Outsourcing Accounting and Data Security
Any kind of accounting involves sharing of data with the accountant so that he can record them and then tell you how you are doing as a business.
Normally people feel comfortable in sharing data only with people whom they trust or who are under their contractual obligation to keep the data confidential.
Since employees are under contractual obligation to maintain strict data confidentiality, a business owner will have the confidence in sharing financial data with an in-house accountant.
Even with the case of an outsourced accountant, a business can trust sharing of data only when it is sure that any kind of data leakage from the outsourcer can lead to litigation against the outsourcing accountant.
Since people are comfortable with the legal systems prevalent with one's own country, a business owner would be comfortable in sharing data with an outsourced accounting provider present inside his country, after entering into a legal contract with the outsourcer.
For an outsourced accounting service provider hailing from a country different from the country of the business, it therefore becomes difficult to get lot of work since businesses in one country would not entrust data to the outsourcer of another country because of different legal frameworks governing the two countries.
Why shall a businessman in US spend his time trying to understand the legal framework of the outsourcer country like India/China/Philippines? Then, does this mean the end of outsourcing for people who look for high degree of data security and also want to outsource their accounting? The answer is "NO".
There are a few outsourcing vendors operating around the globe which are owned and managed by CPAs.
A business can trust them with their data for the reasons mentioned below: a) Such firms, owned and managed by CPAs are governed by the strict ethical measures of the Institutes they are affiliated with.
And one of the prime ethic considerations is concerned with data security.
For most of such Institutes, any leakage of client's data from a CPA's office will be treated as Professional Misconduct which can result in the CPA to lose his license to practice.
b) Because of the strict ethical principles laid down by Institutes, these firms go that extra mile to ensure that there is no possibility whatsoever for any compromise in data confidentiality.
Some of the measures taken for ensuring data confidentiality are: i.
Entry of any unauthorized person into the office is strictly prohibited by use of secure access cards.
ii.
Use of dual monitor systems that ensure a paperless environment.
iii.
None of the employees' system is connected to the printer.
iv.
Limited internet access is given to employees on need basis and to ensure stricter compliance with data security, trackers have been installed on each system.
v.
Individual domain accounts have been enabled on each workstation to ensure that the data is shared only within a closed group of employees who are working on the data.
vi.
No access on the workstations for any external drives like CD drives, floppy disk, USB port etc.
vii.
Each employee is recruited after a thorough background check is done and a clean record is obtained.
viii.
Employees sign non-disclosure agreement with the firms to ensure that the employees remain liable for their actions.
In fact most of such firms believe that the responsibility of the client's data is entirely their, the moment the client agrees to subscribe to our services.
They therefore take extra precaution for ensuring optimum security while client's data is being transferred from client's office to their office.
All the data transfer takes place through secure servers in US hosted with IBackup in California.
The technology used by IBackup is the same as used by big corporate for transferring data.
128 bit SSL encryption on transmission and 256 bit AES encryption on storage is used by these firms to ensure that the data transfer is perfectly secure.
In fact, the data transmission measures through IBackup are compliant with federal mandates.
Normally people feel comfortable in sharing data only with people whom they trust or who are under their contractual obligation to keep the data confidential.
Since employees are under contractual obligation to maintain strict data confidentiality, a business owner will have the confidence in sharing financial data with an in-house accountant.
Even with the case of an outsourced accountant, a business can trust sharing of data only when it is sure that any kind of data leakage from the outsourcer can lead to litigation against the outsourcing accountant.
Since people are comfortable with the legal systems prevalent with one's own country, a business owner would be comfortable in sharing data with an outsourced accounting provider present inside his country, after entering into a legal contract with the outsourcer.
For an outsourced accounting service provider hailing from a country different from the country of the business, it therefore becomes difficult to get lot of work since businesses in one country would not entrust data to the outsourcer of another country because of different legal frameworks governing the two countries.
Why shall a businessman in US spend his time trying to understand the legal framework of the outsourcer country like India/China/Philippines? Then, does this mean the end of outsourcing for people who look for high degree of data security and also want to outsource their accounting? The answer is "NO".
There are a few outsourcing vendors operating around the globe which are owned and managed by CPAs.
A business can trust them with their data for the reasons mentioned below: a) Such firms, owned and managed by CPAs are governed by the strict ethical measures of the Institutes they are affiliated with.
And one of the prime ethic considerations is concerned with data security.
For most of such Institutes, any leakage of client's data from a CPA's office will be treated as Professional Misconduct which can result in the CPA to lose his license to practice.
b) Because of the strict ethical principles laid down by Institutes, these firms go that extra mile to ensure that there is no possibility whatsoever for any compromise in data confidentiality.
Some of the measures taken for ensuring data confidentiality are: i.
Entry of any unauthorized person into the office is strictly prohibited by use of secure access cards.
ii.
Use of dual monitor systems that ensure a paperless environment.
iii.
None of the employees' system is connected to the printer.
iv.
Limited internet access is given to employees on need basis and to ensure stricter compliance with data security, trackers have been installed on each system.
v.
Individual domain accounts have been enabled on each workstation to ensure that the data is shared only within a closed group of employees who are working on the data.
vi.
No access on the workstations for any external drives like CD drives, floppy disk, USB port etc.
vii.
Each employee is recruited after a thorough background check is done and a clean record is obtained.
viii.
Employees sign non-disclosure agreement with the firms to ensure that the employees remain liable for their actions.
In fact most of such firms believe that the responsibility of the client's data is entirely their, the moment the client agrees to subscribe to our services.
They therefore take extra precaution for ensuring optimum security while client's data is being transferred from client's office to their office.
All the data transfer takes place through secure servers in US hosted with IBackup in California.
The technology used by IBackup is the same as used by big corporate for transferring data.
128 bit SSL encryption on transmission and 256 bit AES encryption on storage is used by these firms to ensure that the data transfer is perfectly secure.
In fact, the data transmission measures through IBackup are compliant with federal mandates.
