The American Institute of CPAs has debuted a new downloadable software tool for assessing privacy risks and the maturity of privacy programs.
The AICPA’s Privacy Principles Scoreboard came in response to some of the recent high-profile privacy breaches in the technology world. The tool is designed to build on the foundation of an earlier Microsoft Excel-based privacy risk assessment tool from the AICPA that used the AICPA’’s and Canadian Institute of Chartered Accountants’ Generally Accepted Privacy Principles.
“We tried to make it an interactive tool that had an intuitive user interface,” said Amy Plent, director of publication product development for the AICPA. “We also added a new level of functionality, both in terms of the reporting capabilities of the tool, and also the additional dynamic of being able to conduct privacy maturity modeling and privacy risk assessment, in line with one another in the same tool, and be able to look at how an organization’s privacy risks are laying out and what’s the overall maturity of their privacy program.”
The software can be used as an internal privacy management tool, a consulting tool or an audit workpapers tool. It generates ratings, reports and user documentation. Assessments and reports can be saved, rolled forward, and compared over time. Accountants can use the tool to advise clients in various industries that require privacy protections, including health care and banking.
“There are some industries that have already been dealing with the privacy issue for quite some time, and some other industries that are new to privacy, and they can learn from what some of these other industries have done,” said Joel Lanz, a sole practitioner in Jericho, N.Y., who chairs the AICPA’s Certified Information Technology Professional Credential Committee. “That’s one of the practical things I’ve learned from a consultative perspective in terms of getting clients ready to become compliant with the regulatory requirements.”
Once the tool is launched, users are taken to the survey area where they can begin a new assessment or open a prior assessment. The assessment screen shows the full guidance for each criterion in scrolling windows and allows for both ratings and the entry of findings and notes. After completing the survey process, the user accesses the scoreboard area to begin compilation and reporting.
Donny Shimamoto, managing director of Intraprise TechKnowlogies, a tech-focused management consulting firm based in Honolulu, and chairman of the AICPA’s IT Executive Committee, noted that privacy policies and compliance ranked among the top technology initiatives in a recent survey of CPAs. “It’s interesting to see the CPA public practitioner side is very concerned with it,” he said. “They realize it’s one of the top five technology initiatives for this year. On the business and industry side, it’s one of the top 10.”
“One of the things we were always concerned with and interested in was meeting the expectations and needs of our customers,” said Ken Askelson, vice chair of the AICPA/Canadian Institute of Chartered Accountants Privacy Task Force, and a now-retired director of the IT audit group for JC Penney. “One of those was how we handle, process and collect our customers’ personal information. The other was meeting our business partners’ and employees’ commitments pursuant to contractual agreements we would have arranged with them, relating to the privacy and personal information that was processed and handled by the business partners.”
The Privacy Principles Scoreboard is priced at $200 for AICPA members, $99 for members of the AICPA’s IT section, and $240 for nonmembers. There is also a client engagement option, based on use of up to five engagements, priced at $700 for AICPA members, $350 for members of the AICPA’s IT section, or $875 for nonmembers. Licenses for broader use are also available. The tool can be ordered through the CPA2Biz store at
