Skip to main content

Contributors

Technology in Practice

Managing the information technology function within an accounting firm often causes frustration within the owner group as they seldom understand the intricacies of IT and often view the function as an expense, rather than a strategic investment in their firm’s profitability.

Managing the information technology function within an accounting firm often
causes frustration within the owner group as they seldom understand the intricacies
of IT and often view the function as an expense, rather than a strategic investment
in their firm’s profitability. These same owners are comfortable reviewing
the firm’s financial information and are often presented with “Flash
Reports” that give them a condensed view of operations, allowing them
to quickly understand the firm’s status on key performance indicators.

So why not apply this concept to IT? Network integrators such as the Xcentric
Group in Atlanta, have provided their clients with a proactive monthly IT summary
that lets them know the status of their IT infrastructure, as well as comments
on existing and potential issues. According to Trey James, President of Xcentric:
“We encourage our customers to leverage automated system tools whenever
possible to take the load off of IT staff and provide a summary of network operations.”

These reports can be developed by your in-house personnel or your outsourced
IT department (if an external company is used). It is recommended that they
be provided to the internal IT champion at least monthly, who will verify that
the network infrastructure is sound and report to the firm’s Executive
Committee. It is also recommended that the analysis be explained to the entire
owner group at least once per year, so they can be assured that the IT function
is being effectively managed. Following is a summary of items that firms might
consider for their IT flash report:

  • Server Hard Drive Capacity/Utilized
    Today’s hard drives can hold astounding amounts of information, but
    can shut down a firm’s operations if they have inadequate space for
    processing current applications. This is particularly true during busy season
    when the volume of new *.PDF files increases, as well as the amounts of entries
    in the time and billing system. The flash report should list the capacity
    for each server, the amount of disk space utilized, and the amount of hard
    disk space remaining, which should never be below 20 percent. Event logs should
    also be reviewed to identify any application or hardware component failures,
    as well as to view procedures to clean up or defragment drives.
  • Data Backup
    The most critical component of a firm’s disaster response is the verification
    that all data is backed up, verified and stored securely offsite. Firms should
    monitor that backups are completed at least daily, the amount of data backed
    up (compared to what is on the servers) and the remaining capacity on the
    tapes. The report should also include the start and finish time for the backup
    process to make sure that it does not impede on the core workday hours, when
    it is most expensive to kick staff off the system to complete the backup.
    Tape backup systems are extremely expensive, and it is imperative that owners
    be aware of requirements for a new one at least a year in advance.
  • Server Patch Management
    Firms must monitor security and operating system patches to ensure that the
    firm is being adequately protected, while at the same time being aware of
    conflicts with existing accounting applications. As network operating systems
    release new patches, the IT department should coordinate updates with their
    core application vendors (tax, practice, audit engagement and document management)
    to minimize conflicts and determine the optimal schedule for implementation.
  • Firewall Testing
    The firm’s firewall is the primary defense against hacking attempts
    from the Internet, and the IT department must verify that no unauthorized
    ports are being utilized. Port tests such as Shield’s Up from GRC.com,
    will validate which ports are accessible and should be tested at least monthly.
    Outside resources that can test the firm’s systems against the top security
    threats from the CSI/FBI study can also be found at SANS.org
    and CISecurity.org.
  • Internet Monitoring
    Internet appliances can also monitor the web sites visited listing the percentage
    and frequency of these visits to ensure that Internet access is focused on
    production websites. Applications such as Websense and iPhantom can monitor
    activity and also make management aware of applications that consume bandwidth
    resources such as continuous audio or video feeds and the number of times
    that individuals attempt to violate firm filtering or access policies.
  • Bandwidth Optimization
    Firms rely on the Internet for communications, research and system upgrades
    and must monitor bandwidth resources. The report should list the amount of
    bandwidth contracted for, as well as actual throughput for both upstream and
    downstream communications including statistics for a redundant Internet connection.
  • E-mail Filtering
    Anti-viruses, spam and other malware can have a severe impact on firms if
    not properly managed. Virus footprints are often updated daily so even if
    the process is automatic, it must be verified and owners should be notified
    of the number of e-mail viruses that were removed as well as viruses found
    on workstations. Spam and spyware continue to be major time wasters; the report
    should list the volume of these items removed.
  • UPS Systems
    Uninterruptible power supplies are an important component of a firm’s
    disaster planning, and automated tools should be set to verify that the batteries
    are still holding the anticipated charge and that they will send appropriate
    notification to the IT department in the event of an outage.
  • Workstation Management
    Owners should be aware of the versions of Windows and Microsoft Office loaded
    on computers to ensure they are in compliance with licensing and so they can
    plan for future upgrades. The firm’s inventory should list all applications,
    licenses and the number of users to ensure that licensing policies are not
    breached.
  • Password and Usage Policy
    Most firms will change passwords at least twice per year and provide an update
    on computer usage policies for both internal and remote user policies. These
    reminders should be scheduled in advance and the status presented in the report
    along with a validation that passwords have been changed appropriately and
    all terminated passwords are inaccessible.
  • IT Project Management
    The report can also list the number of IT issues addressed as well as those
    items that are still outstanding. Timeframes, impacts and cost for any projected
    IT projects should be listed at least one year out so that management is not
    surprised by unplanned expenditures. A comprehensive budget should be prepared
    that lists the current expenditures as well as projections for the next two
    years. While many IT personnel have a variety of applications available for
    IT management or utilize the Microsoft Office in smaller firms, there are
    a number of IT help desk and network automation tools that can help with monitoring
    such as Numera Track-It!, Microsoft Operations Manager (MOM), and Belarc.

Providing firm management with a flash report that summarizes the health of
the firm’s IT infrastructure can go a long way in comforting owners that
mission critical IT processes are being effectively monitored. Build your firm’s
IT flash report and start educating your firm today. 

——————————————

Roman H. Kepczyk, CPA.CITP is president of InfoTech Partners North America, Inc. and works exclusively with CPA firms to implement today’s leading best practices and technologies.

See inside APRIL/MAY 2006