on their website (ITGI.org) and can help IT departments get a handle on this concept.
Business Continuity Management and Disaster Recovery Planning
This technology initiative focuses on what your firm needs to do when things go really wrong. The first component that every firm should have in place is an immediate response document that identifies who should be notified immediately in an emergency, how the firm will communicate with employees and the media, and where personnel will congregate when the firm’s building is inaccessible. The AICPA has a document entitled “Disaster Response — a Plan for CFOs and Controllers” that helps firms address disaster planning, and Dr. Bob Spencer’s site, www.TSIF.com, has a template available for firms to download. Firms should have a written plan that is updated and tested annually and stored offsite in a format that is readily accessible.