Security still tops tech concerns

February 11, 2008, 12:00 a.m. EST 5 Min Read

For the sixth consecutive year, information security management reigns as the top initiative that will affect IT strategy, investment and implementation over the next 12 to 18 months, according to the American Institute of CPAs' annual Top Technology Initiatives Survey.Some of the profession's top tech gurus pointed to an increased awareness among firms regarding how they transmit confidential information electronically as one reason for the issue's continued high profile among practitioners.

"The threats are evolving, and how those threats are potentially arriving on our doorstep is continuing to be refined, which means as far as people are concerned, it's still No. 1," said David Cieslak, CPA, CITP and chair of the AICPA's Information Technology Executive Committee. "People are doing secure file transmission with their clients. We're noticing a lot of people, this year especially, [who are] just waking up to the fact that when they send files back and forth, maybe just sending them via e-mail isn't the brightest or best way to go."

Now in its 19th year and compiled by a task force led by Cieslak, the survey is a collaboration between the AICPA's Certified Information Technology Professional credential holders and IT section members, and the Information Systems Audit and Control Association and the Information Technology Alliance. This year for the first time the survey included input from the Institute of Internal Auditors.

To create the questionnaire, representatives from each organization formed a working group, which reviewed the previous year's list and discussed potential issues for the current year. In the fall of 2007, a group of nearly 1,200 finance, accounting and technology participants were asked to rank 29 technology initiatives, and the results were tabulated in December.

The task force defined information security management as the development and implementation of a comprehensive security framework encompassing people, processes and IT systems that safeguards critical systems and information, protecting them from internal and external threats.

TOP-OF-MIND ISSUES

"There is such a heightened awareness around identity theft," explained ITA president Ron Eagle, about why information security continues to rank in the top spot. "If you're in the business of assuring your clients that their sensitive data is going to be well-protected and that they won't be a source of a major embarrassment by having their systems hacked into or their confidential information stolen, that's such a visible error these days. You just can't afford not to be paying attention."

Moving up four spots from last year to No. 2 is IT governance, which can include components such as strategic alignment, value delivery, resource management, risk management and performance measures. Project portfolio management and proper IT balanced scorecard measures, including earned value, according to the committee's definition, are often overlooked.

"As we look at IT governance and everything that goes into the decision-making process in IT investment, I think people are becoming a lot more deliberate about what they do, where they spend their money and what they hope to receive from those dollars," Cieslak said. "People are just more in tune."

Another initiative that jumped two places, to No. 3, is business continuity management and disaster recovery planning. "It's important that companies are allocating sufficient resources to this area, and are testing and maintaining these plans to ensure they reflect current business processes," said Heriot Prentice, MIIA, FIIA, QiCA and director of standards and guidance for the IIA.

Business intelligence is new to the list this year, coming in at No. 8. The ultimate objective of business intelligence is to improve the timeliness and quality of information. Tools for this issue include data warehousing and integration applications, report writers, and application dashboards.

"That's become a real hot button in our space," Eagle said. "We believe as an organization that business intelligence is that next big wave in opportunity to serve clients. There's so much data being acquired and stored and retained, the ability to get in there and analyze it, and that, particularly with the improvements in the data modeling and the ability to slice and dice the information without a lot of cost, is really making business intelligence a very affordable, highly desirable application."

Eagle described the list as "well-balanced," but added that the chief information officers in his organization would have liked to see document, forms, content and knowledge management higher on the list than its current spot at No. 10.

"They're under the gun with having to respond to subpoenas and all the e-discovery rules," he said. "Knowing where all the data related to a particular issue is, is much more important I think in their minds than I think in the general membership."

Five issues received honorable mention, with customer relationship management leading that roster. Eagle, however, said that he thought that Web-deployed applications, otherwise known as Software as a Service -- listed this year at No. 14 -- should also have been ranked higher. "I personally think and voted that Web-deployed applications are much more important and will be much more important than maybe it's currently being reflected."

"It continues to be initiatives and not just geeky technology stuff," Cieslak explained. "It's a diverse group of folks that are ultimately casting their votes for this."

The Top Ten Technologies

1 Information security management

2 IT governance

3 Business continuity management and disaster recovery planning

4 Privacy management

5 Business process improvement workflow and process exception alerts

6 Identity and access management

7 Conforming to assurance and compliance standards

8 Business intelligence

9 Mobile and remote computing

10 Document, forms, content and knowledge management

And the honorable mentions ...