Beware Technology “Gotchas” in M&A
Merger discussions kick into high gear each summer as partners look to expand their practice reach, combine well-suited practices, discuss new service opportunities, and address succession and retirement issues. Often, these discussions focus on tax and assurance practice compatibility from a financial and cultural perspective, and while Information Technology is touched upon, the lack of IT knowledge often has the negotiators defaulting IT issues to a later time. Unfortunately, many firms have found out that there are a variety of IT “gotchas” that can result in major headaches with hidden financial consequences after the deal is closed. Below we share a number of technology surprises that firms should look out for before the M&A celebrations start. (more…)
2017 CES Technology Trends to Monitor and Gawk At
Each January, Las Vegas plays host to the International Consumer Electronics Show (CES), which is the world’s largest consumer technology show, with 3,800 vendors and over 175,000 attendees from all over the world looking to find the latest and greatest home, office, and automotive technologies. While most of the featured technologies are targeted outside of the accounting profession, those that are successful on the consumer side often find their way into our firms to provide innovative solutions to improving productivity. With that thought in mind, we highlight the top CES trends and representative products that caught our eye at this year’s show. (more…)
Don’t Miss This: 2017 CPAFMA Paperless Benchmark Results with Roman
Join CPAFMA and our Director of Consulting and industry leader, Roman Kepczyk, on Tuesday, January 31st at 2PM ET as he presents the findings of the CPAFMA 2017 Paperless Benchmark Survey, which was completed this past December.
Whether your firm is on the “bleeding” or stable edge of paperless technology…or your technology is so outdated that you are missing out entirely, this is the webinar for you. Find out what digital technologies your peer firms are utilizing this busy season. Roman will not only discuss tax department findings that firms are using this year, but will also cover audit and accounting, administration, and information technology benchmarks, as well as recommendations on trends and products he is predicting will impact the year ahead! All participants will receive a copy of the findings following this 60-minute MAPCast. (more…)
2017 IT Predictions and 2016 Results
With another year end (and tax season) rapidly approaching, it’s time to once again dust off the magic crystal ball and cobble together our 2017 CPA Firm Technology and Production predictions. This listing will hopefully provide you with fresh insight into trends that we anticipate having a noticeable impact on our accounting world in the year ahead.
While some of these predictions may seem out there, the reality is that accounting technology is evolving at a faster pace than at any point in our professional career, so having awareness puts you ahead of your competition. However, before we get into those predictions it is only fair to recap the results of our 2016 guesses which were scored by a completely biased/partisan panel (ourselves) and which we awarded ourselves six WINS, two LOSSES, and two DRAWS, making for an “average” outcome to our predictive intuition…kind of like national polling. (more…)
Streamline Your Accounts Payable Process
Remarkably, one of the most archaic processes identified in today’s CPA firms is the accounts payable process, which in many cases is a digital attempt to emulate long outmoded, manual processes designed to deter fraud and jump through multiple approval layers that are not necessary for every invoice. A large percentage of firms still utilize highly manual processes to move and approve invoices, write physical checks, and still maintain individual vendor file folders to store the invoices in case there is a question, even though paperless solutions have been around for more than a decade. (more…)
Today’s Laptop Considerations
Laptops continue to be a key tool for accountants whether they are in the office, at a client’s business, or working from home after their kid’s basketball game. While laptops cost more and have a shorter functional life than traditional desktop computers, there is a positive return in increased productivity for personnel that work out of the office, particularly when you consider the broad range of functionality and features found in the latest generation of laptops and mobile productivity devices. In this article we discuss key considerations for your firm to take into account when looking to purchase your next laptop.
Making the Laptop Decision
Should You Try a Standing Desk?
Studies over the past few years have identified the negative long term health effects of “prolonged sedentary time,” which is a nice way of pointing out most of us in CPA firms spend too much time sitting. While after work exercise and stretch breaks help energize us, researchers are finding that they do not fully counter the effect on our bodies of sitting all day, which is especially compounded during the extended hours of busy season. The recommendation to “sit less” sounds great but that list of to do’s on the screen are not going to get done unless you are at your computer cranking them out. The solution touted by many is to move to a standing or exercise desk. With that in mind (and prompted by a minor back injury), I transitioned to a standing desk earlier this year and found that it did help boost productivity, particularly in the afternoons when my energy level faded and when the work I was doing was more collaborative with others. I found that standing when editing documents, participating in conference calls, webinars, and doing research did not cramp my work style and I believe helped negate my back issues. To be fair, my mind works the best in mornings so I tend to crank out the bulk of my thinking work (consulting reports, articles) while in sitting mode, but there is a noticeable boost in energy when I move to standing mode that provides a “refreshed” start. (more…)
Considerations for a Data Breach Response Plan
Virtually every day there is another headline of a business security breach; what would you do if your firm’s name was in that headline? Developing a data breach response is a lot like developing a disaster recovery plan in that you hope you never need it, but having one can help tremendously in the event of a breach by minimizing additional losses and damage to the firm’s reputation. Even if your firm outsources your IT and/or applications to external vendors or cloud providers, you should have a basic incident response plan in place in the event firm data is breached via a third party. Below, we outline seven considerations to help you begin to organize your firm’s breach response plan.
Identify Your Response Team
Firms should have a list of internal personnel and external resources readily available including designating a primary Incident Response Officer (IRO) whom is at the senior management level. They will act as liaison between the C-suite and the other incidence response team members. The IRO will preferably not be the IT Director as the IT team will be engaged in the technical aspects of remediation. It is important to also have a backup person designated in the event the lead person is not available. Other team members may include existing internal IT personnel, external vendors that provide cybersecurity services, as well as vendor contacts within cloud hosted applications, and legal counsel familiar with cyber security issues.
Incident Notification Process
Anyone noticing suspicious activity should be regularly reminded of whom to contact (IT/Security personnel) and whether to do so in person, instant messaging, or on the phone (as email may be compromised) so the appropriate person can assess the situation and determine if there was the possibility of a security or privacy breach. If the initial responder has concerns of a security breach they would notify the Incident Response Officer (IRO) to oversee an investigation and remediation efforts.
Your IRO will work with the IT team to investigate the event to determine if it is an actual security incident, which the National Institute of Standards and Technology (NIST*) defines as “a violation of or imminent threat of violation of the firm’s computer security policies, acceptable use policies, or standard security practices.” It is important that the response team also document what has transpired including the dates and times of suspicious events and all communications with outside parties regarding the incident. This information should be captured in a written/digitally recorded format to get other response team members quickly up to speed, and with the understanding that it may be important in any future legal or criminal proceedings.
The IT Team should have written policies to monitor suspicious activities, disconnect, contain and block services, confiscate impacted workstations/devices, and physically secure the premises to minimize further damage. Remediation efforts would also include specific external cyber security resources and contacts at the firm’s Internet Service Provider (ISP), whom can help trace the origin of an attack and/or block it.
Determine External Remediation Resources Needed
An important aspect of the incident response is to identify Forensic and Cybersecurity firms that can assist with remediation, eradication of threats, and the any clean-up, which should have specific vendor contacts documented in the plan. With the rapid evolution in cyberattacks, it is not likely that the firm’s internal IT personnel will be able to remediate every situation, so identifying external resources is critical. Please note that remediation resources should also include the firm’s legal counsel as well as specific Federal and State law enforcement agencies (FBI/U.S. Secret Service) to address any criminal issues.
Internal Communications Plan
If it has been determined a breach occurred, the incident response team should quietly notify firm management and explain what is being done to remediate the issue. Firms should delay notifying all staff until it is determined that the breach has been evaluated (and it is confirmed that no internal personnel were involved). Once the response team is convinced they have remediated the issue, a firm-wide communication outlining the facts and firm response should be sent to all staff including whom is authorized to respond to any public inquiries. This communication should explain what happened, what the firm has done to fix the situation and what the firm will do in the future to minimize the risk of a breach occurring again. The communications plan may also need to notify impacted clients and what the firm will provide such as Identity Theft Protection Services.
Public Notification of Breach
The firm should establish a primary (and backup) point of contact to handle all public communications with the media. If the breach is in a very large firm, this could also entail setting up a website/webpage with FAQs and invoking additional resources to deal with large volumes of phone calls, emails, and physical mail. The firm should also identify which incident reporting organizations they want to work worth. Verizon and the Identity Theft Resource Center are both organizations that consolidate and report on privacy/data breach incidents for firms.
Should a security/privacy breach occur in your firm, it is not likely to unfold in a neat, organized fashion so it is important to have resources organized beforehand and to be flexible in responding to the specific situation. Discussing and documenting these considerations will help minimize the negative impact of a breach and speed up the process to get the firm back to normal operations.
*FIRM RESOURCE: For the development of this article we reviewed the National Institute of Standards and Technology (NIST) Publication 800-61: Computer Security Incident Handling Guide, which we suggest firms refer to for more comprehensive guidance on developing an incident response plan, in particular Table 3-5: Incident Handling Checklist and Appendix A-Incident Handling Scenarios.
This article was originally published for the American Institute of Certified Public Accountants (AICPA). Copying or distribution without the publisher’s permission is prohibited.
Is Your Audit Practice Ready to be Uberized?
More than two decades ago, industry auditing staples such as GoSystem Audit, Fast-Governmental, and Accountant’s Trial Balance were quickly replaced by a new generation of more robust audit engagement binders including CaseWare and CCH Engagement (formerly known as ePace). While audit binder applications evolved and included some integration and export capabilities, most firms continued to utilize their same PPC-directed audit approach and work programs, as well as adopting a third party secured email or portal solution.
The different vendors’ applications traditionally did not integrate well, but this mismatch of applications became the status quo for most firm’s audit production workflow. Evolution within the auditing realm was somewhat stagnate compared to what was happening in the rest of the business world, where hyper efficient web-based applications were able to displace levels of management and bureaucracy, while also providing a better end-user experience. Think NetFlix, Amazon, Airbnb, and of course Uber, which has not only improved the local transportation experience for passengers, but made it a less expensive and more efficient for everyone involved. This concept of Uberization is now impacting the auditing world and is on track to bring on the next great evolution in audit efficiency. Below we discuss five audit focused applications worth watching. (more…)