Home/Industries/Accounting & CPA
Lacerte, ProSeries, UltraTax, Drake, or QuickBooks moves the entire season. When the server hiccups on March 14, a partner is on the phone with a client at the worst possible time. IT designed for the season, not just the off-season.
Lacerte and UltraTax workloads triple in February and March. A server that worked fine in October starts swapping when six preparers are filing simultaneously.
Bookkeeping and controller-services firms are a top FBI target. Vendor-banking-change emails are the most common attack vector. A one-page rule prevents almost all of them.
The IRS requires every tax preparer to have a written Information Security Plan (Pub. 4557, Rev. Proc. 2007-40). Most small firms we meet have it on paper but no evidence the controls are actually deployed.
Clients send 1040 documents three different ways — email, ShareFile, "drop them in my Dropbox." Tightening this is a small policy change with a large risk reduction.
A small or mid-sized accounting practice on our managed stack gets the same defense-in-depth we deploy at law firms, with tax-software vendor coordination and the IRS WISP control list mapped to the stack.
Software we've supported in client environments: Lacerte, ProSeries, UltraTax CS, Drake Tax, ATX, TaxAct Professional, plus the workpaper and document tools that pair with them (FileCabinet CS, GoFileRoom, SmartVault). On the bookkeeping side: QuickBooks Desktop, QuickBooks Online, Sage 50, and the payroll platforms (Gusto, ADP, Paychex).
The IRS-required Written Information Security Plan maps to twelve controls — risk assessment, MFA on every PHI-or-tax-data-accessing account, encryption at rest and in transit, secure-disposal procedures, vendor management, training, incident-response plan, and the rest. The Micro-IT managed stack ships with eleven of those twelve already deployed. The twelfth (the documented annual training event for every preparer) is a 30-minute calendar item we help schedule. See the cyber-insurance article for the control list cyber carriers ask about — the same control list applies here.
Most firms we onboard arrive with a workhorse server that worked fine in October and panicked in March, and a partner who's been the de facto IT person at 9 PM on tax-deadline weekends. By day 90, the tax server is monitored 24/7, the workpaper backup runs to immutable storage every night, the WISP has the evidence files behind it, and the wire-change-confirmation rule is on every AP staff's desk in a one-pager.
Available across the region: Paducah, KY · Murray, KY · Mayfield, KY · Cape Girardeau, MO · Owensboro, KY · Evansville, IN — full service-area list at Western Kentucky & the region.