Information Security and Ignorant Management?

jmahler asks: "Suppose you work for a fairly decent-sized (but independent) CPA firm in the IT department. Suppose further that you have repeatedly warned the partners of the dangers of having unsecured laptops in the field, and have requested to replace the very thin, and rapidly aging line of defense (and functionality) currently protecting your network from all of the mean and nasty folks on the Internet. Let's continue, then, to suppose that the partners have all agreed to ignore every recommendation put forward regardless of cost or benefit. Is there a good way, beyond memos and emails, to inform the partnership that the water in which they tread could quickly become dangerous? What about absolving ourselves of responsibility for data theft and loss from a laptop 'disappearance' in the field?"

Fucking CPAs

Having worked in IT for about nine years and having worked mainly with the Accounting Department, let me be the first to say that you can't tell CPAs anything because they already fucking know everything.

You've told them, you've done your job. Now just sit back and watch. Of course you'll have to pick up the pieces later but that's your job. Or at least that's how the CPAs see it.