IMGCAP(1)] With the busy season wrapped up, now is the perfect time to reflect on your accounting firm’s data security processes. This guide provides you with a set of industry best practices that help streamline your security processes and ensure your firm is operating as securely and efficiently as possible.
Privacy and Security Overview
The
Generally Accepted Privacy Principles
The AICPA, together with the Captive Insurance Companies Association, developed the
As outlined in the GAPP, accountants must abide by the following security provisions:
• Protect confidential employee information, including social security number, bank account information, benefit information and medical information.
• Restrict access to client tax information to authorized individuals only.
• Securely transmit client data using high-grade encryption and authentication.
• Password-protect computers, and require users to sign in using a unique ID and password. Additionally, passwords should be changed at least every 60 days,
• Protect client credit card information by retaining it only as long as needed and restricting access to unauthorized personnel.
• Develop remote access policies for employees who work remotely, and determine the ways in which employees can access client data away from the office.
• Perform regular computer backups on machines that contain personal information. A copy of the backup should be kept in a secure off-site location.
• Use firewalls, software security patches and up-to-date antivirus software to protect against cyberattacks.
• Password-protect wireless networks to prevent unauthorized individuals from hacking into company servers.
• Implement file retention policies that clearly outline how long client information should be retained. When it is time to dispose of client information, paper documents must be shredded or returned to the client, and electronic data must be written over or deleted.
Tax Accounting
As a tax accountant, you are responsible for preparing federal, state and local tax returns for individuals, business and organizations — all of which contain highly confidential information. Therefore, your accounting firm should ensure the
Tax Accounting Best Practices
In regards to safeguarding taxpayer data, the IRS cites the following as industry best practices:
• Assess the risks to taxpayer information in your office. Make a list of every location that contains taxpayer data — filing cabinets, computers, external hard drives, laptops — and write a plan describing how you will safeguard stored information. Note: Refer to the Privacy and Security Overview above for specific security provisions.
• Assign one individual or a small group of individuals to be responsible for safeguards.
• Monitor your security processes and adjust your security plans as circumstances change.
• Automate processes where possible. To streamline filing and reporting processes, opt for a computerized file sharing system that maintains high-level security and complies with industry and government guidelines.
Refer to the security checklist located on page seven of the IRS Safeguarding Taxpayer Data guide for more in-depth information regarding tax accounting security protocols.
Auditing
As an auditor, you are responsible for checking the accuracy of business records to ensure organizations maintain honest and accurate financial records. Whether you are an internal auditor who works in the private sector or an external auditor who works for a government agency, there are specific guidelines you must follow to ensure consistency and integrity in your reporting.
As of June 15, 2011,
The main reason for this enhancement is to bring all U.S. companies up-to-date with
Auditing Best Practices
Although federal auditing guidelines (like SSAE 16) must be followed by every auditor to ensure the security and privacy of those they serve, most organizations have their own internal procedures and best practices that are unique to them.
Some
• Documenting all business practices, policies and protocols and making sure they are accurate and complete. This involves revisiting business policies at least once a year to ensure they are still relevant and up-to-date.
• Making policies available to all personnel for review.
• Educating clients to ensure they are prepared for their audit and have the appropriate information available.
• Safeguarding assets. This includes restricting access to confidential data (through user IDs, passwords and encryption) and storing all paper assets in a secured, locked area.
• Automating processes where possible. Be sure to partner with a service provider who offers top-notch security and complies with all industry and government regulations.
Jason Goldfinger is the Director of Corporate Sales, Accounting/CPA Division for