The Top Technology Initiatives Survey assists CPA professionals in the public accounting, consulting and law, education, government and military, nonprofit and business and industry. These industries, although different, each utilize Information Technology to provide a safe and sustainable value proposition for their clients, customers and stakeholders. As technology evolves so must practices that are used to govern and maintain organizations.
Twenty-five years ago the IMTA Section created the Top Technology Initiatives Survey to assist in this effort and has since provided resources and tools to help organizations thrive in their respective markets through the awareness of key insights. IMTA resources are created to address the following key areas of Information Assurance: Integrated Financial Statement Audit, Security and Privacy and IT Risk and Assurance. These resources are categorized by this year's top ten technology initiatives.
If you can't find what you're looking for here or need additional resources, be sure to access your IMTA member benefit, Safari Books Online
, a technical library of 400 hand-selected titles highlighting key areas of Information Assurance.
|1. Securing the IT environment
CPAs must confront serious information-related security threats, from fraud and cybercrimes to the loss or theft of laptops, mobile phones, and client or organizational data. CPAs should work with clients to assess and mitigate current and emerging IT threats.
Segregation of Duties
Segregation of Duties (SOD) is a building block of sustainable risk management and internal controls for a business.
IT Assurance Services
Assurance Services are independent professional services to improve the quality of information to management as well as other decision makers within an organization.
Information Security Management Content Suite
The following content is intended to introduce CPAs to the basic concepts and terminology surrounding IT security.
|2. Managing and retaining data
Thanks to processing and information technologies, firms and companies can capture, analyze, and generate valuable insights from huge volumes of data. While leveraging those insights, CPAs must also address the risk created by this information revolution by carefully managing and protecting data for themselves and their clients.
Disaster and Business Continuity Planning
Article: This article provides an overview of the steps an organization should follow to prepare a disaster recovery plan.
An Overview of Data Management
Guide: This document provides an overview to help accountants understand the potential value that data management and data governance initiatives can provide to their organizations, and the critical role that accountants can play to help ensure these initiatives are a success.
Paper: The purpose of this paper is to define what information integrity means and provide a context for it for users and preparers of information and providers of assurance on such information. The paper focuses on what it means to have information integrity and how information integrity can be achieved and maintained.
|3. Managing IT risks and compliance
Many companies fail to closely align their IT risk management plans with their larger business strategies. CPAs should evaluate the risk to themselves and their clients, then formulate risk governance and compliance policies to ensure optimum security for devices, applications, and data.
Internal Control Tools and Resources
Tools: This page explores Internal Control and the control environment, risk assessment, control activities, and information and communication monitoring.
Critical Security Audit Considerations
Article: This article will address specific policies, procedures, and methods related to the security portion of an information technology internal audit.
Performing an Audit of Internal Control in an Integrated Audit
Overview: The Center for Audit Quality (CAQ) has developed a new practical pointers reference source for public company auditors that provides lessons learned from integrated audits of internal control over financial reporting (ICFR).
Complete Guide to the CITP Body of Knowledge
Guide: The review guide is designed not only to assist in the candidate's preparation of the CITP examination but will also enhance your knowledge base in today's marketplace.
Clients now demand that CPAs ensure the strict privacy of their personal and financial information. In response, many CPA firms and those working in business and industry have instituted formal privacy policies—including robust controls on access to data, automated monitoring of access, and employee training—to follow Generally Accepted Privacy Principles (GAPP).
Generally Accepted Privacy Principles -GAPP
Overview: GAPP is designed to assist management in creating an effective privacy program that addresses their privacy obligations, risks, and business opportunities.
AICPA Privacy Principles Scoreboard
Tool: This downloadable software tool is available in both a single organization use option (for internal use in privacy assessment and management within a company or a firm) and a client engagement option (for use in performing up to five client engagements using the software).
Privacy Risk Assessment Questionnaire
Overview: This questionnaire highlights key questions businesses should ask with the aim of understanding privacy risk, implementing sound privacy policies and practices, managing privacy risk, and obtaining privacy assurance.
Outsourcing and Privacy
Article: This article discusses the 10 critical questions management should ask about outsourcing and discusses specific privacy concerns associated with outsourcing.
Identity Theft Resources
Overview: Identity theft and identity fraud are terms used to refer to all types of crime in which someone wrongfully obtains and uses another person's personal data in a way that involves fraud or deception, typically for economic gain.
|5. Enabling decision support and analytics
To work smarter, financial services firms must gather and store data, and then the data must then be processed and turn into information so that it can be used for analysis and creation of insights then have the ability to translate that information into insights. Controls should be in place to ensure that reports provide clear, actionable information to CPAs and other decision makers. Information must be complete, accurate, and timely.
Business Intelligence Content Suite
Article: Business Intelligence (BI) helps managers improve the timeliness and quality of information. BI tools include data warehousing and integration applications, report writers and application dashboards.
How CPAs Can Drive Business Intelligence
Article: Donny Shimamoto, CPA/CITP explains why CPAs are especially suited to drive Business Intelligence initiatives for their clients, or within their own organization.
|6. Managing system implementations
To gain the full benefit of advanced systems, CPAs must ensure technologies are planned and deployed correctly. Firms and organizations should carefully evaluate the business case for proposed IT systems, understand the changes the new systems will require, and
manage critical activities such as data conversions and system change migration.
Systems Implementation / Technology Integration
Overview: This page contains resources for accounting professionals pertaining to system implementation and technology integration.
|7. Preventing and responding to computer fraud
When CPAs do not institute strong policies to prevent computer fraud or crimes, they, and their clients or employers, can be particularly vulnerable to identify theft, hacking, and other cybercrime. CPAs must educate themselves on the design policies, internal controls, and preventive technologies related to system and information security.
CAATTs Identifies Potentially Fraudulent Activities
Article: This case study explores how Computer Assisted Auditing Tools and Techniques (CAATTs) enables you to discover fraud in a very short timeframe.
|8. Governing and managing IT investment and spending
To maximize the return on any IT investment, CPAs must carefully analyze and manage their technology budgets. This requires a close alignment between their strategic business goals and specific IT initiatives. In order to optimize the value of the IT investment portfolio organizations should align their IT budget with the organizations strategy and goals. This can be accomplished by using the Run-Grow-Transform IT investment strategy.
A Strategic Approach to IT Budgeting
Article: This article provides insight on how organizations can align technology spending with their overall mission and goals.
IT Governance Webcast
Webcast: The webcast provides guidance about best practices surrounding IT Governance. IT plays a critical role in an organization's ability to manage risk and compliance.
|9. Leveraging emerging technologies
Forward-looking CPAs will embrace a range of emerging technologies, from smartphones and tablets to mobile applications, big data, and cloud computing. All CPAs should take time to understand the opportunities and risks these new technologies present, then develop plans and policies to use emerging IT to benefit
firm clients and organizations.
10 Steps to a Digital Practice in the Cloud: New Levels of CPA Firm Workflow Efficiency
Guide: This new guide provides accounting and tax practitioners, from sole practitioners to mid-size firms, with an easy-to-follow roadmap for leveraging the unprecedented array of information technology solutions that can power your practice.
Mobile and Remote Computing Content Suite
Overview: The Mobile & Remote Computing content suite has been assembled to help members achieve a better understanding of the technologies and issues related to Mobile & Remote Computing. It is intended to provide IT decision-makers with a comprehensive overview of the technologies and issues related to Mobile and Remote Computing.
Cloud Computing (and mobile devices) Resource Center
Overview: Cloud computing resources for AICPA Information Management and Technology Assurance (IMTA) section members.
Cloud Security using AICPAs reporting framework for evaluating controls
Article: The American Institute of CPA’s framework for evaluating technology-related controls and other safeguards used by cloud service providers has been endorsed by the Cloud Security Alliance (CSA), a not-for-profit organization that promotes the use of best practices on security assurance within cloud computing.
|10. Managing vendors and service providers
IT partners can provide helpful services and solutions, but CPAs must learn to manage technology contracts and suppliers. Companies must
ensure that the proper due diligence is performed in evaluating potential service providers, understanding service level agreements (SLAs), and managing IT costs and contracts.
Quick Reference Guide to Service Organization Control Reporting Matters
Guide: The guide addresses key topics that may arise when user entities are determining which type of SOCSM report best meet their needs and contains concise explanations, helpful charts on SOC 1, 2, and 3 engagements, and significant information on recent developments.
Service Organizations: Applying SSAE No. 16, Reporting on Controls at a Service Organization Guide (SOC 1)
Guide: This guide is for CPAs reporting on controls at a service organization that affect user entities’ internal control over financial reporting. It is designed to assist CPAs in transitioning from performing a service auditor’s engagement under Statement on Auditing Standards (SAS) No. 70, Service Organizations, to doing so under Statement on Standards for Attestation Engagements (SSAE) No. 16, Reporting on Controls at a Service Organization, which replaces the guidance for service auditors in SAS No. 70.
Reporting on Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality, or Privacy (SOC 2 SM)
Guide: It explains the relationship between a service organization and its user entities, provides examples of service organizations including those that provide cloud computing services, identifies the criteria in Trust Service Principles and Criteria as the criteria to be used to evaluate the design and operating effectiveness of controls, explains the difference between a type 1 and type 2 SOC 2SM report and provides an overview of the three reporting options for CPAs reporting on controls at a service organization.
Trust Services Principles and Criteria
Guidance: Trust Services Principles and Criteria provide guidance for assurance services and advisory services on related technological and digitally enabled systems.
Overview: Trust Services are defined as a set of professional assurance and advisory services based on a common framework to address the risks and opportunities of IT
Service Organization Controls: Managing Risks by Obtaining a Service Auditor’s Report
Guide: This guide shows historical analysis of the three Service Organization Control (SOC) reporting options (SOC 1, SOC 2 and SOC 3 reports) for CPAs to examine controls and to help management understand the related risks.
Note: indicates that the content is locked and requires member login. Not yet an IMTA Section member and want access to all of these resources? Become a member today!