|
Article Excerpt
ABSTRACT: The primary purposes of this study are to identify and validate a list of necessary skills required to ensure good data privacy protection for organizations, recognize potential privacy service providers, compare the perceived skill levels of potential providers, and test the impact of an educational brochure developed by the AICPA designed to communicate how and why members of the accounting profession are qualified to conduct privacy engagements. A total of 82 corporate managers representing 27 companies participated in a randomized between-subjects experiment where they responded to skill-related items either before or after reading the privacy brochure. Factor analysis of 17 skill items revealed four factors: technical, legal, control/assurance, and strategic. The following potential service providers were identified: law firms, CPA firms (both Big 5 and non-Big 5), security consultants, and e-business consultants. Study findings suggest that all four of the skill constructs are necessary in providing good data privacy protection. Before reading the brochure, the highest construct index means (potential providers) were as follows: technical (e-business consultants), legal (law firms), control/assurance (CPA firms and security consultants), and strategic (security consultants). After reading the brochure, CPA firms moved significantly higher on technical, legal, and strategic skills; additionally, CPA firms were ranked among the highest service providers in all areas except legal skills, where law firms continued to predominate.
I. INTRODUCTION
In October 2002, the AICPA formed a new task force to develop privacy services that can be offered by CPAs. Specifically, the mission of the task force is to develop strategies and take actions to establish the profession as a key player in privacy. The task force is constructing a Privacy Framework of Principles and Criteria (PFPC) that can be used to guide members of the accounting profession in providing privacy services. The task force states:
The safeguarding of individuals' personal data, which is a valuable business asset, is a service that CPAs are uniquely qualified to offer based on their expertise in business information, processes, and controls. (AICPA Privacy Task Force, 2002)
However, questions arise regarding the extent to which prospective corporate clients recognize accountants as being qualified to perform privacy services, as the success of the accounting industry in providing services of this nature will hinge on such perceptions. If accountants are to prosper in the privacy arena, then they must link and extend their traditional core competencies to the privacy domain. Toward this end, we examine the brand extension literature for guidance on how to successfully introduce new products and services to the market, for such extensions are analogous to stretching the CPA brand to the privacy service area. Specifically, we adapt Milewicz and Herbig's (1994) brand extension reputation model to the accounting domain and develop four research questions and one hypothesis.
Elliott and Jacobsen (2002) argue that the accounting profession has allowed other service providers to declare a body of knowledge that could have been uniquely claimed by accountants. In the privacy arena, potential contenders have already entered the market in full force and are staking their ground. In this paper, we identify key competitors in the realm of privacy services and develop a set of skills necessary to provide such services. We then report the results of an experiment where prospective clients appraise the relevance of the identified skills in providing good data privacy protection and rate the proficiency level of accountants versus key competitors across these skills. Further, we examine the impact of an educational privacy brochure developed by the AICPA, which attempts to link traditional core competencies of the accounting profession core brand to the privacy services extension brand.
II. BACKGROUND, RESEARCH MODEL, QUESTIONS, AND STUDY HYPOTHESIS
Brand Extension Literature
The literature on brand extension focuses primarily on consumer products (Van-Riel et al. 2001); however, many of the concepts are useful in framing brand extension issues as they relate to services. By analogy, accounting, audit, and tax services represent parent brands of the CPA profession, and ancillary services such as WebTrust, SysTrust, and privacy reflect brand extensions.
When consumers are unfamiliar with new product quality, they tend to rely on the parent brand as a signal of quality (Rat et al. 1999). Milewicz and Herbig (1994) developed a brand extension reputation model that has five core components: core brand reputation, core brand credibility, brand extension reputation, brand extension credibility, and credibility of actual transactions. Their basic model is illustrated in Figure 1. The core brand reputation is a primary input that directly affects the brand extension reputation. Reputation is the estimation of the consistency of an entity (Herbig and Milewicz 1993). According to Milewicz and Herbig (1994), this estimation is based on all previous transactions and is affected by the consistency of the entity's actions over a long period of time. Thus, reputation is ultimately impacted by the credibility of transactions. Outcomes experienced by the purchaser of the brand extension, either positive or negative, can ultimately impact the reputation of the core brand.
[FIGURE 1 OMITTED]
Thus, a positive brand image can help extended products, particularly early in the product life cycle; however, extended products can harm the reputation of the parent in some circumstances. To investigate this issue, Swaminathan et al. (2001) examined reciprocal effects of consumer product extensions. Their findings indicated that positive reciprocal effects can occur when an extension is successful, but they also found that an unsuccessful extension can negatively affect the brand of the parent product and that the negative effect can prevail even if the product extension has little similarity to the parent. Loken and Roedder-John (1993) and Sullivan (1990) also reported that dilution of the parent brand can occur from the introduction of unsuccessful brand extensions. Further, Swaminathan et al. (2001) suggested that positive reciprocal effects diminish over time once the extended product has been tried--meaning less reliance is placed on the linkage to the parent brand and more reliance is placed on personal experiences with the extended product.
Sung et al. (1999) investigated the effects of technological differences in the parent brand and the brand extension. They found that the most favorably perceived extensions occur when the parent brand is technologically more advanced than the extension. Regarding reciprocal effects, they report asymmetric findings; that is, while a more technologically advanced extension will reflect favorably on the parent brand, a less technologically advanced extension will not necessarily affect the parent brand adversely. Finally, Van-Riel et al. (2001) indicated that in service brand extensions, the most successful cases occur when significant similarities exist in service delivery processes.
The literature on brand extensions can help the accounting profession to frame a marketing strategy for the delivery of privacy services from an industry-wide perspective. First, the profession can leverage its quality reputation in traditional core areas to privacy services. Second, the profession needs to be concerned about the possibility of harming the industry-wide CPA brand if the delivery of privacy services is unsuccessful. In this regard, a recent study of service quality assessment between accounting firms and nonaccounting firms suggests that service quality may already have been compromised as accounting firms have drifted from their core accounting, auditing, and tax competencies into other service areas (Aldhizer et al. 2002). Third, initial client perceptions regarding the quality of privacy services will be crucial to long-term acceptance of privacy extension, as the reputation effect from traditional core services will diminish over time. Fourth, the privacy service extension is more likely to be successful if the profession can argue that privacy-related issues are embedded within the core skill set already held by the profession--meaning privacy services are not more technologically advanced than existing services. Finally, the profession needs to link salient properties of its core services to the privacy domain.
To study the issue of brand extension of traditional accounting services (core brand) to privacy services (brand extension), we adapt Milewicz and Herbig's (1994) model (see Figure 2). In our research model, we add the relative perception of competitors as an important component that can affect a client's buy/don't-buy decision. Herbig et al. (1994) developed a competitive credibility model that incorporates the credibility and past transactional history of competitors into the reputation- and credibility-building models. This notion has much merit, as a client's decision to consult with a privacy advisor will likely include its assessment of the relative strengths and weaknesses of various providers.
[FIGURE 2 OMITTED]
Our approach to studying the issue of brand extension into privacy services is as follows. First, we identify a core set of skills necessary to ensure good data privacy protection. Next, we identify key competitors that the accounting profession faces in the privacy services arena. We develop research questions and a hypothesis that arise from the reputation building, credibility, and brand extension model. We then ask prospective corporate clients of privacy services to rate the importance of the core skills and to assess the level of each skill across the competitors. Finally, we test whether an educational brochure aimed at linking existing core competencies of the accounting profession to privacy skills affects skill level perceptions.
Identifying a Core Set of Skills for the Privacy Services
We examined three key articles in which privacy services and privacy-related tasks were discussed (Glassman 2001; Parker 2001; Valente 2002). From these articles, we identified a synthesized list of skills required to perform privacy services. Each of the skill components related to privacy is merely an extension of the type of work commonly performed by many accountants. The seven skill sets are:
1. Ability to completely understand current and future statutory regulations that a firm may face (Glassman 2001)
2. Ability to assess the risk faced by a firm for inadequate privacy policy and practices (Glassman 2001; Parker 2001)
3. Ability to align systems and infrastructures with developed policies (Parker 2001; Valente 2002)
4. Ability to monitor or test the effectiveness of the implemented system's compliance with its stated policies and practices (Parker 2001)
5. Ability to engage in strategic planning in order to achieve privacy compliance (Glassman 2001)
6. Ability to identify various privacy components, as well as build and implement necessary changes to close noted privacy gaps (Parker 2001)
7. Ability to assess the adequacy of privacy policies and practices of relevant business partners and service providers (Valente 2002)
These seven skill set categories serve as the basis for the assessment of the fit between the business processes used in providing core accounting services and the extension privacy services. Some of these skill sets are more finely detailed and assessed, as indicated later in the research design.
Identifying Key Players in the Privacy Service Domain
The legal community has already positioned itself in the privacy market. For instance, the American Bar Association offers continuing legal education to its members regarding privacy legislation. The following titles were offered in the first half of 2002: Medical Privacy Legislation; Privacy Issues in Law Enforcement since 9/11; Financial Services Modernization 2002; Implementation of the Gramm-Leach-Bliley (GLB) Act; and Privacy issues/HIPAA/FSMA.
Consulting companies, especially e-business systems consultants, have also begun to offer privacy services. One such consulting company, Compliance Systems, Inc., offers privacy-compliance solutions. Compliance Systems offers interview-based...
|
