Information technology is integral to every aspect of production within CPA firms, and to help CPAs understand and benefit from current technology opportunities, the AICPA created the Top Technologies initiative beginning in 1989 to deliver a list and resources for members.  The 2008 list continues this tradition with two central themes that firms should take note of: better safeguarding of confidential information and leveraging the investment in IT resources.  While the list is designed to apply to CPAs in industry and education as well, this article will take a look at how those items apply to CPA firms and to identify resources to help them be more aware of and take advantage of these initiatives.

1-Information Security: Not surprisingly, the top item is security, which becomes increasingly important as firms transition to a digital environment where every document is stored on the firm’s network.  It is the responsibility of the firm to protect this information and firms are doing this internally with document management systems that have an audit trail to ensure they are aware of who is accessing which files.  Having real time anti-virus, anti-spam, and malware protection is important to minimize the opportunity for outsiders to take control of individual workstations as well as having a firewall that is protecting the firm from external Internet threats.  Firms should regularly run a port test such as ShieldsUp! from GRC.com to see which ports are open and discuss this with their external network integrator, particularly when a change in Internet connectivity or server infrastructure occurs.  Firms should also be cognizant of physical security into their building and have unique access codes or cards for each person, as well as securing the server room and physically locking down equipment (i.e. using cable locks on all laptops).

2-IT Governance: IT Governance consists of the processes and relationships that direct and control the firm as they service clients including policies, procedures and managing the IT budget.  Firms should have their IT committee take a look at all policies including Internet and computer usage, email and document retention, remote access and security to make sure they are updated to include new processes and applications that the firm may implement.   It is also suggested that the firm provide an annual educational session to all personnel to make sure they are aware of these changes and remind them of firm policies.  The IT committee is also responsible for being aware of evolving technologies and making sure that firm management is aware of current and future requirements by monitoring the firm’s budget and technology plan.  The AICPA was involved with developing the CoBIT framework and there is an organization called the IT Governance Institute that recently released their 2008 IT Governance survey on attitudes and awareness from senior IT and non-IT related executives available on their website (ITGI.org) that is helpful for IT departments to get a handle on this concept.

3-Business Continuity Management and Disaster Recovery Planning: This technology initiative focuses on what your firm needs to do when things go really wrong.  The first component that every firm should have in place is an immediate response document that identifies who should be notified immediately in an emergency, how the firm will communicate with employees and the media, and where personnel will congregate when the firm’s building is inaccessible.  The AICPA has a document entitled Disaster Response-a Plan for CFOs and Controllers that helps firms address disaster planning and Dr. Bob Spencer’s site TSIF.com has a template available for firms to download. Firms should have a written plan that is updated and tested annually and stored offsite in a format that is readily accessible.

4-Privacy Management: Privacy management is tough in a “world without privacy“ and while some firms have privacy policies, they may not be following them, particularly in regards to marketing efforts and business partners that may have access to some of this data.  To understand this initiative better and to help firms protect their data, the AICPA has developed guidelines at AICPA.org/privacy including Generally Accepted Privacy Principals.

5-Business Process Improvement, Workflow and Process Exception Alerts: One of the hottest technologies to hit CPA firms is the integration of workflow processes, particularly in the area of tax automation.  Today’s scanning tools are not only organizing client source documents such as CCH’s FxScan and Copanion Gruntwurx, but pulling the data off and populating tax returns, as SurePrep is doing.  While workflow tools are being integrated with virtually all document management tools, there are strong stand-alone tools such as XpiTax’s XCM product that are raising the bar for workflow.  Today’s Practice Management programs also integrate alerts to notify firm members when events such as a receivable hitting 90 days or a project hitting 50% of budget, so the firm can be notified immediately.

6-Identity and Access Management: Initiative number six deals with the hardware, software and processes to authenticate users and only allow access to those authorized to do so.  The first step is to mandate “hardened” passwords to access the network that are at least eight characters, include an upper and lower case, punctuation, and numerical character and that change at least every 90 days.  Some firms are also using multi-factor authentication that includes security keys or fobs and it is expected that biometrics will eventually be utilized.

7-Conforming to Assurance and Compliance Standards: With all the regulations impacting how data must be managed within a firm, it is important to not only be aware of what the firm is responsible for protecting, but also insure that it is doing so properly.  HR records including medical and insurance forms with personal data must be in compliance with HIPAA standards, credit card and banking information may have issues with Graham Leach Bliley regulations, and state cyber security laws are being passed that may already affect the firm.  To assist with this, the AICPA has developed an IT Risk Assessment Framework and firms should contact their State CPA Society to find out about current rules

8-Business Intelligence:  The applications and technologies used for accessing and analyzing the firm’s data to help owners make better decisions is referred to as business intelligence.  While today’s practice applications have limited capabilities and rely heavily on third party report writers such as F9 or Crystal Reports, the next generation of practice products have integrated dashboard capabilities to notify firm members as significant events occur.  Microsoft is also getting into the picture with their SQL Reporting Services to compete with products such as SAPs Business Objects that will be able to access the firm’s future practice management applications.

9-Mobile and Remote Computing: CPAs must be able to work from any place and anytime, so one of the ongoing technology initiatives is the utilization of remote access tools.  For larger firms Citrix and Windows Terminal Server continues to be the dominant tool of choice, while in smaller firms the technology is centered around workstation options such as GoToMyPC and XP Remote.  Firms are using digital cellular aircards and tethering their “smart phones” to their laptops to provide remote access that does not rely on a client providing an Internet connection.

10-Document, Forms, Content, and Knowledge Management: The final initiative on this year’s list is the transition to a “less paper” environment utilizing the tools and technologies to capture information at its “root” source as it enters the firm in a format that is available to anyone that needs it.  Firms are transitioning their faxes and voicemail to digital unified messaging and using scanners to capture all information electronically at the first point of contact. Email and portals are being utilized to move and manage data that is already in an electronic format.  Most firms are building their content management around a document management product that integrates with their tax production and has integrated workflow as described in Initiative #5.  In the future, it is expected that Microsoft’s SharePoint platform could become a content/knowledge management tool that could compete with the best document management tools available today.

While the AICPA’s Top Technology initiatives are numbered in a traditional “Top Ten” format, the AICPA points out that the results must be weighted according to each firm’s current needs.  To best use this list, firms should have their IT teams meet and discuss the status of each initiative and identify projects to implement based on that firm’s priorities.  To assist in this, the AICPA has developed a PowerPoint presentation, a 90 minute audio webinar, and a Top Techs Toolkit for members of the AICPA IT Membership Section.

Roman H. Kepczyk, CPA.CITP is President of InfoTech Partners North America, Inc. and works exclusively with CPA firms to implement today’s digital best practices to optimize firm productivity.  This article was reprinted with permission from the CPA Technology Advisor.

InfoTech Partners North America, Inc.
13656 South 37th Place
Phoenix, AZ 85044-4531
Phone: (480) 706-1728
Fax/Voicemail: (480) 718-8880
Email: roman@itpna.com
Web Site: www.itpna.com

We are in business to service and act on behalf of our clients. Please review our Privacy Statement and Declaration of Integrity. For comments regarding this website, please email ITPartner@itpna.com or call (480) 706-1728. All information presented here is the opinion of InfoTech Partners North America Inc. or the respective authors of the various articles and is not to be construed as legal or technical advice. Please consult your lawyer or technical person for specific utilization.