carlaccounting
Member Since: 24th Sep 2017
Blogger
Likes: 0
Thanks: 2
Hi, My name is Shaun O'Hagan and I live in Shrewsbury, UK. I have 25 years software industry experience working for numerous blue chip companies in finance, media, telecoms and retail.
For the past 3 years have been part of a team building a new accounting platform based around the copyrighted CARL system developed more than 40 years ago. Using a series of characters to encode accountancy items the speed and accuracy of data input is improved and the resulting data gives quick reports on where a business stands.
My answers
Unlikely to be clear text but you never know.
One problem with big companies with lots of accounts is that older accounts get left behind on old digest cryptography as there is no easy way to upgrade e.g. changing hashed passwords from SHA1 to SHA256. Yes you can force a password change but some companies are too lazy to even do that.
Also other data which might identify you that is located in application databases should also be encrypted e.g. email addresses, business addresses, NINs. People often use the same password at different places so that password might be combined with an email in some other hack dump (Ashley Madison anyone ?) in which case that hashed password can be deciphered.
Just reading about another big hack (not accountancy related) - https://krebsonsecurity.com/2017/09/breach-at-sonic-drive-in-may-have-im...
EDIT it gets worse for Deloitte https://www.theregister.co.uk/2017/09/26/deloitte_leak_github_and_google/
It will be very embarrassing for them as they also provide security consultancy services to other companies. Having said that the team that run the internal security infrastructure will likely have nothing to do with the group that work with clients.
My understanding based on reading other reports is access was obtained to "admin" level accounts which is bad. Then you have the keys to the kingdom. Whether than means "admin" at the operating system level e.g. root on Unix I don't know. No system should allow admin/root level access via public interfaces, nor should is allow elevation to root privilege e.g. su root/sudo except under very specific control.
Ah just reread the article and they use Azure from Microsoft so I guess they have MS based internal O/S infrastructure. However same rules apply.
We may never know how this breach happened.
No I agree with you. If the banking industry and the accountancy industry and HMRC work together they can put together a universal "vocabulary" for communication of core business financial data.
Imagine after Brexit that the Government decided to put VAT at different rates on different categories of goods, e,g 10% on petrol but 30% on champagne. (or maybe the other way around !). If a way of identifying a purchase transaction with such attributes could be implemented across supermarket POS -> bank -> accounting system then that would be interesting.
I'm not up to speed on Open Banking so I'll need to look into that. Cheers, Shaun.
With Brexit and MTD being the issues that will be affecting all businesses in some way or another, by speeding up the transmission and processing of data between all of the parties involved will ensure the UK PLC will become much more flexible for the challenges ahead.
However integration across the various interfaces such as customer -> bank -> accounting practice -> HMRC is poorly defined. Poorly defined interfaces mean NO automation. Period.
Software vendors such as Sage, QB, Xero etc etc will obviously defend their market share and hence cooperating on the development and implementation of a new data interoperability standard is unlikely.
Standards for interoperability have to be driven by the industry. For example in networking the X series standards e.g. X.25 was specified by an industry body CCITT and all the software players supported it and layered their solutions upon it for the general good of the IT user.
The accountancy profession needs to lead the way and create an open standard for the communication of accounting data. If the end user e.g. the small business plumber is able to follow a simple prescriptive system for accurately entering their own figures, the accounting practices can focus on adding value to the business community rather than sorting through carrier bags of receipts. They can also pass on accounts to HMRC more quickly and have a chance of handling possibly 5 tax returns a year with MTD whereas at the moment some will be struggling to do 1.
Excel, as a spreadsheet program albeit quite a sophisticated one, is a general purpose tool. As such, when used to run accounting functions in a repeatable and consistent fashion it needs a significant amount of embellishment which means macros and programming.
With tools like C and Visual Basic one can even extend it build your own accountancy system but that is a specialist job and beyond the average user.
I think a significant issue is that specialist accounting packages (you know who I mean) are ironically perceived to be too difficult for some people and as such the cost/benefit is not attractive. People then use Excel because they already have it and it is therefore 'free'.
An interesting article.
AI and machine learning in the accountancy industry runs the risk of remaining nebulous. For accounting software to truly move into the realms of AI there has to be rich and well defined syntax and semantics to the data input into and generated by the system.
As a software engineer who cut their teeth in the specification driven communications/networking industry and who is now working in the accountancy profession, I find very little evidence of that being the case.
In general software needs strong contacts/interfaces and clearly defined data sets/data vocabulary upon which which meaningful decisions can be made by computing algorithms. Then the mass adoption of those software and data contracts allows large populations of users to benefit from the collective advancement of best practice.
The concept of double entry bookkeeping which is the fundamental principle which all current market leading accountancy products revolve around, is probably not enough to facilitate the introduction of AI technology to any meaningful degree.
A syntactic and semantic layers needs to be developed on top of double entry book keeping and this needs to be defined and published as an industry wide standard. Then software companies can build tools that might possibly give us what we think AI means.