In Brief

The proliferation of smartphones, tablets, and other mobile devices has changed the way businesses gather and process information, and CPAs are no exception. In this article, the author discusses the benefits of mobile business analytics, the role CPAs can play in its deployment, the security threats relevant to mobile devices, and the importance of managing enterprise mobility.

* * *

Mobile devices have grown in functionality and popularity, changing how people search for information. Google recently announced that more information searches are performed on mobile devices than on desktop computers in the United States and nine other countries (Greg Sterling, “It’s Official: Google Says More Searches Now on Mobile than Desktop,” Search Engine Land, May 5, 2015, http://selnd.com/1c1tKXg). Mobile devices can also be used to access business data on corporate servers. In fact, nearly half of Gartner marketing survey respondents indicated that they spend more than one hour each day using mobile devices for work (“Gartner Survey Shows U.S. Consumers Have Little Security Concern With BYOD,” press release, May 4, 2014, http://gtnr.it/1pY3h4q). By using mobile devices, CPAs can access information and perform work-related tasks no matter where they are, improving their response speed and efficiency even when they are out of the office.

This improvement can be further enhanced through mobile business analytics (BA), which is software that extends in-house business intelligence and makes it available to CPAs on the go. Mobile BA is not difficult to implement, because most, if not all, employees already use mobile devices. A 2015 survey revealed that 64% of American adults owned smartphones, and that smartphone ownership is especially high among young people and those with relatively high income and education levels (Aaron Smith, “U.S. Smartphone Use in 2015,” Pew Research Center, April 1, 2015, http://pewrsr.ch/19JDwMd). The Exhibitprovides several examples of how mobile applications have revolutionized CPAs’ productivity.

Recognizing the importance of analytic skills for accounting professionals, the Association to Advance Collegiate Schools of Business (AACSB)’s International Accounting Accreditation Standard A7, Information Technology Skills and Knowledge for Accounting Graduates: An Interpretation, states: “Data analytics or business analytics along with appropriate IT skills and knowledge development should be a key component of accounting curricula” (http://bit.ly/1RNASdz). Although these new skills can enhance accountants’ career development, using new IT tools can also increase the risk of system security breaches. Therefore, the AACSB also contends that understanding the nature of IT developments related to data management, analytics, and security within and across organizations is critical for the professional development of accountants. AACSB-accredited accounting programs are expected to meet the Standard A7 curricular requirements beginning in July 2016. Coverage of mobile business analytics and the related system security issues can help experienced professionals stay current with this emerging IT tool.

As the use of mobile devices becomes more prevalent, mobile security threats also become an increasing concern. In addition to the same system security threats as desktop computers, mobile devicespossess their own unique vulnerabilities.

Business Analytics

The role of accounting information in supporting decision making has evolved gradually as a result of technological advances. In addition to conventional financial data, the relevant information has expanded to include nonfinancial information and large-scale data analytics (colloquially, “big data”). Furthermore, the emphasis of accounting has shifted from reporting on the past to monitoring current operations and providing forward-looking information and analysis (“Improving Decision Making in Organizations: Unlocking Business Intelligence,” CGMA report, Jan. 27, 2012, http://bit.ly/1WUIuJj).

BA generally uses statistics to uncover relevant patterns or relationships hidden in the data and present the results visually. Many businesses are already taking advantage of the opportunities offered by BA to improve decision-making. In fact, of the over 2,100 CFOs interviewed in a recent study, 61% indicated that expertise in BA is mandatory for some or all of their accounting and finance employees (“Business Analytics: The New Must-Have Skill Set,” Robert Half Media Resources, Sept. 25, 2014, http://bit.ly/1Bdi0H4).

Mobile BA solutions entered the market years ago and are finally reaching a level of maturity that allows users to do analysis on the road. In addition, the demand for mobile solutions has forced BA vendors to offer more user-friendly interfaces across the board (Ellie Fields, “Top Ten Trends in Business Intelligence in 2015,” Tableau Software, Dec. 2, 2014, http://tabsoft.co/1UrqwAi). Several IT companies, including IBM, SAP, and Oracle, all offer add-on mobile BA solutions (Cognos Mobile, BusinessObjects Mobile, and Business Intelligence Mobile, respectively) as part of their enterprise software suites. In addition, stand-alone BA solution vendors, including Microsoft, MicroStrategy, Tableau Software, and SAS, offer similar products (Microsoft Power BI, MicroStrategy Mobile, Tableau Mobile, and SAS Mobile BI, respectively).

CPAs and BA Deployment

CPAs should take ownership of enabling and supporting BA solutions. Developing BA solutions requires business-functional knowledge, statistics, and data management skills. CPAs can work with data scientists and IT personnel, if needed, to complete the following steps:

  • Identifying points of strategic competitiveness and opportunities to improve the bottom line
  • Working with business units to identify the information needed to support and enhance their operations
  • Preparing data for analytics, which may require data migration across different systems or platforms
  • Building analysis models to generate actionable business intelligence
  • Deploying BA tools and helping employees use the new intelligence to improve business
  • Evaluating BA project performance based on preset objectives.

Mobile Device Security Issues

Despite the benefits of BA solutions, delivering them via mobile devices poses additional system security threats for businesses. Specifically, as the use of mobile devices becomes more prevalent, mobile security threats also become an increasing concern. In addition to the same system security threats as desktop computers, mobile devices possess their own unique vulnerabilities. For example, mobile devices can easily slip out of a pocket, drop to the floor and break, or be stolen. To make matters worse, many people use their mobile devices for both work and personal needs, which creates even greater security risks. System security threats relevant to mobile devices are explained in more detail below.

Malware threats.

Malware refers to computer programs intended to harm devices or systems. Malware attacks infect a host device, co-opt or disrupt its operations (sometimes destroying it outright), and spread to other devices or systems. Because there are at least six times more shipments of mobile devices than shipments of traditional PCs worldwide (“Gartner Says Worldwide Traditional PC, Tablet, Ultramobile and Mobile Phone Shipments to Grow 4.2 Percent in 2014,” Gartner Newsroom, July 7, 2014, http://gtnr.it/1zkrzpj), attackers frequently target mobile devices for a better reward. In 2014, there were 295,500 new mobile malicious programs detected, 2.8 times the amount in 2013 (press release, “One Billion More: Kaspersky Lab Reports on Cyber Threats in 2014,” Dec. 8, 2014, http://bit.ly/1LX6IST). This huge increase makes it clear that the malware threats on mobile devices should be well guarded against with up-to-date antimalware software.

Insecure operating systems (OS).

The vast majority of mobile devices are running on either Android or Apple’s iOS. Some contend that iOS is more secure because of its tightly controlled environment; content uploaded to the Apple App Store is screened, and iOS ensures that even malware downloaded from the Internet cannot corrupt the device. The main threat to iOS comes from “jailbreaking,” the process of removing hardware restrictions on the OS.

In contrast to Apple’s proprietary iOS, Android is an open-source OS used by a wide range of manufacturers. The primary goal of Android is to create an open platform for developers to implement their ideas and enhance the mobile experience. Therefore, Android users have many sources for apps and may unknowingly download malware from unsafe sites. In 2014, Kaspersky Labs found that 98.05% of mobile malware targeted the Android platform because of its popularity and the vulnerability of its architecture (Darlene Storm, “98% of Mobile Malware Targets Android Platform,” Computerworld, Feb. 24, 2014, http://bit.ly/1F40Dvp).

Both iOS and Android are generally safe, as long as users install apps only from trusted sources. Regardless of their phone’s manufacturer, users should ensure that their devices are running approved OSs with up-to-date security patches installed.

Jailbreaking or rooting devices.

Some tech-savvy employees may modify their devices to increase functionality. Similar to jailbreaking on iOS, “rooting” is the process of allowing Android mobile device users to have privileged control over Android’s subsystems (akin to having an administrator account on a desktop OS); this allows users to delete stock apps and install third-party apps. But jailbreaking or rooting also removes security controls imposed by manufacturers. Consequently, users who jailbreak or root their devices can be at a higher risk of malware infection. In some cases, the process may even be illegal (Chris Hoffman, “Is It Illegal to Root Your Android or Jailbreak Your iPhone?” Makeuseof.com, Mar. 19, 2014, http://bit.ly/1REZSjT).

Theft or loss of devices.

The versatility of mobile devices has made them a necessity for many employees, but this value also makes them targets for thieves. These thieves can then steal personal data and corporate information stored on the victims’ devices, or even use the stolen devices to access corporate servers. Biometric access controls are effective to protect data on lost or stolen devices. In drastic circumstances, remotely wiping a stolen device may be necessary.

Communication threats and data theft.

Many businesses, and even some municipalities, offer free Wi-Fi to attract customers and tourists, and some employees may use their devices to connect to these open wireless access points. While convenient, this can pose a security threat, as hackers can eavesdrop through Wi-Fi to steal information. In addition, if a user’s Bluetooth settings are not correctly configured, hackers can retrieve the address book, call history, and other information from a victim’s device, or send malware over the unsecured Bluetooth connection. To mitigate this threat, businesses can require employees to use a Virtual Private Network (VPN) when accessing corporate information. VPNs encrypt the communication between a mobile device and the Internet, even on unsecured Wi-Fi, to prevent data theft.

Privacy issues.

People often talk on the phone while walking on the sidewalk, waiting in lines, or sitting in a coffee shop. Consequently, conversations can be heard easily, even when these conversations include sensitive information. Privacy-conscious callers can ensure that no eavesdroppers are around them, but they cannot be certain of the environment on the other end of the call.

Corporate governance.

IT governance is part of corporate governance, which provides organizational structures to ensure that IT investments are developed with adequate IT control mechanisms. Therefore, the security of mobile devices should be integrated with corporate governance to ensure that the process is aligned with an organization’s overall governance strategy.

Cloud-based BA offers scalability and alower total cost of ownership, which make iteasier for businesses to deploy BA solutions. Furthermore, some cloud-based BA vendorsalso provide self-service options.

Enterprise mobility management (EMM).

Enterprise mobility is the trend toward a shift in work habits as a result of the growing popularity of mobile devices and cloud computing. Making corporate servers available to mobile devices, however, increases the risk of system security breaches. It is also difficult for enterprises to control the use of mobile devices by non-employees outside the office. To reduce related security threats, EMM vendors offer suites of programs that manage employees’ mobile devices, apps, content, and security features. Specifically, EMM software can securely manage end points—including smartphones, tablets, and iPads—and corporate servers. In addition, EMM solutions use containerization technology to separate corporate data from personal information and provide secure data communication between the corporate servers and endpoint devices. This allows the remote wiping of corporate data on a lost or stolen device while keeping personal information (e.g., photos, music files) intact, easing employees’ concerns about losing that data.

Additional BA Features

Natural language processing BA.

Many CPAs may have already tried voice-activated functions on their smartphones and appreciated their handsfree convenience. In fact, many personal needs or business tasks that require information can benefit from natural language processing (NLP), which studies the interactions between computers and human languages by integrating computer science, artificial intelligence, and linguistics. Both IBM’s Watson Analytics and Microsoft’s Power BI offer NLP query functionality. IDC has predicted that 70% of leading BA vendors will have incorporated NLP capabilities into their software by 2016 (“Gartner Says Business Intelligence and Analytics Need to Scale Up to Support Explosive Growth in Data Sources,” Gartner Newsroom, Jan. 24, 2013, http://gtnr.it/1XZWf9O).

Self-service BA.

There is a shortage of data scientists who can analyze business data to generate new intelligence. Therefore, several vendors have self-service BA solutions to make their software easy to use. The self-service approach allows users to design analytical queries and reports without the assistance of IT personnel. Tableau and Qlik have been exploring this approach to empower users to take advantage of BA solutions on their own. Other self-service BA solutions include IBM Cognos, Microstrategy Analytics Desktop, Microsoft Power BI, and SAP Lumira Cloud.

Cloud-based BA.

Cloud-based BA offers scalability and a lower total cost of ownership, which make it easier for businesses to deploy BA solutions. Furthermore, some cloud-based BA vendors also provide self-service options. The pay-as-you-go subscription model (as opposed to on-premise installation) is attractive for any entity, especially small and medium-sized businesses with limited IT resources. Cloud-based BA is becoming a popular deployment option; in December 2014, IDC predicted that over the next five years, spending on cloud-based BA will grow three times faster than that of on-premise solutions (Press Release, “IDC Reveals Worldwide Big Data and Analytics Predictions,” Dec. 11, 2014, http://bit.ly/1ArFxEB). Readers are encouraged to review Gartner’s assessment of 24 BA vendors when planning their firms’ deployment (http://gtnr.it/23dDovF).

Implications for Accounting Professionals

Although mobile devices are still less powerful than desktop computers, they allow for simplified but critical analytics on the go. Crucially, mobile BA is an inexpensive option available to all accounting professionals and firms. For example, QuickBooks Online (QBO) subscribers can download various applications, including Float, from apps.intuit.com. Synchronizing with QBO, Float updates data in real time and prepares a cash flow forecast in minutes, allowing users to view their short-term cash flow and project cash availability on a daily basis. Xero, another provider of cloud accounting for small businesses, launched a new platform in April to integrate with Microsoft Power BI. Users can view data visualizations of the most important small business metrics, including cash flow, profit/loss trend, receivable turnover ratio, and return on investment.

Conventional financial reporting is not enough to satisfy the needs of today’s business environment.

The information needs for decision making and the required analysis for improving operations have expanded. Conventional financial reporting is not enough to satisfy the information needs of today’s business environment. Many accounting professionals, however, are still too preoccupied with the traditional reporting cycle and have been slow to move into new roles. CPAs must stay current with technology advances, including using BA solutions. This technology can enable professionals to access information anywhere and anytime to improve their bottom line.

Paul Lin, PhD is an associate professor of accountancy at Wright State University, Dayton, Ohio.