CH1 - Aicpa Survey 2015 PDF

25th Anniversary Edition of the
North America Top Technology

Initiatives Survey Results
Accounting Professionals Identify
Securing the IT Environment as the Top Priority
Members of the Information Management and Technology

Assurance (IMTA) Top Technology Initiatives Task Force,
Emerging Technology Task Force and the IMTA Executive
Committee provided information and insight in preparing
this report:
AICPA INFORMATION MANAGEMENT AND

TECHNOLOGY ASSURANCE STAFF
Susan Pierce, CPA/CITP, CGMA
Senior Technical Manager IMTA Section
Member Specialization and Credentialing
AICPA, Durham, NC
CONTRIBUTORS:
Dr. Terry L. Campbell, Ph.D., CPA/CITP, CGMA, CMA
Clinical Professor
Kelley School of Business Indiana University
Bloomington, IN
Paul Warrick, CPA, CGMA

Technical Manager IMTA Section
AICPA, Durham, NC
Bob Green, CPA/CITP, CGMA

Lead Partner SingerLewak, LLP
Los Angeles, CA
Iesha Mack
Project Manager IMTA Section
AICPA, Durham, NC
Adam Haverson, CPA/CITP, CFA

Director Global Solutions at Pall Corporation
Orlando, FL
Michael McAllister, CPA/CITP, CISA
Director, BDO USA, LLP
Reading, IN
Robert G. Parker, MBA, FCPA, FCA, CISA, CRISC, CMC
Associate, Risk Masters Inc. & Retired Deloitte Partner
Victoria, BC, Canada
Maria Pollieri, CPA, CA
Product Management Director, Oracle Corporation
Toronto, ON, Canada
Maritza Cora
Associate Project Manager IMTA Section
AICPA, Durham, NC
CPA CANADA CONTRIBUTING STAFF
Cecilia Banh, CPA, CA, MAcc
Principal Research, Guidance and Support
CPA Canada, Toronto, ON, Canada
Valerie Leach, CPA, CA
Principal Professional Learning and Development
CPA Canada, Toronto, ON, Canada
Donny Shimamoto, CPA/CITP, CGMA

Founder and Managing Director
IntrapriseTechKnowlogies LLC
Honolulu, HI
2015 American Institute of CPAs. All rights reserved.

DISCLAIMER: The contents of this publication do not necessarily reflect the position or opinion of the American Institute of CPAs, its divisions and
its committees. This publication is designed to provide accurate and authoritative information on the subject covered. It is distributed with the
understanding that the authors are not engaged in rendering legal, accounting or other professional services. If legal advice or other expert
assistance is required, the services of a competent professional should be sought.
For more information about the procedure for requesting permission to make copies of any part of this work, please email copyright@aicpa.org
with your request. Otherwise, requests should be written and mailed to the Permissions Department, AICPA, 220 Leigh Farm Road, Durham,
NC 27707-8110.
TABLE OF CONTENTS
Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
About the Survey. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
North America Survey Results. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
North America TTI Survey Analysis: Top 10 Technologies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
TTI Survey: North America Key Insights.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

U.S. Key Insights. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Canadian Key Insights. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
TTI Summary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
IMTA Resource Index
INTRODUCTION
Technology is a crucial key to success, in the accounting profession and elsewhere. As mobile
and social technologies gain near-ubiquitous acceptance and businesses of all kinds leverage
new generations of data management and analytic capabilities, Information Technology remains
a key component for business success and profitability.
The American Institute of CPAs (AICPA) and the Chartered Professional Accountants of Canada
(CPA Canada) conducted a survey of their membership to identify their top technology initiatives
for this 25th anniversary edition.
Certified Public Accountants and Chartered Professional Accountants understand the benefits
of Information Technology. Given the frequency and severity of fraud data breaches across
all business sectors CPAs in business and industry and public practice are prioritizing the
management of risk, security, and information privacy. Many also are focused on how to use
data and analytics to provide information to enable better decision-making, resulting in positive
outcomes for their clients and their organizations.
Accounting professionals identified security, compliance, privacy, data management, responding
to fraud and business intelligence as their key IT priorities. Many also offered helpful insights
into how they plan to leverage technology to improve client services and their own business
outcomes. Those priorities, and other survey insights, are summarized in this report.
Experts are now observing an inflection point in the technology industry toward complexity and
self-serve implications, which could be a contributing factor to increasing initiatives relating to
the security of more externalized technologies such as cloud, mobility, and social. As a result,
instead of focusing technology and expertise on managing complexity, many accounting
professionals are focused on improving their practices and companies by trying to innovate and
stay ahead of technology. This is a positive inflection, because it more closely aligns technology
with the business users, thus resulting in more technology-driven business growth.
For more information on these and additional resources, go to aicpa.org/IMTA.
2 |
25th Anniversary Edition of the North America Top Technology Initiatives Survey Results
ABOUT THE SURVEY

U.S. Participants
A total of 3,061 accounting professionals participated
in the 25th anniversary TTI U.S. survey. Of those
participants, 39% are in public accounting, 36% work in
business and industry, 6% work in the

not-for-profit sector, 6% in consulting, 6% in
education, 5% in government and 2% in other areas.
U.S. Participants by Industry
5% 2%
6%
Public Accounting
6%
Business and Industry
6%
39%
Not-for-Profit
Consulting
Education
36%
Government
Other
| 3
Most hold leadership positions, with 40% indicating

they are executives, partners, owners or shareholders;
26% managers/senior managers; and 14% directors or
vice presidents. Ten percent are staff-level personnel

and 10% are in other positions.
U.S. Job Responsibility
10%
10%
Executive/Partner
40%
Manager
Director/VP
Staff
14%
Other
26%
4 |
exposure to IT-related concerns. Only 5% of

respondents indicated that they never receive IT
questions or concerns in the normal course of work.
The majority of survey participants, 61%, indicate

that they regularly or frequently encounter
technology-related questions or concerns in their
field of work, while 34% indicate they have minimal
U.S. Frequency in Encountering IT Questions or Concerns
5%
Frequently/Regularly
Minimally
34%
61%
Never
| 5
Canadian Participants
A total of 256 Canadian accounting professionals
participated in the 25th anniversary of the TTI survey.
Of those participants, 46% work in business and
industry, 16% are in public accounting, 14% in

government, 8% in consulting, 6% in not-for-profit,
5% in education and 4% in other areas.
Canadian Participants By Industry
5%
16%
Business and Industry
14%
Public Accounting
Government
4%
Consulting
Not-for-Profit
8%
46%
Education
Other
6%
6 |
The positions of respondents in Canada were very

similar to the positions held by U.S. participants. Most
hold leadership positions, with 38% indicating they
are executives, partners, owners or shareholders,
23% managers and 22% directors or vice presidents.

Fourteen percent are staff-level personnel, and 3%
are in other positions.
Canadian Job Responsibility
3%
14%
Executive, Partner, Owner

or Shareholder
38%
Manager
Director or Vice President
22%
Staff-Level Personnel
Other
23%
| 7
Most survey participants, 87%, indicate that they regularly

or frequently encounter technology-related questions or
concerns in their field of work, compared with only 61%
in the United States. In Canada, 13% indicate that they
have minimal exposure to IT-related concerns compared

with 34% in the U.S. Less than 1% of respondents never
receive IT-related questions or concerns during the
normal course of work.
Canadian Frequency in Encountering IT Questions or Concerns
13%
Frequently/Regularly
Minimal
87%
8 |
NORTH AMERICA SURVEY RESULTS

The rankings were very similar between the United States and Canada:
Ranking
U.S. Results
Canadian Results
Securing the IT Environment
Managing and Retaining Data
Ensuring Privacy
Managing IT Risks and Compliance
Ensuring Privacy
Preventing and Responding to Computer Fraud
Enabling Decision Support and Analytics
Managing System Implementations
Governing and Managing IT

Investment/Spending

Investment/Spending
Managing Vendors & Service Providers
Leveraging Emerging Technologies
10
Here are some possible reasons why the results closely

match:
t a high level, technology issues, concerns and
A
initiatives are not necessarily country-centric.
iven the technology infrastructure in North
G
America, the compatibility and interconnectivity
of that infrastructure, and similarity of service
offerings within Canada and the United
States, many of the issues are similar.
here may be a convergence around economic,

T
political and governing factors that drive the business
environments that technology initiatives serve.
Although the ranking of the top 10 initiatives is based on
the ranking of issues and concerns of the respondents,
the ranking may or may not be the same as the ranking
given to issues and concerns based on the respondents
answers to more detailed questions much of that
analysis is featured throughout this white paper.
In North America, there may be cross border

collaboration; many multinational organizations may
be addressing the same or similar problems on both
sides of the border.
| 9
NORTH AMERICA TTI SURVEY ANALYSIS: TOP 10 TECHNOLOGIES

Blue = U.S. Ranking
Orange = Canadian Ranking
1 1 Securing the IT Environment
Accounting professionals must confront serious
information-related security threats, ranging from
cybercrimes to the loss or theft of laptops, mobile
phones and client or organizational data.
service providers, CPAs in public practice must maintain

internal IT security, while also working with clients or
upper management to ensure the security of all data
and communications.
Accounting professionals generally are confident in

their ability to secure their traditional IT systems.
However, they are less certain of security protections
for mobile devices and against the ever-changing threat
of cyberattacks.
Resource:
About 61% of U.S. respondents believe they have

properly protected traditional networks and internal
servers from external security threats. While nearly 52%
are confident they have IT security policies appropriate
for their industry and company size, and 58% believe
they can ensure the availability and continuity of IT
services.
Forty-two percent of U.S. respondents said they have
addressed all relevant threats, including those from
emerging technologies such as cloud, mobility, and
social media. Forty-three percent are confident they
have properly protected smartphones, tablets, and
other devices from a data breach; while almost 41% say
they can quickly detect and respond in the event of a
cyberattacks.
In Canada, 74% of respondents said they have properly
protected their networks and servers internally, and
from external parties; 61% reported they have a
security policy that addresses information security
risks appropriate to the size of their organization and
industry; and 58% said they would be able to ensure
the availability and continuity of IT services.
To improve IT security, organizations should start with
a comprehensive risk assessment of their physical and
logical infrastructure, networks, data, and personnel.
Based on those findings, policies and technologies can
be implemented to reduce the risk of cyberattacks,
data breaches, theft, fraud, and other threats. Like other
10 |
I T Security Information Security information

page including an 8-part series on the ABCs of
IT Security for CPAs
2 2 Managing and Retaining Data

The substantial data-related benefits, however, also
come with very real challenges. Data are growing in
volume and complexity, and are now supplemented
by an influx of information from email, social networks
and other unstructured data sources. At the same time,
the growing threats of fraud, cybercrime and system
failures increase the need for organizations to protect
and manage that critical information. Accounting
professionals are reasonably confident in their ability to
meet those challenges.
Seventy-nine percent of U.S. respondents say they are
properly backing up data and could effectively restore
data in the event of a negative incident, while 61%
understand their internal, legal and compliance-related
data retention requirements. The majority say they
have appropriately designed data retention policies
and procedures, and that they adequately manage data
storage and archiving costs, 60% and 55%, respectively.
Eighty-two percent of Canadian respondents report
properly backing-up data and the ability to restore
data in the event of an operational loss or access
requirement. Sixty-eight percent understand their
internal, legal and compliance-related data retention
requirements. Of the Canadian respondents, 62%
say they have appropriate data retention policies and
procedures, while 61% report they are adequately
managing data storage and archiving costs.
Backup and restore procedures are designed to

recover data processing resources. Here, there are two
concepts: 1) Recovery Time Objectives (RTOs) the
number of days, hours and minutes the organization
can endure before it needs the system to work, and
2) Recovery Point Objectives (RPOs) how current does
the organization want the data at the time of recovery,
last transaction, last nights backup, last weeks or even
last months backup. In either case, RTOs and RPOs do
not guarantee that one could go back three years to
obtain any data an organization might want.
Data management specialists have gone on public
record, saying accountants and others can take very
specific steps to improve data management and
storage. A key first step is the creation of a strategic
plan for the capture, management and backup of
mission-critical data. A robust data management
program should address information-related policies
and procedures, with governance tied directly to
internal, legal, and compliance-related requirements.
Robust business continuity planning generally demands
continuous access to business critical data. Critical
business functions from enterprise resource planning
(ERP) centric sales transactions to web-based customer
self-service depend on these data. When an event
disrupts access to data whether the root cause
is damage to physical devices or loss of access a
business cannot execute its critical functions. This results
in lost revenue, damage to reputation, a loss of situational
awareness and can expose a company to liability. For
all of these reasons, a robust data recovery/application
continuity plan is a critical component of an enterpriseclass data management plan.
Resources:
A Practice Aid for Records Retention Overview of
what to consider when assessing records management
ee our Data Management section at the bottom
S
of the Business Intelligence web page for more
information on how to manage your data.
3 4 Ensuring Privacy
Clients expect their accountants to ensure the strict
confidentiality of their personal information; an
organizations customers expect the same. In response,
many firms have instituted formal privacy policies, which
include robust controls on access to data, automated
monitoring of access, and employee training that
includes voluntary compliance with Generally Accepted
Privacy Principles (GAPP).
Fifty-eight percent of U.S. respondents say they
have a good understanding of the appropriate
regulatory and compliance requirements for their
industry and organizational size, and 61% also say
they have appropriate privacy policies in place. In the
United States, 60% of respondents believe they have
appropriate privacy-related safeguards and controls
in place, and just under half (49%) say they can quickly
detect and respond to a privacy breach.
Canadian respondents show a higher level of confidence
in ensuring privacy. Seventy-five percent are confident
that they have put the appropriate privacy safeguards
and controls in place to minimize their risk of a privacy
breach, while 73% report they will be able to quickly
detect and respond to a privacy breach incident.
Sixty-six percent of respondents report they have a
good understanding of the appropriate regulatory and
compliance requirements related to the privacy of
data for their size of organization and industry.
One of the best ways to address privacy is to
understand the Generally Accepted Privacy Principles
(GAPP). Using GAPP, CPAs can help organizations
design and implement sound privacy practices and
policies. The adoption of these principles and criteria
is voluntary, but they do serve as a framework on which
to build a solid privacy program.
Resources:
rivacy/Data Protection Privacy information
P
page devoted to outlining privacy regulations and
resources
| 11
enerally Accepted Privacy Principles GAPP

G
is designed to assist management in creating an
effective privacy program that addresses their
privacy obligations, risks and business opportunities
Resource:
verview of Data Management White paper

O
providing an overview of data management
5 7 Preventing and Responding to

Computer Fraud
4 3 Managing IT Risks and Compliance

Aligning IT risk management plans with larger business
strategies is a well-understood goal for organizations.
To assist clients and employers address this alignment,
accounting professionals should evaluate risk
governance and compliance policies, then the risk to the
entity they are working with; doing this will help ensure
optimum security for devices, applications and data.
Sixty-two percent of U.S. survey respondents are
confident they understand the risk associated with
Information Technology, while 51% believe they
understand the appropriate regulatory and compliance
requirements for a company of their size in their
industry. Fifty-four percent have conducted an IT risk
assessment; 47% indicated they have deployed sufficient
automated controls to protect against a potentially
damaging management override of those protective
systems.
Sixty-six percent of Canadian respondents expressed
confidence in their understanding of risks associated
with Information Technology, and 59% report a good
understanding of the appropriate response for a
company of their size in their industry. Forty-nine
percent have conducted an IT risk assessment, while
40% say they have adequately deployed automated
controls to achieve separation of duties and to avoid
the potential of management overrides within systems.
Risk experts say initial assessments should focus on
identifying higher-risk areas and on ensuring these risks
are appropriately mitigated. Sometimes traditional
systems present higher risk, because they are not being
backed-up, or because they have not been replaced due
to budget constraints.
12 |
IT Assurance Services Overview page

highlighting resources pertaining to IT Risk and
Assurance including SOC Reporting publications.
IT-related fraud and abuse are growing concerns

for most organizations. Hacking, data thefts and
large-scale fraud are now all-too-common occurrences.
Those threats affect governments, businesses of every
kind, and individuals.
Sixty-two percent of U.S. respondents say they have
considered the risk associated with technology-based
fraud, while 54% of respondents are confident they have
the appropriate policies and internal controls needed
to reduce the risk of IT-related fraud to an appropriate
level. Fifty-five percent know what to do in the event
that a fraudulent incident does occur. Half (50%) are
confident they have the policies needed to detect and
mitigate potential IT-related abuse.
Sixty-three percent of Canadian respondents report
they have considered the risks associated with IT-related
fraud. Half say they have appropriate policies and
controls in place to reduce these risks of IT related fraud
and 55% know what to do in the event of a fraudulent
event. Forty-nine percent are confident they have the
policies in place to detect and mitigate potential
IT-related abuse.
The responses indicate that accounting professionals
are aware that they and their clients/employers can be
particularly vulnerable to identify theft, hacking and
other cybercrime.
While it is commendable that organizations develop
policies and supporting procedures, they are subject to
human execution and require effective awareness and
monitoring to ensure compliance. In a sophisticated
technology world, many threats are difficult, if not
impossible, to mitigate effectively with technology alone.
Accounting professionals should become familiar

with several ways to monitor activity, including the
use of automation. Intrusion prevention systems are
designed to monitor networks and/or systems for
malicious activity. Similarly, intrusion detection systems
monitor attempted intrusions, or policy violations.
These tools produce real-time reports. Intrusion
prevention and detection software (IDPS) has become a
valuable addition to the security infrastructure of most
organizations.
IDPS can record information related to observed events,
notify security administrators of questionable events and
produce real-time alerts and reports. Some software can
take a more proactive approach and reconfigure security
and firewall settings in response to an observed attack.
Resources:
op Five Cybercrimes White paper highlighting
T
the top five cybercrimes, tailored to the CPAs
perspective and experience
ID Theft/Fraud Resource page devoted to Identity
theft and identity fraud
6 5 Enabling Decision Support and Analytics

Organizations are not only working to capture and
manage data, but are also investing in systems that let
them convert data into insights; as a result, insights
drive better decisions for their clients and for their
organizations. Accountants naturally recognize the value
of information and are working to put data to better use
in their organizations.
Sixty-four percent of U.S. respondents say that they have
access to sufficient data to make effective decisions,
while 57% say they get timely, complete and auditable
reports from their information sources. About 58% of
U.S. respondents say they understand how data flows
and are used in their organizations.
Fifty-three percent of U.S. respondents say they have

good management reporting and business intelligence
systems, while 48% say they understand the technology
options for solving those challenges. Fifty-two percent
of U.S. respondents say they are fully leveraging internal
information and the growing universe of external data
(such as input from social networks) to make business
decisions.
Sixty percent of Canadian respondents say they have
access to sufficient data to make good decisions, while
51% say they receive timely, accurate, complete and
auditable reports from those information systems. Just
under half of Canadian respondents say they understand
how data flows and are used in their organizations.
Forty-three percent of Canadian respondents report
good management reporting and business intelligence
systems, while 46% understand the technology options
for solving those challenges.
Survey results indicate that accounting professionals
must work to better capture and manage data, and find
ways to transform that information into relevant insights
to help drive positive business results.
Resource:
usiness Intelligence A Business Intelligence (BI)
B
information page providing BI resources including a
toolkit to assist CPAs in implementing a BI platform.
7 6 Managing System Implementations

Identifying and acquiring good IT systems is crucial,
but unless those systems are implemented correctly,
those investments can be wasted. The 25th anniversary
TTI Survey results suggest all accounting professionals
understand the need to manage IT system deployments.
U.S. Survey respondents were most confident (60%)
of their ability to ensure the quality and integrity of
data during a system upgrade or implementation.
Almost half, 46% feel their organization knows how
to develop a good business case for new IT-related
projects, and about 50% say that their organizations
have good alignment between IT investments and the
organizations larger strategic goals.
| 13
Thirty-seven percent of U.S. respondents say they can

properly analyze the return on investment (ROI) payback
of IT-related projects. About 46% believe that users
receive adequate training and documentation for new
or upgraded IT systems. A similar percentage (48%)
believes they have the governance controls needed to
ensure IT projects are implemented in accordance with
originally stated objectives.
Sixty-four percent of Canadian respondents were
confident they could ensure data quality and integrity
during an upgrade or new installation, and 52% say
they know how to develop a strong business case
for IT-related projects. Fifty-six percent of Canadian
respondents report a strong alignment between IT
investments and the organizations overall objectives.
Thirty-three percent of Canadian respondents say they
can properly analyze the value of IT-related projects,
while 49% say they provide appropriate training and
documentation to users of new or upgraded systems.
Accounting professionals should carefully evaluate
the business case for proposed business solutions,
understand the changes the solution will require, and
manage critical data conversion and migration activities.
Organizations should exercise due diligence in all key
phases of deployment, from design to build, testing
and migration. Industry experts also say that, while
implementation is important, the involvement and
knowledge of users can be critical factors in the real
productivity of any system.
Resource:
CPAs Approach to Business Solution
A
Implementations A white paper
providing an overview of business
solution implementations for CPAs
8 8 Governing and Managing Our IT

Investment/Spending
Technology can drive substantial benefits for any
organization, including measurable cost reductions,
improvements in efficiency and productivity, and greatly
enhanced customer service and satisfaction. However,
to realize those positive outcomes, its imperative that
organizations do more than simply purchase and deploy
new systems. Accounting professionals must continually
analyze and manage an entitys IT portfolio.
According to the survey, 51% of U.S. accounting
professionals say they are confident in their ability to
prioritize IT initiatives and related spending. Thirty-four
percent believe they are appropriately analyzing the
value of the return on their IT investments. Just over
46% of respondents say their IT strategy is well-aligned
to their overall business goals, with 43% saying that they
have strong IT governance.
Fifty-three percent of Canadian respondents expressed
confidence in their ability to prioritize IT initiatives and
related spending, while 29% fully analyze the return on
their IT investments. Forty-nine percent say that their
IT investment strategy is properly aligned with their
business strategy, while 45% say they have good IT
governance.
Robust IT governance starts with a close alignment
between strategic business goals and specific IT
initiatives. Management of an entitys IT investment
portfolio helps an organization ensure it is spending the
appropriate amount on technologies that will meet its
strategic goals. IT governance should address strategic
alignment, value delivery, risk management, resource
management, and performance management.
Experts say an entitys IT portfolio should focus on
systems that allow the entity to run more efficiently,
to optimize in terms of efficiency and effectiveness
of its business processes, and to innovate itself to be
competitive and successful in the years ahead.
14 |
Resource:
IT Governance Resource page covering
governance topics and management concerns
Solution selection tool A Job Aid
to the Solution Selection Process
9 10 Managing Vendors and Service Providers

IT vendors and service providers can help organizations
save time and money, while also providing access to
world-class features and productive capabilities. Yet,
there are costs and potential risks associated with IT
service providers, and CPAs and others must understand
and manage those relationships and their associated
risks. The survey illustrated varying levels of confidence
on IT vendor issues.
In the United States, about 50% of respondents
indicated they understand and have adequately
assessed the risk of using an IT-related vendor or service
provider, and slightly more than half (52%) believe they
are performing the appropriate due diligence before
hiring an IT partner. Forty-seven percent are confident in
their IT service providers compliance with service level
agreements (SLAs).
Fifty-four percent of U.S. accounting professionals
say they can adequately analyze the cost of hiring a
service provider, while 50% believe they have adequate
processes in place to identify a reliable vendor or to
negotiate a sufficiently flexible IT service contract.
In Canada, 49% of respondents say they have adequately
assessed the risk of using an IT-related vendor or service
provider, while 51% say they conduct appropriate due
diligence before hiring an IT partner. Forty-one percent
of Canadian respondents are confident that their IT
service providers comply with SLAs.
Fifty-seven percent of Canadian respondents say they

can analyze the cost of hiring a service provider, while
48% say their organizations are capable of negotiating
flexible contracts that will allow the entity to reasonably
adjust/exit the contract as needed.
When an organization relies on an IT service provider
for mission-critical services, the entity takes on the
risk of a potential failure by that IT partner. As a result,
accounting or internal audit organizations should
conduct due diligence to fully evaluate potential service
partners.
Routine tasks seem to be at odds with good
management practices. These may include paying an
invoice from a vendor without understanding what was
promised or what was actually received, and whether
what was received was within the tolerable limits of
the SLA. Successful organizations should work to fully
understand SLAs and insist that contracts are flexible
enough to allow the organization to exit the relationship,
if needed. Exiting a service relationship can be a
huge issue, and organizations should focus on getting
their data back in a usable format, and on planning a
cooperative cut-over to any new provider.
Resources:
S OC Reports Resource page pertaining
to Service Organization Control Reports for
CPAs, users and service organizations
rust Services Resource page providing an
T
overview of trust services authorities and guidance
Trust Services Principles and Criteria Overview
page highlighting Trust Services Principles and
Criteria resources
| 15
10 9 Leveraging Emerging Technologies

Forward-looking CPAs are embracing a range of
emerging technologies, from the unprecedented
gathering of data by way of the internet of things,
big data and cloud computing. Those and other new
technologies allow accounting professionals to be more
efficient and productive, connect more easily with
partners and clients/customers, and drive cost saving
and new revenue opportunities.
Experts agree that for any organization to fully realize
the benefits of new technologies, senior management
must take the time to understand the risks and the
opportunities those systems present. Organizations
should start by understanding their underlying business
objectives, and then work to develop specific plans and
policies to deploy new IT capabilities that will benefit
the organization and its customers.
The AICPA has been active in the evaluation of
emerging technologies for a number of years. CPAs
largely recognize those challenges, as demonstrated in
the results of our 25th anniversary survey. Accounting
professionals are ready and eager to leverage emerging
technologies, but most believe they have a lot of work to
do in this area of their business.
In the United States, 60% of respondents believe that
emerging technologies will be a key factor in their future
business success. Forty-two percent of U.S. respondents
say they have the capital and the human resources
needed to deploy new IT solutions.
Forty-five percent believe they have the knowledge
needed to identify new IT-related revenue or cost-saving
opportunities, while 43% are confident in their ability
to manage a vendor supported emerging technology
environment. Thirty-four percent of U.S. respondents
believe they are ahead of their competitors when it
comes to using new technologies.
16 |
In Canada, 58% of respondents believe that emerging

technologies will be a key factor in future business
success, while 52% say they have the financial and
human resources needed to deploy new IT solutions.
Forty-four percent say they have the knowledge needed
to identify new IT-related revenue or cost-saving
opportunities.
As technology continues to improve and the cost of
that technology becomes more affordable for even
the smallest firm or business, it is predicted that
more accounting professionals will embrace these
technologies. In some ways, they already have. Today,
the cloud is really just a metaphor for the Internet,
and as such, we are witnessing the migration of business
applications from traditional on premise software
solutions to cloud-based subscriptions, and inherent in
this delivery model is a standards-based approach to
common business processes.
In addition, the finance profession is at an inflection
point; we are witnessing finance convergence in cloud
computing, where users expect to execute business
processes on a myriad of hardware devices. They also
expect to be able to intuitively leverage common
Internet design tenets, such as social collaboration,
Google-like search/navigation, and point-and-click
report development, in a self-service manner.
Resource:
loud Computing Cloud computing
C
information page with references and resources
on multiple types of cloud computing methods:
Software as a Service (SaaS), Platform as a
Service (PaaS), Infrastructure as a Service
(IaaS), and Data as a Service (DaaS)
TTI SURVEY: NORTH AMERICA KEY INSIGHTS

U.S. Key Insights
U.S. Insight No. 1: Technology Priorities for
Accounting Professionals
Securing the IT Environment Given the frequency
of high-profile cybercrime and data breaches, its no
surprise that accounting professionals have elevated
security to the top of their list of IT issues. The focus
on security may also reflect efforts to manage the risk
of mobile devices and vendor-managed technologies
such as cloud-based data and services. Accounting
professionals need to become more conversant around
the business of the modern cloud operations data
centers and associated governing agencies that may
monitor or manage emerging datacenters.
Managing and Retaining Data Accounting
professionals continue to recognize the importance of
capturing, storing and retrieving information, but there
are some privacy issues associated with managing and
retaining data.
Enabling Decision Support and Analytics Putting

data to work as a tool to assist in making informed
predictive decisions remains a top priority for
accounting professionals. Other priorities include having
a strong alignment between the organizations strategic
goals and reports provided to management, as well
as generating reports using high-quality data that is
accurate, complete, precise, timely and auditable.
Based on survey results,

participants were most concerned
about their understanding of
privacy-related regulatory and
compliance requirements, especially
in light of the greater potential to
gather more data points by way of
the internet of things.
Managing IT Risks and Compliance This issue

reflects a clear recognition that accounting professionals
must have the strategies, systems, and policies needed
to manage risks of all kinds, and to satisfy internal and
regulatory compliance requirements.
Ensuring Privacy Accounting professionals
continue to rank privacy among their top technology
challenges; respondents ranked privacy at a
medium- to high-risk level. This underscores the
professions focus on protecting personal information
held by the company. Based on survey results,
participants were most concerned about their
understanding of privacy-related regulatory and
compliance requirements, especially in light of the
greater potential to gather more data points by way
of the internet of things.
| 17
U.S. Insight No. 2: 201214 Rank Comparison

Accounting professionals are increasingly concerned
with security, managing and retaining data, and
ensuring privacy, although privacy became a bit
more important in 2014 than in the previous two years.
Given the frequency and severity of data breaches,
respondents continue to rank IT security very high the

top priority for the 25th anniversary edition of the survey
and also elevated the importance of preventing
and responding to computer fraud. One initiative
in particular, Managing System Implementations,
decreased in importance from 2013 to 2014.
United States Top Technology Initiatives Survey Rankings Comparison

Initiative
18 |
2014
2013
2012
Ensuring Privacy
Preventing & Responding to Computer Fraud
Governing and Managing IT Investment/Spending
10
10
10
U.S. Insight No. 3: 25th Anniversary TTI survey

Confidence Levels
As in previous years, respondents were also asked
to gauge their level of confidence in how their
organizations, or their clients organizations, are
addressing current technology initiatives.
The following confidence levels are shown in descending
order from most confident to least confident. The priority
rank indicates the importance respondents attached to
each initiative in the 25th anniversary survey.
What can be learned from studying these differences?

More than any other action, professionals can attempt
to learn more about these initiatives so they can provide
better advice to their firms, employers and clients/
customers. In some cases, these initiatives require a
deeper knowledge of business analytics and business
intelligence software tools that are not traditionally
associated with CPAs, but which are growing in
importance horizontally. Understanding the confidence
levels and advising in these areas is also an area where
CPA/CITP credential holders can take the lead.
Obviously, the priority rankings do not correlate to the

ranking of the top 10 initiatives. Although every one of
the top 10 initiatives is important in terms of confidence
levels, the most significant one to focus on is Managing
and Retaining Data due to its 55% level, a full 6% higher
than any other initiative. Conversely, the ranking of
Emerging Technologies at only a 30% confidence level
indicates that quite a large majority of U.S. respondents
are not confident at all in what lies ahead.
Ranking
Initiative
Understanding the confidence levels

and advising in these initiatives is
an area where CPA/CITP credential
holders can take the lead.
Confidence Level
55%
Ensuring Privacy
49%
48%
48%
48%
47%
46%
45%
40%
10
30%
| 19
U.S. Insight No. 4: Market Segment Perspectives

The following are the top 10 technology priorities
from four major U.S. segments:
U.S. Market Segment Rankings
Business
Public
Accounting
Initiative
Not-forProfit
Consulting
Ranking
Ensuring Privacy
10
10
10
10
20 |
U.S. Market Segment Percentages
Business
2014
Ranking
Initiative
Public
Accounting
Not-forProfit
Consulting
Ranking
71%
60%
69%
59%
66%
63%
53%
63%
Ensuring Privacy
53%
60%
57%
59%
59%
46%
59%
56%
43%
52%
49%
52%
48%
27%
64%
57%
47%
26%
39%
39%
35%
25%
31%
35%
30%
25%
31%
35%
10
28%
18%
31%
32%
| 21
U.S. Insight No. 5: Geographical Perspectives

The responses from U.S. regions Northeast, Midwest,
West and Southeast were analyzed separately.
U.S. Geographical Rankings
U.S. results were notably similar in their rankings of top

IT issues. All regions agreed on the top three priorities
relating to security, managing data and ensuring privacy.
Slight regional variations were seen in the ranked order
of other issues.
Northeast
Midwest
Initiative
West
Southeast
Ranking
Ensuring Privacy
10
10
10
10
22 |
U.S. Geographical Percentages
Initiative
Northeast
Ranking
Midwest
West
Southeast
Percentage
72%
70%
71%
71%
68%
69%
69%
72%
Ensuring Privacy
62%
60%
67%
61%
57%
59%
56%
55%
Preventing & Responding to

Computer Fraud
53%
48%
52%
52%
37%
41%
40%
41%
43%
41%
37%
41%

Investment/Spending
27%
43%
30%
30%
27%
32%
28%
26%
10
29%
24%
23%
28%
| 23
CANADIAN TTI SURVEY FURTHER ANALYSIS

Canadian Key Insights
Canadian Insight No. 1: Technology Priorities for
Accounting Professionals
Securing the IT Environment Like their U.S.-based
counterparts, Canadian accounting professionals are
also very concerned about security, ranking Securing
the IT Environment as the No. 1 priority. This focus on
security may reflect efforts to manage the risk of mobile
devices and vendor-managed technologies such as the
continuing emergence of a myriad of cloud-based data
and services.
Managing and Retaining Data Canadian
respondents indicate an interest in the capture,
storage and retrieval of information. Certainly,
managing and retaining data impacts privacy issues
in Canada. Under Canadian privacy legislation, and
as required under AICPA and CPA Canadas Generally
Accepted Privacy Principles, significant restrictions are
placed on the collection, use, storage and sharing of
individually-identifiable information. Companies must
be transparent; they have a legal obligation concerning
what they want from the data they collect.
Enabling Decision Support and Analytics In the

25th anniversary survey, accounting professionals
in Canada continue to name decision support and
analytics as a key priority. Other priorities include having
a strong alignment between the organizations strategic
goals and reports provided to management, as well
as generating reports using high-quality data that is
accurate, complete, precise, timely and auditable.
Under Canadian privacy legislation,

and as required under AICPA and
CPA Canadas Generally Accepted
Privacy Principles, significant
restrictions are placed on the
collection, use, storage and
sharing of individually-identifiable
information. Companies must be
transparent ...
Managing IT Risks and Compliance This issue

reflects a clear recognition that accounting professionals
must have the strategies, systems and policies needed
to manage risks of all kinds, and to satisfy internal and
regulatory compliance requirements.
Ensuring Privacy Canadian accounting
professionals rank privacy among their top-five
technology challenges; respondents ranked privacy
at a medium- to high-risk level. This underscores the
professions focus on protecting personal information
held by the company. Based on survey results,
participants were most concerned about having a
privacy policy that addresses the requirements and risks
appropriate to the size of an organization and industry,
and to have a good understanding of privacy-related
regulatory and compliance requirements.
24 |
Canadian Insight No. 2: 201314 Rank Comparison

As with their colleagues elsewhere in North America,
the priorities of Canadian accounting professionals have
shifted somewhat in recent years. The 25th anniversary
survey illustrates a continued focus on

technology-related risk, security and data privacy.
Note 2012 rankings are not available for Canada.
Canadian Top Technology Initiatives Survey Rankings

2014
2013
Ranking
Ensuring Privacy
10
10
Initiative
| 25
Canadian Insight No. 3: 25th Anniversary

TTI Survey Confidence Levels
Obviously, the Priority Rankings do not exactly correlate

to the ranking of the Top 10 Initiatives.
As in 2013, respondents were also asked to gauge their

level of confidence in how their organizations, or their
clients organizations, are addressing current technology
initiatives.
What can be learned from studying these differences?

More than any other action, professionals can attempt
to learn more about these initiatives so they can provide
better advice to their firms, employers and clients/
customers. Understanding the confidence levels and
advising in these areas is also an area where professional
accountants can take the lead.
The confidence levels are shown below, in descending

order from most confident to least confident. The Priority
Rank indicates the importance respondents attached to
each initiative in the 25th anniversary survey.
Ranking
Confidence Level
69%
68%
Ensuring Privacy
67%
63%
61%
60%
58%
54%
54%
36%
10
26 |
Initiative
Canadian Insight No. 4: Impact of Technology

Initiatives
The following chart depicts the percent of Canadian
survey respondents who are confident or highly
confident in the ability of their organization, or their

clients organization, to address these technology
initiatives. Note that 2012 rankings are not available
for Canada.
2014
2013
Ranking
Confidence
Level
Ranking
Confidence
Level
69%
57%
68%
56%
Ensuring Privacy
67%
53%
10
63%
47%
61%
57%
60%
47%
58%
10
42%
54%
38%
Enabling Decision Support & Analytics
54%
33%
36%
22%
Initiative
| 27
TTI SUMMARY
The analysis and conclusions drawn from the 25th
anniversary TTIs are presented in this white paper so
that CPAs and accounting professionals throughout
North America can improve their own knowledge
and understanding of the TTIs and, perhaps more
importantly, help advise their firms, clients and
employers how to manage and implement these
initiatives into their organizations.
Although it seems that any IT professional or consultant
can also provide advice and counsel, accounting
professionals are in an advantageous position to take a
leading role. Not only are accountants intimately familiar
with their clients and employers businesses, their
trusted advisor status elevates them to a much higher,
more impactful level in many aspects of the business
marketplace.
Todays accounting professionals are well qualified

to lead businesses through technologys complex
requirements, and ensure a safe, secure and
profitable use of todays new technologies to enhance
organizational performance and profits.
Although it seems that any IT

professional or consultant can
also provide advice and counsel,
accounting professionals are in
an advantageous position to take
a leading role.
Because technology continues to advance at a rapid

pace, it is an immense challenge for client and employer
organizations to keep up with everything they need
to know to stay ahead of their own stakeholders and
customers they serve. As a result, business owners
will look to their accounting professional to inspire
and inform in all-things technology.
28 |
IMTA RESOURCE INDEX

IMTA Resources
IMTA Resources can be found at aicpa.org/IMTA
IMTA Web Page
IMTA Store
IMTA Membership
IMTA Resource Center
IMTA CPE and Events
IMTA News and Publications
Top Technology Initiatives Survey Resources

Top Technology Initiatives Survey Resources can be found at aicpa.org/Toptech
Top Technology Initiatives Survey Blogs
CITP Resources
CITP Resources can be found at aicpa.org/CITP
CITP Credential
CITP Exam
CITP Sponsorship Program
CITP Referral Program
CITP FindACITP Database
CITP Body of Knowledge
CITP Champion
For a full list of AICPA IMTA Section membership benefits, please visit our premium member benefit page.
16770-378
888.777.7077 | IMTAinfo@aicpa.org | aicpa.org/toptech
416.977.3222 | ITinfo@cpacanada.ca | cpacanada.ca/toptech2014

CH1 - Aicpa Survey 2015 PDF

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

CH1 - Aicpa Survey 2015 PDF

Uploaded by

Copyright:

Available Formats

25th Anniversary Edition of the

North America Top Technology

Members of the Information Management and Technology

AICPA INFORMATION MANAGEMENT AND

Paul Warrick, CPA, CGMA

Bob Green, CPA/CITP, CGMA

Adam Haverson, CPA/CITP, CFA

Donny Shimamoto, CPA/CITP, CGMA

2015 American Institute of CPAs. All rights reserved.

U.S. Key Insights. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

Canadian Key Insights. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24

ABOUT THE SURVEY

business and industry, 6% work in the

U.S. Participants by Industry

Business and Industry

Most hold leadership positions, with 40% indicating

vice presidents. Ten percent are staff-level personnel

U.S. Job Responsibility

exposure to IT-related concerns. Only 5% of

The majority of survey participants, 61%, indicate

U.S. Frequency in Encountering IT Questions or Concerns

industry, 16% are in public accounting, 14% in

Canadian Participants By Industry

Business and Industry

The positions of respondents in Canada were very

23% managers and 22% directors or vice presidents.

Canadian Job Responsibility

Executive, Partner, Owner

Most survey participants, 87%, indicate that they regularly

have minimal exposure to IT-related concerns compared

Canadian Frequency in Encountering IT Questions or Concerns

NORTH AMERICA SURVEY RESULTS

Securing the IT Environment

Securing the IT Environment

Managing and Retaining Data

Managing and Retaining Data

Managing IT Risks and Compliance

Managing IT Risks and Compliance

Preventing and Responding to Computer Fraud

Enabling Decision Support and Analytics

Enabling Decision Support and Analytics

Managing System Implementations

Managing System Implementations

Preventing and Responding to Computer Fraud

Governing and Managing IT

Governing and Managing IT

Managing Vendors & Service Providers

Leveraging Emerging Technologies

Leveraging Emerging Technologies

Managing Vendors & Service Providers

Here are some possible reasons why the results closely

 here may be a convergence around economic,

In North America, there may be cross border

NORTH AMERICA TTI SURVEY ANALYSIS: TOP 10 TECHNOLOGIES

service providers, CPAs in public practice must maintain

Accounting professionals generally are confident in

About 61% of U.S. respondents believe they have

I T Security Information Security information

2 2 Managing and Retaining Data

Backup and restore procedures are designed to

 enerally Accepted Privacy Principles GAPP

 verview of Data Management White paper

5 7 Preventing and Responding to

here may be a convergence around economic,

In North America, there may be cross border

I T Security Information Security information

enerally Accepted Privacy Principles GAPP

verview of Data Management White paper

IT Assurance Services Overview page