10 technology issues that need to be on your organization's tech priority list in 2015.

Todd Herman Image

Many of our readers are like the CEO of a fairly new client. He's a fine businessman, very competent and involved in the business, yet he said at our first meeting,

"Todd, I run a good business, and I know how to manage and evaluate all of my functions except one – the IT group. I don't understand IT, and I don't want to. Yet, I know I need someone I can trust who DOES know IT and who CAN tell me what's going on there. Is that you?"

Well, obviously, the answer was "yes," since we obtained this CEO as a client.

Translating Tech-Speak into Business-Speak

One of our key roles in this initial project was translator – we translated tech-speak into business-speak, and quantified the budget needed to achieve IS goals and yield business benefits. Once we did this, the CEO could knowledgeably and comfortably authorize the budget being sought.

This month, I've provided 10 technology issues that need to be on your organization's tech priority list in 2015. Even if you don't have IT reporting to you, you're likely to touch the IT function, either on a special project or as an end user.

Importance of the "Double Geek"

data tunnel

These issues come from the 2013 Top Technology Initiatives Survey (details are listed at the end of the article) conducted by the American Institute of Certified Public Accountants (AICPA). The AICPA asked accounting professionals in the United States to prioritize their 2013 technology initiatives.

Yes, the survey participants are double geeks – they know both accounting AND information technology. That's important because these are two key areas executives and managers rely upon to run the business.

Confession – I am a double geek, too. Yet, being a double geek is valuable because success in business today is tied to how well your business systems fit your overall strategy, and enable you to efficiently and effectively execute the processes underlying your strategy.

Download the printable version of the Technology "To Do" List here

1. Securing the IT Environment

Description: Securing your IT environment involves ensuring your information systems are protected against, among other things:

  • Unauthorized access to your systems, from both inside and outside your firewall.
  • Unauthorized modification of information.
  • Unauthorized access to confidential or sensitive information, regardless of where this is stored (on servers, desktops, laptops, or mobile devices) or during transmission via email.

Questions to Ask:

  1. When did you last conduct a risk assessment to identify internal vulnerabilities and threats?
  2. How does your business ensure the availability and continuity of your IT services?

2. Managing and Retaining Data

Description: Managing and retaining data involves the oversight and storage of data for a variety of business reasons. Data stored in outdated or incompatible formats, or data improperly backed up, may lead to irrevocable loss of data.

Questions to Ask:

  1. How well does your organization conform to its data management policies and procedures? How well does it monitor its compliance with regulatory requirements?
  2. Even if you believe your organization is properly backing up its data, when was the last time restoring this data was tested?

3. Managing IT Risks and Compliance

Description: Managing IT risks and compliance requires creating controls to help mitigate potential business threats. Without solid processes in place to manage these risks, the organization may be incredibly vulnerable to:

  • Viruses and other malware,
  • Employee turnover,
  • Fires and other disasters.

Questions to Ask:

  1. When was the last time your risk management policies were reviewed against your entire IT ecosystem?
  2. How – and how frequently – does your organization monitor the effectiveness of its IT-related internal controls?

4. Managing System Implementations

Description: Implementing a new system is done to increase organizational effectiveness. Many implementations fail due to lack of technical planning, project management, personnel availability, staff training and cooperation, and other factors. Without strong management of the system implementation, the implementation could be delayed or even aborted, wasting a significant investment with no return.

Questions to Ask:

  1. How well do your systems align with the organization's strategic goals?
  2. How many, and what types of, work-arounds have you developed for your current systems?

5. Enabling Decision Support and Analysis

Description: Enabling strong decision support and analysis allows an organization's leaders to make more educated strategic and operational decisions. Without strong technology support for your business, management may base decisions on inaccurate or incomplete reports, and information.

Questions to Ask:

  1. How do you and other organization executives know you receive reports with accurate, complete, and timely data?
  2. How well does your organization seem to use business intelligence and performance management technologies?
  3. How closely is your management reporting aligned with the organization's strategic goals?

6. Governing and Managing IT Investments and Spending

Description: This initiative ensures an organization aligns its business strategies and its information technology, and then allocate and manage time and funding to receive a solid return on its IT investment.

Questions to Ask:

  1. How closely is your organization's IT budget aligned with the organization's mission and strategic plan?
  2. How – and how frequently – does your organization review its return on its IT investment?

7. Leveraging Emerging Technologies

Description: This initiative enables your organization to be more effective at anticipating, and adapting to changes in technology. These changes can make your organization mobile, more efficient, and more effective, and potentially create new revenue streams.

Questions to Ask:

  1. What are your organization's policies and controls for emerging technologies – including personal devices like smart phones or tablets, and cloud-based services – which might commingle personal and business information?
  2. How well does your staff adhere to the organization's policies and controls for emerging technologies? How well does your staff understand these policies and controls?
  3. How well does your organization seem to evaluate and manage the cost, risk, and value of emerging technologies?

8. Ensuring Privacy

Description: Ensuring privacy in relation to technology concerns protecting the rights of individuals, and assuring organizations use, retain, disclose and dispose of personal information in an appropriate manner.

Questions to Ask:

  1. What system controls are in place to help detect inappropriate attempts – whether accidental or malicious – to access private information?
  2. What steps would your staff follow in the event of a potential or actual security breach?

9. Preventing and Responding to Computer Fraud

Description: Preventing and responding to computer fraud involves creating policies and plans to prevent and respond to fraud within the organization. Without preparation, an organizations faces greater risks and more vulnerabilities.

Questions to Ask:

  1. How well have you and other managers been trained to identify risk factors of computer fraud?
  2. What safeguards has your organization implemented to prevent and detect unauthorized access to security controls, encryption keys, firewalls, and intrusion detection systems?

10. Managing Vendors and Service Providers

Description: Managing vendors and service providers effectively within an organization can save an organization time and money. Without this type of oversight, the company may unknowingly take on risks of the vendor, or may be unable to find the right service provider for their organization – in either case, an organization can open itself to security, confidentiality, and processing integrity risks.

Questions to Ask:

  1. When hiring a vendor or service provider, what due diligence does your organization perform in assessing the credentials, reputation, and stability of the company or individual?
  2. To what extent does your organization involve IT and other appropriate areas in assessing risks and controls over vendors and service providers?

Download the printable version of the Technology "To Do" List here

Get Your Tech Ready for 2015

Reflect on these technology issues, and use them to get ready for 2015. Over the next 6 or so weeks, you're likely to have many times away from work – these provide good opportunities for your mind to wander a bit and make connections needed for an "ah-ha!" moment. When that occurs, jot down the idea or "To Do" while it's still fresh.

Remember, should you need help fleshing out that idea or implementing that "To Do," I'm only a phone call or email away.

Sincerely yours,


Todd L. Herman

Source Information:

Descriptions and questions in this article are based, in part, on details from the 2013 Top Technology Initiatives Survey – Business & Industry Checklist, 2013 North America Top Technology Initiatives Survey Results, and the 2013 Top Technology Initiatives Survey Results: Business and Industry White Paper.

Of the survey participants, 36% are in public accounting, 36% are in business and industry and 28% in consulting, government or not-for-profit or other organizations. A majority of the participants said they "frequently" or "regularly" encounter information technology questions in their field of work.

For more details, please visit: North America Top Technology Initiatives for CPA's Survey – 2013