Cloud Coverage – Before Moving Services to This Environment, Do Your Homework
Cloud computing and data storage offer business owners significant benefits over classic, on-site methodologies. From global access to multi-device integration, web-accessible data, and improved security and redundancy, moving to a cloud environment can be a seemingly easy decision. However, if you are considering moving your accounting software, data, processing, and storage or a combination of those services to the cloud, it is recommended that you do your homework first. Researching your available options and what potential pitfalls might present themselves is vitally important in maintaining the security and integrity of your accounting systems.
The process of doing this research can be organized into four simple steps:
• Step one: know your current systems — what you have, how it works — and document it;
• Step two: determine what your current system lacks and how cloud computing might better suit your needs. Create a wish list of features and functionality;
• Step three: understand the risks of moving your data to the cloud environment. While data security is often a selling point in cloud computing, the truth is, you’re allowing your data to live off sight (and presumably out of your control). Be sure to assess potential providers to ensure that your needs are met or exceeded; and
• Step four: evaluate and select your service provider.
Know Your Current System
Being highly familiar with your accounting system is crucial before you can begin evaluating new options that are cloud-based. There should be at least one designated accounting professional in your organization that possesses a detailed knowledge of the accounting processes and procedures, which should be documented and updated regularly as changes occur. It is essential to have proper monitoring, review, and segregation of duties for each transaction process to mitigate the risk of errors, fraud, or misappropriation of company assets.
This responsibility does not change when the accounting functions are moved to the cloud. In fact, there are other risks to consider due to the complexity and global presence of the cloud environment, such as security of data transferred and stored, security of software interfaces, and user-access controls, to name a few. The integrity and security of data must be maintained at all times. If you have your systems documented (narratives, flowcharts, or both) it will become invaluable during both the research and implementation phases of the conversion project.
Determine What You Lack
As with any system conversion, this is the perfect opportunity to make improvements or add enhancements to your processing environment to gain efficiencies and strengthen accounting and risk controls. Devise your wish list of must-haves before you begin shopping for that perfect cloud environment. A must-have could be related to security, processing, system design, accessibility, or reporting. This will vary depending on the organization and its needs.
The leap to the cloud, albeit giant to most, will give you an opportunity to analyze your IT-security policy and your accounting policies and procedures. Two areas that have become critical to include in your IT security policy are compliance requirements surrounding the protection of personal information (201 CMR 17.00: Standards for the Protection of Personal Information of Residents of the Commonwealth) and PCI compliance (PCI DSS: Payment Card Industry Data Security Standard) surrounding the protection of payment-card information, if applicable. The risk of not meeting these compliance requirements can be both costly and embarrassing to your company if a security breach occurs.
Understand the Risks
There are many benefits to operating in a cloud environment, but there are also risks. Understanding and managing those risks is essential to the operation and success of the company. Some of the risks to consider, as mentioned above, are related to data security, software interfaces, and the retention of the company’s accounting records. One specific vulnerability in the cloud environment is penetration risk, which is the risk that an outsider can access your system and capture your data, leaving you and your customers vulnerable to fraud and identity theft. Another risk is that the data storage is insufficient and you no longer have the information needed to support your tax filings or financial statements, which may be costly if selected for an audit or examination.
Once you understand the possible risks, next research how these risks are handled by the service provider and what steps are taken to mitigate a potential compromise to your security. Additionally, be sure to ask, “who owns the data, who owns the software, how long do you retain the data, and how do I retrieve it, if needed?” These are just a few of the questions that should be addressed as part of the due diligence before moving to the cloud. Taking the time to understand where the company’s responsibilities, as well as the service provider’s, start and stop is critical. Address these and other pertinent questions during the planning stage of the project.
Select Your Service Provider
Evaluating cloud-based accounting software and services can be a daunting task as there are several providers that offer a wide variety of options and packages. A small investment of time in this area will prove invaluable when the conversion to the cloud becomes reality.
Begin by asking yourself, “is my current system cloud-compatible? If not, what systems are?”Consider contacting your current vendor before reaching out to third parties. Often vendors will work to retain you as a client and can provide a wealth of information in understanding what the transition might entail. Further, they may have cloud solutions designed to readily integrate with your pre-existing systems. After that, research two or more other vendors, making sure to identify the necessary steps in converting from one product to another.
Once a service provider has been chosen, you can move on to implementation. I recommend that you seek the advice of an accounting professional and an IT-security professional during the planning phase of your cloud-conversion project. Engaging professionals who possess knowledge and experience in these areas will help to ensure a successful transition to the cloud environment.
In Conclusion
Finally, the recommendation for record retention does not change in the cloud environment. Documentation should be retained to support all tax filings of the company. The burden of proof falls on the taxpayer; therefore, the records should be kept as long the return can be amended or additional tax assessed. There are also certain records that should be retained permanently. It is prudent to take the time to gain a clear understanding of how the service provider will store and secure these documents for you.
Additional information on record retention is available on our website at www@mbkcpa.com\recordretention, or visit irs.gov.