2013 AICPA Top Technology Initiatives Resource Index 


    The Top Technology Initiatives Survey assists CPA professionals in the public accounting, consulting and law, education, government and military, and nonprofit industries. These industries, although different, each utilize Information Technology to provide a safe and sustainable value proposition for their client, customers and stakeholders. As the technology evolves so must the practices that are used to govern and maintain these organization.

    Twenty four years ago the IMTA Division created the Top Technology Initiatives Survey to assist in this effort and has since provided resources and tools to help organizations thrive in their respective markets through the awareness of key insights. New IMTA resources are created regularly in the following key areas: IT Assurance, Risk, Security & Privacy, Analytics and Technology.  These resources have been categorized into the most appropriate top technology priority and made available for review. 

    Find the resources that will help you address this year’s top priorities in the 2013 AICPA Top Technology Initiatives Survey Resource Index.

    1. Managing and retaining data

    Data and glasses that represent managing and retaining data Red Flags Rule Overview  
    Federal Law: Under the Red Flags Rules, financial institutions and creditors must develop and implement a written Identity Theft Prevention Program.

    Disaster and Business Continuity Planning
    Article: This article provides an overview of the steps an organization should follow to prepare a disaster recovery plan.

    Payment Card Industry (PCI) Data Security Standard - Requirements and Security Assessment Procedures
    Article: PCI DSS provides a baseline of technical and operational requirements to protect cardholder data. It applies to all entities involved in payment card processing.

    An Overview of Data Management
    Guide: This document provides an overview to help accountants understand the potential value that data management and data governance initiatives can provide to their organizations, and the critical role that accountants can play to help ensure these initiatives are a success.

    A Practice Aid for Records Retention
    Guide: This practice aid provides an overview of the factors that organizations should consider in assessing their records retention needs and strategy for development of a records retention policy that helps to align the IT department’s data storage strategy with the organization’s needs. Member login required

    Information Integrity
    Paper: The purpose of this paper is to define what information integrity means and provide a context for it for users and preparers of information and providers of assurance on such information. The paper focuses on what it means to have information integrity and how information integrity can be achieved and maintained.

    2. Securing the IT environment

    Black and white graphic represent securing an IT environmentCyber Security Fraud What CPAs Should Know - Webcast Series
    Webcast: This eight week webcast series is an expansive overview of all aspects of cyber security. It will include real life examples of security threats, security frameworks and risk assessments.

    Segregation of Duties
    Article: Segregation of Duties (SOD) is a building block of sustainable risk management and internal controls for a business.

    Information Security Continues to Be Vital for CPAs
    Article: With the increased pressure on companies to comply with security standards, most businesses try to maintain a competitive edge by keeping certain information security initiatives at the forefront of their plans.

    IT Assurance Services
    Article: Assurance Services are independent professional services to improve the quality of information to management as well as other decision makers within an organization.

    Digital Identity and Authentication Technologies
    Article: This article provides an overview of digital identity and authentication technologies used to verify a user's identity.

    Information Security Management
    Article: Roman Kepczyk takes a closer look at several solutions that can mean the difference between a safe environment versus the very shaky alternative. Member login required

    The Inside View of Information Security Management
    Article: In this article, three CPA,CITPs discuss how information security can be better managed within an organization.

    Information Security Management Content Suite
    Overview: The following content is intended to introduce CPAs to the basic concepts and terminology surrounding IT security.

    ABCs of IT Security for CPAs
    Article: This document explores the ways in which IT employees are working long hours to secure their network from threats by others.

    3. Managing IT risks and compliance

    Two men try to manage IT risks and complianceInternal Control Tools and Resources
    Tools: This page explores Internal Control and the control environment, risk assessment, control activities, and information and communication monitoring.

    Critical Security Audit Considerations
    Article: This article will address specific policies, procedures, and methods related to the security portion of an information technology internal audit. Member login required

    Performing an Audit of Internal Control in an Integrated Audit
    Overview: The Center for Audit Quality (CAQ) has developed a new practical pointers reference source for public company auditors that provides lessons learned from integrated audits of internal control over financial reporting (ICFR).

    Complete Guide to the CITP Body of Knowledge
    Guide: The review guide is designed not only to assist in the candidate's preparation of the CITP examination but will also enhance your knowledge base in today's marketplace.

    IFRS Compass IT Systems Implications
    Article:  The purpose of this book is to provide some initial background about International Financial Reporting Standards (IFRS) and to raise awareness of the potential impact to an organization’s financial systems. Member login required

    Internal Control Tools and Resources
    Tools: This page explores Internal Control and the control environment, risk assessment, control activities, and information and communication monitoring.

    4. Ensuring privacy

    Key represents privacy resourcesGenerally Accepted Privacy Principles -GAPP
    Overview: GAPP is designed to assist management in creating an effective privacy program that addresses their privacy obligations, risks, and business opportunities.

    AICPA Privacy Principles Scoreboard
    Tool: This downloadable software tool is available in both a single organization use option (for internal use in privacy assessment and management within a company or a firm) and a client engagement option (for use in performing up to five client engagements using the software).

    Privacy Risk Assessment Questionnaire
    Overview: This questionnaire highlights key questions businesses should ask with the aim of understanding privacy risk, implementing sound privacy policies and practices, managing privacy risk, and obtaining privacy assurance.

    Outsourcing and Privacy
    Article: This article discusses the 10 critical questions management should ask about outsourcing and discusses specific privacy concerns associated with outsourcing.

    Building a Privacy Practice in Small and Medium-Sized CPA Firms
    Toolkit: This guide serves as the first step for practitioners reviewing or considering investing time and resources in Privacy Advisory Services.

    Identity Theft Resources
    Overview: Identity theft and identity fraud are terms used to refer to all types of crime in which someone wrongfully obtains and uses another person's personal data in a way that involves fraud or deception, typically for economic gain.

    Privacy Maturity Model
    Practice Aid: The Privacy Maturity Model provides entities with a useful and effective means of assessing their privacy program against a recognized maturity model.

    5. Managing system implementations

    Desktops represents managing system implementationsSystems Implementation / Technology Integration
    Overview: This page contains resources for accounting professionals pertaining to system implementation and technology integration

    Value Analysis / Cost Justification Spreadsheet
    Toolkit: Proposition tool kit is an aid designed to help organizations that are considering implementing a BI platform. It should help identify the costs and benefits associated with a BI implementation. Member login required

    Business Intelligence Case Study - "Big Builders"
    Case Study: Thus case study assists in identifying the Tangible Benefits of a Business Intelligence (BI) Solution.

    6. Preventing and responding to computer fraud

    Desktop computer represent advancing cyber securityCyber Security Fraud What CPAs Should Know - Webcast Series
    Webcast: This eight week webcast series is an expansive overview of all aspects of cyber security. It will include real life examples of security threats, security frameworks and risk assessments.

    CAATTs Identifies Potentially Fraudulent Activities
    Article: This case study explores how Computer Assisted Auditing Tools and Techniques (CAATTs) enables you to discover fraud in a very short timeframe. Member login required

    Common Vulnerabilities and Exposures
    Overview: Common Vulnerabilities and Exposures (CVE's) is a dictionary of publicly known information security vulnerabilities and exposures.

    7. Enabling decision support and analytics

    A man looks through document about enabling decision support and analyticsBusiness Intelligence Content Suite
    Article: Business Intelligence (BI) helps managers improve the timeliness and quality of information. BI tools include data warehousing and integration applications, report writers and application dashboards.

    Business Intelligence Value Proposition Tool Kit
    Toolkit: The Business Intelligence (BI) Value Proposition tool kit is designed to help businesses identify costs and benefits associated in implementing a BI platform. Member login required

    Business Process Reengineering
    Article: Although the "BPR" label is applied to many situations, a proper BPR project may involve a thorough assessment. In this article, Janis Parthun explores implications to accounting. Member login required

    How CPAs Can Drive Business Intelligence
    Article: Donny Shimamoto, CPA/CITP explains why CPAs are especially suited to drive Business Intelligence initiatives for their clients, or within their own organization.

    Business Intelligence in the Enterprise: A Framework for Enterprise Business Reporting
    Article: This document discusses the business reporting architecture and basic information on achieving success of a business reporting project. Member login required

    8. Governing and managing IT investment and spending

    Financial section of newspaper represent governing and managing IT investment and spendingBig Firm Technology
    Article: Tim Trueblood offers his opinions on how small firms can enjoy the same enterprise environment large firms do, for a much lower price tag.

    A Strategic Approach to IT Budgeting
    Article:
    This article provides insight on how organizations can align technology spending with their overall mission and goals.

    IT Governance Webcast
    Webcast: The webcast provides guidance about best practices surrounding IT Governance. IT plays a critical role in an organization's ability to manage risk and compliance. Member login required

    IT Governance for Small Business & CPA Firms
    Presentation: In this session you will learn how to apply IT governance principles and practices to small businesses and CPA firms to help develop your IT strategy, manage your IT risk, and enable better business decisions through information management. Member login required 

    9. Leveraging emerging technologies

    Laptops in the sky represent leveraging emerging technologies10 Steps to a Digital Practice in the Cloud: New Levels of CPA Firm Workflow Efficiency
    Guide:
    This new guide provides accounting and tax practitioners, from sole practitioners to mid-size firms, with an easy-to-follow roadmap for leveraging the unprecedented array of information technology solutions that can power your practice.

    Mobile and Remote Computing Content Suite
    Overview: The Mobile & Remote Computing content suite has been assembled to help members achieve a better understanding of the technologies and issues related to Mobile & Remote Computing. It is intended to provide IT decision-makers with a comprehensive overview of the technologies and issues related to Mobile and Remote Computing.

    Cloud Computing (and mobile devices) Resource Center
    Overview: Cloud computing resources for AICPA Information Management and Technology Assurance (IMTA) section members.

    Cloud Security using AICPAs reporting framework for evaluating controls
    Article: The American Institute of CPA’s framework for evaluating technology-related controls and other safeguards used by cloud service providers has been endorsed by the Cloud Security Alliance (CSA), a not-for-profit organization that promotes the use of best practices on security assurance within cloud computing.

    CSA Position Paper on AICPA SOC Reports
    Paper:
      The Cloud Security Alliance (CSA) has drafted this position paper as a means of educating its members and providing guidance on selecting the most appropriate reporting option.

    10. Managing vendors and service providers

    Binder of reports represents resources for managing vendors and service providersService Organization Controls (SOC) Introduction
    Course: This course is to introduce SOC reporting to an experienced auditor that is about to offer or perform SOC reporting engagements or an experienced auditor that wants to get an overview of the replacement of SAS70 with SOC 1, 2 & 3 reporting.

    Quick Reference Guide to Service Organization Control Reporting Matters
    Guide:
    The guide addresses key topics that may arise when user entities are determining which type of SOCSM report best meet their needs and contains concise explanations, helpful charts on SOC 1, 2, and 3 engagements, and significant information on recent developments.

    Service Organizations: Applying SSAE No. 16, Reporting on Controls at a Service Organization Guide (SOC 1)
    Guide: This guide is for CPAs reporting on controls at a service organization that affect user entities’ internal control over financial reporting. It is designed to assist CPAs in transitioning from performing a service auditor’s engagement under Statement on Auditing Standards (SAS) No. 70, Service Organizations, to doing so under Statement on Standards for Attestation Engagements (SSAE) No. 16, Reporting on Controls at a Service Organization, which replaces the guidance for service auditors in SAS No. 70.

    Reporting on Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality, or Privacy (SOC 2 SM)
    Guide:
    It explains the relationship between a service organization and its user entities, provides examples of service organizations including those that provide cloud computing services, identifies the criteria in Trust Service Principles and Criteria as the criteria to be used to evaluate the design and operating effectiveness of controls, explains the difference between a type 1 and type 2 SOC 2SM report and provides an overview of the three reporting options for CPAs reporting on controls at a service organization.

    Service Organization Controls Reports SM: SOC 1, SOC 2, and SOC 3 On-Demand Series
    Course: This series of courses will provide information and guidance on the three new reporting options on controls at a service organization that have replaced SAS 70 reports; SOC1, SOC2 and SOC3 reports. 

    Trust Services Principles and Criteria
    Guidance: Trust Services Principles and Criteria provide guidance for assurance services and advisory services on related technological and digitally enabled systems.

    Trust Services
    Overview: Trust Services are defined as a set of professional assurance and advisory services based on a common framework to address the risks and opportunities of IT

    Service Organization Controls: Managing Risks by Obtaining a Service Auditor’s Report
    Guide: This guide shows historical analysis of the three Service Organization Control (SOC) reporting options (SOC 1, SOC 2 and SOC 3 reports) for CPAs to examine controls and to help management understand the related risks.




    Note:
     
    Member login required indicates that the content is locked and requires member login. Not yet an IMTA Division member and want access to all of these resources? Become a member today!




    A A A


     
    Copyright © 2006-2014 American Institute of CPAs.