As a CPA and someone whose hosting company recently underwent a SAS 70 Type II audit, I found this year’s American Institute of Certified Public Accountants Top Technology Initiatives Survey, which forecasts key IT issues in the year ahead, highly interesting. The CPAs surveyed say they believe data security will continue to be the most pressing concern for their clients and employers over the year.
The June study was the first such Top Technology Initiatives Survey to ask AICPA members to rank a list of questions heard most often from audit committees, chief financial officers and chief information officers. According to the press release about the survey, the top 10 most frequently asked questions are:
- Are we ensuring that our data and technology resources are protected against hacking, viruses, or other compromises?
- Are we considering or implementing organizational security precautions even though we haven’t had a data breach or loss?
- Are our current internal controls and IT governance policies and procedures effective?
- Are we receiving the most relevant and current information from our reporting functions (business intelligence, dashboards, etc.) or are there areas for improvement?
- Have we implemented sound, appropriate privacy policies and procedures in place within the organization and for our customers?
- Are we appropriately considering the IT risks associated with the organization in an initial planning of any audit or attest engagement?
- Are we capturing the appropriate control objectives during the initial planning of any audit or attest engagement to address the IT risks associated with the organization?
- Should we refresh our core and financial accounting software to leverage technology efficiencies every few years?
- Can our data remain safe if we utilize cloud computing, or Software as a Service (SaaS) services?
- Can we deliver on our service and product promises to our customers if we utilize cloud computing services?
Notably, Cloud Computing/Software as a Service (SaaS) appeared in two questions, reflecting both growing interest in Web-based technology solutions for business and concerns about the new risks that they may introduce. CPAs are providing vendor due diligence for their clients to ensure appropriate controls are in place in SaaS applications and confidential customer information is being protected.
Principally, the survey makes clear that CPAs need to be literate about information technology in order to collaborate effectively with clients and their IT partners. Managed hosting companies can help in that regard by providing clear product and educational information and by ensuring that their hosting company has a SAS 70 Type II audit, an internationally recognized auditing standard developed by the AICPA.
CPAs, take note! At AIS Network, we are constantly working to revise and add new content for our Web site—content that is robust enough for IT professionals but also simple enough for the layman to understand.
In the next few weeks, we’re planning on adding some educational FAQs that, I am hopeful, will help inform CPAs and others who are asking some of these very important questions. Further, we have upgraded this month to SAS 70 Type II-certification.