Paperless practice: the client service view

I would be grateful for recommendations on client portals.

Thanks

Charles

It seems that your panel respondents are sharing that excellent client service can be delivered at a lower cost than without an efficient electronic document archive in place within the practice.

It also seems that practices with several branches also need secure Remote Access to the complete document archive of the practice, and all branches.

Security is often a discussion point with Accountancy Practices implementing PaperLess Secure Remote Access between their branches and/or remote workers and we have technology built into our application to provide high levels of security. Because this avoids the need of a browser based system the speed and functionality, and security are at a high level.

The ability to integrate with the practice accounting solution has also been a key point so all documents relating to transactions can be viewed, as well as working papers. These can also be shared with clients using Client Access.

It was interesting that there is a clear focus on your panel of increased client service, but less of a focus with sharing access to documentation with clients, do yous ee this changing at all ?

Phil

-- Accounting the PaperLess way™

How does someone electronically approve documents as Kevin Salter does?  Is this different to getting approval by email?

We use Lucey technology as it has the full package, you can accept payments, get documents signed off electronically and do all the normal portal stuff as well. It's not cheap but I think if you're going to use a portal, do it properly and get a full package, that way you and your clients are more likely to use it.

We are also switching from paper to electronic documentation. Although, it has many benefits as mentioned above, we are wondering how a client can approve the documents electronically. If this really works effectively it could save us a lot of time, which could be utilised for some other constructive work. It is worth mentioning that technology has made accountants' life so much easier.

Does anyone have any recommendations for a good document management software sytem?

We've used Docusoft  for about five years, and are very happy with it.  It's highly flexible and can be tailored to fit in with the way that you work.  It was also significantly less expensive than some of the other offerings - Invu and Singleview spring to mind.  We've hardly needed any support in that period but when we have they have been excellent.

Give Derek French a call, and they can set up a demo for you online

Hi Chawlaaandco

In PaperLess we have the functionality of ClientAccess which means clients can use the PaperLess application to log in via the Internet to your PaperLess server and access the records that you share with them. This could also include approving documentation for instance as well as viewing transactions and their document images.

I hope that answers your question

Phil

-- Accounting the PaperLess way™

We use Docsafe for our client portal. It's easy for us and clients to use, and there is a simple procedure for online approval by the client. A PDF of the approval is created and emailed to the appropriate member of staff, which contains details of which file was approved, by which user, and when. This can be filed on the client file, and is also kept attached to the document within Docsafe.

Docsafe is effectively a secure online folder system, which can be accessed via a link on your website, so it's not allowing anyone into your document handling system. You have to upload the documents you want to share with the client, but it does not take much time and I think this approach has its advantages.

If a dispute ever came to court, how would I show the court that a document had been approved using Docsafe?

The certificate shows the "originator" of the document (i.e. the firm), the name of the client who has approved the document (and their username), the full name of the file that was approved, the exact date and time approved (to the second), and a 16 digit "approval verification" number, presumably created by a computer algorithm of some kind.

A disclaimer then makes the obvious point that Docsafe can only confirm that the approver has logged in using the authorised username and password for that client, and that no other checks as to identity were made. It also makes clear that the use of the approval procedure is as set out in terms and conditions between the firm and its client.

Compared to approval via an email, I believe this to be much more verifiable. For a start, people often leave their home computers switched on and not password protected, so that family members or others in the house could easily read their emails and reply without the client's authority. (Similar factors come into play in the office environment.)  With a portal, on the other hand, the client would have to give their username and password to the person, which I think a court would view as being unduly lax on the client's part.  Secondly, the "from" address on an email can easily be "spoofed", so who can tell who it really comes from?

"Pen and ink" signatures can be forged...

I appreciate pen and ink signatures can be forged, but they are recognised in court as evidence of approval, and if they are denied, handwriting experts can be used to give evidence as to whether they are false or not.

Yes, emails are insecure, but I feel if I had an email in court and I had a laptop showing the email, this would be strong evidence in my favour. If the owner ofthe email address said "I must have left my email open and someone else approved this document when I was away from my desk", I think he would be in a weak position in terms of his credibility.

My question was really about how  the evidence process would work in court. Are there stand-alone documents I could show the court as evidence, or  would I have to call in Docsafe staff as an expert witness?

No form of evidence is 100% foolproof or 100% reliable, but some are more accepted and some more easy to use than others.

I will accept a client's authority via email, but personally I would feel in a stronger position with the Docsafe approval document, and perhaps some written explanation from Docsafe as to their procedures, for the reasons I have stated. In practice, clients often email us to say they have used the Docsafe procedure, so we have both. Many firms are accepting approval via client portals, and this is something I would also point out to the court.

At the end of the day this is a personal choice, and we all accept approved documents on the basis of the "balance of probabilities" that the approval is genuine - does the signature look right, does the email look and sound right, do the attendant circumstances back up this conclusion?

I would be more inclined to accept a Docsafe approval if I knew I would be able to use it in court. Otherwise it is useless to me.

Courts move with the times.  My suggestion might be that the approval document had a copy of the original document attached and both marked probally with number of pages and a unique number.  As email is accepted in Court I fail to see how the docsafe or any other simalar system would not be.   Lord Denning used to talk about a man sitting in his armchair and what would he think.  I think he (the man) would determine that the approval system showed that the document had been approved.

I think that, whilst a computer expert would accept a Docsafe electronic authorisation, the man in the armchair would have no idea what it was.

I am sure that one day, electronic authorisation will be understood by all judges in all courts, but am not so sure about today.

I think you are probably right about adding additional evidence, but I think then it becomes more onerous than simply authorising by email.

Electronic signatures were made legally admissible in UK courts in 2000 (By the Electronic Communications Act 2000, if you're interested)

This Act is the UK&'s implementation of the EU's wider 1999/93/EC Directive on Electronic Signatures, which sets an EU-wide standard for e-signatures. Section 7 of the Electronic Communications Act states that "...in any legal proceedings, an electronic signature incorporated into or logically associated with a particular electronic communication shall be admissible into evidence in relation to questions as to the authenticity or integrity of the communication or data"

There is a guidance note available from the Dept of Business Innovation & Skills (DTi as was)

http://www.berr.gov.uk/files/file34339.pdf

Like most of these kinds of legislation, there is no technical check-list - it just sets a series of general principles that can be used to decide if an electronic signature complies with the Act (and therefore will be accepted by a court).

There are a number of companies offering products that incorporate electronic signatures.  One of the nicest approaches I've seen is an Adobe product called EchoSign.   You create your document (a contract, engagement letter, whatever) in whatever form you wish (Word, Excel, PDF, Google Docs) and upload it to the EchoSign portal, along with the email address of the recipient.

 The document is then secured by EchoSign and emailed to the client, and they are given a link to click that lets them 'sign' the document on screen.  It is then returned to you automatically. The client doesn't need any special software, and you pay a flat monthly fee to EchoSign based on the number of users you want to authorise to send documents out.    I've been on the receiving end of this system for one of my contracts - it was very painless. 

Thanks Charles. So how would you go about evidencing the electronic signature in court?

First, you don't need to take specific action unless the veracity of the document is actually queried.  The court will start from an assumption that the document is fine if you say it is.  (As an illustration of changing attitudes, Companies House take a similar line on submissions which have computer-printed signatures - they realised they often couldn't actually tell the difference anyway!).

http://www.companieshouse.gov.uk/about/policyDocuments/documentSignatures.shtml

In the case of EchoSign, the document is altered to show a facsimile 'signature' on the face of the page (along with the EchoSign logo, etc).   So in the first instance, you can print the document out. 

If the opposition decides to press the issue, then you offer the electronic document (which has the encrypted certificate embedded within it) for inspection.  EchoSign keep a secured copy of the document on their systems, so you don't even need to worry about safely storing the original on your server if that's a concern.

As the certificate is partly based on the textual content of the document (and on other information such as the time, date, and person who signed it) - any change to the document will mean that the certificate is instantly invalidated.   (It's like the IR Mark on electronic tax returns, except invisible).

Certificates are either generated by you, or you pay a subscription to an external 'Certificate Authority' to create then for you on demand.   Generally, if you generate your own certificates, then they will be treated with a degree of suspicion.  It's best to use a third-party provider who does it on a large scale and is industry-recognised.

http://www.tscheme.org/about/index.html

Just as an aside - you don't need to use an 'all-inclusive' provider like EchoSign to handle documents for you, you can generate and apply digital signatures to a document just by using the in-built features of Microsoft Office.

There's a configuration setting and features in MS Office that let you obtain a digital certificate from a 3rd-party provider and use it to apply electronic signatures to a document.

http://office.microsoft.com/en-gb/providers/digital-id-HA001050484.aspx

In this case, if the document changes, then you'll see a warning message on the screen when viewing the document.

Another concern I had was the look of  the signature. I have seen one system where you attempt to reproduce your signature with your mouse. Mine looked like a three-year-old had done it. Do they all involve this? 

Also, how do these systems compare to getting an email saying "I agree to the terms  of the contract" or "I approve document x and authorise you to submit it to HMRC/Companies House"?

You need to make a distinction between a 'facsimile signature' and an 'electronic signature'.

A facsimile signature is a graphic image that tries to look like your autograph (the sort of thing that appears on the bottom of junk mail to make it look more 'personal').   The presence of a 'fake' signature has no significance for the legal status of the document, unless you can demonstrate that you have processes in place to show that the original creator of the autograph specifically approved of the contents of the document to which it is attached.  (This comes into play at Companies House, where they accept computer printed 'signatures' on forms - see my earlier post for the link regarding this)

An electronic signature is nothing to do with the physical appearance of the document, but is an encrypted piece of data within the computer file that is directly linked to the contents of the document.  If the document is compromised in any way, the electronic signature is invalidated, thus giving the reader a warning that they may need to treat the document with caution.

Sometimes, the presence of a valid e-signature might be indicated with some kind of special image that vanishes or changes if the document is altered, but it's not mandatory as long as the underlying data is secure.

So...a printed facsimile of someone's autograph is NOT necessarily a sign of any special digital trustworthiness - it's purely a cosmetic enhancement to the document.

Equally - any systems that ask you to 'sign' a document with your mouse (or whatever) are not really interested in what that signature looks like, but are really only using your mouse wiggling actions as 'permission' to embed the real digital signature into the document.

What about getting an email saying "I agree to the terms  of the contract" or "I approve document x and authorise you to submit it to HMRC/Companies House"?

You can have electronic signatures embedded in emails (Outlook has all the features if you want to enable them), but the reality is, that most of the time, it's a sledgehammer to crack a nut.

Larger practices use email archiving systems that automatically capture every email going into and out of the firm, along with audit trail information.   This archive cannot be altered, so can act as a trustworthy record of the arrival of an email, its sender, and its original content.

Examples of this kind of product...

• Symantec EnterpriseVault
• Mimecast (www.mimecast.com)

Under UK law, a contract can be created in a hundred different ways, none of which particularly rely on a wet ink signature, so an email from a client saying 'I agree to the terms of the contract' will generally be absolutely fine unless everyone is particularly twitchy about the risks and want something more.

Look at the risks inherent in the situation - if it's a run-of-the-mill personal tax return for a sole trader, then the risks of accepting an email as a 'signature' are very low.   If it's a property purchase or a big corporate finance deal, then the risk is higher and you set the bar higher.