Back to Insights

Reducing Risk: How to Manage Risks Associated with Accounting in the Cloud

Roman Leshak, Jr., CPA
Roman Leshak, Jr., CPA Director, Audit & Accounting, Employee Benefit Plan Group Leader

This article originally appeared in the February 2014 issue of Smart Business Philadelphia magazine.

The increased use of web-based cloud accounting applications has provided users many advantages related to efficiencies and cost savings but conversely it adds certain risk factors, says Roman Leshak, a director in Audit & Accounting at Kreischer Miller.

Smart Business spoke with Leshak about ways to reduce risks associated with accouting in the cloud.

How do accounting firms use the cloud?

Accounting applications utilized through cloud computing include bill management and payment, customer relationship management, document management, enterprise resource planning systems, financial statements preparation, payroll, sales and use tax, tax return preparation and work flow resources.

Advances in technology have helped expedite the use of cloud applications, as many companies are seeing significant cost savings compared to developing and maintaining these applications internally.

Cloud computing can be a very attractive option for saving costs; it also lends itself to quicker software implementation and updates, portability of data enabling remote access among multiple users and locations and significant reduction and possible elimination of capital outlays for hardware.

What are the main risks involved with web-based accounting?

Despite the advantages of cloud computing, there are several risks that need to be considered and addressed prior to making the decision to move from the traditional accounting applications as information maintained within these applications is often confidential, or even entrepreneurial, and is very valuable to the user. These risks include security and data privacy, reliability and availability of the data and data processing, loss of integrity and overall data ownership and transfer of data.

During the vendor selection process the user should verify that the service provider utilizes a data center and that the vendor has received an AICPA Service Organization Controls Report on those controls in place at the data center related to infrastructure, software, personnel, procedures and data. These reports are crucial to understanding the vendor’s oversight of the data management, internal controls and risk management and in verifying that the proper safeguards are in place. Some accounting firms provide assurance services related to cloud strategy, integration and migration and will assist with corporate governance issues, vendor selection and system integration.

Security of the data transmitted and stored within the cloud is of the utmost importance as this data is no longer stored on local servers. Data should be encrypted during the transfer and storage stages and needs to be protected from access by other users that may be using the shared data center. Availability of the data and the reliability of cloud applications are just as important as the security of the data. Vendors must limit unscheduled downtime of cloud applications in our global 24/7 business environment.

In addition, the number of applications that a company houses in the cloud environment increases the requirement for the bandwidth needed for uninterrupted access to that data. Companies have used secondary internet providers as a backup option as well as engaged services with both telephone and cable internet providers to ensure constant and reliable connectivity. Risks related to the ownership and migration of data upon a change or termination in service providers also need to be considered. It is important to discuss the data transfer procedures with potential vendors as well as exit costs and strategies.

What do businesses need to do before proceeding with accounting in the cloud?

The most important thing you can do as a protector of information is to understand the potential risks associated with accounting within the cloud environment. Users should consider establishing a process of mandatory contractual agreements with potential cloud application service providers and verification that the service provider has the proper controls in place to help mitigate these risks of accounting in the cloud environment.

Accounting in the cloud has many advantages, but considering the risks and protecting your data should be your focus when entering into this environment.●


Contact the Author

Roman Leshak, Jr., CPA

Roman Leshak, Jr., CPA

Director, Audit & Accounting, Employee Benefit Plan Group Leader

Employee Benefit Plans Specialist, Owner Operated Private Companies Specialist, Private Equity-Backed Companies Specialist

Contact Us

We invite you to connect with us to discuss your needs and learn more about the Kreischer Miller difference.
Contact Us
You are using an unsupported version of Internet Explorer. To ensure security, performance, and full functionality, please upgrade to an up-to-date browser.