Technology is a key driver of change. It improves efficiency, cuts costs, is an essential enabler in the delivery of services, and maximises business profitability. 


  • Treat technology as the key to your business success
  • Commit appropriate levels of expenditure to maintaining and upgrading your IT systems
  • Use workflow management to assess how technology can help you become more efficient
  • Utilise data analytics to hone business performance
  • Maximise your time by using automation to integrate your systems and processes
  • Embrace the benefits that flexible operating systems and online communication systems, such as the cloud and Skype, can offer clients and staff
  • Explore social media as a business communication tool and to collaborate with peers

CPA Australia’s IT checklist for small business focuses on such issues as remote working, cyber security, cloud computing, social media, mobile devices and business compliance. The checklist items aim to ensure you think clearly about your requirements.


Cyber security and protecting your data

Find practical tips to manage your cyber and data protection risks in CPA Australia’s webinar recording, jointly provided with the Tax Practitioners Board (TPB). In addition, the Australian Taxation Office (ATO) and the TPB have developed security tips to ensure that you have sufficient IT controls in place to protect the security and confidentiality of your client records. 

Prevention is your best approach but should you become the victim of a ransomware attack, you have three options:

  1. Use a recent, uncorrupted back-up to restore your data
  2. Try one of the decryption websites for information and decryption tools
  3. Pay the ransom

In addition to the guidance contained in CPA Australia’s IT checklist for small business, members have access to a cyber liability insurance product tailored specifically for them.  

EU General Data Protection Regulations

The European Union General Data Protection Regulations (GDPR) took effect on 25 May 2018.

Some Australian businesses covered by the Australian Privacy Act 1988 (Cth) may need to comply with the GDPR if they offer goods and services in the EU or monitor the behaviour of individuals in the EU.

Australian businesses should determine whether they need to comply with the GDPR and, if so, take steps to ensure their personal data handling practices comply with the GDPR.

The Office of the Australian Information Commissioner has a GDPR fact sheet for Australian businesses.

Notifiable Data Breaches scheme

Robust data security was legislated in Australia under the Privacy Amendment (Notifiable Data Breaches) Act 2017, which makes it mandatory for businesses to report eligible data breaches from 22 February 2018. 

Under the Notifiable Data Breaches (NDB) scheme, businesses need to notify individuals and the Office of the Australian Information Commissioner (OAIC) in the case of eligible data breaches which are likely to result in serious harm to the individual. 

Not all data breaches are eligible. For example, if an entity acts quickly to remediate a data breach, and as a result of this action the data breach is not likely to result in serious harm, there is no notification requirement. If 20,000 people are affected by a data breach in a minor way, with no serious harm, this also would not be captured under the legislation.

The OAIC provides resources to guide you on what constitutes an eligible data breach and the notification process.  

Cloud computing

The biggest driver of change over the past decade is cloud computing. Cloud applications are now mainstream technology. Introducing a cloud solution offers portability of systems and the convenience of a virtual office. When selecting a cloud provider ensure that the firm is reputable, well-funded and has standard security measures.

The TPB offers a guide for practitioners on their obligations under the Code of Professional Conduct regarding the use of cloud computing and CPA Australia discusses it's advantages and disadvantages

Selecting an IT service provider

Not all businesses have the resources for their own dedicated IT support staff.

At a high level, it remains important that you understand what is needed from your external service provider and know what types of services can be done by a service provider and which need to be done in-house. It is also important to consider whether you should have more than one service provider. A single service provider can more easily be held accountable than multiple service providers, but presents a risk to your business if that provider fails as you leave access to all of those services at once.

Some of the issues to consider when selecting a service provider include the service provider's background, whether you can work with the provider and the staff that they want you to work with, their ability to address your needs securely, and how they will go about implementing the system. Your own legal requirements are also an important consideration. In these days of social media it is important that you consider the service provider's "digital footprint" on social media in the same way that your clients evaluate your business. You can do this by searching online for reviews.

Starting points in what to look for when selecting a service provider:

  • a clear and enforceable service agreement
  • clear scope and acceptable performance of services over the long term. For example, are software updates and hardware upgrades considered?
  • a process for extension of the contract as well as variation of the services – and service levels – provided
  • pricing and fee structure that is realistic without "hidden" costs for out-of-scope and unforeseen services
  • payment terms that align the benefits with the costs of the agreement
  • clear representations and warranties
  • outline your respective obligations. For example, how will you address the need for interruptions to the working day and manage the ongoing relationship?
  • ascertain their service availability. For example, can you contact them 24/7 if you are the subject of a cyber attack?

It is also important that any contractual arrangement you do put into place aims to maintain a strong relationship with the service provider so that you have a level of understanding and trust to draw upon.

If the relationship deteriorates over time, problems that arise can become much bigger if the relationship is not good to start with. It is important that you maintain a strong professional relationship in the good times so that when things are not going well, you have a level of understanding and trust to draw upon.

If the relationship deteriorates over time, problems that arise can become much bigger if the relationship is not good to start with. It is important that you maintain a strong professional relationship in the good times so that when things are not going well, you have a level of understanding and trust to draw upon.

In CPA Australia's Guide to the cloud, it is considered essential that you proceed cautiously with your choices, consider the location of the service provider, and place an emphasis on selecting a provider you can work with rather than just considering price alone. You should also give thought to your own clients' needs with how you manage their data, and understand your service provider's proposed disaster recovery arrangements and data backup approach.

Finally, you should keep a list of the key external service providers that you use. Be sure to meet with these service providers regularly to discuss how the service is performing and whether there are improvements that can be easily achieved. Remind yourself that your business could download its data and applications and move to another service provider easily. You need to have an eye to how you might separate from your service provider if or when the relationship is no longer working for the both of you.

Accounting software and hardware

The other significant area of development has been accounting software. Improved software provides practitioners with an opportunity to offer clients a more contemporary, digitised and personalised experience.

Download our ebook to determine if the online accounting software you use is the right fit for you.