Let’s get your team trained and using Microsoft Copilot and moving your business forward. Click here to book +61 3 4803 4915Client PortalRemote Support
Belton IT Nexus
NZ AU
Contact us
01 Run

We become your IT department and own the day-to-day.

Managed IT Your whole environment, owned Managed Devices Endpoints, patched & tracked Microsoft 365 The workplace, managed Cloud & Azure Networks, Wi-Fi, voice
02 Protect

Security operations you can verify, and show.

24-Hour CyberSOC Security ops that don't clock off Compliance Reviews Aligned to Essential 8 & ISO Backup & Recovery Provably restorable Identity & Email MFA enforced, threats stopped
03 Improve

Honest strategy and predictable budgets.

IT Advisory & vCIO Honest, predictable plans AI & Copilot Where it genuinely helps Compliance & Governance Audit-ready evidence Projects & Consulting Build what you can't buy
Belton · Run / Protect / ImproveView all services ›
Professional Services

Firms that run on trust, time and confidential data.

Accounting Ledgers & client data Legal Privilege & matter files Business Advisory Plans & reporting Mortgage & Finance Loan files & AML/CFT Insurance Claims & client records Insurance Brokers Cover & premiums
Built & Made

Site, studio and floor, where uptime is the product.

Construction Sites & project files Architecture Drawings & large models Quantity Surveyors Cost data & big files Manufacturing Floor & ERP uptime Healthcare Patient data & privacy
Trade & Technology

Fast-moving operations that can't carry downtime.

Logistics Fleet, orders & tracking Retail & Wholesale POS & storefronts Technology Cloud-native teams Distribution Inventory & systems
Belton · Sector-specialised IT & securityAll industries ›
Guides & Frameworks

Plain-English playbooks for the controls that matter.

Essential Eight ASD's eight, explained DIY Cybersecurity Lock down the basics Cyber Standards Guide ISO, SMB1001 & more M365 Selection Guide Pick the right licences
Tools & Assessments

Self-serve checks that map where you stand.

Security Assessment Score your posture Network Assessment Find the weak spots M365 Security Checklist Find the gaps Cyber Insurance Readiness Be claim-ready
Reading & Learning

Get more from the tools you already pay for.

SME Tech Outlook 2026 Where NZ tech heads next Copilot Learning Hands-on with Copilot FAQ Straight answers CEO's Blog Plain-English views
Belton · Knowledge, not gatekeepingResource library ›
The Firm

A senior team with the skills and scale for any project.

About Belton Who we are, plainly How We Work Our delivery process Who We Work With The fit we look for Leadership Jason & Amy Agnew + team
Proof & Partners

The evidence behind the claims, and ways to build with us.

Case Studies Real outcomes, named Accreditations The proof behind the practice Industries Sector-specialised White-label / Partners Our bench, your brand
Connect

Real people, fast, no ticket-queue runaround.

Contact Us Talk to a human, today Book a Session A 90-minute discovery Find Us Newmarket, Auckland Remote Support Get help now
Belton IT Nexus · Est. 2004 · Newmarket, AucklandAbout us ›
Home/ Resources/ Accounting IT Checklist

NZ accounting firm IT checklist.

A practitioner-grade checklist for partners and practice managers, covering the Privacy Act 2020, AML/CFT supervision, Inland Revenue retention, and the practice software you actually use.

11Control areas
PDFPrintable
FreeNo cost
The checklist
§01

What the checklist covers.

11 areas

For partners, practice managers, and operations leads at small-to-mid New Zealand accounting firms. It is the same control set we work through with our own accounting clients before AML audits, cyber insurance renewals, and Privacy Act incident reviews. Each area is grounded in a specific NZ obligation or a specific failure mode we see in practice.

  • Privacy Act 2020 obligations for client data Mandatory breach notification, and how the thirteen Information Privacy Principles map to your Xero or MYOB permissions.
  • AML/CFT supervision evidence (DIA) Demonstrating access control on your CDD repository, retaining SAR drafts, and locking down the compliance officer mailbox.
  • Inland Revenue retention (seven years) A concrete retention matrix for workpapers, trust ledgers, and the supporting evidence behind every return position.
  • MFA on Xero, MYOB, FYI, SuiteFiles, and Karbon The gotchas: shared logins that bypass MFA, contractor accounts left enabled, and SMS-based MFA on partner accounts.
  • Email authentication: SPF, DKIM, DMARC The three records, alignment for your marketing platforms, and moving DMARC to enforcement without breaking legitimate mail.
  • Backup of practice data, and the restore test What to back up, retention aligned to the seven-year obligation, and the restore cadence an auditor or insurer will ask about.
  • Audit trails on practice management and the file server What to log, how long to keep it, and how to make the audit trail itself tamper-evident.
  • Third-party tool review A starting inventory format, the questions to ask each vendor, and the cadence for re-reviewing the list.
  • Staff onboarding and offboarding controls An offboarding sequence in dependency order: disable identity, revoke tokens, remove from tools, archive, transfer, retrieve the device.
  • Incident response plan for client data exposure A one-page plan template with the OPC notification fields, the CERT NZ path, and triggers for each external party.
  • Cyber insurance readiness The underwriter-question checklist NZ brokers now use, with notes on the evidence to keep so a claim is paid, not disputed.

Printable PDF covering eleven control areas. Use it in your next partner meeting or AML audit prep session.

You will receive the download immediately. We may send occasional emails about NZ accounting IT and compliance. Unsubscribe any time. Prefer a direct link? Download the PDF →

Want the controls
implemented, not just listed?

We work with Australian accounting firms on the full stack: identity, backup, audit, and compliance evidence.

Book a session Talk to a human
NEW ZEALAND OWNED & OPERATED EST. 2004
Sovereign by design

New Zealand owned and operated.

Sovereign data centres across New Zealand and Australia, with your data kept onshore wherever it's required. Our team understands New Zealand, and our leaders have built, scaled and secured businesses right across the New Zealand landscape.

Sovereign data centres · New Zealand & Australia
  • Auckland
  • Christchurch
  • Sydney
  • Melbourne
  • Brisbane
  • Perth
International data-centre operations
  • Singapore
  • Germany
  • Netherlands
  • USA

Servers available in minutes, not days.

Explore data centres & hosting →
Accredited partners
Microsoft Solutions Partner Fortinet Partner Lenovo Partner HP Partner Apple Business Manager