Institute of Certified Bookkeepers

Digital Signatures

The use of digital signatures is efficient. It is a system you should be adopting.

The Process

  1. Following all the data verification and reconciliation, produce the document that needs to be authorised.
  2. Create the PDF (possibly using just the print driver or product from within your software).
  3. Some digital signature programs then require you to indicate where the digital signature is to be placed on the document.
  4. Securely send (see below #1) the document to the person authorised to sign on behalf of the business. You may have noticed the rapid development of business portal systems to enable this send and return of documents.
  5. Business opens and reviews the document and the declaration clauses.
  6. Business can “digitally sign” the form, (see below #2 re methods of signing).
  7. Document is securely returned to you for lodgement, (see below #3).
  8. Ensure it has been signed and not “rejected”, (see below #4).
  9. Lodge the document, (preferably electronically).
  10. Store the document with the imbedded digital signature details.

Implications

#1 Secure Delivery of Documents

Privacy law requires you to consider how you provide information to your clients. Emailing anything with a TFN disclosed is not acceptable.

Fortunately, we are also beginning to have access to software that provides a secure communication channel with our businesses. In some cases, it is the “client portal”, in some cases the PDF becomes encrypted or password protected.

We recommend you check the security of your email system. Free email providers may be free because they are interrogating the contents of each email for marketing information. Use of such services would be in breach of privacy and tax laws.

#2 Digital Signing

We are typically moving away, (thankfully), from using the mouse to emulate your normal signature. The better system is where the “Authoriser” has to be identified to the system by pin or password and then is able to “Approve/Sign” the document by hitting the button.

Please note Step 6 above where you need to ensure that the system you adopt causes the business to actually review the document before they can approve it. The system should only allow them to “sign” it when they are aware of what they are signing and the terms of the declaration attached to the form.

It has been argued that why should a digital signature be harder to attach than simply signing paper that the business hasn’t read. Our response: With paper you have a physical signature by the business on the line beside the declaration – the person signing has to take responsibility for applying that signature. In a digital world we have to enable/enforce the business owner to take responsibility for “approving” a form for lodgement. If they are responsible, then we are concerned it will be argued that any fault is more readily attributable to the bookkeeper who provided the form.

#3 Notification Systems

We like the development of practice management systems that provide the communication system between the business owner and yourself. When the document is signed by the client, you receive a notification telling you it is approved and ready for lodgement.

#4 “Reject” or Comments from the Business

We also like the concept of the digital signature program providing the mechanism for the business to easily reject the form but more importantly to easily ask questions or make comments.

Current Systems

Unless you are a person that has been specifically delegated authority to approve forms for lodgement then you must ensure your system obtains deliberate authority from the business person.

We are concerned that some systems may be allowing lodgement of data/forms without specific review of what is being lodged, without any form of declaration being sighted, without any requirement to obtain authorisation to lodge.

It also appears that some systems are not automatically storing the “form” of what has been lodged.

Remember that as a BAS agent, the TASA 2009 requires specific authorisation to be given by the client for every electronic lodgement of a form with the ATO.

Related References

Background - Electronic Record Keeping

The Electronic Transactions Act 1999 contains specific provisions which state that a requirement or permission for a person to provide information or authorisation for a document can be satisfied by electronic communications. There are certain criteria for sharing and storing documents electronically, and there are risks with this, despite the convenience of it.  See ICB - Electronic Document Storage for more detail.

What is the difference between a digital signature and electronic signature?

Electronic Signatures

Electronic signatures are legally acceptable but not totally secure in the authentication process. Electronic signatures can have the same legal effect as handwritten signatures, with certain provisos. One of the risks with electronic signatures is that the document could still be altered after being signed. For many documents, an electronic signature may satisfy ordinary requirements; for other documents you need verification and proof of the identity of the signatory.

Digital Signatures

Digital signatures were introduced as a way to increase the security and authentication of a signature. A true digital signature utilises technology that associates the signature with verifiable data, rather than simply capturing a digital image and attaching it to a document. Most digital signatures use “public key cryptography” to verify the identity of the user, by using embedded coding in the signature process. The public key is viewable by the recipient. There may also be an image of a signature attached to the document as another method of verification, although this is not strictly necessary because the coding is the meaningful verification.

The public key shows the name of the person linked to the digital signature and can verify the process, showing if a document has been altered after signing.

The digital signature process still requires you to take care of security and privacy for yourself and your clients, as there are still risks associated with this process. However, the risk would be similar to having a signature forged, which would be considered fraud.

Resource:  Obtaining Digital Signatures.

See article on Electronic signatures and their legal validity in Australia for more detail.

Product Review

Digital signatures are becoming adopted as a standard part of efficient business practice. There are many options out there, but we have chosen to list a few of the more popular and known solutions.

Signature App NameDetailsDocumentsPrice per month
Secured Signing
Digital
ICB member pricing 50 per month $9.95 first user
$7.95 additional users
GovReports
Digital
Must have GovReports subscription Unlimited

$79/mth normally

ICB member price avail

SignEasy
Electronic
Good pricing and easy to use 10 per month USD $5 pay as you need
Unlimited USD $40 per month per user
Adobe Echosign
Digital
Well known and trusted Unlimited USD $15
RightSignature
Electronic
Also well known and trusted, created by Citrix Unlimited USD $11 (1 user)
Unlimited USD $39 (multiple users)
Hellosign
Digital
Works well with Gmail 3 per month Free
Unlimited USD $13 (1 user)
Unlimited USD $40 (multiple users)
DocuSign
Digital
Has real estate plans also; used by major Australian businesses 5 per month $10 (1 user)
Unlimited $20 (per user)
DigiSigner
Electronic
Good pricing and easy to use 5 per month Free
Unlimited USD $8
MYOB Offered as part of the MYOB Portal, currently only for Accountants Office and Accountant Enterprise
Reckon Offered as part of the Document Management and Portal and Virtual Cabinet
Xero Provided through add-on RightSignature
QBO Currently no add-ons offering true digital signatures, but several add-ons allow capture of physical signatures to store electronically
  • Updated: Originally published October 2015
loading