The AICPA’s Top Technology Initiatives list for 2010 highlights the technology initiatives that CPAs and IT professionals consider most likely to affect the business marketplace and the field of financial or data management over the next 12 to 18 months. By gaining a better understanding of these initiatives, CPAs and accounting professionals can educate their clients/customers, colleagues and employers regarding the potential impact they will have on the short- and long-term strategies within their organizations.
|2010 Top Technology Initiatives
- Security of data, code & communications / data security & document retention / security threats
Proper Information Security Management protects the integrity, confidentiality and availability of information in the custody of an organization and reduces the risk of information being compromised.
For many years, information security has ranked as the top concern on the AICPA’s Top Technology Initiative list. Information security can take many forms, but all are critical in devising a “defense in depth” solution. This concept engages a well-conceived layered approach protecting essential data at the core. Properly configured fire walls, essential antivirus and spyware protection, physical security to protect data centers, safe data transmission using digital certificates and other encryption tools, and many other important security steps are required to adequately protect data in an ever changing threat environment. Whether involved in public practice, industry, or government / non-profit, the CPA in today’s environment can play a crucial role as a trusted advisor in keeping data secure.
Data security, along with a well devised data retention plan, should be planned and implemented by an experienced professional, such as a Certified Information Technology Professional. Security is an important part of the CITP Body of Knowledge, and data retention must be considered as a pivotal element in any overarching security plan. A document-retention policy can be critical to the proper handling of legal issues and regulatory compliance. Laws such as Sarbanes-Oxley require systems that ensure the fundamental CIA (confidentiality, integrity, and availability) of sensitive information. A well-constructed document-retention program will reduce the risk of data manipulation, help prevent record theft, and provide a foundation for compliance with regulatory requirements. When the program is coupled with a good data-imaging system, the result can greatly enhance the efficiency of day-to-day business processes. The value added to an organization in terms of reliance upon the information system, a high degree of information available to authorized users, and regulatory compliance can make the commitment of resources to this project well worth the investment.
Failure to properly plan and implement a well-conceived and through information security system in the threat environment that all businesses face today is extremely dangerous. The risks surrounding information security can be very complex, so an experienced security professional should be engaged via a properly vetted IT outsourced vendor or placed on staff to continuously monitor and update countermeasures.
Creating a Document-Retention Policy: A How-to Guide, The Practicing CPA, February / March 2009
- Connectivity / wireless access / high speed Internet connections / voice and data
The ability to make and maintain an instantaneous connection between two or more points using connection devices is more eminent than ever in order to stay competitive in the marketplace.
Few events have more revolutionized the business world more than the advent of the internet as a ubiquitous tool for connecting businesses to their customers, suppliers, banks, and stockholders than high speed internet capability. Advances in telecommunications have led to a move to take full advantage of digitization. Just a few years ago, many businesses moved data via analog channels and frame relays. A digital telecommunications grid has now made access to very fast internet connections possible.
Many businesses now rely on high speed internet as a major component of handling day-to-day business, and as simply unable to do business if the internet goes off-line. For many businesses, their entire business model rests on a high speed internet connection. Consider Amazon.com and other notable e-commerce firms that have successfully replaced brick and mortar stores with virtual storefronts.
The Federal Communications Commission recently announced plans to bring 100 M bps (bits per second) high-speed internet service to 100 million homes across the United States. With an internet speed of 100M bps, it would take approximately 80 seconds to transfer a 1GB file -- much faster than the 35 minutes it takes to transfer that file over the current average U.S. connection speed of 3.9M bps.
Julius Genachowski, the Chairman of the FCC, did not go into details about how the FCC planned on implementing its "100 Squared" plan, but rather pointed to Google's recent announcement of plans to build a 1 GB bps fiber network that will bring ultra-high-speed broadband internet (at speeds "more than 100 times faster than what most Americans have access to today") to between 50,000 and 500,000 Americans. Genachowski mentioned that more innovators such as Google are needed to drive competition "to invent the future," and that the ultimate goal should "stretch beyond 100 megabits."
The "100 Squared" plan is not the only thing we can expect in the upcoming broadband plan -- other recommendations will include improvement of the E-Rate program (a program designed to bring telecommunications and internet access to schools and libraries), lowering the cost of broadband (both wired and wireless) through use of government rights of way and conduits, and modernization of the FCC's rural telemedicine program (by connecting thousands of clinics).
The advent of fiber optic cables has enabled an increase in speed and reliability for internet telecommunication infrastructures around the world. Planning for business in the second decade of the 21st century will require maintaining a flexible approach to technology enhancements and allowing a business to compete with other firms as internet speeds, and virtually instantaneous movement of large quantities of data, become expected.
- Backup solutions/ disaster recovery/ business continuity
Business Continuity Management and Disaster Recovery Planning are the holistic processes organizations use to mitigate the risks to systems and people when unexpected events occur.
Many organizations place little emphasis on business continuity and disaster planning until an unfortunate incident brings in to crystal clarity how dependent the business world has become on technology. Many disciplined backup and disaster recovery plans are born from a significant or irreparable loss of data. These incidents can develop from a simple failed backup media, rendering a necessary restore impossible or from a devastating hurricane, tornado, or man-made event. Assuming that a worst case scenario will occur at any time and acting to prevent it can be a difficult attitude to maintain. The best response to avoiding a crippling loss of data is to set a policy and create a well thought out routine that IT employees incorporate into their everyday schedules.
Certainly data backups should be created frequently. These backups can take various forms. Full backups copy all data to a separate media. Differential backups record all changes since the last full backup, and incremental backups record only the data that has changed since the last backup of any type. The time required to create these backups will vary, making the daily backup solution chosen one based on the quantity of data and the time available for backup. Media space to hold the backup is also a factor. Next, where the backup will reside must be determined. An offsite location is generally the safest choice. This can be accomplished by an IT employee simply taking the backup offsite at the end of the day or, more recently, transferring data by high speed internet to an IT vendor specifically set up to receive and safely store the data. The cost of these offsite data backup solutions has decreased in the past few years, making this choice more affordable to smaller businesses.
Disaster recovery requires a much larger scope in planning. Consider the difficulty involved in effectively reacting to customers, stockholders, banks, and appropriate governmental agencies without a plan in place previously designating employees responsibilities, organization spokesperson, how employees will be contacted, etc. Failure to plan, and then to practice, disaster recovery initiatives can lead to chaos and a permanent loss of credibility in the marketplace.
How long can an organization be offline without serious detrimental effect? If the organization cannot be shut down for very long then an alternate site should be considered. These alternatives range from “cold” sites with only office space and some basic necessities already in place to a “hot” site with a fully duplicated hardware, software, and employee set up. Hot sites sometimes also have fully duplicated up-to-date data storage from the primary site. Of course, the cost to maintain these alternatives can vary significantly.
FCC Wants High-Speed Internet for the Masses, PC World, February 17, 2010
- Secure electronic collaboration with clients – client portals
Portals enable employees, customers, vendors, and other contacts to securely access and share information and documents. Collaboration tools allow multiple users to work together on files of all kinds.
According to Accenture, a global technology services company, customer or client portals are “a multi-channel application that enables the creation, sharing and distribution of personalized content, as well as access to self-service capabilities.
Portals provide broad functionality for success in the so-called "Web 2.0" world—one where customers use Web functionality to participate in social networks, create and share content, and receive personalized services, in addition to traditional communications services based on fixed-mobile convergence. From the carrier's perspective, portals enable the segmentation, aggregation and delivery of rich media, communications and service experiences, while driving customer service costs down.”
“…customer portal solutions can drive benefits across the entire value chain of a company:
Increasing customer profitability.
Decreasing churn and attrition.
Improving sales and average revenue per user.
Lowering the cost to serve while increasing the ROI in sales and service.
Increasing marketing effectiveness.
Client portals are a form of cloud computing, and as such are very dependent on internet availability. If a client or customer’s internet service is interrupted, the client portal cannot be used. Therefore, steps should be considered to protect the internet infrastructure by providing an alternate internet connection, local power backup, and other appropriate business continuation steps specifically targeted to sustain the client portal. Security for the portal is often provided via SSL, or secure sockets layer. You can often recognize a website that has been secured by SSL when you see the URL start with https:// rather than http://. SSL is a tool that establishes an encrypted link between a remote user’s computer and a web server.
- Paperless workflow/ paperless technology / electronic work papers
A paperless office environment is essential to supporting mobile users who want to access and collaborate on digital documents from remote locations. In 1975 the head of the Xerox Research and Development office George E. Pake coined the phrase “paperless office”, in an article for Business Week Magazine. It first appeared in an Executive Briefing June 30, 1975 copyright McGraw Hill Business Week Magazine. Paperless office strategies have been available for a number of years, but many CPAs find themselves at various stages of implementation. This concept is strongly tied to an effective document storage and retention program. Clear efficiencies exist in implementing a paperless office, but the level of discipline required in maintaining this program can be difficult. The ability of any appropriate personnel to access, work on, and store tax returns, work papers, etc. can be a great cost savings tool, making as full a use of digitized forms as is possible for the organization.
- Laptop security / encryption
Stored data can be altered to commit fraud, intercepted by an unscrupulous person en route and altered, and laptops storing vast amounts of confidential information can be lost or stolen. Theft of mobile devices, including laptops, is a very common security breach. According to Data Loss DB, a data breach clearing house, more than 32% of data breaches were the result of a lost or stolen laptop, mobile phone, or other portable media device. If you compare this to the fact that only 14% of data breaches were the result of a hacking event, you begin to see where the real problem lies with regards to data security, it is outside the firewall. Encryption is the primary means by which a CPA should protect their mobile devices. Encrypting the hard drives and removable media, like flash drives, will provide a significant level of protection. Requiring passwords, which are also encrypted, at the bios level are also recommended. Most laptops come with a very strong BIOS password capability that locks up the hardware and makes the laptop completely unusable. This is the password that has to be entered before the operating system loads, usually on a black screen a few seconds after the laptop is started. Of course BIOS password can be set on a PC too, but there it is stored together with the other BIOS settings – date, time, hard disk size, etc. It is very easy to reset the BIOS settings. However, most laptops store the BIOS password in a special chip, sometimes even hidden under the CPU, that is not affected when the rest of the BIOS settings are reset. This makes the removal of a BIOS password on a laptop almost impossible. The only option in most cases is to replace the chip which is quite expensive and risky procedure and, of course, not supported by the manufacturers.
- Small business software / Office 2010 / Windows 7
There is a new generation of productivity applications available from Microsoft and others, including Office 2010, Windows 7, and Google Apps to improve the user experience. Recent software improvements in the Microsoft Office products, Microsoft Windows, and the newer online (cloud based) Google Applications have created significant interest from consumers. The Office 2010 product suite has a new look that requires some adjustment time, but most reviews indicate that the new scheme is very efficient. Windows 7 has also been reviewed as an improvement over Windows XP and over Windows Vista.
- User mobility/ mobile computing/ mobile devices
Enabling people to work from anywhere and at any time is the goal of Mobile and Remote Computing. Technologies used include Citrix, Virtual Desktop Interface, Cellular broadband, and other applications.
- Tax software/ electronic transmittals of tax forms/ modern e-file
A paperless office environment is essential to sting mobile users who want to access and collaborate on digital documents from remote locations.
- Server virtualization and consolidation Virtualization is running computing resources in an emulated and consolidated environment. Server virtualization is a method that allows computing resources to be installed, used, and supported more efficiently.