For better or for worse, the rise of generative AI means that every company is now in the data business. This circumstance is doubly true for professionals like CPAs who routinely handle sensitive client data. CPAs and accountants must not only manage their own data but are increasingly advising their clients on data hygiene best practices.
Beyond AI, data has grown in complexity and novelty over the past decade. Organizations, even small firms, routinely use dozens of cloud platform tools in a single day. CPAs can now handle scanned documents, PDFs, and photos taken with an iPhone from the same client. The levels of security, connectivity, and interoperability vary across tools and firms, often leading to duplicate and outdated datasets.
AI has become a valuable tool in both governing and managing data across an entire firm. However, it is essential to note that AI itself must be governed closely to reduce risk and ensure the highest degree of accuracy.
What is data governance?
The basics of data governance have traditionally fallen to the IT team. However, the explosion in both the quantity and diversity of data means it can no longer be relegated to specific silos; it must be addressed by firm leadership, even in a small firm.
Data governance refers to the processes, frameworks, and policies an organization establishes for its data use. Data governance is closely tied to regulatory oversight, such as the GDPR, as well as to voluntary frameworks such as NIST. But compliance is far from the only aspect of governance.
Basically, data governance is how leaders of a firm steer anything to do with data, including sensitive PII, AI use and oversight, and determine who is responsible for implementing and overseeing these policies.
Also read: The Rise of AI Ransomware: How Artificial Intelligence is Transforming Cybercrime
Data governance vs. data management
These two terms are related, but not interchangeable. Essentially:
- Data governance represents the who, what, and why of data. It is the high-level strategy that oversees how an organization interacts with data of any kind.
- Data management is the how. It involves implementing the policies set out in a governance plan. Data management may include cybersecurity specifics, data storage and protection, and the ins and outs of daily data use within the organization.
The basics: Assessing and improving data governance
Unless they are just starting out, most CPAs already have some form of data governance in place, even if it is just a loose set of practices. However, the way firms interact with data has evolved rapidly over the past several years, driven by AI adoption and the rise of cloud platforms.
A good data governance plan is not a static document, especially in the modern technology landscape. After setting the overall strategy, stakeholders at the firm should review it at least quarterly, with significant updates planned annually. Any move between platforms or the addition of new tools or workflows should prompt an immediate update.
Data governance is not a set framework and will function differently at each firm. For example, a firm that handles clients in highly regulated industries may need a special focus on compliance. However, setting up a data governance framework at your firm is essential, and even though it will vary from business to business, a good framework will address the following questions:
- Who is responsible for setting and overseeing data policies?
- How will data be stored, secured, backed up, and maintained over the long term?
- What, if any, compliance guidance sets the standard for our data? What documentation (such as a WISP) and audit requirements are necessary to stay compliant?
- What is the authorized use of AI tools, and how are we ensuring they remain secure?
- How are we maintaining cybersecurity standards?
- When will we review and update our data governance policies?
- How will we train existing and new staff on the basics of data hygiene, management, and governance?
The role of AI in data governance
AI is both the plague and the cure when it comes to data. Unsupervised, unapproved use of generative AI by employees can pose a security risk and lead to inaccuracies. However, AI tools can help busy teams better implement data governance policies, gain visibility into how data moves across the organization, and improve data management. Additionally, AI cybersecurity tools are becoming mandatory to help keep up with the pace of cybercrime.
Your CPAs are almost certainly already using AI for their work. It only makes sense to address best practices in your data governance to help them use it efficiently and securely while maintaining compliance.
CPAs and the future of data
Modern data governance is shifting towards automation, AI integration, and agility. Key trends include AI-driven data classification, real-time data observability, and a “shift left” strategy that embeds security and governance from the start.
CPAs will play a crucial role in ensuring that fiscal regulations and ethical standards are integrated within these frameworks, providing oversight and expertise on financial data implications. By leveraging cloud-based solutions and active metadata management, organizations can enhance efficiency and unlock the full value of their data assets, with CPAs guiding the way.
Also read: Accounting Trends: How the CPA Profession Is Evolving, and What Firms Can Do to Stay Ahead
Insurance is an essential aspect of any data governance plan
In the past, CPA firms have only planned for data governance to meet compliance requirements. But increasingly, organizations of all kinds are unlocking value by prioritizing data governance. A properly planned, orchestrated, and implemented data governance framework keeps an organization safe, delivers significant efficiencies, and builds accountability among stakeholders.
An often overlooked aspect of data governance is cyber liability insurance. Simply working through the requirements to qualify for cyber liability will significantly improve your firm’s data security. Cyber insurance is now an essential part of any thorough risk management plan, not merely a precautionary measure. By obtaining this coverage, businesses ensure they have the resources to manage the financial and operational consequences of digital threats. This preparedness allows them to recover more quickly and preserve the confidence of their customers and partners.
To learn more about the cyber liability insurance options McGowan Professional has available for CPAs and other professionals, contact us today.