|
|
The following are the 2009 Top Technology Initiatives.
|
1. Information Security Management
Proper Information Security Management protects the integrity, confidentiality and availability of information in the custody of an organization and reduces the risk of information being compromised. It is an integrated, systematic approach that coordinates people, policies, standards, processes, and controls used to safeguard critical systems and information from internal and external security threats.
2. Privacy Management
The right to privacy is a commonly assumed fact, and failure to protect sensitive information can cause serious damage to an organization's reputation and subject it to legal penalties. Privacy Management involves the strategies and safeguards used to protect the privacy of an organization’s records that include resources, restricted assets, personnel, client and customer personally identifiable information. Safeguards are enforced so that this information cannot be released to or accessed by unauthorized subjects. The initiative includes complying with local, national and international laws.
Stored data can be altered to commit fraud, intercepted by an unscrupulous person en route and altered, and laptops storing vast amounts of confidential information can be lost or stolen. Strategies that can mitigate these risks include encrypted storage disks and laptop hard drives, message digests used to identify altered data, digital certificates, secure channels using Secure Sockets Layering (SSL) or Transport Layer Security (TLS) for purchase transactions, and Virtual Private Networks (VPNs) which allow for more permanent secure data channels.
Business Process Improvement initiatives assist with controlling and documenting processes across the organization, most commonly in accounting or content management (paperless) applications. Transaction processing and audit trails are being replaced with automated processes, work flow, exception alerts, and electronic authorizations.
5. Mobile and Remote Computing
Enabling people to work from anywhere and at any time is the goal of Mobile and Remote Computing. Technologies used in mobile and remote computing include Terminal Services, Citrix, Virtual Desktop Interface, Cellular broadband and WiMAX, and remote control applications. A paperless office environment is essential to support mobile users who want to access and collaborate on digital documents from remote locations.
Knowledgeable and competent employees who address issues with confidence are a key differentiator among competitors. As technology develops and is in a constant state of change, training methods must also change. On-site training has given way to computer-based training (CBT), pod casts, web casts, distance learning, etc.
7. Identity and Access Management
Identity and Access Management involves the implementation of physical, technical, and administrative controls that limit access to company resources to authorized persons. A challenge exists with achieving easy access by authorized users while making resources inaccessible to unauthorized users.
Effective decision support and business intelligence systems rely on information systems which “talk to each other” seamlessly and where information is readily available in a form that expedites business decision making. Disparate systems continue to exist within organizations and duplicate databases reside within these multiple systems.
Document, Forms, Content and Knowledge Management (the “paperless” office) is the process of electronically capturing, indexing, storing, protecting, searching, retrieving, managing, and controlling information using scanning, forms recognition, optical character recognition (OCR), centralized data repositories, and the management of PDFs and other document formats. Knowledge management brings structure and control to information, allowing organizations to harness the intellectual capital contained in the underlying data.
Electronic Data Retention Strategy involves technologies that enable appropriate archiving and retrieval of key information over a given (statutory) period of time. Strategies include policies and processes to ensure destruction of information from storage and archival media in a timely and consistent manner, as well as the impact of eDiscovery rules and regulations regarding retained data.
Back to top
Honorable Mention
In addition to the above list, the AICPA is also including a section for Honorable Mention, the technology initiatives that placed #11− #15 in the final tabulation.
Business Continuity Management and Disaster Recovery Planning are the holistic processes organizations use to mitigate the risks to systems and people when unexpected events occur and includes the maintenance of a documented plan that is periodically tested. This process includes identification, prioritization, and documentation of key systems, associated risks, and individuals responsible for ensuring the maintenance of these key systems.
12. Conforming to Assurance and Compliance Standards
All organizations must have a strategy to ensure that appropriate external and internal standards are met in a timely manner. Financial systems must be aligned to provide accurate, timely, and secure information that meet all reporting requirements.
Portals enable employees, customers, vendors, and other contacts to securely access and share information and documents. Collaboration tools allow multiple users to work together on files of all kinds.
Business Intelligence solutions supply information to decision makers at all levels using tools such as dashboards, Key Performance Indicators (KPIs), data warehouses, and proactive alerts.
Customer Relationship Management (CRM) is the process and software that provide a comprehensive view of a relationship and enables organizations to manage all aspects of the interaction with this relationship and to focus resources on the highest-value relationships. Applications include contact management, calendaring, practice management, sales history, email integration, workflow integration, and campaign marketing and may incorporate sales force automation, call center technologies, Web site integration, as well as integration with internal applications (time and billing) and personal information managers (i.e., Microsoft Outlook).
Back to top
|