• 165 Passaic Avenue, Suite 411, Fairfield, NJ 07004
  • Monday-Friday 9am - 5:30pm
  • 973-439-7200
November 10, 2015

Technology, How is Your IT Health?


Rinder_Henry_495_2013Q&A with Henry Rinder, Member with the Firm

We sat down with Henry Rinder, Member with the Firm, to discuss the rapid advancement of technology, and his thoughts on dealing with cyber security, social networking, cloud computing, and other issues impacting the accounting field.

Does Smolin assist clients with technology in their businesses?

HR: We assist clients by evaluating their information technology systems as part of our audit process. Our evaluation of the client's systems is done for two reasons. By maximizing the use of technology, we can perform audits faster, cheaper, and better.

At the same time, through evaluation of the systems, we can, in turn, suggest improvements to the client in our Management Letter, which is issued at the conclusion of our audit.

We automate tedious auditing tasks and streamline procedures in order to provide the most efficient auditing solutions for the client.  By automating the tedious tasks, analysis and calculations, we can deliver a superior and competitive end product.

What kind of technology improvement would you suggest to a client?

HR: For example, we had a new client, and as part of our audit process, we evaluated internal controls including their information technology area. What we discovered was that the one IT person was sitting in a crowded, closet-like space with wires hanging in every which-way. We asked about the backup and recovery systems that he was using. He replied that yes, in fact, he did make backups. “And, where do you store the backups?” He pointed to the top of his server rack, there in his “closet”. So in the event of a fire, all would have been lost. We suggested the backups be stored offsite.

Disaster recovery is key. Lightning strikes, power surges, fires, floods; all can result in data loss. In a disaster, all data is lost, even accounts receivable. After we brought this and other related findings to the client's attention, they were able to mitigate and improve all areas of their business' IT process and protocol.

What are you seeing as far as clients moving to the 'cloud'?

HR: There are a couple of reasons clients move to cloud computing and storage. One is that vendors are not providing local installation of software, and the client is effectively forced to move to cloud computing. Secondly, business owners recognize that cloud data storage is a superior solution for disaster recovery, redundancy of data, fire suppression, flood protection, and so forth. Most businesses cannot provide the level of expertise in house that the cloud can provide. By moving into a shared space where all of this is provided “in the cloud”, the client receives the better choice of data protection.

When do clients need to employ an IT person?

HR: There are plenty of small, quality, IT companies that can provide managed services as outsourced IT support for our clients. They provide 24 hour services, and for small businesses, this is much more economical than employing someone. Using outsourced IT eliminates such questions as: ‘How do I hire an IT professional?’ ‘Do we need a help desk solution?’ ‘What kind of person do we need?’ If the client doesn’t know what they need, they are better off using outsourced companies as their IT support.

Are most companies on board with implementation of cyber security programs?

HR: A typical cross section starts off with most small businesses not having sufficient resources and sophistication. As businesses get bigger, and more skilled professionals are put in place, businesses get more sophisticated in finding the right answers for cyber security. Even big companies and governments have failures though. IRS, Target, and Sony come to mind. The reasons for targeting by the hackers vary, but the risk is always there and needs to be considered.

Do companies need to upgrade their equipment as part of a cyber security plan?

HR: A cyber security strategy requires a combination of investment and discipline. Defensive strategy and tactics are needed, as well as better equipment, updated detection and filtering programs, and top security trained IT personnel; as there is a need to identify data breaches faster.  All of these pieces go a long way to provide better security and protection.

Sound internal control policies are a major component. Most reported data damages were caused by current or previous employees. Having the proper policies in place, and enforcing them, is critical.

How should clients enforce social networking policies?

HR: If the clients are going to allow social networking by their employees, additional security needs to be in place to protect company data from security threats. Strict email policies including encryption should be considered for the company email system. (Are you listening Hillary?) And all data should be transferred through portals instead of regular emails. Search engines such as Yahoo or Google can be accessed through encrypted solutions such as TOR, as well. Unencrypted flash drives should not be allowed for use by employees.

Will you evaluate a client's cyber security system outside of the audit environment?

HR: Come to us and we will provide a strategic evaluation of your IT environment. We will make recommendations depending upon what your needs are. We will put you in touch with qualified service providers who provide the solutions your company needs.

linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram