Money Management

The AICPA sponsors this annual top technology survey so that Certified Public Accountants (CPAs) can stay up-to-date on the latest technology initiatives to advise their clients, customers and employers on the strategies they should consider undertaking. The AICPA poll was conducted in late 2007 with ISACA, the Institute of Internal Auditors (IIA) and the Information Technology Alliance (ITA). Respondents identified the Top 10 most important technology initiatives for 2008 as follows:

For details on each initiative, read more below.

1) Information Security Management

The development and implementation of a comprehensive security framework encompassing people, processes and IT systems that safeguards critical systems and information, protecting them from internal and external threats. Information Security Management is accomplished by analyzing and evaluating risks; selecting appropriate risk treatment options (avoidance, acceptance, transference and reduction); implementing controls (administrative, procedural, personnel and technological); then constantly monitoring overall performance. The resulting system incorporates the preservation of confidentiality (information is not available or disclosed to unauthorized individuals, entities, or processes); integrity (safeguarding the accuracy and completeness of key data) and availability (systems and data are accessible and usable on demand by an authorized entity) of information. Other properties, such as authenticity, accountability, non-repudiation and reliability, are also factors.

2) IT Governance

A structure of relationships and processes that direct and control an organization and help it achieve its goals by adding value while balancing risk versus return over IT and its processes. Components include strategic alignment, value delivery, resource management, risk management and performance measures. Project portfolio management and proper IT balanced scorecard measures, including earned value, are important review factors often overlooked.

3) Business Continuity Management (BCM) and Disaster Recovery Planning (DRP)

BCM is a comprehensive management process that identifies potential threats to an organization and the impact those threats may have on business operations. Disaster Recovery Planning is the development and testing of a plan to restore an organizations' technology infrastructure after a disaster or failure. Resources can include people, technology, data, facilities, customers and suppliers. Threats to these resources may include theft, virus infestation, weather damage, accidents or other malicious destruction. BCM identifies potential threats and the impact of those threats and a disaster recovery plan that is well-defined, documented, communicated and regularly tested helps provide structure and stability in the event of a business interruption or catastrophe, greatly improving the chance of business survival.

4) Privacy Management

The rights and obligations of individuals and organizations with respect to the collection, use, disclosure and retention of personal information. As more information and processes are converted to a digital format, this information must be protected from unauthorized users and unauthorized usage by those with access to the data, including complying with local, state, national and international laws, and the convergence of security and privacy. Identity theft technologies and education are an important part of this initiative.

5) Business Process Improvement (BPI), Workflow and Process Exception Alerts

Methods used to enhance business and transaction processing through a continuous cycle of modeling, execution, monitoring and improvement. Workflow involves the operational aspects of a work procedure and process exception alerts notify users when attention or follow up is required. BPI employs real-time monitoring tools that provide exception alerts to automate business processes on triggered events, identify problems or new opportunities in a transaction before a transaction is complete, or better control quality issues by catching problems more quickly. Workflow involves how tasks are structured, who performs them, their relative order, how they are synchronized, how information flows to support the tasks, and how tasks are tracked. Through the use of these tools, an organization can make significant improvements in the way it does business.

6) Identity and Access Management

The hardware, software and processes used to authenticate a user's identity, i.e., ensure users are who they say they are, then provide users with appropriate access to systems and data based upon pre-established rights and privileges or interaction with automatic provisioning systems. Identity management may utilize one, two, or three factor authentication and may include passwords, tokens, dongles, key fobs, digital certificates (for Web sites and e-mail systems), PKI, biometrics and other emerging technologies. Access management may include single sign-on and the automation of the account provisioning process (add/change/delete).

7) Conforming to Assurance and Compliance Standards

The creation of formalized strategies, systems and training programs to address organizational goals and statutory requirements including, SAS Nos. 104-111 and FIN 48. It includes the implementation of collaboration and compliance tools to assist in the documentation, assessment, testing and reporting on compliance with specific controls or regulations. This initiative also encompasses tools to assist in implementing risk assessment standards, risk management and continuous auditing/continuous monitoring tools, along with computer assisted auditing tools and techniques (CAATTs). Also includes the implementation of configurable controls within existing financial and operational applications.

8) NEW! Business Intelligence (BI)

The applications and technologies used for gathering, providing access and visibility to, and analyzing data to help business owners and managers make informed business decisions. The ultimate objective of business intelligence (BI) is to improve the timeliness and quality of information. BI tools include data warehousing and integration applications, report writers and application dashboards.

9) Mobile and Remote Computing

Technologies that enable users to securely connect to key resources anywhere, anytime, regardless of physical location. Supporting technologies include server-based applications, VPNs, remote control software, laptops, PDAs, Smart Phones, VoIP and wireless technologies, such as 3G (EVDO / EDGE), WiFi and WiMax.

10) Document, Forms, Content and Knowledge Management

The process of capturing, indexing, storing, protecting, searching, retrieving, managing and controlling information electronically. This also includes scanning, forms recognition, optical character recognition (OCR), centralized data repositories and management of PDFs and other document formats. Knowledge management then brings structure and control to this information, allowing organizations to harness the intellectual capital contained in the underlying data. This is sometimes referred to as the "paperless" office, even though "less-paper" or digital office may be more accurate terms. Protecting digital data is a key component of any resulting system, enabling secure distribution and/or preventing illegal distribution and access to protected information. Example: A document distribution strategy controlled by a Digital Rights Management (DRM) server that helps prevent an encrypted document from being opened by anyone other than the intended recipient.

Honorable Mention

In addition to the above list, the AICPA is also including a section for Honorable Mention, the technology initiatives that placed #11 - #15 in the final tabulation.

11) NEW! Customer Relationship Management (CRM)

The processes and software that enable organizations to manage all aspects of interaction with customers, clients and/or vendors, and focus their resources on the highest value relationships. CRM applications typically include contact management, calendaring, practice management, sales history, workflow and campaign marketing. CRM can incorporate sales force automation, call center technologies and Web site integration. CRM systems create a comprehensive view of sales and service information, helping organizations provide improved customer and vendor interaction.

12) Improved Application and Data Integration

Use of existing and evolving technologies, such as Web services, .NET, XML and SOAP, to better integrate data between diverse applications. These processes allow organizations to select, and seamlessly integrate data and functionality between "best of breed" applications. A common example is the ability to update a field in one application that automatically synchronizes the data with other applications. May also include Service-Oriented Architecture (SOA), an application-level architecture that further enables interaction between disparate applications and data.

13) Training and Competency

Methods and curriculum designed to increase the knowledge of individuals. Includes ensuring an organization has the resources available to efficiently and effectively train new hires and current employees on a timely basis on relevant subject matter and ensure that learning has occurred. Delivery methods may include the use of Computer Based Training (CBT), Webcasts, podcasts and distance learning. Curriculum may be technology or non-technology oriented.

14) Web-deployed Applications

Uses the Internet as a platform for deploying applications, and making data available to end users in lieu of installing and maintaining applications and information on local machines. This approach is referred to as "On-Demand" or "Software as a Service" (SaaS). Web-deployed applications may be corporately controlled and hosted, or hosted by 3rd party providers, such as an Application Service Provider (ASP). Web-deployed applications dramatically reduce installation and management costs and traditionally provide better data security, fault tolerance and greater convenience to end users.

15) NEW! Information Portals

Web sites that enable organizations to provide clients, customers, vendors, employees and other stakeholders with access to timely and relevant personalized information via self-service applications. Examples of information portals include Windows SharePoint^® , corporate intranets, and third-party hosted sites.