AICPA Survey Identifies Top Technology Issues for CPAs
Information security management and IT governance tops 2008 Technology List.
February 4, 2008
by Tamera Loerzel
For the second year in a row, information security management has been ranked as the most important initiative affecting IT strategy, investment and implementation in business organizations over the next 12 to 18 months, according to the latest AICPA Top Technology Initiatives
survey. IT governance is the second highest priority, reflecting the market’s renewed emphasis on corporate governance and responsibility.
The AICPA poll was conducted last autumn in conjunction with the Information Systems Audit and Control Association (ISACA), the Institute of Internal Auditors (IIA) and the Information Technology Alliance (ITA). Nearly 1,200 CPA and CITP credential holders, auditors and IT executives were polled for this survey.
2008’s Top 10 Tech Initiatives
The survey respondents identified the following as the top 10 most important technology initiatives for 2008:
- Information Security Management. As CPAs well know, this category includes the people, processes and systems used to protect an organization’s information from both internal and external threats. When managed well, an organization’s information can be secured by:
- Ensuring proper processes are in place to grant access only to authorized individuals or entities,
- Preserving the confidentiality of, and restricting unauthorized access to, your organization’s information, and
- Distinguishing which information is made available to those who are authorized and what they can do with that information.
- IT Governance. The IT Governance Institute defines IT governance as:
“the leadership and organizational structures and processes that ensure that the organization’s IT sustains and extends the organization’s strategies and objectives.”
IT Governance is a component of Corporate Governance and was established so that key stakeholders, such as board-level executives, department heads and other personnel who may have limited technical experience, can be informed and educated about the IT technologies and processes in the organizations they govern, enabling them to participate meaningfully in the organization’s key decisions related to IT.
- Business Continuity Management (BCM) and Disaster Recovery Planning (DRP). While BCM is the IT process that identifies potential threats and the impact of those threats on an organization, DRP is the planning process that establishes documented strategies to address and mitigate those threats. For CPAs in the know, BCM identifies potential threats and the impact of those threats and then a well-defined, documented, communicated and regularly tested DRP helps provide structure and stability in the event of a business interruption or catastrophe, greatly improving the chance of business survival.
- Privacy Management. This addresses an individual’s rights when providing their personal information to an organization, and conversely the organization’s obligations when it comes to collecting, using, disclosing, retaining and protecting the personal information it manages. All organizations need to address the management and protection of personal information received according to specific local, state, national and international privacy laws and regulations. In the last several years, the AICPA and the Canadian Institute of Chartered Accountants developed Generally Accepted Privacy Principles (GAPP). Formerly known as the Privacy Framework, GAPP can help CPAs and the organizations they serve identify and apply a core set of standards through which good privacy practices could be developed, measured and assessed.
- Business Process Improvement (BPI), Workflow and Process Exception Alerts. This category made its grand debut in 2008. Business Process Improvement (BPI) is a systematic approach to help any organization make significant changes in the way it does business. Within Business Process Improvement, workflow identifies specific tasks to be completed, who performs them, in what order they are performed and how information supports and monitors those tasks. Workflows establish consistency and predictability in an organization to enable it to run more efficiently, reduce errors and manage training costs. When a workflow or business process is not being followed or exceptions are occurring, Exception Alerts can be implemented that notify management so they can make informed decisions to override agreed-upon processes, rather than have them occur without oversight.
- Identity and Access Management. Identity and Access Management includes the hardware, software and processes to authenticate a user’s identity and grant them access to the information and systems for which they have been authorized. Identity management then utilizes “authentication factors” to verify that users are who they say they are and may include a combination of passwords, digital certificates (for Web sites and e-mail systems), biometrics and other emerging technologies.
- Conforming to Assurance and Compliance Standards. This encompasses education to understand the required standards, the impact they will have to current methodologies and processes and documentation of new requirements due to the standards. It includes the implementation of collaboration and compliance tools to assist in the documentation, assessment, testing and reporting on compliance, such as applying computer assisted auditing tools and techniques (CAATTs) to automate or simplify the audit process.
- Business Intelligence (BI). This category is also new in 2008. BI essentially applies technology to collect, analyze and report an organization’s information so that its decision-makers can be better informed and be more strategic in their decision-making processes. The ultimate objective of BI is to improve the timeliness and quality of information. BI gives individuals access to information in a usable format with the ability to “slice and dice” it in a variety of forms for relevant analyses on an as-needed basis, making their decisions more informed and timely.
- Mobile and Remote Computing. Mobile and Remote Computing includes technologies and policies that enable CPAs to securely connect to key resources anywhere, anytime, regardless of physical location. Mobile computing, collaboration tools, remote access technologies and communication devices now make it possible for workers to remain in touch with the office or clients from virtually anywhere, during the traditional 9-to-5 workday and even after hours. As a result of extended office hours and increased flexibility, organizations have realized substantial gains in efficiency and worker productivity.
- Document, Forms, Content and Knowledge Management. CPAs and financial professionals can use document and content systems to capture, track, store and access an organization’s electronic documents or paper images. Knowledge Management then brings structure and control to this information, allowing organizations to harness the intellectual capital contained in the underlying data. This is sometimes referred to as the “paperless” office, even though “less-paper” or digital office may be more accurate terms.
In addition to the Top 10 list, the survey also captured the next five most important technology initiatives as honorable mentions — Customer Relationship Management, Improved Application and Data Integration, Training and Competency, Web-Deployed Applications and Information Portals.
For additional information and educational sessions that will help you apply the 2008 Top Technology Initiatives, attend the AICPA TECH+ Conference. You can also access valuable resources, guidance and tools by visiting AICPA’s IT Section, when considering or implementing some of these initiatives.
Rate this article 5 (excellent) to 1 (poor).
Send your responses here.
Tamera Loerzel is a partner of ConvergenceCoaching, LLC, a national leadership and marketing consulting firm dedicated to helping CPA and IT firms achieve success by helping them develop and implement leadership, succession and marketing plans. She is a known speaker at AICPA and other CPA and IT association conferences.