Nimbus recently had the privilege to do an interview with Alan Fitzgerald, the Founder of Practice Connections. For the last 20 years Alan has been in tax and accounting software industry, and for the last three years, as an independent consultant offering advice to accounting firms big and small.
We asked Alan a couple of questions regarding the importance of having a cloud document management system and managing risk in terms of GDPR and NDB privacy issues. He also gives some great advice for firms when it comes to deciding which cloud document solution to buy!
NIMBUS: Alan, why is it important these days for accountants to have a suitable document management system and secure client portal in place?
ALAN: The key thing in that particular market – and, in fact, for any particular market – when you’ve got the likes of the Notifiable Data Breach legislation here in Australia and also GDPR in the UK, for example, anybody that has a connection to the UK has to comply with the UK regulations, it’s the fact that it’s very difficult – or next to near impossible and probably very dangerous – to send any kind of financial information where you’ve got personal details attached specifically for tax file number information. If you send that via email, you’re increasing your risk of breaching the act significantly.
If you send that via email, you’re increasing your risk of breaching the act significantly.
What you’ll need to look at from a document management perspective is the ability for the information that you have on your system that pertains to the client, to be able to get that information to the client in a secure manner. Now, in a secure manner, typically, it needs going through a portal where the client has to log in with a series of credentials. They get access to your system and then you publish the documents that you want them to see so that they can download, electronically sign, and return to you.
Putting that on email… email is basically like a river. You see the bears in Canada where they’re catching the salmon – just grabbing in and reaching out and pulling out a salmon. When you’re sending PDF documents through an email system, the risk is that someone can grab those documents. That then sets off the whole GDPR/Notifiable Data Breach.
Portals basically are the “cure” for that. For any firm looking at a document management system for 25 users or less, the automatic thing you should have as part and parcel of that is a portal – a portal functionality.
NIMBUS: GDPR and Notifiable Data Breaches are now a fact of life. How prepared are accountants to handle these privacy issues nowadays?
ALAN: Look, I think there’s a high level of awareness across the profession, but I’m not sure that the call to action has necessarily been met with the responses that it actually needs to have been met with.
I’ll give you an example. I’ve used this example in a couple of other interviews that I’ve had recently.
I met with a firm of about 35 – 40 users, a 4 or 5 partner firm. They asked me, “Can you recommend a portal?” I said, “Well, what portals have you looked at?” They said, “We’ve looked at three portals, but they only do about 90 percent of what we want.” I went, “What does your current portal do?” They said, “Oh, you see, we don’t have a portal, so that’s why we asked you to come in to talk portals.”
I said, “Guys, just buy a portal because (a) it’s going to secure the documents that you’re sending through to your clients, and (b) it does 90 percent more of what your current portal does, and (c) you’re going to learn a lot about portals. If, in two years’ time, you need to change portals, you change your portal. But you’d be surprised as to how much the vendor will work with you to fix the ten percent that you need to use within that portal.”
“A journey of a thousand miles starts with a single step.”
The expression that I use is the old “A journey of a thousand miles starts with a single step.” You actually have to start the journey, and I think the accounting profession – and this is why we love them – is very risk-averse.
The software, in their mind, has to be 100 percent because that’s the message that they give to their clients. “Come to me and I’ll get everything right. The books will balance. It will be black, and it will be red.” You know, that scenario.
But, when it comes to software, accounting firms have to actually take the risk that the software may only suit 90 percent of what they actually require it to do and that’s the key thing. They have to get on the journey instead of waiting for the perfect piece of software which is never going to become available.
NIMBUS: Of course, that’s such a truism.
Alan, it’s been marvellous. Are there any final remarks you’d like to make?
ALAN: Look, particularly with the Notifiable Data Breaches, I would encourage anybody in that scenario just to do their homework.
Be sceptical. This is where you absolutely have to play devil’s advocate in the sense of, if the salesman tells you that it does everything, you can pretty much guarantee that it doesn’t. Don’t believe everything that a product vendor will tell you because, invariably, they’re not telling you the whole thing.
Do your research across numerous vendors but do it more on a contextual level. What I mean by that is talk to three vendors, learn what they think about the other vendors – what they do well, what they don’t do well – but don’t get into the content. Don’t go and do a feature comparison because you will never get out of the feature comparison space. That’s just absolutely going to waste your time.
To give an example of that firm, four of the five partners saw a portal that they really liked. But, because the one partner wasn’t there, they had to get the vendor back in again to the do the presentation all over again, so four partners are going to be completed bored, and the fifth partner might actually say, “No, I don’t like it,” or he may actually say, “Yes.” But what they’ve done is, for a portal that is – in the scheme of things – relatively cheap, they have wasted many dozens of hours in billable time.
This is one of the frustrations that I have with firms in general. It’s a case of penny wise, pound foolish. There is absolutely the need to get advice.