Cloud for the tax function: Governance, security and integration
Companies’ appetite for cloud technology continues to increase. Many organizations treat cloud technology investments as a crucial driver of this transformation — and many tax departments are now ideally positioned to consider and apply several hard-earned cloud-adoption lessons that their counterparts in sales and marketing, finance and accounting and human resources have experienced in the past 18 to 24 months.
This series, which is intended to serve as a practical cloud-adoption handbook, provides an update on cloud technology’s adoption and benefits before highlighting approaches, steps and considerations that tax executives and professionals should work through when pursuing cloud investments.
Addressing governance, security and integration needs
Tax leaders considering investments in cloud-based software should be aware of common challenges. Some of these issues are unavoidable, although they can be addressed relatively easily with sufficient attention. For example, data and application integration needs arise with the introduction of almost any form of software, regardless of whether it is cloud-based or on-premise – and data security should be a top concern when absolutely any new technology is introduced an organization.
Other challenges represent a benefits tradeoff. For example, many SaaS offerings are slightly less customizable compared to traditional, on-premise applications. However, most organizations eagerly sacrifice small levels of customization in exchange for speedier implementations, lower costs and access to more frequent updates and more robust functionality.
Tax leaders should keep the following issues in mind, especially as they work with their IT counterparts when selecting and managing a SaaS vendor:
- Data security. Cybersecurity concerns have rightly jumped to the very top of the priority lists of senior executives and board members. Although fears related to data security frequently spike after news breaks of the latest data breach, heightened attention on the topic has driven awareness of its importance throughout enterprises. And this awareness has contributed to major progress related to professional and industry standards (including those governing how vendors’ data security capabilities should be assessed and audited), regulatory requirements and internal capabilities (encryption, internal controls and much more). Cloud management vendor RightScale’s annual “State of the Cloud” survey indicates that security concerns related to cloud applications have decreased in recent years. While data security marks a top challenge among “cloud beginners,” according to RightScale’s 2018 survey results, intermediate and advanced users of cloud-based technology are less concerned about security and more focused on managing costs. Data security absolutely should be a top priority in the evaluation of any technology investment, but these concerns should not prevent organizations from considering a cloud-based solution as strong security features have become table stakes for cloud and SaaS solutions.
- Application integration. As SaaS solutions have multiplied there is a greater need to integrate these applications with large enterprise resource planning systems and other systems of record. As a result, much more time, attention and expertise is being applied to integrating these applications with other solutions — whether they are traditional, on-premise solutions or other SaaS solutions. Data must move smoothly among a growing number of systems if companies are to successfully leverage their business applications. While most forms of integration (through data or APIs) are fairly straightforward to handle from an IT perspective, tax executives and other non-IT leaders requesting of cloud solutions should be aware of this need.
- Governance issues. Governance — how the relationship with the SaaS provider is codified, measured and managed — represents a critical determinant of the investment’s return. It is also one of the most commonly overlooked areas, perhaps due to the misconception that the technology’s performance does not need to be actively managed when it is located off-site.
Catch up on the first article in this series here.
A third article in this series will cover organizational strategy for the cloud.