I had the privilege of listening to Bill Reeb at a recent presentation to the AICPA Controllers Conference in Las Vegas. He pointed out that there are several forces converging on CPAs as they advance to higher level jobs which will make us increasingly uncomfortable in the coming years.

  1. Technology is increasingly taking on the role of recording data and turning that data into information – or at least making it much easier to send that work to the lowest bidder, wherever that bidder might be located in the world.
  2. The lower you are on the information value chain;
    the less you will get paid.
  3. The higher you are on the information value chain the less certain you are of the answers.

CPAs tend to pride themselves on certainty. We know the rules, be they accounting or tax, and run the numbers until we get to the right answer. This is what worked to make us successful early in our careers and we are reluctant to let go of the methods that brought us that success. The problem is while getting the right answer works on the low end of the information value chain, which is not what CPAs are asked to do as they advance in their career. Instead we are asked on take on the much more difficult role of producing knowledge and making decisions at the high end of the information value chain where certainty is a rarity.

In fact, at the high end of the information value chain you tend to run into a lot of people making stuff up and getting very well paid to do it. So the irony is the low paying job of coming up with definitive answers and information is going away or paying even less, while the high paying job of making stuff up is in increasing demand.

As CPAs we are going to have to learn to deal with the uncomfortable fact that our employers are not looking to us for the right answer, but instead are looking to us for insights and decisions on much less than perfect data. The sooner we become comfortable with this new paradigm, the more successful we will be in our career.

Future of Learning

The Future of Learning Task Force met for the second time in San Francisco last week and this time focused on technology delivery and impacts on learning. We covered many topics from technology platforms to how technology enables different ways of learning, but there are two I want to spend a little more time on here.

The first is the idea of how technology enables a major paradigm shift in the learning process. The traditional learning process is that a topic is covered for a specified amount of time and at the end of that time you take an assessment, but then, no matter what you get on the assessment, you then go on to the next topic. In this paradigm, the topic and time spent are the fixed elements and the assessment percentage (how much you learned) is the variable. If you think about it, that is not a great way to ensure mastery of skills, especially in topics that are the foundation for the future topics covered (like in math or accounting). This paradigm however was the only logical one to choose in the industrial age when all instruction had to be given in person.

Technology now allows instruction to be recorded and reviewed as many times as needed. As a result, we can change the learning paradigm so that the topic and the assessment score are the fixed elements and the time spent by the learner is the variable. This allows the people who know the topic to move on to the next topic while making sure no one is moved along until they meet the mastery requirement of the topic. Technology also takes away the social stigma of asking a person to keep going over a topic. Even in private tutor situations, people do not want to keep asking someone to cover the same thing. On the other hand people have no problem running a video again and again. You don’t believe me – how many times have you watched your favorite movie or that really cute YouTube cat video?

The second topic is what is broadly referred to as gamification of training. We participated in a couple of exercises and it was amazing how much more exciting the training can be – even on topics you might not think of as exciting. Gamification really means including “game elements” in training. This may mean scoring and competition, constucting the training around a “story” or simply monitoring and giving badges for completion. You don’t think the completion monitor makes a difference? How many of you worked to get the LinkedIn completion bar to 100%? If you did then that game element worked on you to get your profile complete.

The best news about technology is there are lots of people and lots of money working in this technology space. As a profession we won’t need to invent the technology, we will only need to figure out how to utilize it to make the training of the future something we all look forward to taking.

Houston We Have A (Security) Problem

Whether you are a member of Board of Directors, an Officer of the company, senior or middle management, you have probably dealt with IT security issues in the past few months.  A recent survey by the AICPA and Chartered Professional Accountants of Canada showed that four of the top six technology initiatives in North America are related to security.  From privacy to secure access to preventing fraud, dealing with the risks of IT seems to be overtaking the excitement of the potential productivity enhancements from the use of IT.

And the increasing prevalence of outsourcing IT and using the cloud is not solving these problems as many might have thought.  Certainly there are benefits to outsourcing including being able to rely on the “experts” instead of fighting to keep the right talent in-house.  The problem is that, as COSO pointed out in its revised framework, you can outsource activity but you can’t outsource responsibility.  In order to handle that responsibility many companies include security terms in their contracts outlining what the outsourcer must do so that the companies IT infrastructure is secure.  Those terms may be the latest and greatest when the contract is signed, but what happens when the contract is three years old?

In the IT security world time works like dog years.  It may be three years on the calendar, but it’s more like twenty-one years in terms of virtual age.  Three years ago no one had even heard of a denial of service attacks, day zero viruses or spear phishing just to name a few of the latest IT security concerns.  As an outsource provider, you certainly don’t want to be contractual on the hook for unknown future security requirements that can change at the whim of new customer management, but as a customer, you can be left feeling very vulnerable if your security protections are old and outdated.

I don’t know what the solutions to these problems are, but I do know that until we come up with a few, IT security issues will continue to take up more and more critical time from everyone in business.

Is Big Brother Required for Adequate Internal Control

Google’s latest potential product – Google Glass – has the potential to radically change the way we interface with computing power and the internet.  It also has the power to take “big brother” spying on everything we do to a new level.  We already live in a world where companies have complete access to our email and internet movements while on our work computers; they can tell when we are in or out of the office through the ID readers to get into the building; they can even tell where we are when we aren’t in the office with the GPS in our phones turned on.

Now with Google Glass they can see and record every move we make during the day.  There can be come great uses for this new functionality.  Imagine the savings on time and motion studies by being able to record and analyze a sample across dozens of people in a day.  But with any technology comes responsibility.  I recently read an American Banker article that saw Google Glass as a way to reign in rouge traders.  If they are wearing Google Glass then every trade they make can be monitored.  I understand the concern.  When one rouge trader can bring down a company, you have to consider extraordinary means to prevent that from happening, but somehow having your every move monitored just seems like a little too much to me.

When you review internal control systems in place today, there are two basic tenants to those systems.  One, most employees want to do the right thing and two, those employees who don’t will always find a way around the controls.  That is why companies set up layers of preventative and detective controls.  It is also why it is very important to emphasize the way employees can ask questions or report bad behavior.  In one sense, using Google Glass to monitor employee activities is just the next logical step from having the ability for fellow employees to call in suspicions.  One the other hand the U.S. has had a long standing tradition that you have the right not to incriminate yourself.  At what point do we cross that line between appropriate internal control techniques and violating someone’s right to privacy?

If the world has become so complex that we have to monitor our employees’ every move just to have adequate internal controls, then I think we need to reevaluate what it means to have adequate internal controls. I believe there is a way to have an adequate internal control structure without making work into some Orwellian vision of the future.  Before we go too far down the path of what technology can do, it is time to start the discussion on where internal control ends and privacy begins.  Just because we can do something with technology, does that mean we must do it to have adequate internal controls?  I for one, hope not.