Summer Wrap Up: Compliance, Security, Best Practices

IMGCAP(1)] With the busy season wrapped up, now is the perfect time to reflect on your accounting firm’s data security processes. This guide provides you with a set of industry best practices that help streamline your security processes and ensure your firm is operating as securely and efficiently as possible.

Privacy and Security Overview

Accounting compliance standards are in place to ensure all financial matters are handled in accordance with federal regulations and laws. This common set of procedures helps regulate the economic system and minimize discrepancies in the accounting industry.

The AICPA security and privacy guidelines encompass the rights and obligations of organizations and individuals with respect to the collection, use, retention, disclosure and disposal of personal information. These guidelines apply to general security, cybersecurity and cloud computing.

Generally Accepted Privacy Principles

The AICPA, together with the Captive Insurance Companies Association, developed the Generally Accepted Privacy Principles (GAPP), which help accountants create effective privacy programs that address their unique privacy risks and obligations.

As outlined in the GAPP, accountants must abide by the following security provisions:

• Protect confidential employee information, including social security number, bank account information, benefit information and medical information.
• Restrict access to client tax information to authorized individuals only.
• Securely transmit client data using high-grade encryption and authentication.
• Password-protect computers, and require users to sign in using a unique ID and password. Additionally, passwords should be changed at least every 60 days, should consist of a minimum of eight characters (made up of letters, numbers and special characters).
• Protect client credit card information by retaining it only as long as needed and restricting access to unauthorized personnel.
• Develop remote access policies for employees who work remotely, and determine the ways in which employees can access client data away from the office.
• Perform regular computer backups on machines that contain personal information. A copy of the backup should be kept in a secure off-site location.
• Use firewalls, software security patches and up-to-date antivirus software to protect against cyberattacks.
• Password-protect wireless networks to prevent unauthorized individuals from hacking into company servers.
• Implement file retention policies that clearly outline how long client information should be retained. When it is time to dispose of client information, paper documents must be shredded or returned to the client, and electronic data must be written over or deleted.

Tax Accounting

As a tax accountant, you are responsible for preparing federal, state and local tax returns for individuals, business and organizations — all of which contain highly confidential information. Therefore, your accounting firm should ensure the highest standards of security to prevent unauthorized modification or destruction of taxpayer data, restrict access and disclosure to preserve the confidentiality of data, and provide timely and reliable data recovery.

Tax Accounting Best Practices

In regards to safeguarding taxpayer data, the IRS cites the following as industry best practices:

• Assess the risks to taxpayer information in your office. Make a list of every location that contains taxpayer data — filing cabinets, computers, external hard drives, laptops — and write a plan describing how you will safeguard stored information. Note: Refer to the Privacy and Security Overview above for specific security provisions.
• Assign one individual or a small group of individuals to be responsible for safeguards.
• Monitor your security processes and adjust your security plans as circumstances change.
• Automate processes where possible. To streamline filing and reporting processes, opt for a computerized file sharing system that maintains high-level security and complies with industry and government guidelines.

Refer to the security checklist located on page seven of the IRS Safeguarding Taxpayer Data guide for more in-depth information regarding tax accounting security protocols.

Auditing

As an auditor, you are responsible for checking the accuracy of business records to ensure organizations maintain honest and accurate financial records. Whether you are an internal auditor who works in the private sector or an external auditor who works for a government agency, there are specific guidelines you must follow to ensure consistency and integrity in your reporting.

As of June 15, 2011, Statement on Standards for Attestation Engagement no. 16 (SSAE 16) replaced Statement on Auditing Standards no. 70 (SAS 70) as the new standard for defining how service companies report on compliance controls.

The main reason for this enhancement is to bring all U.S. companies up-to-date with international service organization reporting standards (ISAE 3402).

Auditing Best Practices

Although federal auditing guidelines (like SSAE 16) must be followed by every auditor to ensure the security and privacy of those they serve, most organizations have their own internal procedures and best practices that are unique to them.

Some common auditing best practices include:

• Documenting all business practices, policies and protocols and making sure they are accurate and complete. This involves revisiting business policies at least once a year to ensure they are still relevant and up-to-date.
• Making policies available to all personnel for review.
• Educating clients to ensure they are prepared for their audit and have the appropriate information available.
• Safeguarding assets. This includes restricting access to confidential data (through user IDs, passwords and encryption) and storing all paper assets in a secured, locked area.
• Automating processes where possible. Be sure to partner with a service provider who offers top-notch security and complies with all industry and government regulations.

Jason Goldfinger is the Director of Corporate Sales, Accounting/CPA Division for Citrix ShareFile, the secure file sharing, storage and sync solution that is built for business and used by thousands of accounting professionals around the world. Jason’s specialty is helping accountants and CPAs streamline their workflows, meet compliance and security standards, and better serve their customers. He attended UNC-Wilmington and graduated with a degree in Entrepreneurial and Small Business Operations.

For reprint and licensing requests for this article, click here.
Technology
MORE FROM ACCOUNTING TODAY