IPA Spotlight On . . . Brett Nabors

Name: Brett Nabors, CISA

Brett Nabors

Title: Partner, IT Advisory Services

Firm: Houston-based Weaver (FY18 net revenue of $127.1 million)

Accomplishments:

  • More than 13 years of experience helping organizations improve the security, reliability, accuracy and efficiency of their IT systems and organizations
  • Rapidly built a capable IT advisory services team with a supportive, quality-focused culture in Weaver’s Austin, Texas, office
  • Admitted as a partner in September 2018 after joining Weaver’s IT advisory services practice in November 2016
  • Lecturer for the IT Accounting and Controls class at the McCombs School of Business, University of Texas

In your new role as partner, you’re expanding IT-related services to Weaver clients. What are the biggest needs, in your opinion?

Considering the never-ending list of IT priorities, constant security breaches and the balancing act between risk and cost, companies should evaluate the service providers they use and whether those providers really address their needs. Clients benefit most from finding a provider who will listen to their specific concerns. The provider can then tailor an approach that meets their financial constraints and addresses critical needs. As much as I would love to solve every IT and security risk, that is not realistic. Clients need to focus on their individual risks, processes and priorities, not just buying the software or service everyone else has.

If you could give clients only one piece of advice on how to improve IT security, what would it be?

It is difficult to give one piece of advice, as every company is in a different stage of IT security. The key is to approach security as a journey along a continuum — what we call a maturity model — rather than trying to comply with requirements piecemeal. Focusing on maturity and continual improvement enables companies to understand that controlling user access, training employees and building cybersecurity awareness are all ongoing efforts, not just requirements to finish and be done with.

Many firms are looking to improve client service through data analytics. What kinds of insights are possible now that weren’t before?

The ability to analyze an entire organization through its data allows us to uncover trends and correlations that we might not have previously seen. Before analytics, we typically relied on standard “industry-accepted” norms for evaluating a company’s success; we let the expectations drive the data. Now, we can use the data to drive the expectations. Of course, there’s also the benefit of being able to take current analytics tools and apply them to historical data sets in order to expand the company’s understanding of its customers, vendors and other stakeholders. That allows them to make smarter decisions today and tomorrow.

What is the biggest mistake clients make in managing a systems implementation and how can clients and their accounting firm work together to create a smooth process?

We have all heard the quote “a goal without a plan is just a wish.” Companies often want to implement new software, but don’t dedicate the time to defining detailed business and system requirements, including impacts to existing processes. New systems inevitably change the way business processes operate, including the reports for end users. Identifying an owner to build requirements for the new system should be a priority. This individual should work directly with each department, including legal, data privacy owners, IT security departments and human resources. Omitting these groups may introduce new, unexpected risks once the system is implemented.

Final thoughts?

I live by the motto of “leave things better than you found them,” which is an adaptation of Robert Baden-Powell’s original quote. When it comes to assisting clients, my company and my life, I strive to achieve this motto.