 Hello and welcome to the session in which we will discuss the legacy system. Why do they still exist? Why do they still persist? What are the risks associated with legacy system? How to mitigate those risks? And I'll give you a few examples from the real world so you can relate to what a legacy system is. So what is a legacy system? Is any computer system, a software application or a technology, that is what? That's outdated. It means old or no longer supported by the vendor or the manufacturer. If you need support, if you need to update the system, the vendor might say, I'm no longer supporting the system, technically, this becomes considered a legacy system. So there's no specific age. The fact that you cannot find support, it's no longer supported, it becomes a legacy system. So the reason is these system might have been developed by old programming language, that's one reason, or technologies that's no longer in use, or it may be difficult or expensive to maintain, upgrade or integrate with modern system. And I will show you an example later on when we talk specifically about one particular programming. So what companies do to overcome this limitation? They will choose to do what, migrate, update to modern system or develop custom solution that integrate their existing system. Now bear in mind, this is a complex because remember, you have to transfer all the data, all the information, all the transactions, all the report to the new system. It's a complex, costly system that requires careful planning and execution to ensure the organization can continue to operate smoothly during this important transition period because you're going to have to go from one system to the other, from the legacy system to the new system. There's a lot of difficulties. The first thing we are going to discuss is why do legacy system persist? Before we proceed any further, I have a public announcement about my company, foreheadlectures.com. foreheadaccountinglectures is a supplemental educational tool that's going to help you with your CPA exam preparation as well as your accounting courses. My CPA material is aligned with your CPA review course such as Becker, Roger, Wiley, Gleam, Miles. My accounting courses are aligned with your accounting courses broken down by chapter and topics. My resources consist of lectures, multiple choice questions, true-false questions, as well as exercises. Go ahead, start your free trial today. No obligation, no credit card required. Well, there are many reasons why legacy system persist. Let's look at some of them. One is obviously high cost of replacement. So if you want to replace the old system, well, it's expensive. Expensive in terms of dollar. It's time consuming. It's going to take your time to do so. And most importantly, it's risky. You never know whether it's going to be successful or not. And you're taking the risk of basically upsetting your whole system. Customers may not be happy, employees may not be happy, vendors may not be happy. So organization might have invested significant resources in the legacy system and don't have the budget or the resources to migrate to a new system. So the first reason they persist cost, cost of replacement. Two related to cost is complexity. Legacy system may be highly complex. They have a customized code or specialized hardware and integration with other system that's not integrated with the new system. So replacing the new system can be challenging. Why? Because you may not find people who understand the old system enough to help you migrate to the new system as it requires deep understanding of the system architecture and business processes. Now, the business processes may not be an issue, but if the system code is outdated and no longer, you cannot find engineers or software engineers to help you read the code and decipher it, you'll be in problem. Third reason, business continuity. Basically, during this transition period, you want to stay in business. You cannot just shut down for a week or two or a month and say, I'm going to be updating the system. You can't do that. Therefore, there's a risk of business continuity. So legacy system often run mission critical application and processes that are essential to daily operation. You can just turn it off, tell your customers, come back in a month, I'm updating my system. You can't do that. Disrupting these processes during transition can cause significant disruption and even business downtime and reputation issue as well. Well, legacy system sometime could be related to compliance. In some industries, legacy system may be required or it meet regulatory and compliance standards. And you don't want to change it because you might get into certain violation and replace it may require a long and complex certification process where the state or the government agency will have to re-certify you. Lack of skills and this is kind of related to complexity. As legacy system use outdated programming language and technology, it might be difficult to find developers and IT professionals with the skills to maintain and support the system or the transition. So that's why organization may choose to continue using those system rather than facing shortage of skilled professional. Now, a real example from the real world that this problem persists in is a program called COBOL. And COBOL is a program that's used in financial institutions and banks. So COBOL was developed, it was popular in the 60s and 70s. And if you go to any bank, obviously you cannot look at their screen, but sometimes if you look at their screens, if they allow you to do so, oftentimes you will see it's black and white. It's really updated, they're using old language. And it's still used in many banking institution. They use the system called COBOL based to run their core banking operation, including processing and managing customer accounts. So it's called common business oriented language. It's an old system. These system has been used for decade and they're customized to meet specific need for each institution. So replacing these system with more modern system can be challenging. It require deep understanding of the business processes and a significant investment of time, money, resources and you might risk in your reputation. Also, many COBOL programmers, you can't find them anymore. They're retired, they're old people now or they move to other technologies, making it difficult for skill professional to maintain and support these systems. And if you want to transfer, also if you want to go from one system to the other, you need to have knowledgeable people understanding the old system. So as a result, many financial institution continue to rely on COBOL based system. And again, if you look at your bank, you may just ask them if they use COBOL. So despite its limitation, may bear in mind some institutions started investing in modernizing their system either by replacing it entirely or integrating it with modern technology and to enhance functionality and security because old systems are all subject to risks. And this is what we will discuss next is risk associated with the legacy system. When you have a legacy system, there's always some risks you need to be aware of. What are the risks? The first one is security vulnerabilities. Legacy system may not have the latest security features and may have security vulnerabilities that could be easily exploited by cyber hackers. So these systems are often susceptible to attacks as they are no longer supported by vendors. You're not patching them. You are not updating them. They don't receive regular security updates. Another risk we talked about it is business disruption. Okay, legacy system may be unreliable and thrown to downtime, which can lead to significant disruption so they could go down by themselves even though you're not really doing any transfer, okay? So these systems become complex and difficult to maintain and the likelihood of disruption and downtime increase, especially if you are not maintaining them. And the risk is higher when you don't have the IT people, the specialized IT people, like people that understand COBOL if they're not working for you and you work in a bank and the system goes down, what are you going to do? Inefficiencies, okay? They are less efficient and less effective than modern system. This means they're going to increase cost and reduce productivity and efficiency. It's going to cost you more and it's not going to produce as much because they require manual intervention resulting in slower processing time and higher error rates, just basically an old system compared to a new faster leaner system. Lack of integration, they don't easily integrate with new technology. So legacy system may not integrate with modern technologies. It's going to make it very difficult to exchange data with other system and application. And this could lead to data inconsistencies, errors, delays, duplication, inefficiencies, so on and so forth. And old legacy system, as we said earlier, you might keep them because they help you on compliance. Well, they could also lead to not complying. Legacy system may not meet modern compliance standard. Maybe some of them need the standard and you don't want to change, but also having the old system, it may not be in compliance. We costly to bring into compliance and this could result in regulatory fines, reputational damage and legal liabilities. And a real example from the real world where the legacy system really kind of catch up with the company is a company called Aquafax. And if you don't know what Aquafax is, Aquafax is a credit reporting agency in the US, one of the three biggest credit reporting agency. And what they did, they suffered a data breach in 2017 that exposed personal information for over 143 million consumers. Why did the breach happen? Well, they had a legacy web application. So web application, but nevertheless, that web application is a legacy that Aquafax failed to patch in a timely manner. So the hackers find that door to go into the Aquafax system and steal all this data. So the application was running on a legacy system that was no longer supported by the vendor and had not received security update in several months. As a result, cyber attackers were able to exploit the vulnerability and gain access to sensitive information. And this was a big issue when that happened in 2017 because think about it, almost half of the population in the United States, almost half, they could have been exposed to this breach because Aquafax have the credit report practically of everyone in the US. And the most important damage is reputational damage. Also, you could have lawsuits, regulatory fines, but reputational damage. So how to mitigate, how to mitigate legacy system risks? Well, the first thing, if you're gonna keep them, make sure you have regular maintenance and updates. It can help ensure it's running smoothly and secure. This include patching known vulnerabilities, upgrading software and hardware component as much as possible. Two, segmentation. Try to keep it separate. So if somebody was able to penetrate this system, they cannot, this legacy system, they cannot penetrate the whole network. Segmenting the legacy system from other parts of the network can help limit the impact of any security breaches. Okay, they were able to get into the legacy system, but they cannot go any further. This can involve isolating the legacy system on a separate network or using firewalls. But again, that's gonna make you less efficient, but that's the, that's how you wanna mitigate the risk. Monitoring. Obviously, regular monitoring of the legacy system can help identify any potential security threat or performance issues. Basically, monitoring is part of regular maintenance. This include monitoring logs, who's logging in, network traffic, who's logging in at what time, is there any unusual traffic, and system activity. You could also modernize. That's the best way to do it. Modernizing the legacy system can help reduce the risk associated with using outdated technology. And this is where you can replace the system entirely or migrate it to a modern platform that is more secure, efficient, and compatible with your current system. Also, you want to train and educate your employees, your vendors, the users of the system so they know what are the risks involved, how to deal with it. Providing training and education to employees can help mitigate these risks. This include educating employees on best practices for using the system, as well as providing training on how to identify and respond to security threat. A good example from the real world that kind of basically upgraded their system is the Department of Defense. An example how an organization can mitigate the risks is the US Department of Defense. They have been using a legacy system for several years when it comes to their accounting and finance operation. So what they did, they updated the system. So they used it for over 30 years and it was no longer supported by their vendors. It's the Defense Finance and Accounting Services, DFAS. The system was also vulnerable to security threat and that's, you're talking here, national security because the Department of Defense and lack modern features such as real-time reporting and data analysis. To mitigate those risks, the Department of Defense initiated a modernization effort to replace the legacy system with a new modern accounting system that's more secure, efficient, and compatible with other system. And this obviously is gonna involve migrating data from the legacy system to the new system, testing the new system for functionality, security, and obviously training employees on how to use the new system. So this modernization effort that benefited the Department of Defense, including improved security, improved efficiency, better data analysis, and the new system is more scalable and adaptable, which allowed the Department of Defense Finance and Accounting to meet changing needs of the military and the Department of Defense. What should you do now? Go to FARHAT Lectures. Look at additional MCQs. That's gonna help you understand these topics better. Whether you are studying for your CPA exam, CMA exam, CIA exam, any accounting professional certification, FARHAT Lectures is there to help you succeed. Invest in yourself. Good luck and stay safe.