Doug Houser:
From Rea & Associates studio, this is unsuitable, a management and financial services podcast for entrepreneurs, tenured business leaders, and others who are ready to look beyond the suit and tie culture for meaningful measurable results. I'm Doug Houser, on this weekly podcast thought leaders and business professionals break down complicated and mundane topics and give you the business tips and insight you actually need to grow as a leader while helping your organization to grow and thrive. If you haven't already, hit the subscribe button, so you don't miss future episodes. And if you want access to even more information, show notes, and exclusive content, please visit our website at www.reacpa.com/podcast, and sign up for updates. Keeping your organization's information and computer systems safe can be tricky, but assessing current processes and recommending new and innovative software could put you on the right path to grow your organization. Today Darrell Williams, Chief Information Officer at Rea & Associates is here to talk about a few IT initiatives that we are doing internally to ensure information safety. Welcome to unsuitable Darrell.
Darrell Williams:
Thanks, Doug. I appreciate you having me. It's a pleasure to be here.
Doug:
Great to have you on. And so thankful that you're a part of our organization as Chief Information Officer. Obviously, with COVID and the pandemic and everything, you had to pivot, I'm sure, very, very quickly to deal with some things in a little more current manner than you thought. Talk about how that played out and what happened, how it impacted your world as Chief Information Officer.
Darrell:
Sure. That's a great question. When COVID really came about back in March, when everybody was going home, now a lot of companies, organizations out there did have some pretty good remote working strategies, they had a really good vision for what they wanted to do. It wasn't a very uncommon thing, but what a lot of organizations were not prepared for was 100% remote working. A lot of organizations will try to balance that out, maybe they want to do 30% at one time, 50% at one time, but never prepared for a 100% remote working probably was never discussed just because of the budgetary aspect of licensing and having all the different technologies, running all the applications that need to support the business from a remote working standpoint. The biggest challenge was just scaling that out in several days just to support that 100% working remotely environment.
Doug:
Yeah. Well, I can say, thank you from our perspective. Because I thought all things considered it, it went very, very smoothly across our firm. I appreciate that, but let's talk about our firm a little bit. We have the four cornerstones of people, firm, clients, and growth. Talk a little bit for us about how IT enhances each of those things and in terms of the cornerstones of our firm. Can you expand on that a little bit?
Darrell:
Yeah, absolutely. Absolutely. It's a great question. When we look at the people cornerstone, one of the things that I like to do from a strategic standpoint is tie our initiatives into the strategic plan and in the Rea way. And the Rea 3.0 is coming up as well. As we look at the people side of things, I think of that with our internal staff and our internal employees who are working in the office outside of the office. What we continue to want to do is to evaluate creative methods to enhance our remote workforce. Coming into January at 2021, we're going to have people in the office, outside of the office, but I still think we're going to have a large remote workforce just as we did closing out 2020, but we want to continue to get creative with the way we provide remote working.
Darrell:
That's also, as you come into the office and go home to work, we still want to give you that right balance of technology from a hardware standpoint so you can be as productive and as efficient as possible. And then not only from that but also looking at the way we can deliver and collaborate with technology across our 14 to 15 office footprint in the state of Ohio, by being able to collaborate better, to being able to do video, being able to do instant messaging, sharing files easily. We want to be able to do that very seamlessly. We are really exploring and expanding our research on trying to really provide innovative ways to do that for our people here at Rea.
Doug:
Yeah, I think that's hugely important. I'm glad you bring that up Darrell because I've noticed that if anything, our connectivity across the firm across our footprint has really improved through this as we've gotten more comfortable and really using different technologies rather than just the old, walk down the hall or even email. Would you agree with that?
Darrell:
Yeah, absolutely. You look at the one thing that COVID has done, from positive experiences, it's allowed us and forced us to adopt and really learn how to use a lot of different collaborative technologies that are out there today. You look at products like Zoom, and from a video conferencing standpoint, you look at products like Microsoft Teams and Slack and all the different collaborative tools out there. It's really driven adoption across the board, even here at Rea. And we are expanding our collaborative footprint as well. You've looked at, we're rolling out Microsoft Teams full scale with the West central region this month in January. And we'll be expanding upon that firm-wide into the spring.
Doug:
That's awesome. And I think too what we're doing with our CRM system and the different client connectivity that we've got in terms of information sharing across our firm, that's been awesome too. I've seen a lot more heavier use of that and it's allowed us to better serve our clients and focus on growth too, with regard to that. It's kind of both, right? It's that internal information sharing and also the external, the client-facing and the ways we interact with them. Talk a little bit maybe about that side of it, that external piece, and how we're trying to improve things from that regard.
Darrell:
Yeah, when you look at the client cornerstone. I look at that as we're trying to enhance the client experience as much as possible. As we continue to work with our clients, we are piloting different programs right now with a few of our clients trying to figure out what is the best way for us to collaborate with not only with file sharing but also going in the files at the same time together and being able to co-edit and co-collaborate within data files. We are actually doing that not only within Microsoft Teams.
Darrell:
But also with a couple of other platforms and piloting those out on trying just to figure out what that best client experience is because there are so many different solutions out there that you can choose from. What is the best one that fits the culture of our organization, fits the culture of our clients? That's why we're spending a lot of time this tax season and testing out and piloting different platforms. So when we do come out of our tax season in April 2021. We want to be able to get that client feedback, get their client experience so that we can make the right decision.
Doug:
Yeah, absolutely. And talk, if you can, a little bit about how in today's world, obviously, information security, cybersecurity, how that dovetails in with that. Obviously, there's a lot of concerns around that and we have, certainly, a whole separate cybersecurity team and who you work with closely, but talk a little bit about how that folds into that strategy.
Darrell:
Sure, absolutely. Cybersecurity information security is really top of mind for us here at Rea. Especially for me being the CIO. I feel like one of my very most important job duties is to protect our client's private information, their data privacy, and making sure we're putting our best foot forward and putting in the necessary security controls that are best in breed and best practice. In Rea, I work pretty closely with our cybersecurity executives here at Rea, and we're continuing to do a lot of different things, but the threat landscape is changing dramatically, even since the end of the fourth quarter of last year, to where we are today. That threat landscape, you look at the companies that have been breached companies like Ubiquiti networks, which is a big networking company. You look at SolarWinds, you look at FireEye, FireEye is probably one of the most respected companies out there from a security standpoint.
Darrell:
And I think it goes to show if you're a target and someone is targeting you, it's very difficult to stop. One of the things that we have to do here at Rea is we have to continue to access our vulnerabilities. We have to make sure we understand where we're vulnerable. We've got to make sure we put the proper controls in place, which we are doing. And then you got to have different strategies. And one of the ... we have a continuous improvement mindset when it comes to cybersecurity and our clients expect that from us and definitely want to put our best foot forward and looking at things like vulnerability stands, making sure we understand where all of our data lives on our network, so we can put the proper controls in place. And the third thing and probably one of the most important things any organization can do right now is have a multifactor authentication strategy.
Darrell:
Our clients should have that, we have that, but we have to continue to improve upon that strategy. As we continue to look forward, any vendor that we partner with from an application cloud-based environment, we've got to make sure we assess their multifactor strategy before we would bring them on board. The security piece is so important and then that can impact our clients. We got to make sure that we're continuing to educate our clients as well on the best way to secure information, to share information securely. That's at the forefront of our minds right now.
Doug:
Yeah. And it's not always a smooth line as it comes to this stuff, there's always sometimes significant changes that cause us to look at a different way of doing things. And it changes may be the interaction with the client or it's something that they're not used to seeing. But again, it's all in the name of protecting their information, our information, all of this data that's out there.
Darrell:
That's correct. There's a thing I always like to say that, you cannot eliminate risk. We can only mitigate risk as much as possible with best practices and best in breed controls. We just got to continue to educate and make sure people are aware of the most recent threats that are out there. And what's on that threat landscape so we can prepare ahead of time for it.
Doug:
Now let's talk about a little bit more fun topic and that's on the growth side. I mean, there's just so much cool stuff out there, whether you're talking about machine learning and Artificial Intelligence and all these kinds of things. Let's talk about that a little bit and what that can mean for not only for us, but for our business owners out there going forward.
Darrell:
Yeah, absolutely. When you look at the growth, I think a lot of our growth on the technology side is definitely going to come from terms that pretty popular out there with Robotic Process Automation, RPA, and then also any application and vendor that we bring into the firm. We want to make sure that they have the most robust interface capabilities possible. I've been partnering internally with [Leslie Mash 00:13:13], she's leading up our RPA team. And so we are looking at ways to automate the releasing of returns without having someone actually go in and manually release returns to the IRS, being able to build those program interfaces to make that happen. We want to consider those things and look at those things very heavily. The other thing that's really, as we look at our growth is having a data strategy and then we've been spending a lot of time thinking through what our data strategy should look like.
Darrell:
And it comes down. It's very, I think very simply and its most simplistic form. It's like, what business decisions or questions are we trying to solve and answer? And if we can figure out what that is, we can then determine where the data lives to be able to answer those questions. We must then identify where the data lives so we can then extract it and then be able to run the analytics against it to answer those questions. Those are a couple of the really exciting pieces that we have going on right now. And it's really popular in our industry right now, as you look at RPA and you look at APIs, Application Program Interfaces, and how we can automate and just do more with automation and save that time and that's what we're doing. And the data piece is really, really exciting as well.
Doug:
Yeah, very cool stuff. Let's talk about, say the ramifications of that may be long-term. What does that mean for not only our clients but our people too, as we perhaps work differently or more efficiently with regard to all that, what does that shift mean over time?
Darrell:
Yeah. As we become more data analytic, as we look at data analytics even more in-depth as you look at the commodity size of our business from a tax and audit standpoint. If you look at the tools like the AICP is developing on the audit side with their new dynamic audit solution, that's got a lot of AI built into it. It's got a lot of data components built into it to where other firms are going to be using that solution. You're going to be able to benchmark your client with other clients in the same industry. I think as we look at our people side and as these technologies mature, return prep is becoming more automated, return reviews are going to become more automated because of AI. It's going to be able to look at that data in a tax return individual or corporate. And it's going to be able to pick out things that you should be investigating. Being able to analyze data more so than preparing the data putting into the system is going to be extremely important.
Doug:
Yeah, it's really getting more around the output and the thought process, what does this mean for planning and different things going forward. So we can spend more of that time really having that dialogue with clients. And not so much with the compliance part of it.
Darrell:
That's correct. Yep. That is correct. And we're seeing that on the tax side, the audit side, and then I think as we look at data, we're going to be able to then take the information we get from that data and provide another level of value to our clients to help them make their business decisions a lot easier today by using that technology.
Doug:
Yeah. That's a great point. I think that's something I've always enjoyed, trying to focus on what clients as having those kinds of macro discussions about their business and what can we do to think ahead and think about different scenarios, what their goals might be, and all that kind of cool stuff. That's very fun.
Darrell:
Yeah. It's really going to change. I mean, it's changed the industry a lot and I think the big winner out of all of these technology enhancements is going to be our clients. And that's one thing that excites me is being able to provide a level of value to our clients with this type of information.
Doug:
Yeah. It's mind-boggling to think about, I can't wrap my head around all of it. When I hear some of this stuff like Artificial Intelligence and Machine Learning, it's sort of scary at the same time. As all of our information, these days is really out there, up in the Cloud. What are the overarching risks of that from just a macro society perspective, anything there that comes to mind?
Darrell:
Yeah, when we look at the Cloud, I look at it into a sort of two pieces. You have your software as a service type solution set. And then when you look at the cloud, you have your infrastructure as a service solution. Some companies have taken the step in recent years to take their data centers, their brick and mortar data centers, and then have that hosted in the Cloud by a third party. And what I have found and doing that in the past is from a security standpoint, the physical security standpoint, you are improving your security posture, I think, greatly by doing that and protecting your client's information much better because you're in a 24/7 365 facility that's monitored. The backup strategies can be much better and much cheaper than what you can do internally.
Darrell:
And then as you look at the software as a service component, say such as a CCH access or something like that, that we use quite a bit, even with the AICP and their Daz model, which will be Cloud-based. The software is going to be running in the Cloud. The data will be stored in the Cloud, but at the same time, from a security standpoint, you have to make sure you do your due diligence on those products to make sure they're following proper protocol. And then as we talked about cybersecurity a little bit more, part of any cybersecurity strategy within a company or organization, should have a due diligence process to evaluate the security of any cloud vendor. It does provide a level of convenience, especially during these COVID times when you can go anywhere and access this data pretty much on any device, but you need to make sure that you are looking at two-factor authentication multi-factor for these vendors.
Darrell:
You want to make sure they have a good recovery plan. You want to make sure you review their SOC reports, and that they've been audited against from a security operation control standpoint. As you look at the Cloud and the convenience that it does provide it is up to you as the company that's contracting with these providers to do your due diligence and making sure proper security protocols are being followed.
Doug:
Yeah. And the other thing I think about too, with now that we're all working more remotely or hybrid much more so than ever, we've got devices that we're carrying all over the place, obviously. How do you deal with some of that from a security perspective and making sure that we're providing the convenience and efficiency we want for our employees, but balancing that security side of it, what are some of the things we do there?
Darrell:
Yeah. Depending on an organization, we as a firm, do a BYOD, bring your own device when it comes to say a smartphone or a tablet, for example. An organization needs to make sure they have proper policies in place during a BYOD environment. A person brings in their personal smartphone and tablet, and they want to connect that to the firm network. We have to do our due diligence and make sure that we are requiring encryption on that device. We got to make sure that we're requiring strong passwords to enter the device. And then we also need to have a way to manage the applications on that device. And we also need to make sure that we can cleanse that device if it's lost or stolen. As you look at everybody wanting to bring in their devices, which is great, some firms won't allow that, some companies don't allow that, and they may go the route of providing devices to their employees, not only laptops but smartphones and tablets so they can have more control over those devices from a policy standpoint.
Doug:
Yeah. Pluses and minuses, I guess, to each approach there. But like you said if you're going to do it the way we do it, which I think everybody appreciates its flexibility, but you've got that encryption and the ability to cleanse and do all those things and make sure we're protected from that perspective.
Darrell:
Yeah. Those are great that, but sometimes there are cons associated with it because somebody may not want to connect their personal device because if they lose it, they could lose any personal information that's on that device. You just have to make sure that proper policies are created and education and awareness is brought to the forefront of that. And usually, it's fine, as long as that's all outlined.
Doug:
Before we close Darrell. I'll challenge you a little bit. If we're thinking really, let's say, far into the future because my brain doesn't work this way. I can't imagine what we're going to see, say five years down the road, can you give us, Darrell's best guess as to what we might be looking at from a really big picture perspective that far ahead?
Darrell:
Yeah, absolutely. That's a great question. I definitely see us utilizing the Cloud more and more, a lot of the compliance applications that we use, and from a tax and honest standpoint. Some are cloud-based, some are not. I can see us moving a lot of those into the Cloud. I could see right now we have 14, 15 office footprint. I can see a lot of our data moving to the Cloud, not only from an application standpoint, from an infrastructure as a service standpoint. We're definitely looking at that now. I can see us moving a lot of our, enhancing a lot of our security controls, and really looking at things like identity management, much more than what we are today. Data is going to be a big part of our future. Having a more data-driven decision-making model within the firm.
Darrell:
As we go out to look at maybe other firms to merge with, or as we look at helping our clients more and having more of a data-driven decision-making process around our data strategy is going to be huge for us. And then we will always continue to enhance our security posture. That's going to be something that I think our cyber team is already doing with their clients, but we want to leverage their knowledge to actually help Rea even more and propel us to be a leading-edge firm in regards to security and protecting our client's personal identifiable information.
Doug:
Yeah. So cool. There's just so much to think about. And I think the favorite part for me is how you weave that into our, again, our four cornerstones of people, firm, clients, and growth. I think that's tremendous.
Darrell:
I think the close on that, five years from now, I think every year, we're going to see huge enhancements with the tools that we use to collaborate with our clients and to collaborate internally. And it'll be interesting to see five years from now, what the workforce is. Are we going to be all back in the office or is it going to be a balance or, what's that going to look like? One of the things I like doing the most is partnering internally with Rea employees to help select technology, review technology, and implement technology because the people that do the work, know the work the best.
Darrell:
And then having them help us evaluate and test. We're doing a West-central teams rollout right now with the whole group. And I've got a lead carpenter helping us with the rollout of teams, giving us feedback on the tax side and how we can do that. That part of my job, I probably love the most is partnering internally with our stakeholders and making sure we're rolling it out the way they would like it to work with their clients.
Doug:
Yeah. Cool stuff. And it's all always fun how we adapt and embrace this stuff going forward. Very, very interesting. Thanks again, Darrell, appreciate you being on-
Darrell:
Your welcome.
Doug:
Absolutely. And if you want more business tips and insight, or to hear previous episodes of unsuitable, please visit our podcast page at www.reacpa.com/podcast. And while you're there, sign up for exclusive content and show notes. Thanks for listening to this week show, be sure to subscribe to unsuitable on Apple podcasts, Google podcasts, or wherever you're listening to us right now, including YouTube. I'm Doug Houser. Join us next week for another unsuitable interview from an industry professional.
Disclaimer:
The views expressed on unsuitable on Rea Radio are our own and do not necessarily reflect the views of Rea & Associates. The podcast is for informational and educational purposes only and is not intended to replace the professional advice you would receive elsewhere. Consult with a trusted advisor about your unique situation so they can expertly guide you to the best solution for your specific circumstance.