E-commerce for accounting professionals Part 3: Opportunity knocks

Transcription

1 E-commerce for accounting professionals Part 3: Opportunity knocks By ROBIN DAY, CGA Opportunity knocks E-business transformations Risk management Assurance services New competencies Summary This document is the second in a three-part series on the subject of electronic commerce (EC) and how it has changed the way businesses operate both in the online world and in more traditional forums. Part 3 looks at the opportunities EC has created for financial professionals and how CGAs can benefit from those opportunities. It also looks at some of the new skills we will require to meet the needs of our clients and employers in the future. Opportunity knocks The shift toward e-commerce and e-business has created many opportunities for professional accountants. Ultimately, the exact ones that are right for you will depend on whether your role is that of a public practitioner, a consultant, or a manager; however, there are many different ways to get involved. Many of the roles described herein are equally applicable to pure e-businesses, their bricks and clicks cousins, and everything in between. The main thing to remember is that no matter what the role, the core rules for success in business have not changed, so as a CGA your background in financial management is an excellent starting point for any direction you may choose. This discussion is primarily from the point of view of an outsider a public practitioner, or a consultant but the same principles apply if you are working within an organization in a management role. E-business transformations Taking an existing brick and mortar business and transforming it into an e-business can be an interesting and challenging project. The key to success is not to implement technology for the sake of technology, but to look at the business reasons for doing so and proceeding only if it makes economic sense. It is important to remember that no matter how flexible and intelligent software can appear, it is still no match for a qualified human being. A variety of approaches to transformations have been developed, but virtually all involve the same basic stages. Goal setting It is amazing how many organizations throw money at programmers and web designers without really knowing what they want to do. Often, it happens in response to a sales pitch from someone who can put your company online, turning it into an e-business overnight.

2 Before a single line of code is written, an organization needs to define all of the goals for the transformation, beginning with the overall corporate goals and objectives. And, before being added to the final list, each goal needs to be examined for strategic alignment and evaluated in terms of whether it makes financial sense. Goals also need to be evaluated in terms of the organization s infrastructure. After all, what is the point of cornering the world market for widgets if you cannot find a way to deliver them to your customer? IT infrastructure review Many organizations without an internal IT staff rely on a technology infrastructure that is tenuous at best. Networks that have been designed primarily for file and device sharing are not always able to meet the needs of today s web-based applications, and organizations frequently need to make wholesale changes in order to do business electronically. Small- to medium-sized organizations generally deal with this problem by outsourcing many IT functions, such as web hosting and design, but it is virtually impossible to do business electronically unless everyone in the organization has access to a reliable full-time connection to the Internet. Organizational readiness Of course, the computer systems are not the only thing that may not be ready for e-business. Most organizations should undertake a complete readiness assessment to ensure that they are truly prepared to do business electronically. This includes looking at: Customers Personnel Physical plant Products Policies Each of these areas needs to be examined to determine what changes are required in order for the goals to be met. Design and development After deciding what goals are to be pursued, and ensuring that they are indeed achievable, it is time to begin designing the systems, procedures, and business rules that will be required. This critical step can take months and must involve management and staff in order to be successful. This helps to pave the way to having people buy into the new systems when they are introduced. It also helps to ensure that the designers have a clear understanding of the underlying business logic that needs to be built into them. The new systems must be able to support existing business processes while still accommodating new ones. In many cases, links to legacy systems are necessary since organizations cannot afford to discard all of their existing technology. Even if they can, the data stored in those legacy systems must be preserved and transferred to the new ones. Content maintenance It is important to remember that virtually no system is ever complete. There are always new features that can be added and improvements that can be made in a system s functionality. This is especially true of projects involving a Web presence. The task of adding and updating content on a corporate web site is a never-ending one. Many organizations have found they need a full-time webmaster just to keep their corporate web site up to date. For some, this revelation comes only after they spend thousands of dollars on E-commerce for accounting professionals: Part 3 2

3 a web site that is out of date just a few short months after it goes live. For others, the realization that having a web site puts them in the publishing business comes earlier, but the cost is usually still the same. Very few organizations have the resources in-house to undertake an e-business transformation, so they typically must rely on external consultants as well as internal management staff. This, of course, leads to opportunities for public practitioners or full-time consultants to provide advisory services. Risk management As large as the upside of e-business is, it also has a downside. Doing business globally on a 24/7/365 basis has introduced many new risks and it is imperative that they are managed and controlled. Of course, the nature of these risks requires a different approach than with many traditional risks. You cannot simply turn on the alarm system and lock the doors to an e-business at the end of the day to keep out the bad guys. Furthermore, many of the activities commonly associated with e-business exacerbate risks that already exist within organizations. All of this has resulted in a wide variety of opportunities for CGAs in areas relating to risk management. Infrastructure concerns Protection against the losses due to infrastructure problems begins with development of a disaster recovery plan and use of basic security measures, such as firewalls and anti-virus software, which were discussed in Part 2 of this series. Even with these measures in place, the Internet is still not the safest environment in which to operate. In addition to all of the traditional physical threats that pose a risk to all businesses, e-businesses must face such perils as programming errors and careless or ignorant users who have control over valuable data. Online fraud Doing business electronically also greatly increases the risk of fraud. A wide variety of devices are available to anyone who wants to disguise their identity in the online world. These devices can be used to impersonate others at either end of a transaction, allowing an individual to intercept messages or gain unauthorized access to systems. These same individuals can intercept your customer s attempts to access your web site, rerouting them to a competitor s site, or intercept credit card numbers, passwords, and other valuable information. Further concerns have risen from the high level of repudiation when it comes to online transactions and messages. Until recently, it has been relatively easy for an individual to simply deny placing an online order or deny even sending a message. This activity resulted in numerous disputes, disagreements, and even financial losses. By becoming familiar with technologies such as secure servers, data encryption, biometrics, and digital signatures, a CGA can position himself or herself to assist in resolving these problems. S/he can also help organizations to stay one step ahead of the bad guys by ensuring that future developments are anticipated or, at the very least, dealt with quickly when they materialize. Privacy issues Not all of the risks in the e-business world come from the outside. Privacy has become a huge source of risk for e-businesses as consumers become increasingly conscious of how, when, and by whom their personal information is used. The arrival of Bill C6, the Personal Information Protection and Electronic Documents Act (PIPEDA), in Canada has added some structure to the playing field as it relates to privacy and the related rights and responsibilities. E-commerce for accounting professionals: Part 3 3

4 An organization that does not stay within the boundaries laid out within this legislation may face harsh penalties. Even harsher penalties may be faced by those who choose not to live within the law when it comes to information privacy. Users are more conscious than ever of the potential ramifications of revealing personal information online, and organizations need to carefully consider what information is requested and how it is handled. A business that violates the privacy of its customers may soon find itself with a lot less customers to deal with as word of any impropriety, be it real or perceived, travels quickly within the online community. Cookies One of the most talked about privacy debates surrounds the use of cookies by Internet sites. Cookies are small data files that are created on the hard drive of a visitor to a web site. These files typically contain only a unique identification number that allows the site developer to track your preferences and personalize the information you see when you visit their site in the future. While this may not seem like a bad idea at first, cookies can be expanded to include all sorts of personal information including name, address, and credit card numbers that have been volunteered by the user. As intrusive as cookies may seem to the end user, they can pose an even greater risk to their developers. Even though the cookie itself is stored on the user s hard drive, the host server also maintains a record of the cookies that have been issued and of their contents. If a hacker gains access to this data and uses it, the developer may be held liable for any damages that occur. People Of all the risks faced by e-businesses and their brick and mortar cousins, the ones posed by people are often the most difficult to deal with. Human threats are present in all aspects of business and generally fit into one of three types of acts: Ignorance Negligence Sabotage Most human threats can be minimized by developing and enforcing strong policies and internal controls designed to guide employees in their daily routines. Education also plays a significant role here since people who understand both what is expected and why will be more likely to follow the rules. The role of CGAs CGAs are well positioned to provide services in all of these areas. After all, a large part of the training we receive as professional accountants relates to risk management and internal control issues. While not all of the roles we can assume are new, they do involve some novel challenges in terms of dealing with new types of risks and expansion of some former areas of concern. The following are a few of the services that can be provided: risk assessments; process engineering, with an emphasis on internal control and risk management; business continuity planning as it relates to disaster management and recovery; forensic examinations; assistance with development of policies and guidelines for employee behavior; and independent evaluation of proposed risk management solutions. E-commerce for accounting professionals: Part 3 4

5 Assurance services Not all of the opportunities for accountants are in completely new areas. Opportunities can also be found in more traditional areas such as assurance services. Most visibly, the impact of doing business electronically needs to be considered in the completion of traditional assurance engagements. Other, new types of assurance services are also in demand, as practitioners are being asked to examine systems and the information they store and transmit. Traditional engagements Within the framework of traditional assurance engagements, there are several factors that need to be considered in relation to e-business. Many of these relate to the dramatic changes in internal control systems that have been necessitated as a result of the changes imposed by e-business. Internal controls Since e-businesses rely mainly on complex computerized systems to process, record, and report on transactions, auditors need to be able to gain an understanding of those controls in order to determine the level of risk that is attached to an engagement. Most large firms have developed teams of in-house specialists whose role is to examine and report on the controls that exist within information systems. These specialists can assist the auditor in gaining an understanding of the controls that exist within the client s systems and thereby determine the amount of substantive testing that is required to facilitate expression of an audit opinion. Electronic auditing Of course, in many organizations, the sheer volume of transactions precludes a traditional ticking and vouching approach to substantive testing. There is an upside to this situation though, as complex auditing software can be used to perform testing which, in the past, would have been prohibitively expensive. These packages are often so efficient that they can examine entire sets of transactions, wherein the past reliance was placed on small statistical samples, thus increasing the level of reliability of the testing. Assessing corporate governance Governance assessments are not something you will typically find listed on anyone s business card, but they are a necessary service these days. The term governance is used most frequently in the not-for-profit sector. It generally refers to the stewardship maintained by management over corporate resources. Unlike traditional assurance services, which report on internal controls and provide financial reporting, governance assessments look at all aspects of operations to ensure that the best interests of the shareholders are being served. One of the most commonly used approaches to governance assessments is the balanced scorecard reporting method developed by Robert S. Kaplan and David P. Norton. Their book, entitled The Balanced Scorecard, outlines a highly effective approach to measuring and reporting on organizational effectiveness. Another excellent source of information on governance, and governance assessments as they relate to information technology (IT), is the IT Governance Institute. Their web site address is Governance assessment services are generally performed by external consultants or by public practitioners. With the recent collapses of Enron and WorldCom, I would expect to see a sharp rise in the numbers of governance assessment engagements being undertaken. They may even become mandatory as new standards are implemented in an attempt to avoid such events. E-commerce for accounting professionals: Part 3 5

6 New assurance services In addition to traditional assurance engagements, CGAs are also in a position to perform new types of assurance services. As professional accountants, we are in a position to advise our clients and to provide assurance services relating to the following: Integrity of information systems on which clients rely. These may be their own systems or those of suppliers and associates. Authenticity, accuracy, and integrity of information that has been stored or transmitted electronically. Compliance of suppliers and associates with written privacy and security policies. These services are highly suited to CGAs because of our status as independent third parties who have established a reputation for being trustworthy. New competencies Given the opportunities described earlier, there are some new skills that accountants need to develop in order to ensure they can meet the needs of their clients. There is no need to panic. This is not to suggest that we all become techies. However, we do need to ensure that we have the correct tools at our disposal if we are going to offer our services to others. The CGA Competency Framework will help you to identify the general areas of expertise which you must develop to perform these new services. In addition to aspiring to similar competencies to those of a typical public practitioner, a CGA interested in providing e-business advisory services should also develop a high level of expertise in key areas of IT. These areas are introduced in the paragraphs that follow. Systems analysis and design While this is not truly a new area, it has not been a major focus for accountants in the past and its importance warrants inclusion in this discussion. Analysis and design is often made to sound far more complex than necessary. Essentially, it involves defining a problem or situation, developing a description or a model that accurately describes it, developing potential improvements, and finally, selecting the most appropriate course of action. Of course, describing some of the complex systems that are used in a typical e-business environment can get a little bit more complex, but the basic methodology does not change. Skills, such as process modeling and an understanding of relational database management systems, are extremely valuable in systems analysis projects. Types of information systems The wide variety and complexity of information systems makes it impossible for any one individual to become an expert in all of them, but it is necessary to have at least a basic understanding of the different types of systems and the functions they are designed to perform. Categories that should be studied in depth include: functional systems, such as customer relationship management (CRM) and enterprise resource planning (ERP) tools; accounting software and reporting tools; office automation products; communications systems; decision support systems; and executive information systems. E-commerce for accounting professionals: Part 3 6

7 Within each of these categories, there are literally hundreds of products and thousands of possible combinations that could be encountered in any small- to medium-sized business. E-business infrastructure Of course, anyone providing e-business advisory services will need to become familiar with the infrastructure of the Internet and the systems that support it. A basic understanding of networking and network operating systems is a good starting point. Pay particular attention to the TCP-IP protocol, which is the networking protocol of choice for the Internet and e-business. The infrastructure that supports e-business is, on the surface, surprisingly simple. After all, if you can read and click a mouse button, you can navigate the Web. Add to that the ability to type in your address and credit card details and you can be an online shopper. Take it one step further and list an item for sale on ebay, and you are participating fully (well almost) in the new economy. This may sound overly simple, and in reality it is stretching things somewhat. On the surface, the Internet does not appear to be a complex entity; however, it is what happens beneath the surface that counts. Security and controls This area could easily form the basis for lifelong study all on its own. Again, expert knowledge in all aspects of security and controls is not a necessity, but you will at least need to become familiar with the more commonly available products and tools. Summary Three key aspects of security and controls are reviewed in depth in Part 2 of this series where we looked at the subjects of malicious code, encryption, and firewalls. This three-part series has introduced many different aspects of e-commerce and how it is changing the lives of accounting professionals everywhere. As indicated in the introduction, it is not a comprehensive look at all, or any, of the many aspects of doing business electronically. Instead, it is a starting point to begin expanding your understanding of e-commerce and how it is changing the way we work. This is the final article in a series of three parts by Robin Day, CGA. E-commerce for accounting professionals: Part 3 7