[1]

WIth responsibility for selecting outsourcing providers increasingly coming under the remit of the CFO, how do you chose an appropriate supplier  to maximise efficiencies and minimise risks. There are some basic practical tips that can make a big difference to the success - or failure - of an outsourcing investment. 

Awareness
Keep yourself up to speed on what’s happening in the IT world. Monitor the news so you know about recent breaches and threats. Also make sure you’re aware of what’s happening in your own organisation and amongst your employees.  With mobile communications, staff may be carrying confidential company data (such as emails, contact details) on a smartphone in their pocket.

Identify critical systems
Companies need to identify the IT systems that are crucial to their business, so they can put in place a recovery to retrieve information in emergency situations. What is the critical data that you need to keep operating, should a disaster happen? This can cover anything from accountancy software packages, through to contact details for staff and suppliers. This critical data needs to be stored in a central location that can be accessed quickly – there’s no point holding it on a server or USB disk if no-one can get to this in an emergency.

Know the risks
The obvious risks are accidental, for example hardware failure or damage from flood, fire and theft. Hackers are also a threat, due to the nature of the data handled by accounting practices and high profile clients they may represent. A firm can be at risk from its own employees, often unintentionally. Your corporate reputation could be damaged by inappropriate employee emails or under the new Digital Economy Act you could find your internet services suspended if someone uses your equipment to illegally download material.

Flexible working blurs the divide between home and office, so accountants could be using a shared family PC that does not have the same IT safeguards in place as a work computer. Even systems designed to secure information can be vulnerable to security lapses – for example, passwords are often written down by employers and left in unsafe places. Workers out on the road often carry highly confidential information on their laptops and PDAs that can be misplaced or stolen. According to Dell, nearly 1,000 business laptops go missing at Heathrow airport every week and only half of these are recovered.

Establish a recovery path
You need to plan your recovery scenario, should there be a malfunction in your IT systems. The crucial question to ask is: “How long will recovery take so we can get our business up and running?” Plan for all potential emergency situations and consider different options for backing up your critical system data. Many practices are now choosing to back-up certain data online, as opposed to using back-up tapes.

IT security policy
Companies underestimate the importance of the IT policy, often thinking its sole purpose is for use during disciplinary processes. An IT policy should be a set of guidelines that all staff understand and buy into. Your policy must be concise - a couple of pages are sufficient, as even the most diligent of employees is unlikely to read a lengthy tomb of text.

About the author
Daniel Mitchell is a founder and director of Lifeline IT [2], a network support company specialising in managing IT services for the accountancy profession. With a financial services background, Daniel has specialist interest in global cyber security and data protection.