Technology

BY ROBERT TIE

E-Business Tops Tech Priorities for CPAs

Representatives of AICPA technology committees gathered in Tucson, Arizona, to identify the 10 most important technological challenges and opportunities facing CPAs in 2000. Throughout its lively three-day discussion, the group was unanimous on one point in particular: You can’t duck these issues. Confront and resolve them, or they’ll overwhelm you and your business. Here are the group’s choices in order of their significance.

E-business. The group put this all-encompassing subject at the top of its list because e-business can optimize return on investment and speed growth. But what aspects of it are most important to CPAs?

Andrew Gioseffi, a technical manager in the AICPA information technology division, sees e-business as a new playing field on which small companies can compete on an equal footing with large corporations. “Johnson & Johnson’s Internet address is no more special than that of a small company,” he said.

But to help companies thrive online, CPAs must know the ground rules. Sandra L. Smith, a technology consultant who creates Web sites and helps clients formulate business plans, stressed that not understanding Web culture is a big obstacle to e-business success. “CPA firms must learn the new revenue models and unwritten rules,” she said. “And they’ve got to be good at marketing—it’s so central to the Web.”

Edward K. Zollars, a partner in a small public accounting firm, said his clients need help setting up shop online. “Also, a CPA can help a client establish reasonable expectations for its Web site,” he said. “We’ve seen more clients go online to generate leads and answer routine questions than to sell products.” Zollars also finds companies need help setting up online interfaces with essential vendor systems, such as accounts payable. “That’s where a CPA with the right skills can help,” he said.

Information security and controls. Exposure to online security threats grows as CPAs and their clients depend more on technology to perform daily business tasks, Gioseffi observed. “Larger practices have staff to address it,” he said. “But in a small firm, there’s not always someone assigned to security and control.”

To Smith, that creates an opportunity for CPAs. “Assurance is right up our alley,” she said.

Meanwhile, Zollars said, in order to speed up online performance, more people are getting “always-on” connections, such as digital subscriber lines (DSL) and cable modems. But, he noted, always-on connections give intruders more time to penetrate a system. “Know the risks posed by each type of connection,” Zollars said. “That doesn’t mean avoiding DSL, but doing what’s necessary to close the security gap it creates.”

Zollars runs intruder detection software on his home PC. “Every day there are four or five attempts to break into my system,” he said. Although automated programs are generally to blame, that doesn’t make them any less dangerous. “Home systems contain a lot of sensitive information about office systems, so you need a firewall on your office network and intruder detection software at home.” Zollars also recommended replacing the default values for passwords and other system parameters.

Training and technology competency. There’s never enough time for training, Gioseffi said, and many state societies don’t grant CPE credits for courses in technology.

While that makes training more difficult, it doesn’t reduce the need for it. “We’ve got to train all employees,” Zollars said, regardless of their hourly billing rates. “That doesn’t mean an estate planning partner should learn to install network interface cards,” he continued, “but it does mean that he or she should be competent in certain systems and tools. When you get over the learning curve, you wonder how you managed before getting training. It’s normal to feel like giving up, but you’ve got to persevere.”

Smith agreed. “People still need to pursue lifetime learning programs,” she said. “They’re the best insurance policy against a downturn in the business cycle.”

Disaster recovery. According to Roman H. Kepczyk, a technology consultant who works with CPA firms, disaster recovery is an issue that everyone talks about, but few act upon.

“The backup tape is the most important aspect of the entire disaster recovery plan,” he said. “Every business should make daily backups of its entire system, keep them off-site and test them regularly. If there’s a fatal crash, you should be able to take your tapes to a systems integrator and rebuild your whole system in a matter of hours.” Kepczyk stressed the importance of testing tapes for defects and for compatibility with the current system configuration.

The possibility of theft poses another significant risk, Kepczyk added. “You wouldn’t believe how many firms keep all their tapes on top of the backup unit,” he said. “I know of a title company that went out of business because its backup tapes were stolen along with its hardware and software.”

Christopher J. Leach, partner in a small CPA firm that focuses on technology, emphasized the need to keep the recovery plan up to date. “People put a plan together and think they’re safe,” he said, “but they don’t update it as their systems change. So when something happens, their plan’s obsolete and they’re in trouble.”

High availability and resiliency of systems. According to Zollars, this is disaster recovery’s little brother. Systems must be available when a firm, its clients or customers need them, he said. Twenty years ago, not being able to do something for an hour may have been an inconvenience; today it can be a major business problem.

Kepczyk described a presentation Bill Gates made at Comdex. “He had five servers linked together, processing transactions. Suddenly, he shut one of them down, but the other four immediately picked up its load so that all the transactions were completed without difficulty.” While CPA firms might not need such resiliency, their clients may, and Kepczyk encouraged CPAs to familiarize themselves with the technology behind it.

Technology management and budgeting. As Wayne E. Harding, who specializes in business process outsourcing (BPO) software, sees it, CPAs have no time to waste in this area. “I’ve been talking to a lot of non-CPAs who provide BPO services on the financial accounting side,” he said, “and this market is going to explode.”

“Many high-growth companies want to outsource their accounting functions so they can focus on their core competencies,” Harding said. “There’s a wonderful BPO opportunity for all CPA firms, if they move quickly.”

Zollars summed up how this issue generally affects firms’ overall strategies. “Although you don’t know what the future will bring, you still have to make a provisional plan, and staff from the highest levels of the organization must participate in it.”

Who can you trust for advice on such issues? Zollars recommended networking with other CPAs and said firms should get as much information as possible about their software vendors’ plans for the future. “Upcoming changes in a critical vendor system may mean you don’t need a more powerful server as much as you need more bandwidth,” he said.

Electronic financial reporting. “People look to the accounting profession for reliable financial information,” Gioseffi said. He noted that the AICPA’s XFRML project addresses this issue by improving the tools and processes used to create online financial reports.

“Today, clients demand instant communication of results,” Zollars added. “Electronic reporting solves that, but it also changes the CPA’s role in the financial reporting process. We won’t be able to wait for the yearend audit and then issue a report. No one would wait for it; they’d rather read an electronic report. And that, in turn, could pose a problem with compilation standards,” he said.

Zollars explained the effect of Statement on Standards for Accounting and Review Services no. 1 in this context. “It says if you submit financial statements, you must perform a compilation. But when does that apply? Some have interpreted SSARS no. 1 to require a compilation report whenever the CPA modifies the client’s accounting database on a system where the client can create or view a financial statement. So, in cases where an accountant is associated with electronically presented financial statements of a nonpublic entity, the question is, When should a compilation report be required? And if one is needed, how do we attach it to the statements?

“In the recent past, we worried about clients generating financial statements independently; now, with electronic reporting, we’ve got to be worried about third parties generating statements. I don’t have the answer,” Zollars said; “I just know it’s clearly a question. You have to accept that complex issues like this will arise.”

Internet issues. According to IDC Corp., in 2000, 137 million people—half the U.S. population—will use the Internet. “That’s a wake-up call for firms to develop the expertise they need to participate in this market,” Gioseffi said.

“Don’t limit the Internet to what it is today,” added Zollars. “It has the potential to connect all kinds of devices, and involves workplace issues, such as using company systems for unauthorized purposes or at inappropriate times, that must be addressed to realize the Internet’s enormous business potential.”

The virtual office. For Gioseffi, a workplace that can exist anywhere poses special challenges to those who occupy it. “You’ve got to have a superior work ethic if you’re going to succeed in a nontraditional workspace,” he said.

Zollars emphasized the special importance of training. “If an employee has technical trouble at home, it’s harder to help him or her,” he said. “The answer is training people so they’re more self-sufficient.”

Kepczyk added that success is more likely when virtual office assignments are specific and measurable.

Privacy. Kepczyk quoted a rumored remark of Sun Microsystems’ Chairman Scott McNealy: “There is no privacy; get over it.” But Kepczyk himself feels privacy standards must be developed.

“It’s important to understand how people feel about your having access to their information,” Zollars said, “and you have to know how other organizations will use the data they gather about you.”

Gioseffi said the controversy over privacy issues is mounting. “If a firm has a Web site, it should post a privacy policy that addresses consumers’ concerns,” he said.

In summary

Although some CPAs may feel overwhelmed by these issues, Zollars put them in perspective. “Technology is a moving target,” he noted. “We may have overlooked certain topics, but what’s important is keeping abreast of the crucial issues and not assuming that someone else will take care of them.”

—Robert Tie

SPONSORED REPORT

Year-end tax planning and what’s new for 2016

Practitioners need to consider several tax planning opportunities to review with their clients before the end of the year. This report offers strategies for individuals and businesses, as well as recent federal tax law changes affecting this year’s tax returns.

QUIZ

News quiz: IRS warning on cyberattacks and a change in pension rules

Once again, the IRS sounds the alarm about a threat from cyberthieves. See how much you know about this and other recent news with this short quiz.

CHECKLIST

Bolster your data defenses

As you weather the dog days of summer, it’s a good time to make sure your cybersecurity structure can stand up to the heat of external and internal threats. Here are six steps to help shore up your systems.