Up until two years ago, Don Blythe played the traditional CPA role, but felt a void in his life. While he owned a successful sole proprietorship with a concentration in audit and tax, he felt as if he were missing the boat on what would make his practice more distinctive in a time when new assurance services and specialization were becoming more the trend than the norm.

At the same time, if you had suggested to him that several years later he would operate a virtual accounting practice and test other sites for their security, he would have confessed that he didn’t know enough about computers. It took the time and patience of a family friend to demonstrate to this Kansas City CPA that he had the smarts not only to learn technology, code and programming languages, but to use that knowledge to deliver accounting services in untraditional formats.

Ensuring a Site is Secure
Today, Don divides his time between consulting engagements and his own practice. He currently is involved in an engagement for a division of International Paper (IP). IP initially approached IBM to use the computer giant’s Activa product line to set up an interactive Web site in which assembly-line workers could order supplies on a four-hour shipping timeframe. IBM liked the concept so much that they wanted other vendors associated with the product line to put their own databases on the same Web site.

“It was a question of both security and exposure, which are two of the main tenets of the auditing world,” says Don. “They needed a CPA to audit the security of the database and the Web site, and found me through my primary marketing tool-my own Web site. My focus marries two of my core competencies I developed over the last 25 years, the traditional CPA assurance component along with audit.”

Don performs his audit in two directions. To ensure the site is secure from outside, unwanted hacker “break ins,” he runs a number of network programs that analyze the system and scan for weaknesses. Once this is complete, he tries to gain “superuser” access, a term developed by UNIX to denote a kind of user who can do any task, illegal or legitimate. Don works to find the database and extract passwords and other sensitive information.

“Typically, what happens in this environment is that the developers create backdoors for programming and debugging prior to shipping a product, but then forget to take these away upon implementation,” he says. Or, programmers are rushed to complete application programs and shortcut by using “poor” programming techniques relating to buffer overflows, for example. “It’s my job to make reasonably sure that most doors are closed so that malicious parties cannot retrieve sensitive information without a high cost and inordinate effort. There is no such thing as complete inter-network security — just like there is no such thing as a completely secure physical facility. Traditional concepts like materiality and reasonableness play a large part.”

If all of this sounds too technical for most CPAs, it probably is, says Don, although he is providing something very close to what the traditional auditor provides-just in a different format. This assurance specialty encompasses the CPA WebTrust concept but extends beyond into agreed-upon procedures that may include very high levels of inter-network security not envisioned by WebTrust.

Blythecpa.com Moves Forward
A visit to Don’s site (www.blythecpa.com: CPA WebTrust and E-commerce Consultant) is an interactive experience with his “E-Desk,” an online resource for electronic commerce development. Don has spent the last year developing this venue into what he believes will be one of the premier arenas on the Internet to run an accounting practice.

In addition to the E-Desk, he is adding an intranet in which staff or affiliated CPAs can post their audit work programs interactively, along with a client area and password access. In addition, he will operate totally in the virtual environment without an office or support staff, and wants to market the intranet concept to other firms sometime in the next two years. Lastly, he wants to create an e-commerce Internet community so that visitors who come to the site can stay abreast of e-commerce developments and communicate with one another.

“The medium of communication is irrelevant to the practice, but most CPAs think they need face-to-face communications,” says Don. “I still do assurance and tax work, just over a different means.”

CPA who wish to contact Don may visit his site or send a note to dblythe@www.blythecpa.com.