Welcome to Luca!globe
 The CPA Journal Online Current Issue!    Navigation Tips!
Main Menu
CPA Journal
Professional Libary
Professional Forums
Member Services
Jan 1992

Computer viruses and the CPA. (certified public accountant) (The Practitioner & the Computer)

by Williams, L.K.

    Abstract- Accounting firms should have clear policies and controls for the safety and protection of microcomputer systems for enhanced customer service and for the protection of the computer information of both the company and their clients. Information protection and dealing with computer viruses must be the concern of all organizational members. Practitioners should be aware of the the various anti-virus software packages are available in the market. These packages should be evaluated in terms of their ability to detect, prevent, and remove viral infections.

Accounting practitioners should be concerned about computer viruses in order to enhance the service they provide their clients and to protect the firm's and the client's computerized information. CPAs are often responsible for the installation of microcomputer systems for business clients. Many smaller business clients often turn to their CPA for help when computer problems occur.

The microcomputer environment creates problems for control against viruses. Microcomputers were designed as single user systems, and security measures were viewed as essentially unnecessary. In spite of this lack of control, many microcomputer environments in accounting firms allow multiple users to have easy, undocumented access to hardware and software.

Viruses may be input into a computer system intentionally. There are instances where disgruntled employees have removed software from the premises, replacing it with infected software. However, viruses can be brought into an organization innocently via "freeware" or "shareware" programs and through files being unknowingly contaminated outside the firm and then brought into the firm. Viruses have even been brought into systems from commercially available software from reputable manufacturers. So, how can microcomputer systems be operated safely in an environment where malicious software is potentially present?

Detection and Removal

Anti-virus software is a sound method to detect viruses. There are several anti-virus software packages commercially available and some software manufacturers are including virus detectors within their programs. The anti-viral programs are typically designed to detect and repair specific viruses by using a database of viral signatures. The software takes its "list" of known viruses to examine files that the program software attempts to load into memory. The user is then made aware of the virus if one is found. In order to retain its effectiveness, the anti-viral software must be constantly updated to combat new viruses. However, most software manufacturers provide low cost quarterly updates and user newslines that identify the latest threats.

Other approaches used by anti-viral software manufacturers are more generic in nature. They identify suspicious "viral-like" activities. The search is typically done by checking for changes in program files or monitoring for suspicious viral activities in real time. The user is alerted if suspect programming language is found.

Prices for most packages range from $49 to $250. They require 128K to 512K of random access memory and DOS versions of 2.0 to 3.0. Technical support is provided through toll-free telephone numbers and are usually designed to run on stand alone as well as networked systems.

How should the practitioner find antiviral software for the accounting firm or its clients? The practitioner should examine the software's ability to detect, prevent, and remove viral infections. The software's ability to adapt to networked systems, remain up to date, and its ease to use and install are also important considerations.

Awareness of the Virus and the Vaccine

In designing sound policies and controls concerning microcomputer systems, partners (or shareholders) should be at the forefront of the design, communication, and implementation if it is to be effective. Employees should clearly understand that information protection is a top priority of firm management. All policies should be written, communicated, and understood by firm employees. Ethical considerations should also be communicated. Employees should be aware that violating computer security, even for benign purposes, is unethical. They should also know that computer data is property that belongs to the firm (or client) and is to be treated the same as tangible property.

Accounting practitioners should be aware of the controls and policies that can provide safeguards against viruses within the microcomputer environment. The accounting practitioner's knowledge of computer viruses can be beneficial to clients and to the firm. Understanding the source of computer viruses, and how to protect microcomputer systems from them, can provide a tremendous saving of time, money, and worry that would result from being the victim of computer sabotage.

The CPA Journal is broadly recognized as an outstanding, technical-refereed publication aimed at public practitioners, management, educators, and other accounting professionals. It is edited by CPAs for CPAs. Our goal is to provide CPAs and other accounting professionals with the information and news to enable them to be successful accountants, managers, and executives in today's practice environments.

©2009 The New York State Society of CPAs. Legal Notices

Visit the new cpajournal.com.