Top Ten Questions For Your IT Manager
White  Paper for Managing Partners
by Trey James, Xcentric  (June 20, 2008) 

Introduction
Along with managing your CPA practice comes the task of ensuring that your technology is positioned to minimize risk, create efficiencies for your staff, and keep you on the leading edge.  To help you identify whether you have any exposures with your IT staff, platform, or operations, ponder our list of top-10 questions that should be posed to your IT manager.  If along the way, you get a response that concerns you, there may be reason to dig in a bit further.  IT may not be fun to you, but it’s certainly one of the more critical foundational components of your firm’s success.

Firewalls are simply dedicated computers that perform a specific job, which is to protect the firm from outside attack via the Internet. Much like your other computers, firewalls need regular attention – they too must be upgraded to keep up with the newest exploits.  If your firm’s firewall has not been updated in the last 30-days, you may have a problem.  Just ask your IT manager when the last time the firewall was updated and how often it’s done.

Alongside the firewall, many firms are using a technology called an Intrusion Detection System (IDS) to actively monitor and thwart external threats.  A typical firewall’s job is limited to blocking, rather than reporting.  IDS can send reports automatically when threats have been detected.  Make sure that your IT manager has this capability.  With security, it’s often what we don’t (or can’t) see that hurts us.

Microsoft works hard to resolve vulnerabilities in their software. Along with finding and fixing vulnerabilities, they also publish details of the exposure, brilliantly creating a checklist for any hacker to use. Your computers are the gateway to your client data files and could pose the greatest risk of exposing client data to the outside world.  With hundreds of security updates being released by Microsoft every year, using an automated system is the only way to keep up -- especially if you have more than a handful of computers.  Ask your IT manager to provide a list of missing updates, specifically per server, per desktop, and per laptop.  Hopefully they have this at their fingertips and won’t have to sit at every machine to figure it out. 

Office fire? Flood?  Theft?  Whew…  not fun to think about.  Your firm’s most valuable asset, aside from people, is your client data. It’s all too easy to expect that the backup is running, but how can you know whether the backup was truly successful?  And, what good is it if the backup was successful, but wasn’t taken offsite?  Review your IT manager’s backup strategy document (notice we said ‘document’ – it should be documented) and show you proof that the backups are successful.  Ask them to explain where and how the data is stored offsite.  Is there any risk created by the location where the tapes are stored? how are they transported? 

If you don’t like what you find out, check into online backup, a technology that solves most of these concerns. 

Read more: Ten Steps to the CPA’s Perfect Backup Plan

Plain and simple, documentation is time consuming and it’s a pain. Things frequently change and often there are several people making these changes.  However, without documentation your firm may be exposed to a single point of failure – the brain of the person managing your network. We often accuse IT people of resisting documentation because of job-security, and this may be the case from time to time, although we find that the average IT manager is simply too busy to keep up with it. Ask them if they are automating the documentation… and if not, why not? There are some simple and very affordable tools out there that can help. 

In the unfortunate event that your office experiences a disaster (due to fire or any other disaster), it’s important to have even a rudimentary plan for recovery.  If everything were lost, what next?  How long would the firm be out of commission? And, what steps would be necessary to recover? Most of these questions can be answered if your IT manager has invested time to do even a rudimentary level of disaster recovery planning.  Make sure that you have a documented plan of action to get your firm through such an experience. 

Technology should be used for the sake of the firm, with its mission and objectives in mind, and not simply for the sake of technology. Too often, the person or people managing the firm’s technology have little or no insight into the vision and long term plans of the partners. We recommend involving the IT manager in the strategic planning process to keep them updated on the firm’s strategic direction so they can properly align the technology.  This can be done best by forming an IT committee and having quarterly or semi-annual meetings to discuss vision, mission, key objectives, and expectations.

Many technologists enjoy collaborating with their peers about the latest trends, updates, and systems. Unfortunately, with the volume of work to be done on the average CPA firm’s network, little time is left to think, to plan, or to test. And just as unfortunate, we expect that their performance will be pristine – they should be able to see around corners, anticipate the issues and resolve them before they affect the staff. They should be able to avoid pitfalls altogether. No pressure.  Ask yourself: “Is it practical to ask an auditor to perform an audit to perfection, mitigating all risk, and in a timeframe that is under budget?  The answer should be yes, unless they only have an opportunity to do an audit once every three years.  How often does your IT manager get to practice by upgrading your network?

Eat your own chili, man.  Reach out.  Give them access to outsourced experts that do this stuff every day. Make sure they attend industry conferences where IT and CPA-specific software best practices are discussed. Your network is very complex.. 5 to 6 times more complex than your average client. 

Resources:  Association of Accounting Administrators, AICPA Tech, BriForum

How exciting..  $100K!  I’d hire more help.  I’d get some automated systems.  I’d replace that 5-year old server, maybe add some redundancy in a couple areas.  Can I peel off a few bucks for a raise? 

It’s important to let your IT manager dream, because it’s in dreaming that they are allowed to think outside the box.  And it’s this kind of thinking that will differentiate you from your peer firms, make you more attractive to new recruits, get more creative on how you staff, create flexibility in where you work; maybe even create another business line.  Lemons to lemonade. 

“That’s a pretty gutsy, wide-open question to ask,” you might say. Think again - this thought crosses your IT manager’s mind all of the time and they may just not know the best way to go about getting you involved.  Hopefully this question will give you insight into things that may be most important to ensuring your firm’s livelihood.  Schedule some time to get enlightened about your technology.  Com’on, IT’s not that bad. CPA’s have just as many TLAs (three letter acronyms).  Whatever scares your IT manager will scare you too.

Conclusion

If any of these questions give you or your IT manager reason for pause, you too should pause, take a deep breath and prepare to dig in.  You may be exposed. You may not, but how will you know unless you ask?  Happy digging! 

About Xcentric
Based in Alpharetta, GA, Xcentric provides peace of mind to CPA firms nationwide through highly leveraged network technology solutions. Xcentric’s complete network hosting model, Xcentric Gray Matter™, allows CPA firms to rid themselves of IT management headaches related to server upgrades, administration, IT staffing, and application updates. Xcentric provides CPA-specific technology guidance, infrastructure deployment, and accounting application focused managed services. Founded in 2002, Xcentric focuses on accounting firms and currently serves over 180 firms across the nation.

InfoTech Partners North America, Inc. , 13656 S. 37th Place, Phoenix, AZ 85044 Email: ITPartner@itpna.com Phone: (480) 706-1728 Fax: (480) 718-8880