Data Security Remains Top Concern for CPAs, Survey Shows


Data security will remain the most pressing concern for CPAs and their clients over the next 12 to 18 months, according to the AICPA’s 21st annual Top Technology Initiatives Survey, which was unveiled this week.

This is the eighth consecutive year the issue has made the top of the list.

This year’s top 10 technology issues include:

  1. Security of data, code and communications
  2. Connectivity / wireless access
  3. Backup solutions / disaster recovery 
  4. Secure electronic collaboration with clients
  5. Paperless workflow
  6. Laptop security (encryption)
  7. Small business software
  8. User mobility
  9. Tax software
  10. Server virtualization and consolidation

Several other items on the list also tie into security in one form or another.  For example, even as a sole practitioner, Joel Lanz, CPA/CITP/CFF, co-chairman of the Top Technology Initiatives Task Force, is using client portals to securely collaborate with his clients electronically.


“If I don’t use a portal, I have to send a client an encrypted e-mail,” Lanz said, adding that CPAs should advise their clients to use portals with their own customers as well as a more secure way to collaborate.

This is the first year the survey has extended beyond a firm’s internal technology issues to address technology-related questions clients are asking their CPAs, particularly in audit or risk management situations.

“Clients increasingly are asking CPAs for advice on information technology issues in the same way they ask for advice on tax issues, broadening the scope of work a CPA is asked to provide,” said task force co-chairman Ron Box, CPA/CITP/CFF.

CPAs in firms of all sizes need to come to the table armed with some knowledge of what’s concerning clients, he said.

When Lanz worked for Arthur Andersen as a technology risk consulting partner, other partners asked him for the “buzzwords” as part of a briefing to prepare for audit committee meetings, he recalled.

“If they don’t know enough to get by in that conversation, they could potentially lose that account because they can be judged to be not relevant in today’s environment,” Lanz said. “They don’t have to be technology geeks, they just have to know enough to get by.”

As a result, this year’s survey also included a list of the top questions pertaining to IT strategy, governance and risk management concerns that CPAs should keep in mind, in order of importance.

They include:

  1. Are we ensuring that our data and technology resources are protected against hacking, viruses or other compromises?
  2. Are we considering/ implementing organizational security precautions even though we haven’t had a data breach or loss?
  3. Are our current internal controls and IT governance policies and procedures effective?
  4. Are we receiving the most relevant and current information from our reporting functions (business intelligence, dashboards, etc.) or are there areas for improvement?
  5. Have we implemented a sound/appropriate privacy policies and procedures within the organization and for our customers?
  6. Are we appropriately considering the IT risks associated with the organization in initial planning of any audit or attest engagement?
  7. Are we capturing the appropriate control objectives during the initial planning of any audit or attest engagement to address the IT risks associated with the organization?
  8. Should we refresh our core and financial accounting software to leverage technology efficiencies every few years?
  9. Can our data remain safe if we utilize cloud computing/Software as a Service (SaaS) services?
  10. Can we deliver on our service and product promises to our customers if we utilize cloud computing/SaaS services?

Box and Lanz will discuss the results of the 2010 survey on the AICPA Top Technology Initiatives Webinar from 2 to 3:30 p.m. Eastern on June 23. The webinar will put the survey results in context using practical examples to provide participants with an introduction to each initiative and its implication for their clients. Register here


More from the JofA:


 Find us on Facebook      Follow us on Twitter



Get your clients ready for tax season

Upon its enactment in March, the American Rescue Plan Act (ARPA) introduced many new tax changes, some of which retroactively affected 2020 returns. Making the right moves now can help you mitigate any surprises heading into 2022.


Black CPA Centennial, 1921–2021

With 2021 marking the 100th anniversary of the first Black licensed CPA in the United States, a yearlong campaign kicked off to recognize the nation’s Black CPAs and encourage greater progress in diversity, inclusion, and equity in the CPA profession.