Category: accounting professional

Posted on

The IRS is Spending a Lot of Money to Make a Lot of Money | cashlessandpaperless

Electronic documents and paperless solutions are supposed to help make our lives easier.  By eliminating the paper documents and working with electronic ones instead, users would be able to efficiently manage all their valuable information in one place.  Even more, this information could be shared electronically (swiftly and simply) with others.  However, as most advancements in technology have demonstrated, every solution comes with its own new set of problems.  Where accounting and taxes are concerned, tax payers and the IRS alike are dealing with the impacts of accounting for and substantiating “cashless and paperless” transactions and other activities.  It seems that the IRS is spending more time and resources (=money), expecting that a frontal assault armed with digital records will provide a basis for improved tax collections.

“If you’ve recently been involved in an IRS audit of a business, you have likely seen the agent enter the room fully prepared with copies (subpoenaed) of bank statements and other documentation. It used to be the tax payer who had to provide all the documentation, and the auditor simply used that material. These days, it has become too easy to falsify or improperly change information in electronically stored files (using Photoshop or other tools), so the IRS has lost trust in the data tax payers provide. Instead, they spend a great deal of time and resources collecting this information for themselves (because they can), and then use their copies of the data to compare the data provided by the tax payer.

The IRS will accept electronic records in lieu of original paper documents in many cases, and this is often because they have an ability to validate the content of the electronic records through comparison. Yes, the IRS can collect electronic banking information from financial institutions and other sources, just like the account holder can. It’s become more of a “guilty unless you can prove you’re innocent” approach, and puts the tax payer in a purely defensive posture. Even more, it assumes the tax payer has the sophistication and tools necessary to access and manage all of that electronic data effectively.”

read more at: The IRS is Spending a Lot of Money to Make a Lot of Money | cashlessandpaperless.

Posted on

HIPAA Privacy and Security and the Cloud

jmbunnyfeet

HIPAA Privacy and Security and the Cloud

Is your cloud solution or hosting service HIPAA compliant?  This is among the most frequently asked questions from professionals shopping for cloud hosting service.  Unfortunately, it is also among the questions most frequently answered with ambiguity, or with naiveté.  The problem is that many businesses dealing with HIPAA compliance responsibilities as it relates to protection and security of personal health information may not fully understand their responsibilities as they extend to outsource IT and other service providers.  In the case of HIPAA compliance, many providers suggest their compliance without truly understanding what it means, and are introducing significant risk to their business and subscribing customers because of it.  With recent changes in rules relating to protection and control of personal health information, it is not just the health care provider, the health plan, 3rd party administrator or others that process health insurance claim information which must agree to provide adequate controls – the requirement may fully extend to business associates of these entities… possibly including their cloud service or hosting solution providers.

Some of the largest breaches reported to HHS have involved business associates. Penalties are increased for noncompliance based on the level of negligence with a maximum penalty of $1.5 million per violation. The changes also strengthen the Health Information Technology for Economic and Clinical Health (HITECH) Breach Notification requirements by clarifying when breaches of unsecured health information must be reported to HHS. http://www.hhs.gov/news/press/2013pres/01/20130117b.html

HIPAA guidelines and rules exist to protect and secure personal health information, a requirement growing in importance with advancements in technology, electronic health records, e-billing solutions, and cloud computing adoption.  Where the regulations were once focused on the entity directly involved in generating or processing the information, the view is now extended not only to 3rd party administrators, but also to the technology solutions and providers involved.  When a “covered entity” (an entity with a responsibility to protect and secure personal health information [PHI]) makes a decision to move this information to the cloud, a number of important and complicated issues must be addressed in the agreements with the service or solution provider.  These issues include security and privacy of information (including providing individuals the right to access and request changes to the stored information), tools which may be provided to allow the customer additional security protection, encryption of data at rest and in transmission (and who holds the keys), data location, return of data, disaster recovery, and service levels.

Cloud provider contracts and business associate agreements with cloud providers are not one-size-fits-all and should be negotiated carefully to protect PHI in a manner that accurately reflects the capabilities of the parties http://www.americanbar.org/content/newsletter/groups/labor_law/ebc_newsletter/12_winter_ebc_news/ebc12winter_cloud.html

The provider delivering cloud hosting services to the business may now be considered to be a “business associate” under HIPAA, meaning that the responsibilities of the Customer (the “covered entity”) also extend to their service provider. For any business operating under a HIPAA compliance requirement, moving to the cloud must necessarily involve a detailed discussion and set of agreements that spell out the “business associate” relationship as well as the details of the service delivery and accepted performance levels.

Joanie Mann Bunny FeetMake Sense?

J

Posted on

QuickBooks In-House Hosting Services for Accountants

QuickBooks Hosting Services for IT-Capable Accountants

DIY-SelfHostingSmall businesses in large numbers are looking to the cloud as a platform to deliver solutions for the problems of escalating IT costs, mobility, and remote access to business data. The cloud is also becoming the recommended platform for the delivery of services from accounting and bookkeeping professionals, as the benefits of remote data access and real-time collaboration nicely address the requirement for accounting pros to exchange and share information with their business clients. One of the popular “cloud” hosting solutions addressing a collaborative accounting model is a hosted application approach to using Intuit QuickBooks desktop products. While accounting professionals may be aware that QuickBooks can be hosted by 3rd party providers, many firms are not aware of what is referred to as the “self-host” model, which is a QuickBooks hosting model for accounting firms with some in-house technical capability.

For small businesses and many accounting service providers, working with a 3rd party hosting provider makes a lot of sense, as the host has the infrastructure and the support organization necessary to service large-scale hosted customer requirements.

On the other hand, there are a lot of accounting and bookkeeping firms which have skilled in-house IT personnel who are more than capable of creating a hosting environment to serve not only their internal needs, but also to meet basic requirements of the QuickBooks-using clients they work with. It makes sense to explore the possibilities of implementing a “self-hosting” model for client access to QuickBooks, overcoming the cost and other barriers involved with 3rd party hosting services.

When an accounting firm works with a number of clients with QuickBooks desktop edition files, the firm has to install and manage not only their own software products, but also the relevant QuickBooks software products in use by the various clients (must have the right QB program in order to open the QB data file). This often puts an undue burden on the internal IT systems of the practice which has its own internal-use software and systems to support. With an internal hosting approach, the firm can provide standardized/centralized application hosting services to their clients, building their own “economy of scale” on the platform and reducing the IT management while achieving all the real-time and remote access benefits of an outsourced hosted model. The firm does not experience a retail cost for a hosting solution, and the cost to host the client is generally offset through the efficiency gained at the firm level through direct access to client data and applications.

The technical model for delivering hosting services to a relatively small client base is not overly complicated. Commercial service providers have complex architectures because they must serve a large and diverse client base, and they never really know what sort of devices (computers and printers) or connectivity the customer may have. Commercial providers have to be prepared to deal with any and all situations, where a “self-host” firm needs only to concern themselves with supporting their particular client users and use cases. Additionally, when the solution is offered as part of the accounting or bookkeeping service, the support requirements of the customer tend to be focused during mutual working hours, as opposed to the 24×7 support demanded of the commercial host.

As accountants and bookkeepers search for solutions to improve efficiency, increase profitability and differentiate services, it makes sense for those serving QuickBooks desktop clients and having an in-house IT capability to explore becoming a QuickBooks self-host. It is one possible way to eliminate cost as a barrier to working closer with QuickBooks desktop clients while providing the mobility and collaboration businesses need.

 

Make Sense?

Joanie Mann Bunny FeetJ

Posted on

e-Discovery in the Cloud: Benefits versus Risks

e-Discovery in the Cloud: Benefits versus Risks

After many years of working with business professionals in “enabling” their organizations to make better use of technology, I must say that it is a bit frustrating trying to get folks to understand that this new and wonderful cloud computing model (or Internet-based computing, SaaS, or whatever-you-want-to-call-it computing) is still just technology.  It uses computers and disk drives, it runs software, it takes electricity, and it was developed by human beings.  It can break.   It’s not magical and perfect and you can’t get the good stuff for free.  Swim at your own risk.  So, assess the risks, and measure the benefits against the risks and costs.  For many, the benefits outweigh the risks, as cloud computing approaches can deliver advanced capabilities at cost levels not previously available to most businesses.

No industry is immune to the security and access considerations surrounding a cloud computing model.  Particular those lawyers involved in e-discovery (all of them) have recognizing the potential benefits – and tradeoffs – of the model.  This reality was clearly revealed at the ILTA (International Legal Technology Association) 2010 event in Las Vegas.  While the discussions at the conference were oriented specifically towards the legal profession, the IT-related discussions are totally relevant to every business.  Accounting and finance professionals should pay close attention to this type of conversation, as it relates very directly to accounting’s approach to information technology and the application of IT in the business or professional practice.

In a recap of the event entitled ILTA 2010 in Las Vegas: Strategic Unity, Defensibility, and the Cloud, author Chris Dale discussed that professionals in both public and corporate service must work with the IT departments towards a common goal.  “IT is no longer just a service department providing an infrastructure, applications, training, and troubleshooting.”  While these elements still remain as critical aspects of IT, the role has grown to also incorporate considerations for collaboration (collaborative information management), mobility, and social media.

Recounting one session attended, called Defensible Ediscovery Processes, the author related the variety of definitions provided to the general term” defensible”, which were pretty amusing.  These definitions ranged from protected against attack, to less lousy practices or practices which suck the least” (my personal favorite), and finally, what you can get away with without being found guilty of spoliation.  From these definitions then came qualifiers, such as “reasonableness” and “faith”.

Why would defensible processes be important, and how does this relate to IT or cloud computing?  An example of the element of “faith” came up in this context: ” how can [lawyers] have faith that the technology is delivering the right answers?”  A panelist gave the sample of “an email retrieved from (or possibly not retrieved from [love those lawyers]) a system, with 26.5 pages missing.  How can you be sure that the systems which you are using will not do that to you?”  These are valid questions in any IT environment, and are no less important when considering a cloud-based technology model.   The trade-offs are related to perfection in functionality and performance of the solution versus cost, and should be measured in proportion to one another.

The tradeoffs may come in a variety of areas, with collaboration and connectivity being the primary drivers (collaboration) and barriers (connectivity) to the model.  Businesses are more than ready to adopt cloud computing strategies based on the belief in improved collaboration, access to information, and improved IT management,  but tend to overlook the offsets in the areas of bandwidth availability (and consistency), application functionality (or lack thereof), and level of support available from the provider.  In support of this argument,  Jerry Justice (IT Director for SS&G – Certified Public Accountants and Advisers) posted in a LinkedIn discussion on the topic that “by design the Internet is ‘reasonably’ connected, but not the same as a well-connected [local] network.  the upside is it gives you the ability to connect from great distances, the tradeoff is that you experience variable connectivity.”

The underlying issues are that there is a paradigm shift to working on the Internet (from working in the office) and then another shift when you add in cloud-based environments (versus local apps).  It is possible to be very productive, but .. you have to adapt your approaches“.

The idea “that perfect must be qualified by cost and proportionality” was also discussed in an ILTA session on cloud computing which included panelists from Autonomy iManage, Mayer Brown, and Ernst & Young.  “Cloud computing remains a contentious area, with no obvious agreement even as to what the term means, let alone as to its implications” wrote Mr Dale in his recap of the event.  While the panelists held differing views, the representative from Mayer Brown held a position similar to Mr Dale, in that it is important to “dissect the objections one at a time, accepting that there is room for more than one view, and testing arguments against the alternatives.  Arguments based on pure cost are pretty compelling, and if one method of achieving an objective is very much cheaper than the others, then the burden shifts to those who argue for the more expensive route.”

Discussions went on to describe differences between public cloud providers and others, who segregate customer data in “private and identifiable silos”.  “The key word here is identifiable“, writes the author, “which connotes a geographical certainty as well as anything else.  I sometimes wonder if the imagery associated with cloud computing (invariably a jagged line disappearing into some cumulus) does not leave some people with the idea that their precious data is indeed floating in some inchoate container up in the air.”

If you neglect to provide in your contract that your data remains in a specified jurisdiction, and if you fail to conduct proper due diligence checks on the provider, then you deserve all you get.  Like any risk assessment, it involves weighing cost against other factors; most of these other factors are definable and quantifiable“.

I couldn’t have said it better myself.

Joanie Mann Bunny FeetJ

original post March 24, 2011
Posted on

Are the security requirements for accounting and finance professionals using cloud services any less stringent than those governing lawyers?

jmbunnyfeet

As accounting and finance professionals look to the cloud and Internet technologies to address collaboration, mobility, and improvements in service delivery, they should also be looking at ways to ensure the protection and security of client financial information.  Professional services organizations of all types are embracing cloud products and services, sometimes without properly considering how it might impact information security and business risk.  The security requirements for accounting and finance professionals using cloud services are no less stringent than those governing lawyers.

In her articleNC Bar Council issues final opinion on the cloud, author Nicole Black points out some of the essential considerations for using cloud computing services in a professional legal practice.  Accounting and finance professionals should recognize this guidance as being applicable to their businesses, too.

The main question stems from the ethical issues faced by “lawyers who intend to store confidential client information on servers owned and operated by third parties”.  An opinion issued by the North Carolina State Bar Council addressed two primary questions in this area:

1.     Is it OK for a law firm to use Software as a Service or cloud computing products?

2.     Are there any special vendor assessments or other measures which should be taken by lawyers who wish to minimize the security risks of implementing this type of solution?

Read the entire article by Nicole here (PDF format)

Nicole Black is a Rochester, New York attorney and the Vice President of Business Development and Community Relations at MyCase, a powerful and intuitive cloud-based law practice management platform. She is also a GigaOM Pro Analyst and is the author of the ABA book Cloud Computing for Lawyers, co-authors the ABA book Social Media for Lawyers: the Next Frontier, and co-authors Criminal Law in New York, a West-Thomson treatise. She is the founder of lawtechTalk.com and speaks regularly at conferences regarding the intersection of law and technology. She publishes four legal blogs and can be reached at nblack@nicoleblackesq.com.

Joanie Mann Bunny FeetJ

original post April 5, 2012
Posted on

Client Solutions, not just Professional Services

Client Solutions, not just Professional Services

Accounting Professionals serving a small business client base are struggling to find ways to demonstrate the value of the services they provide, yet many firms remain focused exclusively on their own processes and improving profitability therein rather than looking “outside the box” to see how they might involve the client in the discovery.  The obvious element which these firms are not addressing is the client user, and how a direct participation by the client becomes the foundation for internal process improvement.  After all, a lot of what accounting professionals are battling against is perceived value.  If the client were to be a more direct participant, the value of the work and the tools which support getting it done could provide a more tangible or visible aspect and increase the overall value perception of the client.

It is easy to say “get the client more involved”, but actually doing it can be the real challenge.  Professionals are recognizing this reality as they attempt to engage client users in online portals for document exchange and by providing application functionality which is supportive of the accountants’ processes.  While some professional firms are experiencing success with this approach, many other firms are not.  There are likely a variety of reasons why some firms have more success than others in getting clients to work with their online tools, but I believe there are two key elements which impact success:  accountant-centric focus, and provider lock-in.  Whether these elements work to the firms’ advantage or not depends solely upon the specifics of the service model and client market being served.

Accountant-centric focus

Most accounting professionals recognize that paperless approaches to working with client information and documents makes a lot more sense than working with the actual paper.  Particularly with the innovations in image capture, OCR and zero-entry solutions, it is logical to try to get as much of the required information transformed into useful digital data as possible.  Data entry time is reduced, accuracy is improved, and the resultant information is better and more useful and may be processed more efficiently… for the accounting professional.  For the client, on the other hand, it’s just another way to get information to the accountant (who is always wanting more information).  The value of the deliverable – the reconciled bank account, financial report, tax return or whatever – isn’t increased.   The solution often offered to the client is a solution intended to solve not the client problems, but the accountant’s.  For the client, it is difficult to see this as a “solution” to any evident problem they face.

Provider lock-in

Business software customers are often commenting about how the solutions they use don’t allow easy transition to alternative products, or add-ons are only available from developer-prescribed sources.  Vendor lock-in is a consideration and may be a barrier to doing business, because business owners want to know that they have the ability to change as business requirements change… whether it means changing software and systems, or whether it means changing professional service providers.  As more professional service providers attempt to engage their clients in technology-based approaches to doing business, clients are recognizing that these approaches may come with “strings attached”, limiting their future choices.  While it is important for the professional services firm to protect its work product, it is also important to consider the client’s position.  Part of every business relationship is trust, and that trust should not be one-sided.  Just as the professional trusts that the client will work with them in a legitimate manner, so does the client trust that their professional will not hold their information hostage if they elect to make a change or engage with other providers in the future.  Additionally, does the system provided by the accounting firm allow the client to collaborate with their own team members or other service providers, or does it address only the interactions between the accounting pro and the client?  This also represents a barrier to participation, as any given client business likely interacts with a variety of providers – many of whom are also asking that owner to implement solutions which improve their ability to do a form of e-business together.

As accounting service providers look to technology to facilitate closer and more efficient working arrangements with clients, they would do well to also consider how that technology is positioned to benefit the client as well as the professional practice.  Delivering a solution which provides clients with the capability to control information access, which allows collaboration with their various service providers, and which facilitates a lean process approach for all involved could be the right answer to the problem.  Perhaps this becomes the most important factor – client enablement – and focusing on solutions which address the clients’ information management and processing requirements as well as those of the firm.

Make Sense?

J

Read more about Data Warriors: Accountants in the Cloud

Read more about using the cloud to extend “connectedness” beyond traditional boundaries