Cloud accounting: How to manage the risks

Risks of cloud accounting
iStock_Thunder cloud_Maxiphoto
Share this content

The future of accounting is in the cloud. The improved accessibility and the pay-as-you-go model are some of its most attractive advantages. However, no technology is a panacea and caution is advised to address the potential risks cloud accounting. Valme Claro investigates what can go wrong and what can be done to mitigate those risks.

Cloud accounting applications eliminate the costs associated with software installation and allow anytime remote access from any device, including tablets and mobile phones. Cloud users do not need to worry about upgrading their software or carrying out maintenance work.

But cloud accounting brings some potential downsides and risks that aren’t the same with desktop applications. This article sets out the main areas of concern, and includes advice and links on how to address them.


Security is often the starting point for concerns around cloud computing, when this aspect is probably one of the advantages of the technology. The data is beyond the user’s immediate control, which raises the spectre of unseen attacks and breaches taking place without their knowledge. AccountingWEB member adam.arca raised this worry in a recent Any Answers question.

In partial answer to this stance Kevin Phillips pointed out that recent ransomware attacks and systems failures such as the one at British Airways hit on-premises software rather than cloud systems, which tend to be more secure.

Cloud providers are measured on their system availability times to multiple decimal places above 99% and operate from data centres with much more robust security and back-up processes than most small companies. Nick_Hardy72 told adam.arca: “Leading cloud service providers have invested heavily in their data centres, which are managed by network and data experts to ensure that applications and data are properly protected. Small businesses with limited IT budgets can benefit from access to modern, sophisticated infrastructure which would otherwise be completely unaffordable to them and expert personnel.”

Mitigation strategies

  • Do due diligence on the suppliers who want to manage your data and look for evidence that they regularly undergo security audits that comply with industry standards.
  • Consider encryption options, both for your own data, and by the service provider when they transmit and store your information.
  • Put strong access controls in place to limit access to sensitive data and regularly monitor who is accessing it.
  • For more information on dealing with these risks, consult the articles, debates and resources available on AccountingWEB’s IT security tag page.

Business continuity

Hackers and internal malcontents aren’t the only worry for your cloud accounting system. Other threats like fire, theft and other third parties such as bad weather can disrupt your business.

Again, cloud systems have advantage over on-premise software because as long as you have access to the internet from a compatible device, you can get access to your data and keep on working.

But other continuity questions arise, such as the viability of the suppliers who maintain your systems. Chris Downing, head of business intelligence at Milsted Langdon, is worried about the transience of the app marketplace: “There’s a new one every month. If you build your business around one add-on, what’s the guarantee it’ll be around in 6 months? How many are actually making money?”

If the operating the cloud system you use shuts down unexpectedly, your data could be gone forever unless you have continuity measures in place.

Mitigation strategies

  • Part of your due diligence when choosing new apps should be to check the financial strength of your developer to ensure they can last the course. Is the provider making money and does their business model look sustainable?
  • Plan for disaster: create a contingency plan that includes backing-up data regularly with live data files or CSVs so that you can recover your data quickly in the event of disruption from any quarter. Your plan should include an assessment of all your information assets and the different risks posed - more advice here.
  • Test your recovery plan regularly to ensure your team knows what to do and who to contact if the worst happened.

Lock-in and access to records 

Users might have got the impression that the cloud makes it easy to switch suppliers. But technology is never as simple as it appears when you see the initial demo. The practicalities of altering your processes and transferring your data are significant in any system migration, which sets a basic level for inertia. But suppliers don’t necessarily provide standard data formats or even data export functionalities - so other tools and extra costs might be needed to transfer data to another provider.

The lock-in factor means providers can raise the price of their services incrementally because they know the disruption and expense will deter users from switching.  Or the service provider might change their terms or be acquired by a larger company with a different, less suitable approach for the customer.

As Harry Mowat explains in his blog post about cloud ERP: “Your business circumstances are constantly changing so you don’t want to be locked into a provider only because the cost to extract your data makes moving prohibitive.”

When it comes to accessing your records, one Any Answers thread considered a theoretical scenario where the business cancels an old subscription, but is no longer able to access any of the data held in the system. If no read-only access is provided, the only alternative is to download regular back-ups or pay for on-going access.

Mitigation strategies

  • Negotiate an exit strategy before entering into an agreement with any cloud provider.
  • Make sure the provider allows you to export the data and take into account the standardisation levels of the application, which will determine how easy it would be to migrate to a different provider.
  • Model the costs of changing provider and the tools and resources that would be necessary to do so; factor this into your system selection process.
  • Consider using online backup tools: Dropbox, Sugarsync, Google Drive or Justcloud are some of the options available to back up your data. 
  • Depending on the providers, it might be possible to use a managed conversion service such as Movemybooks, which charges a fee for automating the conversion for you between Sage 50/Instant, QuickBooks Standard/Pro/Premier, QuickBooks Online and Xero.

Internet access

Cloud accounting is accessible as long as the connection to the internet works properly, both for the user of the cloud service and the service provider. Your business is in the hands of both the cloud vendor and your own internet service provider.

Mitigation strategies

  • Backup Internet connection: Make sure a secondary connection is available if yours fails. USB dongles can be used for this purpose. Wireless backup routers are also an option to keep working when the primary network connection does not work.

Client compliance

In his cloud proposition series, Richard Sergeant highlighted the risk posed by clients who are not used to the cloud systems and may not understand how to use them.  They could start missing deadlines and getting alienated from the firm if they ignore the new system.

Mitigation strategies

  • Education, training and communication: telling clients about the benefits of the cloud, like saving time and faster reporting, is essential. This needs to be followed up with practical support and training to ensure they know what they’re doing. 
  • Ensure better compliance by making use of the automation options of the cloud system, for instance by dispatching automated filing reminders to clients from your compliance or practice software.


For many users, the subscription-based cloud model is a great advantage because you pay for what you use as you go along. However, in his latest article, Richard Sergeant raises a concern about how the add-ons that enhance the basic cloud accounting engine can add to the recurring monthly fees.

Besides add-ons, other important requirements such as security and recovery systems add to the costs. Some of these extras may add up to more than you would pay for desktop programs over the course of their working lives - but bear in mind you won’t need to come up with the up-front capital needed to buy new software and hardware.

Mitigation strategies

  • Know what you are getting into and model your cloud usage costs over a 3-5 year period to achieve a meaningful comparison with existing desktop systems.
  • If you are planning for growth, consider the software service costs for supporting an expanded team or client base. This factor also affects desktop software users.
  • Aqilla has published a guide to analysing cloud computing costs, accompanied by a comparison spreadsheet. Use this as a starting point for your calculations.
  • Talk to users of the systems you are considering to find out more about their experiences and costs/benefit trade-offs.

Visiting or contacting references sites is an excellent way to uncover and address not only the risks identified in this article, but others that may be more specific to your business. If you do go with a particular system, you will already be plugged into a very useful support network should you encounter any unforeseen problems with your new system.

About Valme Claro


Please login or register to join the discussion.

13th Jul 2017 10:54

Totally disagree.
The future is what Practitioners want it to be, not what over eager sales people think it should be. The failure of MTD in its present form will prove that. Of course "the cloud" might be the answer for some but I don't see it as the "all singing all dancing" scenario that it's made out to be.
There is a big gap between high techies and low techies which will not be diminished for many years. By then technology will have increased so much that the "gap" will still be vast.

Thanks (1)
to johnjenkins
20th Jul 2017 20:33

johnjenkins wrote:

Totally disagree.
The future is what Practitioners want it to be, not what over eager sales people think it should be.

They would do well to remember that.

Thanks (0)
By chatman
13th Jul 2017 11:13

Being able to take automatic backups of your data is very important. I would love it if Xero enabled you to do that.

Thanks (0)
to chatman
09th Nov 2017 13:38

Hi Chatman, you might like this new service then

Thanks (0)
By chatman
to Adrian Pearson
09th Nov 2017 15:34

Yes, it looks great. I've used your other services too Adrian.

Thanks (0)
13th Jul 2017 11:15

Great article. I'd just like to sound a note of caution about using consumer-grade cloud storage for backups - your OneDrive folder is just as vulnerable to a ransomware infection as your local hard drive! Backups need to maintain a series of copies - it may be days before you realize your data has been corrupted, and weeks before you find out that you deleted that all-important file. And ideally they should use an intermittent file transfer connection rather than a persistent drive mapping which is vulnerable to virus attack and user error, particularly if shared by multiple users.

Thanks (1)
to Peter Talbot
13th Jul 2017 11:25

Sounds like a good reason not to use it.

Thanks (0)
By chatman
13th Jul 2017 16:32

Peter Talbot wrote:
your OneDrive folder is just as vulnerable to a ransomware infection

Yes, a client of mine had a ransomeware attack and One Drive was completely unable to help him. Dropbox tell me that, in the event of such an attack, my unaffected files can be restored from up to a year ago.
Thanks (0)
17th Jul 2017 14:48

Yes we will all be using the cloud, or a variation of it, but i do not believe it is as safe as some make out, I would say the above article only scratches the surface regarding threats.

Thanks (0)