Cloud computing is on the rise as companies respond to a rapidly evolving business climate, an increasingly connected economy, and growing pressure to do more, faster, with fewer resources.
The cloud’s popularity derives largely from two factors – the ability to “pay as you go” for software and infrastructure, and the ability to rapidly deploy and scale technology by leveraging vendor infrastructure. In so doing, firms are able to focus on building and running their practices, leaving upgrades and maintenance to the cloud supplier and shifting capital expense to operating expense.
For CPAs, cloud proponents paint a rosy picture. They describe a digital future in which accountants can access data from multiple locations, lower technology costs, eliminate system maintenance and upgrades, scale up with clients as they grow, add functionality, improve analytics and reporting, automatically update tax and foreign currency tables, and increase data security. From a firm management perspective, the digital future promises to help manage documents and projects, grow the business, and expand service offerings without adding substantially to infrastructure.
Evidence suggests that accountants are ready to embrace the cloud, but aren’t sure where to start. A 2015 poll of AICPA members by CPA.com found that while 90 percent of respondents could see the digital future fast approaching, only 8 percent view the profession as “future-ready.”
By placing cloud adoption at the center of a renewed business and IT strategy, CPA firms can capitalize on efficiencies and drive business success in both firm and client management capabilities. A successful cloud deployment can improve agility, resilience and business continuity. However, CPAs and accounting firms continue to have questions about various aspects of cloud computing. Below, we offer four cloud adoption tips that will help these organizations face the future, and their clients, with confidence.
Deploying the right application on the right architecture is not as simple as migrating existing applications to the cloud. There are several strategic considerations to evaluate, including architecture, governance, readiness and platform integration with legacy systems. The first step is to establish goals and guiding principles to govern the execution of your strategy. This must include an articulation of the risks to be considered and your organization’s and its clients’ risk appetites.
Continuity is a key consideration in any technology migration. In planning for a cloud conversion, consider the needs of your business operations and your clients. If continuous access is required, a firm might want to consider a phased transition, with legacy systems providing continuity as new functions are added in the cloud. Over time, the goal is to migrate all operations to the cloud, but the phased model can be used to help mitigate transitional risk. Technically speaking, implementation and day-to-day management of cloud operations should be owned by the firm’s service operations function to ensure timely issue resolution and minimal disruption of the technology stack (infrastructure, platform, applications). Considerations should include risk management, capacity and vendor selection.
A cloud migration is an excellent time for business process improvement. Legacy applications may not be ready for cloud deployment. Care must be taken to ensure a seamless client experience. And the IT function will need to adapt to a new role of “service broker,” capable of navigating between cloud and non-cloud platforms to deliver the best possible service to end users. Data portability also is a big issue that needs to be addressed before committing to a cloud conversion. Data encryption, to protect sensitive data, both stored and in transit, is critical, as is data latency – the speed at which data can be stored and retrieved.
There is a notion that cloud deployment means lower security. Security is certainly a major concern, but it is also a differentiator among cloud service providers. During vendor selection, it is important to vet candidates for data security and privacy safeguards, access management, compliance with company standard policies and procedures, compliance with any client-specific policies and procedures (including client awareness and any required consent), industry-specific regulations, and incident management practices. Standardized controls should be developed and embedded in the design under strategy, implementation and service assurance. Periodic due diligence is also required to assess whether data security, vendor services and IT controls are up to date. Finally, firms need to have an organized approach to addressing and managing the aftermath of a security breach or attack. Foremost considerations include response times and incident responsibility.
In the final analysis, the cloud is only big and scary when viewed as a whole. Zooming in, you’ll discover it’s a lot like an atlas, full of cities, towns and ultimately homes of all shapes and sizes. The key to a successful cloud implementation is finding the right “cloud” home for your firm – defining clearly, up front, what you need the cloud to do for you, and shopping around until you find the right fit. Done right, cloud adoption can be safe and secure. It just needs to be part of a broader, holistic strategy that transcends the technology itself.
The future will be here before you know it. Will you be ready?
Ed Page is a Managing Director and leader of Protiviti’s Financial Services Industry IT practice.
Chris Wright is a Managing Director and leader of Protiviti’s Finance Remediation and Reporting Compliance practice.
See inside October 2016
Apps We Love: Retail
Who doesn't want to be better organized? With today's apps, there are lots of opportunities available to organize various aspects of your business and personal life. We asked members of the CPA Practice Advisor audience and family to share some of ...