Cloud accounting: How to manage the risks
The future of accounting is in the cloud. The improved accessibility and the pay-as-you-go model are some of its most attractive advantages. However, no technology is a panacea and caution is advised to address the potential risks cloud accounting. Valme Claro investigates what can go wrong and what can be done to mitigate those risks.
Cloud accounting applications eliminate the costs associated with software installation and allow anytime remote access from any device, including tablets and mobile phones. Cloud users do not need to worry about upgrading their software or carrying out maintenance work.
But cloud accounting brings some potential downsides and risks that aren’t the same with desktop applications. This article sets out the main areas of concern, and includes advice and links on how to address them.
Security is often the starting point for concerns around cloud computing, when this aspect is probably one of the advantages of the technology. The data is beyond the user’s immediate control, which raises the spectre of unseen attacks and breaches taking place without their knowledge. AccountingWEB member adam.arca raised this worry in a recent Any Answers question.
In partial answer to this stance Kevin Phillips pointed out that recent ransomware attacks and systems failures such as the one at British Airways hit on-premises software rather than cloud systems, which tend to be more secure.
Cloud providers are measured on their system availability times to multiple decimal places above 99% and operate from data centres with much more robust security and back-up processes than most small companies. Nick_Hardy72 told adam.arca: “Leading cloud service providers have invested heavily in their data centres, which are managed by network and data experts to ensure that applications and data are properly protected. Small businesses with limited IT budgets can benefit from access to modern, sophisticated infrastructure which would otherwise be completely unaffordable to them and expert personnel.”
- Do due diligence on the suppliers who want to manage your data and look for evidence that they regularly undergo security audits that comply with industry standards.
- Consider encryption options, both for your own data, and by the service provider when they transmit and store your information.
- Put strong access controls in place to limit access to sensitive data and regularly monitor who is accessing it.
- For more information on dealing with these risks, consult the articles, debates and resources available on AccountingWEB’s IT security tag page.
Hackers and internal malcontents aren’t the only worry for your cloud accounting system. Other threats like fire, theft and other third parties such as bad weather can disrupt your business.
Again, cloud systems have advantage over on-premise software because as long as you have access to the internet from a compatible device, you can get access to your data and keep on working.
But other continuity questions arise, such as the viability of the suppliers who maintain your systems. Chris Downing, head of business intelligence at Milsted Langdon, is worried about the transience of the app marketplace: “There’s a new one every month. If you build your business around one add-on, what’s the guarantee it’ll be around in 6 months? How many are actually making money?”
If the operating the cloud system you use shuts down unexpectedly, your data could be gone forever unless you have continuity measures in place.
- Part of your due diligence when choosing new apps should be to check the financial strength of your developer to ensure they can last the course. Is the provider making money and does their business model look sustainable?
- Plan for disaster: create a contingency plan that includes backing-up data regularly with live data files or CSVs so that you can recover your data quickly in the event of disruption from any quarter. Your plan should include an assessment of all your information assets and the different risks posed - more advice here.
- Test your recovery plan regularly to ensure your team knows what to do and who to contact if the worst happened.
Lock-in and access to records
Users might have got the impression that the cloud makes it easy to switch suppliers. But technology is never as simple as it appears when you see the initial demo. The practicalities of altering your processes and transferring your data are significant in any system migration, which sets a basic level for inertia. But suppliers don’t necessarily provide standard data formats or even data export functionalities - so other tools and extra costs might be needed to transfer data to another provider.
The lock-in factor means providers can raise the price of their services incrementally because they know the disruption and expense will deter users from switching. Or the service provider might change their terms or be acquired by a larger company with a different, less suitable approach for the customer.
As Harry Mowat explains in his blog post about cloud ERP: “Your business circumstances are constantly changing so you don’t want to be locked into a provider only because the cost to extract your data makes moving prohibitive.”
When it comes to accessing your records, one Any Answers thread considered a theoretical scenario where the business cancels an old subscription, but is no longer able to access any of the data held in the system. If no read-only access is provided, the only alternative is to download regular back-ups or pay for on-going access.
- Negotiate an exit strategy before entering into an agreement with any cloud provider.
- Make sure the provider allows you to export the data and take into account the standardisation levels of the application, which will determine how easy it would be to migrate to a different provider.
- Model the costs of changing provider and the tools and resources that would be necessary to do so; factor this into your system selection process.
- Consider using online backup tools: Dropbox, Sugarsync, Google Drive or Justcloud are some of the options available to back up your data.
- Depending on the providers, it might be possible to use a managed conversion service such as Movemybooks, which charges a fee for automating the conversion for you between Sage 50/Instant, QuickBooks Standard/Pro/Premier, QuickBooks Online and Xero.
Cloud accounting is accessible as long as the connection to the internet works properly, both for the user of the cloud service and the service provider. Your business is in the hands of both the cloud vendor and your own internet service provider.
- Backup Internet connection: Make sure a secondary connection is available if yours fails. USB dongles can be used for this purpose. Wireless backup routers are also an option to keep working when the primary network connection does not work.
In his cloud proposition series, Richard Sergeant highlighted the risk posed by clients who are not used to the cloud systems and may not understand how to use them. They could start missing deadlines and getting alienated from the firm if they ignore the new system.
- Education, training and communication: telling clients about the benefits of the cloud, like saving time and faster reporting, is essential. This needs to be followed up with practical support and training to ensure they know what they’re doing.
- Ensure better compliance by making use of the automation options of the cloud system, for instance by dispatching automated filing reminders to clients from your compliance or practice software.
For many users, the subscription-based cloud model is a great advantage because you pay for what you use as you go along. However, in his latest article, Richard Sergeant raises a concern about how the add-ons that enhance the basic cloud accounting engine can add to the recurring monthly fees.
Besides add-ons, other important requirements such as security and recovery systems add to the costs. Some of these extras may add up to more than you would pay for desktop programs over the course of their working lives - but bear in mind you won’t need to come up with the up-front capital needed to buy new software and hardware.
- Know what you are getting into and model your cloud usage costs over a 3-5 year period to achieve a meaningful comparison with existing desktop systems.
- If you are planning for growth, consider the software service costs for supporting an expanded team or client base. This factor also affects desktop software users.
- Aqilla has published a guide to analysing cloud computing costs, accompanied by a comparison spreadsheet. Use this as a starting point for your calculations.
- Talk to users of the systems you are considering to find out more about their experiences and costs/benefit trade-offs.
Visiting or contacting references sites is an excellent way to uncover and address not only the risks identified in this article, but others that may be more specific to your business. If you do go with a particular system, you will already be plugged into a very useful support network should you encounter any unforeseen problems with your new system.