Peer Review Computer System Usage Policy
The AICPA Peer Review team must have a signed User Policy form on file before assignment of a user account/password on an AICPA system. To obtain a new user name and password for a new peer review staff member or a temporary employee (new employee), the state CPA society executive director (or designee) should review this form with the new employee, sign the form, and ask the new employee to sign the form agreeing to abide by the policy. The state CPA society executive director and the new employee should sign the form and the new employee should select a user name to be indicated at the end of this form.

Once this form has been signed, the Senior Manager – Self Regulation will contact the new employee to assign a temporary password and then activate the new username(s) for the web-based system located at http://www.aicpa.org/members/div/practmon/index.htm. New users will have to change this password the first time they login.

Computer Use Computers, software, database, websites and communications systems provided by AICPA are to be used only for AICPA-sponsored work. Use of AICPA resources to store, manipulate, or remotely access any non-AICPA information is prohibited. The use of AICPA resources for personal or non-work-related activity is also prohibited. AICPA systems are provided to our users without any warranty. AICPA will not be held liable in the event of any system failure or loss of data.
Data Retention Computers, software, database, websites and communications systems provided by AICPA are to be used only for AICPA-sponsored work. Use of AICPA resources to store, manipulate, or remotely access any non-AICPA information is prohibited. The use of AICPA resources for personal or non-work-related activity is also prohibited. AICPA systems are provided to our users without any warranty. AICPA will not be held liable in the event of any system failure or loss of data.
User Accountability When a user account is deleted, all permanent files (in home directories and mass storage systems) are assigned to the user’s superior, who is responsible for deleting unneeded files.
Passwords and Usernames A user identifier known as a username and password are required of all users. Passwords must be changed every 6 months. Passwords must be at least eight (8) characters long, not found in a dictionary, and must have at least two alphabetic and at least one numeric or special character. Passwords must not be shared with any other person. The password must be changed as soon as possible after an unacceptable exposure or suspected compromise.
Unauthorized Access Users are not to attempt to receive unintended messages or access information by some unauthorized means, such as imitating another system, impersonating another user or other person, misuse of legal user credentials (usernames, passwords, etc.), or by causing some system component to function incorrectly.
Altering Authorized Access Users are prohibited from changing or circumventing access controls to allow themselves or others to perform actions outside their authorized privileges.
Reconstruction of Information or Software Users are not allowed to reconstruct or recreate information or software for which they are not authorized.
Data Modification or Destruction Users are prohibited from taking unauthorized actions to intentionally modify or delete information or programs.
Malicious Software Users must not intentionally introduce or use malicious software such as computer viruses, Trojan horses, or worms.
Denial of Service Actions Users may not deliberately interfere with other users accessing system resources.
Notification Users must notify AICPA immediately when they become aware that any of the accounts used to access AICPA has been compromised. State CPA Societies and peer review administering entities must notify the Manager – Self Regulation of the termination of a user account on this system immediately, or within one business day.
Account Usage Users are not allowed to share their accounts with others.




Obtaining a New Password from AICPA Support

If you forgot your password, contact an AICPA Peer Review Coordinator or the Manager – Self Regulation to get your password reset. You will have to change this password the next time you login.

Changing Your Password

Passwords must be changed under any one of the following circumstances:

  • At least every six months (180 days).
  • Immediately after giving your password to someone else.
  • As soon as possible, but at least within one business day after a password has been compromised or after you suspect that a password has been compromised.
  • On direction from AICPA staff.
General Password Requirements

When users are selecting their own passwords for use on an AICPA system, the following guidelines should be used. It is the responsibility of the user to select passwords that follow these guidelines, even if the system software on a particular system does not force the user to follow them.

  • Passwords must contain at least eight nonblank characters;
  • Passwords must contain a combination of letters (preferably a mixture of upper and lowercase letters), numbers, and at least one special character within the first seven positions;
  • Passwords must contain a nonnumeric letter or symbol in the first and last positions;
  • Passwords must not contain the user login name;
  • Passwords must not include the user's own or (to the best of his or her knowledge) a close friend's or relative's name, employee number, Social Security number, birthdate, telephone number, or any information about him or her that the user believes could be readily learned or guessed;
  • Passwords must not (to the best of the user's knowledge) include common words from an English dictionary or a dictionary of another language with which the user has familiarity;
  • Passwords must not (to the best of the user's knowledge) contain commonly used proper names, including the name of any fictional character or place;
  • Passwords must not contain any simple pattern of letters or numbers such as "qwertyxx".

    • If you have any questions, please contact Donna Roethel at droethel@aicpa.org or 919/402-4970.

    Please assign a user name and password to the individual named below. By signing this form, I state that the Society and the new peer review staff member will adhere to the aforementioned policy when accessing the AICPA’s computer systems.
 
  ______________________________________ _________________________
  (Signature of Executive Director or Designee) (Date)
  ______________________________________ _________________________
  (Print Name) (Name of Entity)
  ______________________________________ _________________________
  (Signature of New Peer Review Staff Member) (Date)
  ______________________________________ _________________________
  (Print Name) (Title)
  ______________________________________ _________________________
  (Choose A User Name) (email Address)
 
Donna M. Roethel
AICPA
220 Leigh Farm Road
Durham, NC 27707-8110
Or fax to (919) 402-4505