The explosion of accounting technology over the years has transformed the profession as even the smallest practitioners today make use of advanced software tools in engagements. But with these changes have come new vulnerabilities — vulnerabilities that put both accountants and their clients at risk, according to Randy Johnston, executive vice president and shareholder at K2 Enterprises. This is because, bluntly, a lot of them aren’t coded very well.
“I’m very concerned about the quality of code that is being written for the new generation of applications. It’s not secure enough, it’s not fast enough,” he said.
Examples include document recognition software, which he said “is still pretty clumsy,” workflow management software that still leaves “so much busy work, administrative work, to do,” and even teleconferencing programs where “interactions were not very satisfying.” This is because they were designed to address processes that may seem simple on their face but are actually more complex than one might think.
Johnston pointed to billing software as an example: “The problem is a lot of these things are not easy. What makes it difficult is the amount of information that must be included on the bills: the description, the activities involved, modifications of standard phrases, electronic delivery, and obviously on the back end electronic payments. The problem is if you get a highly automated bill, it is highly generic, and in my mind it should be much easier to have billing that is descriptive yet easy to generate, and very few systems can do that today,” he said.
He blamed this on a mindset among developers that emphasizes pushing out what he called minimally viable products — that is, things developed just enough so they can function, but not much beyond that. Then, he said, they push out another product, which is likely also poorly coded, and it’s integrated with the one they’ve already released. So the overall structure gets bigger, but the foundation itself is weak.
“It’s creating a bunch of products that are not very well-thought-out. Think of adding onto a home … You add another room, another room, another room. That’s what’s happening with these products. A lot of them aren’t very well-balanced or complete or well-thought-out,” he said.
He noted that a typical CPA firm will have between 75 and 100 applications, all of which need training to learn. Instead of spending so much time learning a large number of programs that each only do one thing — and that not particularly well — Johnston said that firms would be better off having a smaller number of more robust applications.
“There would be less to learn, less to maintain, less to license and, frankly, more [would get] done in less time with less effort. On the concurring side of that, people may want to get very specific results with very specific tools, but a lot of these tools are too limited in what they can do. A more robust tool may actually do better,” he said, adding that it’s also important to avoid the other extreme of relying entirely on one tool.
The consequences for poor coding go beyond workplace productivity, though. Johnston also lamented that it leaves firms more vulnerable to cyber-attacks as well. Not helping the situation is the fact that many of the tools firms rely on for protection are also not very good, but their very presence gives leaders a false sense of security.
“The security holes in these products are big enough to drive a truck through. I think it’s partially a programmer issue and partially a thinking that the platform will protect everything. In the old days we had this kind of castle-and-moat protection, trying to put everything inside our firewalls. But we’re evolving pretty rapidly into a zero-trust world, where you have to continuously verify that the user is who they say they are. But bad actors are getting better faster than the good actors can protect us,” he said.
This story is part of an Accounting Today series called “The Frontier,” where we explore the cutting edge of accounting technology through conversations with thought leaders across the country, who will share with us their observations, hopes, concerns and even a few predictions here and there.
See the rest of
