No Fear and Loathing in Accounting: It’s not my father’s accounting firm any more.

It’s not my father’s accounting firm any more.

Nobody’s bringing in paper forms and shoeboxes full of stuff, or plastic tubs full of paperwork, and we’re not trotting off to the bank to pick up a lot of bank statements, and we’re not manually reconciling checks and that sort of thing anymore.  It’s not like my father’s accounting firm any more.  We’re beyond that.

You’ve got to be, maybe, 50 plus years old to remember what it was like to do things with the old computers, the batch processes… or before that, when everything was done with paper forms, and almost everything was done completely manually.  Even with computers, you had to re write-up the check register, you actually had to write-up all the information, so you could input it into the computer and come up with a trial balance, and then do the rest of the work from there.

But anybody who’s maybe 55 or less (you see a focus on these people in a lot of technology awards programs – like the 40 under 40 and those sorts of things)… these are the guys that look at network and running the programs on your local computer as being the “old” way, and these are the guys that have adopted the technologies and work with the clients who demand the capabilities that these technologies can afford.  These people are more competitive, they’re more agile, they produce a higher quality of service to the client, and at the same time they’ve been able to leverage these technologies to increase the efficiency of the practice to the point where they’re not working harder, they’re working smarter.

They’re taking advantage of the fact that the technology does a lot of the work and the mechanical processing, allowing the professional to really use the talents and skills they’ve developed in providing insight and guidance to their client businesses.  And it is these people who have adopted the technology and who have adopted the way of thinking that’s going to allow them to continue to be more relevant and more important, more critical, to their client businesses, and to the market in general, on an ongoing basis… because these people know that there’s no fear and loathing in accounting.

These people know that accounting is exciting

Accounting is every aspect of the business.  Accounting is process automation, it is data collection and control, it is business analysis.  Accounting in today’s cloud economy is a cornerstone of making the most of every asset and every resource and every capability that the business has.  It starts with the professional practice, and once the professional practice adopts this mindset and this way of approaching business, then the mindset will flow down to the clients, and the professional practice will be in a position to grow the small business clients into midmarket clients and into enterprise clients and beyond.

Make Sense?

J

What’s up with the bunny feet?  Well, it’s all about the bunnies.  You know… like being able to work when and where it’s right for you; being able to work from home or on the road or on vacation – or at the office if you really have to.  But mostly it’s about mobility and access and being able to work in your bunny slippers.

Just remember: they can’t see your feet on a conference call 🙂

Follow @JoanieMann on Twitter, or subscribe to this blog to receive the next article.

Compliance in the Cloud – Their System; Your Responsibility

Can you outsource compliance to the cloud?

Outsourcing IT to a cloud service provider can be tremendously beneficial for a business.  The model allows an organization to offload not just IT infrastructure costs, but also the costs associated with developing and maintaining all of the practices and processes involved in managing and maintaining the infrastructure and systems.   There is tremendous responsibility in handling everything from platforms and infrastructure to creating best practices for maintenance, management of scalability and growth, forecasting bandwidth requirements, implementing and monitoring security compliance, creating effective and comprehensive disaster recovery plans, and more.

The question which begs to be asked is whether or not HIPAA, PCI/DSS or any other compliance requirements, and the complexities, risk and legalities that come along with them, can also be outsourced to the CSP. For that matter, can any real level of responsibility be fully outsourced, where the liability for non-performance or noncompliance is also fully shifted?

Ummm. No. It is still your problem.

What too many companies really don’t understand is that they aren’t eliminating risk by moving to the cloud, and the requirement to meet various compliance requirements really can’t be outsourced. Particularly in this area, businesses need to recognize that outsourcing certain functions doesn’t reduce or eliminate responsibility or liability.  Just the converse, it could make things a bit more difficult if you don’t keep close tabs on how the provider implements and is involved with your solution. Even beyond that, what is the impact to the business operation when requirements are not met?  Cost recovery from the provider may be one option, but how does that help the business remain operating in the meantime?

Gramm-Leach-Bliley (GLB) Act  Requires financial organizations to enter into contracts with third parties that they share their customer information with (including cloud vendors) to ensure that the third-party handles that information securely. Executives of those financial organizations can be held personally liable for failure to do so.

Sarbanes-Oxley Act (SOX)  Defines specific security mandates and requirements for financial reporting to protect shareholders and the public from accounting errors and fraudulent practices. SOX dictates which records are to be stored and for how long and requires the data owner to know the location of the data in the cloud and to maintain control of it. Failure to comply can result in fines and/or imprisonment.”

source: CIO.com

This discussion Isn’t limited just to compliance with regulations (at least it shouldn’t be)

In this conversation we need to also address what a business should do in terms of protecting and preserving its information assets (data!) even beyond what the CSP offers. Keeping confidential and private information secure and protecting the data of the business (and clients or patients or other entities) is essential, even when the CSP fails in its obligations or abilities.  This aspect of disaster recovery and continuity planning is not often considered by the CSP yet remains critical to the business customer. The sales pitch, however, never really delves into this area, because it represents an aspect of service coverage that the provider simply can’t provide.

Illustrating this particularly difficult aspect of outsourcing to the cloud is the hard lesson learned by customers of a QuickBooks hosting provider who experienced a severe outage due to a ransomware attack. The hosting service provider promised customers it backed up their data and it did, but the backup archives were also compromised.  In order to restore service, customers were expected to have their own backups of the cloud-hosted data.

While there may have been items in the service agreement which address these issues, I can say – based on a great deal of experience in just this area – the service providers rarely make this point very clear to customers, and more frequently tell customers backing up their data is no longer something they need to really worry about. It’s like that really tiny type at the bottom of a contract that nobody notices until it is too late.

“..restoration proved more difficult in Texas. Lezama explained that for the Texas clients, the backups had been compromised as well, because their backup data had synchronized with corrupt files. But Cloudnine clients are obligated backup their own data as well, as a sort of third-level security measure..”

source: AccountingToday

With compliance in the cloud, it’s their system, but your responsibility.

Outsourcing IT to a cloud service provider in no way eliminates or reduces the obligations of the business to manage certain aspects of information systems and data.  What outsourcing can do is deliver a greater operational capacity and agility more affordably.

The responsibilities to establish information and systems management practices and processes remain firmly with the business, and actually represent a strategic component of the business that is unwise to outsource anyway. Resilience in a business and its ability to conform to regulatory and other requirements are the foundations of sustainability. Remember that cloud providers and services can be leveraged to improve certain cost and system performance metrics, but it remains solely with the business customer to find ways to reduce risk and create a greater assurance of continued operational capability.

Make Sense?

J