AICPA Top 10 Tech: Is IT safe?

If your firm is anything like Ilene Eisen's Monterey, Calif.-based firm, ie Solutions, there have been some major upgrades in security around your office this year.Eisen, a CPA and Certified Information Technology Professional, has started using an online back-up for her files, so that they cannot be physically lifted away during a robbery; implemented password-protected USB drives; and changed the password on her PC. She has also made her wireless network secure in her office, and has started running spyware as well as patch updates for her computer applications.

"We're becoming much more aware. Now I hear these in-your-face [IT security] announcements constantly - at least once a month, if not more," said Eisen. "I'm also seeing more and more stories about identity theft. What I am more concerned about, and more aware of, is I'm not seeing people taking the precautions I want them to."

To Eisen and others on the committee who helped finalize the American Institute of CPAs' Top Ten Technology list, it was no surprise that information security made it to the top of the list for the fourth year in a row.

"It's really not surprising. Information security as an overall topic is something the press, not just the IT press, is making people more aware of," said J. Ryan David, of the AICPA Information Technology Committee and vice president of information services at Artromick International Inc., a provider of medication handling systems based in Columbus, Ohio.

Now in its 16th year, the AICPA's Top 10 survey asked respondents to rank some 39 technologies on a five-point scale. This year, 2,049 people responded.

The theme of this year's list was change.

That pertained to changes in the structure of the list, who was on the committee overseeing the list, how the survey was taken, and even who responded - all of which were different from last year. And even though the top spot has not changed in four years, this is the first year that a pattern of security-related issues has emerged.

After the broad topic of information security at No. 1, there are three more security-related topics in the Top 10. A newcomer to the list, privacy management - the rights and obligations of individuals and organizations to collect, use, disclose and retain personal information - made it to No. 5.

Digital identity and authentication technologies - ways to ensure that users are who they say they are - moved up from the No. 8 slot last year to No. 6, while spyware detection and removal - technology for detecting and removing programs that gather and transmit user information without the user knowing - was a new topic to this year's list and finished in the No. 10 slot.

"Some technologies are so important they stand or take a life on of their own. Look at spyware: Even though it's security-related, it's so important it needs its own category," said David Cieslak, CPA, CITP, Information Technology Executive Committee chair at the AICPA and principal at the Encino, Calif.-based computer consulting firm Information Technology Group Inc.

Things like spyware and assurance and compliance applications haven't been issues before on the list, while a regular topic over the last few years, training, has fallen by the wayside. Is this because more CPAs are feeling tech savvy?

No, said Barry MacQuarrie, director of technology at Braintree, Mass.-based CPA firm KAF Financial Group and member of the IT Executive Committee. He said it has to do with the era we are living in.

"I'm surprised training is not there. But I think it is that some of these other issues are ones people consider more important today. They're more important because they are in front of us all the time. Spyware was not an issue two or three years ago, but today it's more relevant. Things that get more press are more relevant," said MacQuarrie.

And relevance all depends on whom you ask.

Whose issues?

This year was the first year that the institute wanted to expand its respondent pool beyond AICPA IT Section members, to include Information Systems Auditor and Control Association members, as well.

"We were really trying to make sure there were representatives from all possible perspectives, that CPAs with all different roles in regards to technology were present," said Ann Sammon, senior manager of the Certified Information Technology Professional credential and the IT membership section at the AICPA.

With ISACA members now taking the survey as well, the respondent pool jumped from 300 respondents last year to more than 2,000 this year, with over 60 percent of those who took the survey hailing from the association.

"We're trying to communicate with the everyday CPA. We know many of you may not care about IT, but you're a professional and when a client comes in for advice, these are the top 10 things you should know about and know how to talk to your client about from a strategic perspective," said Joel Lanz, IT Executive Committee member, ISACA member and sole practitioner at Joel Lanz CPA PC, in Jericho, N.Y.

This year CPAs can expect to see more partnering initiatives between the AICPA and ISACA that are "mutually beneficial," said Cieslak. Though he was not at liberty to disclose which initiatives were being discussed, one could have been the recently announced CITP credential membership change. The AICPA revealed that those ISACA members with AICPA membership were also now qualified to apply for the CITP.

CITPs were also asked to join, for the first time, the IT Executive Committee at the AICPA to help decide which 40 to 60 topics were on the survey, how to define those topics, and what the final Top 10 list would look like.

One section that is noticeably different this year is the deletion of the emerging technologies portion from the list.

Instead of showing technologies that CPAs need to watch for the future, the list will show the next top five technologies CPAs should be using or know about today. This year's next five are: e-mail filtering, including spam and malware scanning; outsourcing; storage and back-up technologies; patch and network management tips; and technology competency and effective utilization.

"This year, we're developing some additional information as runners-up instead of emerging technologies, because runners-up and honorable mentions are probably more relevant to CPAs in practice today, as the emerging technologies were ones that were not going to have an impact for more than 24 months," said Sammon.

Even the way people answered the survey changed from last year.

According to Eisen, this year she answered questions and picked choices from the pool of topics. The highest-rated topics then came back to her at the end and she was asked to rate those top choices.

One thing not likely to change for many years to come, said Cieslak, is the significant concern amongst CPAs for information security. With such private information as Social Security numbers and bank information, accountants will be concerned about their information security for a long time to come.

"Security is one of those tools at the core of what we really look towards to keep us safe and guard the information we're entrusted to guard. It will become less of an issue over time, and yes, it'll probably move down the list some, but it will stay up there."

Will it be in the top five?

"I would be surprised if it wasn't," said Cieslak.

For reprint and licensing requests for this article, click here.
Associations
MORE FROM ACCOUNTING TODAY