Every CPA Firm Needs to be a Security Company

October 24, 2018 Matt Wilgus

In 2018, the year of artificial intelligence, internet of things, blockchain, and big data, it is safe to say more and more companies are emerging to be technology companies. In the last year, a lot of attention has been placed on how automotive companies such as Ford and General Motors are positioning themselves as technology companies.

Large conglomerates such as GE are marketing themselves as “the digital company that's also an industrial company” and are using young programmers as the center of a large advertising campaign. However, it isn’t just industrial and manufacturing companies that are pivoting, large financial institutions are now developing and often acquiring Fintech providers. Santander created Santander InnoVentures with a stated aim of, “to support the digital revolution to make sure Santander customers around the world benefit from the latest know-how and innovations across the Banking Group’s geographies.” Verticals such as healthcare, education, media and many others now must address technological changes more than ever and position their investments in technology as differentiators.

Technology and CPA Firms

Today, firms have a plethora of on-premise and cloud-based offerings available and if none of them meet requirements, the potential to develop something in-house is readily available. These new solutions also require firms to think about security more than ever before.

CPA firms are also once again changing. For many, the first customer facing technology may have been offering self-service options to extend back office functionality. Electronic invoicing and collections are two early examples that date back to the 1990s or earlier. As time moved on, other parts of the business, particularly those related to engagement delivery, also began to leverage technology. In the 2000s, firms began using file sharing services and central repositories such as Microsoft SharePoint to exchange data with clients. Most firms purchased commercial-off-the-shelf (COTS) products as they did not have many, if any, developers on staff. Today, firms have a plethora of on-premise and cloud-based offerings available and if none of them meet requirements, the potential to develop something in-house is readily available. These new solutions also require firms to think about security more than ever before.   

Large Firms and the Cobbler’s Children

Many CPA firms, particularly larger firms, offer technology related advisory and consulting services, including developing software for their clients. However, they also need to innovate and leverage technology to improve the quality of their own offerings, be it tax, audit or advisory. These firms often have staff with the knowledge to adequately secure their own environment; however, they rarely work with internal initiatives. The problem is the work performed for the firm’s external clients are revenue generating, while securing internal systems yields no revenue, or is seen as taking away revenue due to the opportunity cost.

Read the full article at CPA Practice Advisor

About the Author

Matt Wilgus

Matt Wilgus is a Practice Director at Schellman & Company, Inc. Matt leads the Security Testing and Assessment offerings. In this role he heads the delivery of Schellman’s penetration testing services related to 3PAO and PCI assessments, as well as other regulatory and compliance programs. Matt has over 19 years’ experience in information security, with a focus on identifying, exploiting and remediating vulnerabilities, in addition to extensive experience enhancing client security programs while effectively meeting compliance requirements.

More Content by Matt Wilgus
Previous Article
The Security Implications of Using a Virtual PA
The Security Implications of Using a Virtual PA

Is Outsourcing Your Admin Safe? To put it plainly, the world of work has changed dramatically w...

Next Article
GDPR – Perspective from a Seasoned Auditor 3 Months in @ BoxWorks
GDPR – Perspective from a Seasoned Auditor 3 Months in @ BoxWorks

This week, I had the privilege of sitting on a panel, with Crispen Maung, the chief compliance o...

×



Subscribe now
to receive content updates once a week

First Name
!
Success
Error - something went wrong!