accounting firm – Cooper Mann Consulting

October 17, 2013

Accounting Professional Value is Insight and Advice, Not Just a Hosted Server

Back in the late 90’s, when the application service provider model was first established, a number of providers recognized how beneficial it would be for public accountants to use hosted applications to work more closely with their accounting and bookkeeping clients. Seeking markets which would rapidly adopt a hosted application model, these providers focused on hosting small business accounting solutions such as Intuit QuickBooks desktop products, and then sought participation by the largest addressable communities of users working with those products – QuickBooks ProAdvisors, bookkeepers and accountants. The idea was that the community of QuickBooks professionals would benefit by bringing their clients onto the hosting platform, and service providers could sell to one professional and gain a bunch of small business users. It made sense, too, as it allowed the professional to have a single service and login that allowed them to access all their client QuickBooks company files. The client could log in to the system, too, delivering remote access and managed service benefits to the client, as well. But there was a catch, and it didn’t fully reveal itself until recently as cloud-based applications and true SaaS applications began to gain market adoption.

The problem actually started to reveal itself as more businesses elected to adopt hosting services. There’s a saying amongst the QuickBooks hosting providers that “nobody uses just QuickBooks”. Saying “nobody” uses just QuickBooks is a bit of a stretch, but the reality is that numerous businesses use other applications and software solutions in addition to their QuickBooks product. Sometimes these products integrate with QuickBooks and sometimes they don’t, but it is not often that a business utilizes just the one software solution. At minimum, there are likely email or productivity tools in use, too. The point is that the QuickBooks hosting providers – those hosts focusing on providing service to QuickBooks accountants and small business clients – realized that the number and variety of applications desired by their customers would grow very quickly, as would the variety of needed implementation models. The unfortunate solution of the time was to just put it all on the same environment.

The original selling message to the QuickBooks consultant and accountant markets was that they should get all their clients on to the hosting service, and then the accountant could benefit from an “economy of scale”, making the cost of the overall delivery lower. Further, by grouping the firm and the clients into a single hosting environment, it would make application and data sharing easier. Both of these messages are true, but putting the firm and its clients into a single environment – with the firm as the “sponsor” and front line promoter of the service – began to have impacts which were not clearly foreseen.

Accounting professionals and consultants changed the nature of their relationship with the client, going from trusted advisors to technology and solution vendors.
Client business technology needs were placed as secondary to “enabling” the working relationship between the accountant and the small business client.
Attempts to fully satisfy client technology requirements overburdened and impacted the environment, reducing overall service quality and satisfaction and diminishing the value of the scale economy (as well as the clients’ perception of their accounting professional).
Firms structured their processes to support a single technology and operating model, and found difficulties in adopting new strategies or solutions.

In concept, having accounting professionals and their clients all working seamlessly together in the same systems sounds great. For some firms, a cloud server packed with all the firm and client applications and data enables an entirely new business and service model, which is very cool and it actually works (for some firms and their clients). But the problem – a problem which may not be fully revealed in the short term – is that the various businesses involved, from the accounting practice to each and every client, has different business needs and operates as a unique organization. While there may be fundamental similarities, “the devil is in the details” as they say, and a single platform or hosting solution is unlikely to really work well for all. Even more potentially damaging, the perception of the trusted advisor who is now viewed as a vendor of IT services or software erodes the value of the client engagement and the potential for the firm to deliver greater benefit through their core offerings. A business owner is more likely to change vendors of IT service than they are their trusted accounting or finance professional. And they’re also more likely to change IT service providers if the provider cannot deliver exactly the application or service desired. When the accounting professional is perceived to be the IT service provider, the lines are blurred and the client ends up attaching their loyalty to a software product or business solution instead of the accountant advisor OR the IT provider.

With SaaS and native web-based applications being broadly adopted by small businesses, the opportunity for firms to engage with clients in different ways and with different solutions started to break the one-size-fits-all hosting approach. Professionals found that empowering their clients by supporting properly fitted solutions which work for the client business delivered the opportunity to become more operationally and strategically involved with the client business. Deeper operational and strategic involvement with the client became the means to drive increased value in the engagement and services offered and delivered. The client business was able to benefit from the involvement of their trusted advisor, regardless of what platforms or systems might be in place.

Accountants and bookkeepers are recognizing that the previous model of aligning the practice with a particular software product or delivery system may not be the best approach to building and retaining the customer base. With new business accounting and bookkeeping solutions emerging regularly – and gaining broad market adoption – and as more and more varied cloud based services and solutions are applied to various business problems – professionals will further recognize that their value is not tied to a cloud server, a single small business accounting solution, or to any particular technology. The value of the accounting professional is not in the software they support or the server it runs on. The value of the accounting professional is in the insight gathered and advice provided – services offered which help support better business management, growth and profitability.

Make Sense?

July 9, 2013

Cloud IT: Hiding Complexity and Risk

Cloud computing and Internet technologies have delivered previously unimagined capability for even the smallest of businesses – capability to compete, build brand recognition, and reach markets in remote geographies. The mantra for businesses used to be “location, location, location”, but it’s become connectivity – perhaps even more than location – which now delivers business opportunity. As technology has evolved, allowing businesses and consumers to connect regardless of time or place, the complexity of the systems and networks have also increased dramatically. Where a business could once easily identify their various vendors or business service providers, the identification of those involved in the service ‘delivery chain’ are no longer so easily recognized. Among the benefits of cloud computing technologies is the ability to reach beyond traditional boundaries. The risk for many businesses is in not fully understanding how, and with whom, those boundaries are being crossed.

For many an enterprise, the convenience and efficiency introduced with cloud computing models overshadows the increased risk potential. Service level agreements and vendor contracts are assumed to be sufficient to protect the business and its information assets, yet recent events (such as the recent reveals of PRISM and the actions of the National Security Agency) should cause businesses to look a little deeper at their entire provider network. It’s not that the average business should be concerned about government snooping of their emails, but they should be aware of who has access to their systems and data, and which entities are responsible for which parts of the system. It’s only prudent to know the details, and it is the best first step to mitigate business risk.

Enterprise Clouds are complex, sophisticated entities which invariably rely on a daisy-chain of third parties and contractors to help build, run and maintain their Cloud provider’s systems. The organizational and technical complexities are additive, resulting in increased systemic risk. Systemic risk is the least visible and hardest to eliminate, and those risks become real when the providers’ systemic risks become [yours].

The question is, how well does your Cloud provider manage the ecosystem of contractors and third parties that are farther down the food chain? This is even more relevant in the globalized workforce, where, paradoxically, Cloud and related technologies have greatly facilitated the outsourcing and offshoring of work to low-cost countries. http://www3.cfo.com/article/2013/6/data-security_prism-national-security-agency-edward-snowden-cloud-implications-vendor-management

Before executing a service agreement with an outsourced provider, make certain that the details of facility, connectivity, network, equipment, and other elements of the delivery and system are spelled out. Business subscribers should know where the various points of failure exist, and which company is responsible for dealing with each. If a carrier fails and connectivity to the data center is lost, the hosting service provider may be powerless to impact the situation, even though access to service is part of the SLA and requirement. If a hosted software product has a vulnerability or fails to perform, the developer of the product is likely responsible, rather than a hosting service provider. The point is that there are often multiple players in the delivery chain, and customers should be aware of this reality prior to engaging with the service.

Ultimately, the business with mission critical data in the possession of a 3^rd party service provider should have a healthy helping of doubt as to whether the provider has full control over their environment. Business owners, managers and CFOs should recognize the increased necessity of evaluating risk within their provider systems and in provider/vendor relationships, to keep trade secrets secret and prevent intellectual property from becoming the property of others.

Joanie Mann Bunny Feet

Make Sense?

June 19, 2013

HIPAA Privacy and Security and the Cloud

Is your cloud solution or hosting service HIPAA compliant? This is among the most frequently asked questions from professionals shopping for cloud hosting service. Unfortunately, it is also among the questions most frequently answered with ambiguity, or with naiveté. The problem is that many businesses dealing with HIPAA compliance responsibilities as it relates to protection and security of personal health information may not fully understand their responsibilities as they extend to outsource IT and other service providers. In the case of HIPAA compliance, many providers suggest their compliance without truly understanding what it means, and are introducing significant risk to their business and subscribing customers because of it. With recent changes in rules relating to protection and control of personal health information, it is not just the health care provider, the health plan, 3^rd party administrator or others that process health insurance claim information which must agree to provide adequate controls – the requirement may fully extend to business associates of these entities… possibly including their cloud service or hosting solution providers.

Some of the largest breaches reported to HHS have involved business associates. Penalties are increased for noncompliance based on the level of negligence with a maximum penalty of $1.5 million per violation. The changes also strengthen the Health Information Technology for Economic and Clinical Health (HITECH) Breach Notification requirements by clarifying when breaches of unsecured health information must be reported to HHS. http://www.hhs.gov/news/press/2013pres/01/20130117b.html

HIPAA guidelines and rules exist to protect and secure personal health information, a requirement growing in importance with advancements in technology, electronic health records, e-billing solutions, and cloud computing adoption. Where the regulations were once focused on the entity directly involved in generating or processing the information, the view is now extended not only to 3^rd party administrators, but also to the technology solutions and providers involved. When a “covered entity” (an entity with a responsibility to protect and secure personal health information [PHI]) makes a decision to move this information to the cloud, a number of important and complicated issues must be addressed in the agreements with the service or solution provider. These issues include security and privacy of information (including providing individuals the right to access and request changes to the stored information), tools which may be provided to allow the customer additional security protection, encryption of data at rest and in transmission (and who holds the keys), data location, return of data, disaster recovery, and service levels.

Cloud provider contracts and business associate agreements with cloud providers are not one-size-fits-all and should be negotiated carefully to protect PHI in a manner that accurately reflects the capabilities of the parties http://www.americanbar.org/content/newsletter/groups/labor_law/ebc_newsletter/12_winter_ebc_news/ebc12winter_cloud.html

The provider delivering cloud hosting services to the business may now be considered to be a “business associate” under HIPAA, meaning that the responsibilities of the Customer (the “covered entity”) also extend to their service provider. For any business operating under a HIPAA compliance requirement, moving to the cloud must necessarily involve a detailed discussion and set of agreements that spell out the “business associate” relationship as well as the details of the service delivery and accepted performance levels.

Joanie Mann Bunny Feet Make Sense?

June 10, 2013

Are the security requirements for accounting and finance professionals using cloud services any less stringent than those governing lawyers?

As accounting and finance professionals look to the cloud and Internet technologies to address collaboration, mobility, and improvements in service delivery, they should also be looking at ways to ensure the protection and security of client financial information. Professional services organizations of all types are embracing cloud products and services, sometimes without properly considering how it might impact information security and business risk. The security requirements for accounting and finance professionals using cloud services are no less stringent than those governing lawyers.

In her article “NC Bar Council issues final opinion on the cloud “, author Nicole Black points out some of the essential considerations for using cloud computing services in a professional legal practice. Accounting and finance professionals should recognize this guidance as being applicable to their businesses, too.

The main question stems from the ethical issues faced by “lawyers who intend to store confidential client information on servers owned and operated by third parties”. An opinion issued by the North Carolina State Bar Council addressed two primary questions in this area:

1. Is it OK for a law firm to use Software as a Service or cloud computing products?

2. Are there any special vendor assessments or other measures which should be taken by lawyers who wish to minimize the security risks of implementing this type of solution?

Read the entire article by Nicole here (PDF format)

Nicole Black is a Rochester, New York attorney and the Vice President of Business Development and Community Relations at MyCase, a powerful and intuitive cloud-based law practice management platform. She is also a GigaOM Pro Analyst and is the author of the ABA book Cloud Computing for Lawyers, co-authors the ABA book Social Media for Lawyers: the Next Frontier, and co-authors Criminal Law in New York, a West-Thomson treatise. She is the founder of lawtechTalk.com and speaks regularly at conferences regarding the intersection of law and technology. She publishes four legal blogs and can be reached at nblack@nicoleblackesq.com.

Joanie Mann Bunny Feet J

original post April 5, 2012

December 12, 2012

The True Cost of the Cloud

Excerpt from article on Intuit Accountants News Central: The True Cost of the Cloud

“Accounting professionals are strongly encouraged to adopt cloud computing models in their practices, and there can be little argument that mobility and access are driving the need. In concert with the messages supporting mobile access to business information – and the value of anytime, anywhere access – cloud service providers are strongly suggesting that the overall cost of purchasing and maintaining information technology (IT) in the business is much lower when a cloud computing approach is used.

Arguments over the total cost of IT and related services become somewhat subjective. Many business owners and managers fail to consider the value of their own time spent dealing with business technology issues, much less the time spent by in-house employees and remote workers. To further complicate the issue, dramatic changes in process support and delivery, connected service and cloud computing approaches are impacting business productivity and profitability in new and dramatic ways. As a result, every business should consider the costs and the benefits of this new connected and collaborative working model.

At the core, cloud computing is really just an outsourced IT service that addresses the various levels of application and computing infrastructure. From IaaS (infrastructure as a service) to SaaS (software as a service) and all things in between, a viable cloud computing approach for a business may encompass little more than co-location of physical server and network resources with a third-infrastructure provider to something much larger scale, such as offloading virtually every aspect of application management and delivery to a SaaS solution.

Because there is no single, correct definition of what makes up a “cloud” service model, attempting to compare costs directly to a more traditional IT approach is quite complicated.”