As the accounting profession continues to evolve toward a paperless or less-paper environment, a host of challenges, particularly with regard to managing and protecting client data, will emerge, according to experts.
Encryption, an increased use of portals, cloud computing and virtual servers will play an expanding role in technology trends in 2010. In addition, federal and state laws focusing on privacy are adding to the immediacy of enhanced data monitoring as the use of Web-based technologies expands.
Data file monitoring needs to go hand in hand with fraud prevention programs, insisted Joel Lanz, CPA, a member of the Certified Information Technology Professional Committee at the American Institute of CPAs.
Clients need to have the ability to continuously monitor, said Lanz, who is a member of various AICPA technology and fraud-related task forces. Continuous monitoring is where business clients need to have balance between technology and internal procedures, he said, noting, "If it's run by technology, you can't do it by hand anymore."
DATA SECURITY
CPA firms may need to work with clients on risk assessments and establishing business justifications for how data is used, sent and protected. "There are some really legitimate business reasons," Lanz said.
In June, the Federal Trade Commission will begin enforcing its "Red Flags Rule." Under the regulation, the FTC will require financial institutions and creditors to develop written identity theft prevention programs to help identify, detect and respond to patterns, practices or specific activities - known as "red flags" - that could indicate identity theft. The AICPA recently filed a lawsuit against the FTC to exempt CPAs from the regulation.
Data monitoring will be one way of complying with the rule, which requires written procedures against ID theft. "We need to find some way of securing the mobile device," explained Lanz, adding that, for example, a Blackberry device can be immediately disabled if it's lost.
The accountant can help the client identify key indicators for potential breaches and leverage audit software programs, Lanz said. The audit technology needs to be leveraged so that a client can actually use it to also help with compliance. What the focus is may depend on the type of business and its size, for example. "One of the biggest things for small businesses is data leakage," he said.
Data monitoring may involve transactions being put into a file, into an audit server program, or being used to identify unusual trends that internal audit groups are interested in tracking, Lanz said.
CLOUD COMPUTING
When it comes to protecting client data, online data centers, known as cloud storage, can replicate and back up the information. Cloud computing allows many accounting and financial-centric applications to be performed online through a "hosted" server.
"[Many of] these applications we're starting to see appear on the cloud computing model," said Jim Bourke, a partner and director of firm technology at WithumSmith+Brown, and chairman of the CITP Committee at the AICPA. "Firms are and will increasingly be looking to anything cloud," he said - often simply as a cost-saving initiative.
Meanwhile, research and analysis group Gartner Research stated in a recent report that the growth of cloud computing will continue to soar. "Cloud services enterprises will increasingly act as cloud providers and deliver application, information or business process services to customers and business partners," the report stated.
ENCRYPTION
Mobile use will add more attention to encryption technology. "There are going to be more capabilities on mobile phones," predicted Randy Johnston, executive vice president at technology consultant K2 Enterprises.
There are still businesses that are not encrypting e-mail. They can do so through solutions, such as Zix Corp.'s encryption, that can flag and report attempts to break into e-mail accounts, Lanz explained.
"Encryption has really come of age," echoed David Cieslak, CPA, CITP and principal of Arxis Financial and Arxis Technology Group, in Simi Valley, Calif.
The AICPA's Lanz suggested keeping logs to help decide whether there is enough forensic evidence to show a problem, such as a breach or suspected breach, because technology might not cover everything. "The idea there is coming up with the right mix."
PORTALS
Portals can be easier to use than encrypting e-mail, WS+B's Bourke said. The use of portals versus e-mail will continue to expand into 2010. A lot more firms will be looking to portals, common amongst the large firms and available for sole practitioners, because of the tight ID theft rules, said Bourke. Portals can have various functions, including tax and other document management.
Portals are ways to alleviate some concerns about privacy, particularly in the realm of hard drives and mobile communications, according to Bourke. "Client data is all over the place," he said. "Today any size firm has the capability of deploying a portal."
CCH ProSystem fx works with portals and can help better manage client documents and communications, while Thomson Reuters offers the NetClient CS portal that also allows firms to log into client accounting software. Recently added integration technology includes integrating more directly with UltraTax CS, allowing users to print completed tax returns directly to a portal.
VIRTUAL SERVERS
Virtualized servers will continue to gain steam because they can help firms with better resource management. Through virtualization, servers can be backed up and run from the same physical box, avoiding confusion that can result from stocking multiple servers in the same back room.
Microsoft's Windows 7 allows for this function. Server virtualization could operate as a backbone function for computer systems. "There's a heck of a lot of benefits," Cieslak said. "It's a more sound approach to making applications available to your end users."
