2013 North America Top Technology Initiatives Survey Results

United States and Canadian Accounting Professionals Say Managing and Retaining Data is Top Concern

Table of Contents

Introduction ................................................................................................... 1

North American Survey Background ............................................................ 2

North American Survey Results .................................................................... 2

2013 Survey: Highlights of North American Rankings ................................. 3

U.S. Survey Rankings: 2013 Compared with 2012 ....................................... 4

2013 TTI Survey: North America Confidence Levels .................................... 5

Impact of Technology Initiatives ................................................................... 7

TTI Survey: Further Analysis ......................................................................... 8

U.S. Public Accounting and Business and Industry Perspective ................ 13

Canada: Public Accounting and Business and Industry Perspective .......... 14

IMTA Section Membership Benefits ........................................................... 15

Membership Application ............................................................................ 16

Endnotes ..................................................................................................... 17

1

In the age of big data, managing and retaining data has become a top concern of public accounting firms, businesses and other organizations. This was evident from a survey of North American accounting professionals, who ranked it first in this year’s ten Top Technology Initiatives (TTI).

The 2013 North America TTI survey, conducted by the American Institute of CPAs (AICPA) and Chartered Professional Accountants of Canada (CPA Canada), asked accounting professionals in the United States and Canada to prioritize their 2013 technology initiatives. Both U.S. and Canadian professionals gave the highest priority to managing and retaining data.

While technology has enabled organizations to make more effective use of data in advising clients and making business decisions, the explosive growth in the volume and complexity of information has increased the risks in managing and retaining data. The heightened risks have made it all the more important for organizations to develop strategic plans and implement policies for data use, management and retention.

This year’s TTI survey was the first conducted jointly by the AICPA and CPA Canada. In the U.S., the AICPA surveyed its members and compiled the results and, in Canada, CPA Canada did the same survey of its members. In the past, the AICPA and CPA Canada have conducted separate information technology surveys, the AICPA since 1989 and CPA Canada since 2004.

Although this year’s survey was a collaborative effort of the two organizations, the results for the U.S. and Canada are presented separately in this report. This report discusses the U.S. and Canadian TTI rankings and perceived confidence levels. It compares this year’s U.S. survey rankings and confidence levels with the 2012 U.S. results, and examines the risks and opportunities for public accounting firms and businesses in managing each initiative. We also will publish:

2013 U.S. Top Technology Initiative Survey Analysis: Two reports of the survey responses of U.S. professionals from the public accounting perspective and the business and industry perspective provide insights on this year’s survey results from CPA professionals in their respective industries. These reports will be available to AICPA’s Information Management and Technology Assurance (IMTA) Section members (including CITP credential holders).

2013 U.S. Top Technology Initiatives Checklists: Two reports, the Public Accounting Checklist and the Business and Industry Checklist provide examples of the opportunities for CPA professionals in advising clients about managing information technology or in managing IT in their organizations. These reports will be available to IMTA members.

2013 U.S. Top Technology Initiatives Resource Index: An index that provides additional resources and information for accounting professionals on using and managing information technology and advising clients on IT issues. The index will be available to the public but contains some resources that are available to only IMTA members.

2013 North American Top Technology Initiatives Webcast: IMTA will host a TTI webcast in July that will provide valuable insights from Business and Public Accounting Professional on the challenges and opportunities faced by CPAs. The webcast will be available to the public for a fee and discounted to IMTA members.

Introduction

2

United States

1 Managing and retaining data

2 Securing the IT environment

3 Managing IT risks and compliance

4 Ensuring privacy

5 Managing system implementation

6 Preventing and responding to computer fraud

7 Enabling decision support and analytics

8 Governing and managing IT investment and spending

9 Leveraging emerging technologies

10 Managing vendors and service providers

North American Survey Background

North American Survey Results

U.S. Survey Participants

Of the U.S. survey participants, 36% are in public accounting, 36% in business and industry and 28% in consulting, government or not-for-profit or other organizations.

As to their positions in organizations, 38% of survey respondents are partners or executives, 22% are directors or vice presidents, 20% are managers, 8% are staff members and 12% are in other positions. A majority of participants said they “frequently” or

“regularly” encounter information technology questions in their field of work.

Canadian Survey Participants

Among the Canadian survey respondents, 25% work in public accounting; 40% work in business and industry, 15% in government and the military, 10% in consulting and law and 10% in the not-for-profit sector or for other organizations. Most of the respondents are in management positions, and most said they “frequently” or “regularly” encounter information technology questions in their field of work.

Canada

1 Managing and retaining data

2 Securing the IT environment

3 Enabling decision support and analytics

4 Managing IT risks and compliance

5 Governing and managing IT investment and spending

6 Ensuring privacy

7 Managing system implementation

8 Leveraging emerging technologies

9 Preventing and responding to computer fraud

10 Managing vendors and service providers

The following are the results of the 2013 survey.

3

Managing and retaining data: Both Canadian and U.S. survey respondents gave this year’s top ranking to managing and retaining data. In 2012, it ranked second on the U.S. survey. (Each initiative is discussed in more detail beginning on page 8.)

Securing the IT environment: This year, securing the IT environment ranked second on the 10 TTI priorities of both U.S. and Canadian accounting professionals.

As its second-place ranking suggests, securing the IT environment remains a key issue as organizations attempt to manage the risks in cloud computing and the use of mobile devices and in defending against cyber-attacks.

Managing IT risks and compliance: This initiative had relatively high rankings in the U.S. and Canadian surveys (third and fourth, respectively). This may be at least partly because it is integral to securing the IT environment, which ranked second.

Leveraging emerging technologies: In this year’s survey, leveraging emerging technologies ranked ninth in the U.S. and eighth in the Canadian rankings. The low rankings may be partly because some organizations have been cautious about adopting emerging technologies until they have a clearer understanding of the opportunities and risks. Furthermore, organizations may be concerned with addressing other technology issues before they devote attention and resources to adoption of emerging technologies.

Other highlights Canadian accounting professionals gave higher priority than U.S. professionals to enabling decision support and analytics and to governing and managing IT investment and spending. U.S. professionals gave higher rankings to ensuring privacy, managing system implementation and preventing and responding to computer fraud.

2013 Survey: Highlights of North American Rankings

4

Top Technology Initiatives United States Survey Rankings: 2013 Compared with 2012

Initiative 2013 Ranking 2012 Ranking

Managing and retaining data 1 2

Securing the IT environment 2 1

Managing IT risks and compliance 3 3

Ensuring privacy 4 4

Managing system implementations 5 6

Preventing and responding to computer fraud 6 9

Enabling decision support and analytics 7 7

Governing and managing IT investment and spending 8 8

Leveraging emerging technologies 9 5

Managing vendors and service providers 10 10

A noteworthy change in this year’s U.S. survey results compared with 2012 is that preventing and responding to computer fraud moved to sixth in this year’s rankings from ninth last year. Public accounting firms and businesses are focusing more on managing the risks of computer fraud as part of a broader goal of managing IT risks and compliance (ranked third on the 2013 and 2012 U.S. surveys).

In the U.S. survey, five initiatives were ranked the same this year as in 2012. They were managing IT risks and compliance (third), ensuring privacy (fourth), enabling decision support and analytics (seventh), governing and managing IT investment and spending (eighth) and managing vendors and service providers (tenth). Managing system implementations moved up slightly, to fifth in this year’s rankings from sixth in 2012.

U.S. Survey Rankings: 2013 Compared With 2012

5

United States Canada

Goal (Initiative) Confidence level* Survey Rank Goal (Initiative) Confidence level* Survey Rank

Managing and retaining data

55% 1 Managing and retaining data

57% 1

Securing the IT environment

51% 2 Managing IT risks and compliance

57% 4

Managing vendors and service providers

47% 10 Securing the IT environment

56% 2

Managing IT risks and compliance

47% 3 Ensuring privacy 53% 6

Ensuring privacy 45% 4 Managing system implementations

47% 7

Managing system implementations

44% 5 Preventing and responding to computer fraud

47% 9

Preventing and responding to computer fraud

44% 6 Managing vendors and service providers

42% 10

Governing and managing IT investment and spending

38% 8

Governing and managing IT investment and spending

38% 5

Enabling decision support and analytics

37% 7

Enabling decision support and analytics

33% 3

Leveraging emerging technologies

27% 9 Leveraging emerging technologies

22% 8

In order of most confident to least confident about achieving initiative

*Percent of survey respondents who are confident or highly confident in the ability of their clients’ organizations or their organizations to address technology initiatives for 2013.

2013 TTI Survey: North America Confidence Levels North America Confidence Levels In addition to being asked to prioritize this year’s technology initiatives for 2013, North American survey respondents were asked how confident they are that their clients’ organizations (or their organizations) are addressing this year’s top technology initiatives.

6

Canadian Respondents

More than half of Canadian respondents are confident of their organizations’ ability to address four areas in 2013: managing and retaining data (ranked No. 1), securing the IT environment (ranked No. 2), managing IT risks and compliance (ranked No. 4) and ensuring privacy (ranked No. 6). Less than half are confident about achieving the remaining initiatives.

“The level of confidence in achieving technology goals expressed by TTI Survey respondents is a little troubling, but not unexpected,” said Frank Colantonio, CPA, CA-IT, director of continuing education, CPA Canada. “Preparedness is an important goal in organizational success but getting there has become a more complicated journey today, one strewn with concerns around privacy, data retention and security.”

U.S. Respondents

The confidence levels of U.S. respondents declined this year from 2012. Last year, 60% or more of U.S. respondents had confidence in the ability of their clients’ organizations (or their organizations) to achieve five goals: manage IT risk and compliance (65%); secure the information technology environment (62%); ensure privacy (62%); manage and retain data (61%); and prevent and respond to fraud (62%).

This year, the highest level of confidence resided with an organization’s ability to manage and retain data (55%). More than 50% of respondents expressed confidence in only one other initiative: securing the IT environment (51%).

7

Impact of Technology Initiatives

2013 2012

Initiative Confidence level* Initiative Confidence level*

Managing and retaining data 55% Managing IT risks and compliance 65%

Securing the IT environment 51% Securing the IT environment 62%

Managing vendors and service providers

47% Ensuring privacy 62%

Managing IT risks and compliance 47% Managing and retaining data 61%

Ensuring privacy 45% Preventing and responding to fraud 60%

Managing system implementations 44% Governing and managing IT investment and spending

56%

Preventing and responding to computer fraud

44% Managing vendors and service providers

56%

Governing and managing IT investment and spending

38% Managing system implementations 52%

Enabling decision support and analytics

37% Enabling decision support and managing performance

46%

Leveraging emerging technologies 27% Leveraging emerging technologies 34%

*Percent of survey respondents who are confident or highly confident in the ability of their clients’ organizations or their organizations to address technology initiatives for 2013.

Reasons for Decline in U.S. Confidence Why did U.S. confidence levels decline in 2013 from the previous year? Donny Shimamoto, CPA, CITP, CGMA, managing director of IntrapriseTechKnowlogies LLC, and chair of the AICPA’s IMTA Executive Committee, said:

“Accounting professionals today are more deeply engaged in helping their clients or their organizations in managing the delivery and measuring the value of technology initiatives. As a result, they have a much better understanding of the challenges that organizations face in addressing IT issues like managing and retaining data or securing the IT environment.

“The decline in confidence levels may mean professionals are making more knowledgeable assessments of the ability of organizations to achieve technology goals. This more realistic assessment indicates that the goals may be more challenging than originally thought, and that organizations must have the focus, commitment and drive to achieve them.”

8

This section provides a further analysis of the Top Technology Initiatives for 2013, with the U.S. and Canadian rankings shown in blue and orange, respectively. It discusses the risks to organizations in addressing each initiative and how they can manage these risks.

Managing and Retaining Data Risk: Data management is integral to an organization’s ability to mitigate risks. An organization whose data management policies and procedures are insufficient or ineffective is exposed to the consequences of poor data management. Business decisions or client advice may be based on incomplete or inaccurate data. Data may be stored in outdated or incompatible formats for retrieval or improperly backed up, resulting in irrevocable loss of data.

Risk management: An organization needs to develop a strategic plan for managing data in order to realize the most value from its investment in data acquisition and usage. Furthermore, it must develop policies and procedures to meet the internal, legal and compliance-related requirements for data retention and usage. Finally, it must be able to back up data and restore data in the event of a data loss (or a need to access historical data). Data are growing rapidly, increasing an estimated 50 percent a year.1 Its many and diverse sources include web and social network traffic, emails, voice mails, video as well as data generated by software and sensors used in industrial processes. “Companies have access to vastly more information than they used to, it comes from many more different sources than before, and they can use it almost as soon as it’s generated,” The Wall Street Journal noted.2

Advances in computer processing and information technology have made it possible for public accounting firms, companies, businesses, government agencies and other organizations to take a seeming jumble of data, quantify it, analyze it and use it for a variety of purposes. Companies are able to make better-informed decisions, more quickly, about a range of issues such as increasing productivity or controlling costs, or improving the marketing and sales of products and services. Public accounting firms can use big data to better assist clients in analyzing complex accounting, tax, and regulatory and other issues. Firms also see themselves as catalysts in helping clients adapt to innovations in technology.3

While companies and firms are finding many new opportunities in big data, they also face enormous challenges in managing the associated risks. Companies need to develop plans and policies for accessing, using and managing big data, develop the necessary information systems and recruit people with the necessary experience and skills to manage big data, and determine how to make cost-effective investments in big data management. Otherwise companies could be overwhelmed by big data, for example, data could accumulate in electronic silos within companies, clog up information systems, and be difficult to access.4 Because of poor management, data could lose their value.

To ensure that doesn’t happen, and to make the most productive and profitable use of data, CFOs are taking a more active role in data management as part of their broader, more hands-on management of companies’ information technology. That includes IT training. “CFOs who focus on training staff

TTI Survey: Further Analysis

1

1

Big Data Why did Canadian and U.S. respondents give top ranking to managing and retaining data in this year’s TTI survey? Big data probably has a lot to do with it.

“I think our members are right on target when it comes to the top priority in this year’s TTI Survey,” said Frank Colantonio, CPA, CA-IT, director of continuing education, CPA Canada. “With technology advances like in-memory processing reducing Big Data costs, the respondents have recognized the importance of managing and retaining data by controlling things like data governance and operational data strategy in order to realize Big Data’s many benefits.”

9

to use information to drive better decision-making are those whose companies or firms will be at the forefront of change, and therefore hold a distinct competitive advantage,” Barry C. Melancon, CPA, AICPA president and CEO, wrote in a blog post.5 “Success will belong to those able to combine smart processes with analytic talent.”

Although organizations are working diligently to overcome the challenges faced by big data management, public accounting firms are also finding opportunities to address the rising need for change. “Data management from a public accounting perspective is more than ensuring that policies are in place that governs the management of data,” states Jeannette Koger, CPA, AICPA IMTA Director. “As the importance of data management has grown, firms are working closely with clients to ensure that effective controls are implemented pertaining to the appropriateness of data management policies, practices and procedures utilized by client organizations. Such controls are required to ensure that data management strategies effectively align with the fast moving IT environment in which many organizations operate.”

Securing the IT Environment Risk: An organization that has not considered all the vulnerabilities and threats related to information technology and has an inadequate security policy, could be at serious risk. Among other risks, the loss, theft or compromise of a mobile device could disrupt an organization’s operations and result in the loss of sensitive or confidential client and customer data. The proliferation of mobile devices connecting to business networks and the increased migration of critical data processing and storage to the cloud has expanded the number of potential targets for cyber-attacks.6 These attacks increase an organization’s risk of fraud, intellectual property theft, network incapacitation and damage to brands and corporate reputation.7

Risk management: Securing the IT environment begins with a comprehensive risk assessment in which an organization thoroughly considers its information

technology vulnerabilities and threats. It then implements policies to mitigate those risks, including the safeguarding of networks and servers from cyber-attack, securing all mobile devices including laptops, tablets and mobile phones from data breaches, and ensuring that data will be safe in the event of a cyber-attack or mobile device loss. CPAs should work with their clients to ensure that appropriate internal controls are implemented.

As for cloud computing, organizations are trying to balance the value that it offers, such as accessing more computing resources for less money, against risks such as breaches of data privacy, identity and access integrity and system availability.8 Management should begin processes to guard against fraud and manage risk before an organization contracts with a cloud computing service provider (CSP), according to a thought paper of the Committee of Sponsoring Organizations of the Treadway Commission (COSO).9 The paper is intended to help corporate boards with their oversight role and executives to manage risk in their cloud strategy.10 In addition, CPAs can help clients with careful vendor due diligence and performing a Service Organization Control (SOC) report engagement can help ensure that cloud computing risks are also identified and mitigated.

2

2

10

Managing IT Risks and Compliance Risk: “The complexities of IT and its interconnectedness to so many areas of the business leave organizations more vulnerable than ever to inherent risks,” IBM notes in a white paper on aligning information technology with strategic business goals.11 And how have companies responded? “Despite the widespread business impact that threats can have, most organizations do not consider aligning their IT risk management plan with their strategic business initiatives,” the paper said. Organizations that do not understand and have not considered the risks associated with information technology are not prepared to mitigate those risks. As a result they may be especially vulnerable. By contrast, a sound risk management policy can help a company to reduce its risks.

Risk management: To manage IT risk and compliance, CPAs should conduct a risk assessment, looking at vulnerabilities and threats including those related to emerging technologies such as cloud computing, mobile technologies and social media. Policies and internal controls can then be designed to reduce IT-related risks to an acceptable level and the effectiveness of those controls can be monitored. CPAs can also develop policies to detect management override abuse within IT-dependent systems.

Ensuring privacy Risk: Privacy concerns the rights and obligations of individuals and organizations with respect to the collection, use, retention, disclosure and disposal of personal information. A breach of privacy from data leaks from mobile technology, data breaches in the organization, cyber-attack or other causes could result in the unauthorized disclosure of personal information about employees, clients or customers and others.

Risk management: To protect privacy, organizations can establish privacy policies that address privacy laws and requirements, put privacy safeguards and controls in place, and secure data and systems. For example, to protect them and their clients’ information, more public accounting firms are developing and implementing policies addressing client information, automated monitoring of access and use of information, and employee awareness training.12 If there is a privacy breach, an organization must be prepared to quickly detect it and respond. CPAs also perform privacy audits based on generally accepted privacy principles (GAPP) to help clients assess their risks.

Managing System Implementations Risk: An organization’s strategic goals drive the systems it implements. If its goals and the implementation are not aligned, the organization may only partly realize the value expected from implementation — or not realize any value at all. It may also have other problems such as errors in converting or migrating data.

Risk management: To manage a system implementation, an organization establishes a strong alignment between its strategic goals and IT-related projects. In evaluating new projects, it considers the business case for each project and prioritizes these projects according to its strategic goals. Furthermore, it analyzes and documents the business requirements for approved projects and evaluates their value based on a variety of criteria including financial and operational data. Finally, it ensures the quality and integrity of data provided by the system.

Preventing and Responding to Computer Fraud Risk: Information technology has facilitated the perpetration of fraud in organizations. According to Kroll Advisory Solutions’ Annual Global Fraud Survey, carried out by the Economist Intelligence Unit, 30 percent of companies say they are most

3

4

4

6

5

6

7

9

11

vulnerable to information theft. These companies cite IT complexity as the leading cause of heightened risk exposure.13 Those organizations that do not know how to identify IT-related fraud, do not have policies to prevent such fraud, and do not have plans to respond to a fraud, are particularly vulnerable. Likewise, organizations are at greater risk if they do not have policies to prevent management override opportunities within financial-related systems. If a fraud does occur, these organizations may not have plans in place to respond. In addition there is a risk of misappropriation of assets by circumventing controls and accessing bank funds including the theft of customer lists, proprietary company information, customer data, etc. Often, the intangible value associated with these items is significant. If the data is stolen, the value is directly impacted and must be written down on the balance sheet — either when an event occurs or during the annual impairment analysis.

Risk management: To prevent and respond to fraud, a CPA considers the fraud risks associated with information technology, designs policies and internal controls to mitigate such risks, and establishes policies to detect management override abuse. If a fraud is perpetrated, an organization is then prepared to respond. Another preventative control is the design and implementation of monitoring controls. These include daily flash reports and exception reporting that should alert management as to an error, anomaly or potential fraud. The key to an effective monitoring control is that a responsible party is reviewing the control and has an action plan in place in the unlikely event that something occurs. All too often, corporations have monitoring controls in place but an action plan had not been implemented that would lead to the correction and remediation of the error.

Enabling Decision Support and Managing Performance Risk: The reports provided to management should be aligned with an organization’s strategic goals. However, this may not be the case if the organization’s information architecture does not support effective reporting or management has not supported an investment in business intelligence related projects. As a result, management may receive inaccurate or incomplete reports, and, consequently, may be at risk of making poorly informed business decisions.

Risk management: Enabling decision support and managing performance means that an organization maintains a strong alignment between its strategic goals and the reports and analyses provided to management. It has a management reporting environment and business intelligence infrastructure that supports effective evidence-based decision-making. Its management has a good understanding of how data flows through the organization and uses that data to support decision-making to achieve performance goals. The organization has controls in place to ensure that reports contain high-quality data — the data are accurate, complete, timely and auditable. Executives understand the technology options available to support business intelligence related initiatives, and they support the organization in implementing business intelligence and performance management initiatives.

7

3

12

Governing and Managing IT Investment and Spending Risk: If an organization’s policies and procedures governing information technology are ineffective, or the alignment between its information technology and business strategies is poor, it may not maximize the value from its IT investment. As a result, it may spend too much or too little on IT initiatives and not receive an adequate return on its investment.

Risk management: An organization’s ability to govern and manage IT investment and spending depends on its having both a strong alignment between its mission/strategic plan and its IT strategy and having a strong IT governance function. The organization prioritizes IT initiatives and related spending, manages its investment in such initiatives and analyze the value of its IT investment portfolio. This portfolio should represent a mix of “Run,” “Grow” and “Transform” initiatives that are aligned with the organization’s business strategy and risk tolerance. A Run budget aligns the resources that maintain an organization’s operations. Grow spending aims to increase the organization’s IT proficiency. Transform encompasses research and development projects such as proof of concepts or prototypes.14

Leveraging Emerging Technologies Risk: Smartphones, tablets, e-readers, cloud computing, big data and other emerging technologies have enabled Chartered Professional Accountants, Certified Public Accountants and others to access use and manage information most anywhere, anytime. These technologies are expected to drive 90% of the growth of the IT market from 2013 through 2020.15 But the unprecedented access to information and other benefits of emerging technologies also has brought new challenges for all CPAs. Not only must CPAs understand and keep abreast of advancements in emerging technologies, they must also be prepared to assist their organizations to develop policies and procedures for their management including security and privacy protections. Technological advances likely will create new revenue streams for CPAs, for example, in

consulting, information analysis and controllership work.16 CPAs need to consider how to help their organizations identify and capitalize on opportunities in emerging technologies.

Risk management: Emerging technologies are driving change and innovation in markets, industries and organizations worldwide. The challenge for both CPAs and the organizations they serve is first to understand the risks in technologies that by definition are continuing to evolve. Organizations can then develop the plans, policies and systems to manage these risks, to train staff in the use of these technologies (or hire outside training providers), and access the financial resources and make decisions about how to capitalize on the revenue-generating opportunities in emerging technologies.

Managing Vendors and Service Providers Risk: Contracting with a vendor or service provider can save an organization time and money: the provider may have the knowledge and expertise to perform work more efficiently and at less cost than the company itself. But there are risks. The organization may not know how to find the right service provider. It may not know how to negotiate a service level agreement (SLA), for example, it could find itself locked into an agreement without enough flexibility to adjust or exit the contract. The company may unknowingly take on the risks of the vendor, or it may come to distrust the vendor on issues of security or confidentiality or processing integrity; or it may find the vendor is not complying with terms of the SLA.

Risk management: An organization assesses the risk of using a provider, identifies reliable providers, performs the necessary due diligence before engaging a provider, and analyzes the costs of engaging a provider. It validates the sufficiency and completeness of the terms and conditions in a SLA and it knows whether the provider is in compliance with the SLA. The organization negotiates a flexible contract with the provider — if it chooses, it can reasonably adjust or exit the contract.

8

9

5

8

10

10

13

The responses of CPAs in public accounting and in business and industry were analyzed separately to provide another perspective on the survey results. The following are the top ten technology priorities from the perspective of those respondents in public accounting and those in business.

As with the overall survey respondents, CPAs in public accounting ranked managing and retaining data as the No. 1 priority for their clients’ organizations (and their organizations) in 2013. Last year, they gave top ranking to securing the IT environment.

In 2012, understanding the IT impacts of legislation, regulations and standards was ranked last on the priorities of public accounting CPAs. This year, it did not make the top ten rankings.

Accounting professionals in business and industry ranked securing the IT environment as their top priority for 2013, just as they did in 2012.

Enabling decision support and analysis was last on the public accounting ranking. It was fifth on the business and industry ranking.

U.S. Public Accounting and Business and Industry Perspective

Public Accounting Business and Industry

1 Managing and Retaining Data 1 Securing the IT Environment

2 Securing the IT Environment 2 Managing and Retaining Data

3 Ensuring Privacy 3 Managing IT Risks and Compliance

4 Managing IT Risks and Compliance 4 Managing System Implementations

5 Preventing and Responding to Computer Fraud

5 Enabling Decision Support and Analysis

6 Managing System Implementations 6 Governing and Managing IT Investment and Spending

7 Leveraging Emerging Technologies 7 Leveraging Emerging Technologies

8 Managing Vendors and Service Providers 8 Ensuring Privacy

9 Governing and Managing IT Investment and Spending

9 Preventing and Responding to Computer Fraud

10 Enabling Decision Support and Analysis 10 Managing Vendors and Service Providers

14

Respondents of CPAs in public accounting and in business and industry were analyzed separately to provide another perspective on the survey results. The following are the top ten technology priorities from the perspective of those respondents in public accounting and those in business.

Professionals in public accounting ranked managing and retaining data first. They gave equal second place ranking to securing the IT environment and ensuring privacy.

Business and industry professionals gave equal second place ranking to securing the IT environment and managing and retaining data.

Professionals in public accounting gave the middle rankings to preventing and responding to computer fraud, managing IT risks and compliance and

leveraging emerging technologies. Those in business and industry gave the middle rankings to managing IT risks and compliance, governing and managing IT investment/spending and managing systems implementation.

Preventing and responding to computer fraud was ranked fourth by professionals in public accounting but last by those in business and industry. Enabling decision support and analysis was ranked eighth by public accounting professionals compared with the top ranking by business and industry professionals.

Canada: Public Accounting and Business and Industry Perspective

Public Accounting Business and Industry

1 Managing and Retaining Data 1 Enabling Decision Support and Analytics

2 Securing the IT Environment 2 Securing the IT Environment

3 Ensuring Privacy 3 Managing and Retaining Data

4 Preventing and Responding to Computer Fraud

4 Managing IT Risks and Compliance

5 Managing IT Risks and Compliance 5 Governing and Managing IT Investment and Spending

6 Leveraging Emerging Technologies 6 Managing System implementations

7 Governing and Managing IT Investment and Spending

7 Ensuring Privacy

8 Enabling Decision Support and Analytics 8 Managing Vendors and Service Providers

9 Managing System implementations 9 Leveraging Emerging Technologies

10 Managing Vendors and Service Providers 10 Preventing and Responding to Computer Fraud

15

AICPA® IMTA Section Membership Benefits Include: ADVOCACYPromotion and Support of CPAsThe IMTA Section works to promote a favorable environment for CPA information management professionals by monitoring legislation and representing your interests.

COMMUNITY Networking OpportunitiesInvaluable networking opportunities with the best information management professionals in America are available via online communities or in-person events, including formal networking.

CERTIFICATIONThe CITP Credential• Differentiation from other CPAs and

non-CPA IMTA professionals• CITP Marketing Toolkit — includes Hire a CITP

brochures for clients and employers and career pathway guidance

• Additional discounts for the TECH+ and NAAATS conference

• IMTA Section membership

INFORMATIONMember Communications• The CPA Practice Advisor — Monthly

magazine discussing the latest technology news and trends (free! $49.95 value)

• InfoTech Update SmartBrief — Monthly e-newsletter with industry news, tools and ideas for CPA information management professionals

• IMTA Member Exclusive — Periodic email communications highlighting IMTA Section benefits and resources

• IMTA Marketing and Media Toolkit — Guidance for communicating with the media and marketing your IMTA expertise

• Quarterly Newsletter — Newsletter designed to outline hot topics and latest trends for CPAs interested in Information Management and Technology Assurance

PROFESSIONAL DEVELOPMENTTechnical ResourcesIMTA Section members access numerous technical resources on the IMTA Center website, including Top Technology Initiatives — Content Suites.

AICPA IMTA Educational Events• Annual AICPA Practitioners — Tech+,

NAAATS and Controllers Workshop conferences — IMTA Section members receive a discount!

• IT Audit School and Advanced IT Audit School

WebcastsAvailable through our archives or for registration through our events site. Monthly webcasts offer discounted CPE as well as guidance on important technology topics.

Webcasts include:• IT Considerations in Risk-Based Auditing• IT General Controls for Financial Auditors• Application & Data Integration for Reporting• Service Organization Control (SOC) Reporting

Options Series

Resource Guides for Members & Their Clients• ABCs of IT Security for CPAs series• ITConsiderations in Risk-Based Auditing: A Strategic Overview (discussion paper)• Business Intelligence Value Proposition Tool

Kit and Case Study Member DiscountsIMTA Section members receive discounts on IMTA related conferences, webcasts and other products.

Alliance Offerings & Product Discounts• 10% discount on new purchases of IDEA —

Data Analysis Software, IDEA components, and public and/or on-site training courses

• Discount opportunities for events offered by our alliance partners, including ITA

• 25% discount on new purchases of ActiveData® Products

16

YES! I WANT TO JOIN THE IMTA SECTION! (PLEASE PRINT)

NAME:

FIRM/COMPANY:

JOB TITLE OR POSITION:

AICPA MEMBERSHIP #: (You must be an AICPA member to join)

EMAIL ADDRESS:

How did you hear about us?

PLEASE INDICATE PREFERRED MAILING ADDRESS

HOME BUSINESS

STREET ADDRESS:

CITY/STATE/ZIP:

HOME PHONE:

BUSINESS PHONE:

FAX NUMBER:

PAYMENT INFORMATION

YES! Enroll me in the IMTA Section. My check for $200 payable to the AICPA is enclosed. PROMO CODE

OR Please bill my credit card: AMEX Diners Club Discover MasterCard Visa

CARDHOLDER NAME:

CARD#:

EXP. DATE:

SIGNATURE:

Call888.777.7077 M-F 9am-6pm ET

Fax800.362.5066

MailATTN: Member Service Center — IMTA Section

American Institute of CPAs220 Leigh Farm Road

Durham, NC 27707

Online aicpa.org/IMTA

Questions? Please email us at imta@aicpa.org

Membership Application

Copyright © 2013 American Institute of CPAs. All rights reserved.

1 Steve Lohr, The Age of Big Data, New York Times, Feb. 11, 2012. Estimate provided by technology firm IDC. nytimes.com/2012/02/12/sunday-review/big-datas-impact-in-the-world.html?pagewanted=all&_r=1&2 Steven Rosenbush and Michael Totty, “How Big Data Is Changing the Whole Equation,” The Wall Street Journal, March 8, 2013. 3 Michael Cohn, “CPAs See Themselves as Technology Catalysts for Clients,” Accounting Today, Dec. 5, 2012. accountingtoday.com/news/CPAs-Technology-Catalysts-Clients-64895-1.html?ET=webcpa:e6402:140448a:&st=email4 David Rosenbaum, “Digging Out from Big Data,” CFO Magazine, August 1, 2012. cfo.com/article.cfm/14652726/ c_2984351/?f=archives5 Barry C. Melancon, “ ‘Big Data’ Presents Big Opportunities for Firms and CFOs,” AICPA Insights, July 13, 2012. blog.aicpa.org/2012/07/big-data-presents-big-opportunities-for-firms-and-cfos.html6 Jeff Drew, “Managing cybersecurity risks,” Journal of Accountancy, August 2012. journalofaccountancy.com/Issues/2012/Aug/201259007 The Wall Street Journal, CFO Journal, Deloitte, “Five Questions and Answers About Managing Cyber Risk,” March 15, 2013 deloitte.wsj.com/cfo/2013/03/15/five-questions-about-managing-cyber-risk/8 James Kaplan, Chris Rezek, Protecting Information in the Cloud, CFO, Jan. 2, 2013. www3.cfo.com/article/2013/1/the-cloud_cios-cros-it-idc-public-cloud-private-cloud-mckinsey.9 News Digest, Technology, Journal of Accountancy, September 2012. journalofaccountancy.com/Issues/2012/Sep/Technology10 Committee of Sponsoring Organizations of the Treadway Commission, Thought Leadership in ERM, Enterprise Risk Management in Cloud Computing, by Warren Chan, Eugene Leung, Heidi Pili, Crowe Horwarth LLP. coso.org/documents/Cloud%20Computing%20Thought%20Paper.pdf11 “Aligning IT with strategic business goals: a proactive approach to managing IT risk to your business,” IBM Global Technology Services, Thought Leadership White Paper. ftp://ftp.software.ibm.com/common/ssi/ecm/en/buw03027caen/BUW03027CAEN.PDF12 Joel Lanz and Nancy A. Cohen, “Protecting privacy,” Journal of Accountancy, August 2012. journalofaccountancy.com/Issues/2012/Aug/20125580.htm13 “Annual Edition 2012/13, Global Fraud Report,” Kroll Advisory Solutions, Economist Intelligence Unit Survey Results, pages 4 and 7. krolladvisory.com/library/KRL_FraudReport2012-13.pdf14 Donny Shimamoto, “A strategic approach to IT budgeting,” March 2012. journalofaccountancy.com/Issues/2012/Mar/20114439.htm15 “IDC Predicts 2013 Will be Dominated by Mobile and Cloud Developments as the IT Industry Shifts Into Full-Blown Competition on the 3rd Platform,” IDC press release, Nov. 29, 2012. idc.com/getdoc.jsp?containerId=prUS23814112#.UUh4kqWVs7Y16 Jeff Drew, “Technology and CPAs: Visions of the Future,” Executive Summary, June 2012. journalofaccountancy.com/Issues/2012/Jun/20114844.htm

Endnotes

18

888.777.7077 | ITinfo@aicpa.org | aicpa.org/infotech 416.977.3222 | ITinfo@cpacanada.ca | cpacanada.ca

1342

5-37

8