2013 AICPA Top Technology Initiatives Resource Index 

    The Top Technology Initiatives Survey assists CPA professionals in the public accounting, consulting and law, education, government and military, and nonprofit industries. These industries, although different, each utilize Information Technology to provide a safe and sustainable value proposition for their client, customers and stakeholders. As the technology evolves so must the practices that are used to govern and maintain these organization.

    Twenty four years ago the IMTA Division created the Top Technology Initiatives Survey to assist in this effort and has since provided resources and tools to help organizations thrive in their respective markets through the awareness of key insights. New IMTA resources are created regularly in the following key areas: IT Assurance, Risk, Security & Privacy, Analytics and Technology.  These resources have been categorized into the most appropriate top technology priority and made available for review. 

    Find the resources that will help you address this year’s top priorities in the 2013 AICPA Top Technology Initiatives Survey Resource Index.

    1. Managing and retaining data

    Data and glasses that represent managing and retaining data Red Flags Rule Overview
    Federal Law: Under the Red Flags Rules, financial institutions and creditors must develop and implement a written Identity Theft Prevention Program.

    Disaster and Business Continuity Planning
    Article: This article provides an overview of the steps an organization should follow to prepare a disaster recovery plan.

    Payment Card Industry (PCI) Data Security Standard - Requirements and Security Assessment Procedures
    Article: PCI DSS provides a baseline of technical and operational requirements to protect cardholder data. It applies to all entities involved in payment card processing.

    An Overview of Data Management
    Guide: This document provides an overview to help accountants understand the potential value that data management and data governance initiatives can provide to their organizations, and the critical role that accountants can play to help ensure these initiatives are a success.

    A Practice Aid for Records Retention
    Guide: This practice aid provides an overview of the factors that organizations should consider in assessing their records retention needs and strategy for development of a records retention policy that helps to align the IT department’s data storage strategy with the organization’s needs. Member login required

    Information Integrity
    Paper: The purpose of this paper is to define what information integrity means and provide a context for it for users and preparers of information and providers of assurance on such information. The paper focuses on what it means to have information integrity and how information integrity can be achieved and maintained.

    2. Securing the IT environment

    Black and white graphic represent securing an IT environmentCyber Security Fraud What CPAs Should Know - Webcast Series
    Webcast: This eight week webcast series is an expansive overview of all aspects of cyber security. It will include real life examples of security threats, security frameworks and risk assessments.

    Segregation of Duties
    Article: Segregation of Duties (SOD) is a building block of sustainable risk management and internal controls for a business.

    IT Assurance Services
    Article: Assurance Services are independent professional services to improve the quality of information to management as well as other decision makers within an organization.

    ABCs of IT Security for CPAs
    Article: This document explores the ways in which IT employees are working long hours to secure their network from threats by others.

    3. Managing IT risks and compliance

    Two men try to manage IT risks and complianceInternal Control Tools and Resources
    Tools: This page explores Internal Control and the control environment, risk assessment, control activities, and information and communication monitoring.

    Performing an Audit of Internal Control in an Integrated Audit
    Overview: The Center for Audit Quality (CAQ) has developed a new practical pointers reference source for public company auditors that provides lessons learned from integrated audits of internal control over financial reporting (ICFR).

    Complete Guide to the CITP Body of Knowledge
    Guide: The review guide is designed not only to assist in the candidate's preparation of the CITP examination but will also enhance your knowledge base in today's marketplace.

    Internal Control Tools and Resources
    Tools: This page explores Internal Control and the control environment, risk assessment, control activities, and information and communication monitoring.

    4. Ensuring privacy

    Key represents privacy resourcesGenerally Accepted Privacy Principles -GAPP
    Overview: GAPP is designed to assist management in creating an effective privacy program that addresses their privacy obligations, risks, and business opportunities.

    AICPA Privacy Principles Scoreboard
    Tool: This downloadable software tool is available in both a single organization use option (for internal use in privacy assessment and management within a company or a firm) and a client engagement option (for use in performing up to five client engagements using the software).

    Privacy Risk Assessment Questionnaire
    Overview: This questionnaire highlights key questions businesses should ask with the aim of understanding privacy risk, implementing sound privacy policies and practices, managing privacy risk, and obtaining privacy assurance.

    Outsourcing and Privacy
    Article: This article discusses the 10 critical questions management should ask about outsourcing and discusses specific privacy concerns associated with outsourcing.

    Identity Theft Resources
    Overview: Identity theft and identity fraud are terms used to refer to all types of crime in which someone wrongfully obtains and uses another person's personal data in a way that involves fraud or deception, typically for economic gain.

    5. Managing system implementations

    Desktops represents managing system implementationsSystems Implementation / Technology Integration
    Overview: This page contains resources for accounting professionals pertaining to system implementation and technology integration

    Value Analysis / Cost Justification Spreadsheet
    Toolkit: Proposition tool kit is an aid designed to help organizations that are considering implementing a BI platform. It should help identify the costs and benefits associated with a BI implementation. Member login required

    6. Enabling decision support and analytics

    A man looks through document about enabling decision support and analyticsBusiness Intelligence Content Suite
    Article: Business Intelligence (BI) helps managers improve the timeliness and quality of information. BI tools include data warehousing and integration applications, report writers and application dashboards.

    How CPAs Can Drive Business Intelligence
    Article: Donny Shimamoto, CPA/CITP explains why CPAs are especially suited to drive Business Intelligence initiatives for their clients, or within their own organization.

    7. Governing and managing IT investment and spending

    Financial section of newspaper represent governing and managing IT investment and spendingA Strategic Approach to IT Budgeting
    This article provides insight on how organizations can align technology spending with their overall mission and goals.

    IT Governance Webcast
    Webcast: The webcast provides guidance about best practices surrounding IT Governance. IT plays a critical role in an organization's ability to manage risk and compliance. Member login required

    8. Leveraging emerging technologies

    Laptops in the sky represent leveraging emerging technologies10 Steps to a Digital Practice in the Cloud: New Levels of CPA Firm Workflow Efficiency
    This new guide provides accounting and tax practitioners, from sole practitioners to mid-size firms, with an easy-to-follow roadmap for leveraging the unprecedented array of information technology solutions that can power your practice.

    Mobile and Remote Computing Content Suite
    Overview: The Mobile & Remote Computing content suite has been assembled to help members achieve a better understanding of the technologies and issues related to Mobile & Remote Computing. It is intended to provide IT decision-makers with a comprehensive overview of the technologies and issues related to Mobile and Remote Computing.

    Cloud Computing (and mobile devices) Resource Center
    Overview: Cloud computing resources for AICPA Information Management and Technology Assurance (IMTA) section members.

    Cloud Security using AICPAs reporting framework for evaluating controls
    Article: The American Institute of CPA’s framework for evaluating technology-related controls and other safeguards used by cloud service providers has been endorsed by the Cloud Security Alliance (CSA), a not-for-profit organization that promotes the use of best practices on security assurance within cloud computing.

    9. Managing vendors and service providers

    Binder of reports represents resources for managing vendors and service providersQuick Reference Guide to Service Organization Control Reporting Matters
    The guide addresses key topics that may arise when user entities are determining which type of SOCSM report best meet their needs and contains concise explanations, helpful charts on SOC 1, 2, and 3 engagements, and significant information on recent developments.

    Service Organizations: Applying SSAE No. 16, Reporting on Controls at a Service Organization Guide (SOC 1)
    Guide: This guide is for CPAs reporting on controls at a service organization that affect user entities’ internal control over financial reporting. It is designed to assist CPAs in transitioning from performing a service auditor’s engagement under Statement on Auditing Standards (SAS) No. 70, Service Organizations, to doing so under Statement on Standards for Attestation Engagements (SSAE) No. 16, Reporting on Controls at a Service Organization, which replaces the guidance for service auditors in SAS No. 70.

    Reporting on Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality, or Privacy (SOC 2 SM)
    It explains the relationship between a service organization and its user entities, provides examples of service organizations including those that provide cloud computing services, identifies the criteria in Trust Service Principles and Criteria as the criteria to be used to evaluate the design and operating effectiveness of controls, explains the difference between a type 1 and type 2 SOC 2SM report and provides an overview of the three reporting options for CPAs reporting on controls at a service organization.

    Trust Services Principles and Criteria
    Guidance: Trust Services Principles and Criteria provide guidance for assurance services and advisory services on related technological and digitally enabled systems.

    Trust Services
    Overview: Trust Services are defined as a set of professional assurance and advisory services based on a common framework to address the risks and opportunities of IT

    Service Organization Controls: Managing Risks by Obtaining a Service Auditor’s Report
    Guide: This guide shows historical analysis of the three Service Organization Control (SOC) reporting options (SOC 1, SOC 2 and SOC 3 reports) for CPAs to examine controls and to help management understand the related risks.

    Member login required indicates that the content is locked and requires member login. Not yet an IMTA Division member and want access to all of these resources? Become a member today!

    A A A

    Copyright © 2006-2015 American Institute of CPAs.