Search Results

Division Professional Division, Zycron February 7, 2020 Project Scenario: Automate accounting processes used by City of Memphis Accounts Payable Department. Processes include automating invoices and automating check requests. Project Outcome: Reduce costs Elimination of paper processing Increase visibility & Traceability Management dashboard providing KPI’s and metrics Ability to trace an invoice from beginning to end Ability to identify areas of improvement Vendors will have access to see their accounts Save time Improve vendor payment time Eliminate/Reduce manual errors Automate checks Automate invoicing

Division Donovan & Watkins, Professional Division February 3, 2020 Business Scenario: Multi-Currency ERP System Implementation for an International Beverage Company. The Project scope was inter-company reconciliations. Project Scope: Our Senior Accountant was responsible for coordinating with each division accounting departments to understand their current intercompany billings. Phase 1) Our consultant interviewed clients with accounting personnel to determine accounting practices and business processes. They also reviewed existing accounting policies and procedures. Phase 2) Identified disconnects between actual processes and company procedures developing flowcharts to reflect correct method and timelines of intercompany billings. Phase 3) Implemented new intercompany billing methods and procedures. Clients Return on Investment: Month End close was streamlined to full accuracy and shortened the closing process by ten days. Thus saving the company exponentially on employee time and overtime wages.

Division Donovan & Watkins, Professional Division February 3, 2020 Business Scenario: Our client had a troubled implementation of PeopleSoft General Ledger and nVision Reporting four years prior to our involvement. This client was unable to efficiently and timely extract data from the GL to perform financial reporting. Project Scope: Our team of consultants worked directly with the client to develop a timeline for a two-phase solution. Phase 1) Our team of consultants was tasked with streamlining internal controls within the GL module. They built new processes and procedures to ensure compliance with the newly incorporated internal controls during the project and reporting tool. Phase 2) Our team worked with the department managers to document and refine processes and procedures for financial reporting. This resulted in more efficient financial processes that were easy to follow and allow the employees to work with the nVision Reporting Tool. Nearly all the financial reports needed to be redesigned to reflect the new GL structure that was created by the project. Our consultants also trained the client staff in nVision so going forward they would be able to create financial statements. Clients Return on Investment: The project provided our client with a highly functional GL System speeding up the Financial Reporting Process, along with improving the internal controls and enhanced Financial Reporting capabilities. In the end, the client received more precise and timelier month-end Financial Reporting.

Division BGSF, IT, Professional Division, Whitepaper February 3, 2020 Driving business performance in today’s complex and volatile environment presents unique challenges for senior management, in general, and for corporate finance in particular. Because it is a rapidly evolving environment, there’s also increasing demand for finance leaders to lead business strategy in real-time, a shift towards performance insight and the higher value placed on an integrated business planning approach.EPM can be described as the ability of an organization to effectively manage the execution of its business strategy through improved management decision making. It is the integration of various methods that translate your plans into results. In other words, it is execution or the framework for managing your strategy. Since strategy is of paramount importance, it is senior management’s number one responsibility. EPM’s main strength is in achieving success through the adjustment in the execution of business strategies by aiding managers to sense earlier and to respond more quickly to uncertainty. It enables this by pushing accountability for results to the lowest possible organization levels.In a recent survey of over 1500 Accounting & Finance Executives, the following responses were found: Is the annual business planning process critical to your EPM process? YES – 90% / NO – 10% Is your company’s annual target setting process Top-Down or Bottom-Up? Top-Down – 60% / Bottom-Up – 40% Is your company’s Tactical Plan (Short-term ~ 3 to 5-year) managed differently than the Strategic Plan (Long-term ~ 5 to 10-year)? YES – 60% / NO – 40% Risk: Potential for Misalignment between Short- and Long-term strategies, including Key Assumptions and Metrics. The annual short- and long-term business planning processes are important tools in EPM. Characteristics of Top-Down Annual Business Planning Process Centrally developed short- and long-term business plans are issued to the company’s operating and support service organizations Usually involves fewer decision-makers in senior management and the process may require less time and resources to complete Characteristics of a Bottom-Up Annual Business Planning Process Budget planners from each operating and support service organization develop short- and long-term business plans after being provided guidance regarding the key assumptions (E.g. sales forecast, input prices) by company headquarters. Target setting is performed at lower levels of the organization resulting in wider ownership of the plan and greater transparency in the process May require several iterations of the plans to achieve alignment between plan owners and senior management. EPM’s impact on the organization Ultimately, EPM is not just about the numbers, but also about monitoring and managing the impacts of the performance management framework on teams of people throughout the organization who tasked with delivering on its strategies, plans, and objectives.

Division American Partners, Professional Division October 28, 2019 Client Challenge One of the largest privately-held insurance companies in North America found themselves under increasing regulatory pressure as they expanded business lines into several key states previously dominated by their competition. Senior members of the CIS group and Project Management Office identified a core weakness specifically in IT Risk Management and Process and Compliance Management mostly due to the differences in compliance regulations for privately held vs. publicly traded companies. What they lacked was a process improvement manager and an IT Risk and Compliance Manager who had experience in publicly traded regulatory compliance. American Partners was engaged at this point. Alternatives Considered Our client had no plan B. In their mind was no other alternative. The only way to avoid unnecessary audits and market pressure from their publicly traded competition was to hold themselves to the exact same standards. Identified Resource American Partners quickly tapped its vast network of IT Professionals and in a matter of weeks was able to make several introductions to the PMO and CIS executives to further assess the daunting challenge of bringing a privately held insurance company into line with the same IT Risk and Compliance regulations of a publicly-traded company in order to avoid undue audits as market share increased across the country. American Partners provided the expertise of one IT Risk and Compliance Manager and one IT Process Improvement Manager who had both taken 2 of the largest companies in America from privately held to publicly traded and back again, directly addressing the process with “boots on the ground” experience. Consultant Action & Solutions Our consultants were immediately put to work tackling IT Risk and Security initiatives and a Process Improvement overhaul that included the formation of a Vendor Risk team. Our Security consultant increased penetration testing and facilitated internal and third-party attestations, audits, and certification efforts for the IT organization. They also rolled out a corporate-wide IT security training initiative while coordinating audit testing, documentation, self-assessment testing, and remediation activities All of this allowed the client to gain market share at a more rapid pace avoiding costly audits and delays in state licensing.

Division Accounting and Finance, Executive Leadership, Finance & Accounting, Team Building May 24, 2019 At a time when everyone from corporate executives to regulators and investors wants more, and more timely, financial information, many enterprises are realizing that each additional accounting standard – such as U.S. GAAP or IFRS – adds yet another layer of complexity to the reporting process. Using Fiat Chrysler as a case study, Workiva’s Joe Howell and FCA Group’s Ed Young, demonstrate that financial reporting process improvement depends on harnessing three resources: people; processes; and technology. More than 65% of large enterprises have more than five legal entities, according to a recent group study. Depending on your type of business, you might have more than a half-dozen reporting systems. Typically, organizations were required to comply with a number of reporting standards including US GAAP, IFRS, and others. Each additional standard, system, or business adds another layer of reporting complexity. A Fundamental Problem of Financial and Management Reporting A fundamental problem for reporting managers is that the primary, desktop-based tools they use to do their jobs, including email, have not kept pace with business reporting requirements. The truth is that these tools were never designed to handle the complexities of business reporting, to begin with, and instead bring with them their own sets of challenges. Beyond the tools that most teams use, there are process issues that are too often accepted as just a part of doing business. Interrelated reports are frequently treated as ad hoc, which creates unnecessary duplicated efforts. When in fact, reconciliation for one report can often be applied to other reports. And when teams can find time and space to create process improvements, they may not have the time or capability to assess a process holistically. The process improvements become modular, and they become stuck in a loop of improving the process improvements. The amount of non-value-add work created from inefficient tools and processes adds up. According to a recent FP&A Technology Survey conducted for the Association of Financial Professionals, 66% of the financial professionals surveyed said that they spend more than nine hours on non-value added activities, and 27% said they spend 20+ hours a month. There clearly needs to be a change. Changing a process before it is understood could create more problems than solutions. So, start with understanding what you and your team are trying to achieve. What information is needed? What resources are available? Be sure to ask “Why?” at every phase. Understand your reporting process: Begin by mapping each of your major reports from cradle to grave. This doesn’t need professional flowchart software – on a whiteboard or on paper is just fine. Ask why the report is needed, what the inputs are, and what the outputs are. How are the interim steps connected? What are the various destinations for the report? What actions must happen in each one, and what are the things that delay the process from moving from one phase to the next? Common Challenges of Desktop Systems Inconsistencies: Duplicative information may appear differently across tables or charts. Lack of efficiency: Repeated data must be entered individually for each use. Version-control issues: When edits are made, there is no master document for teams to reference. Lack of accountability: Edits to documents are not tracked, leaving issues for audit ability or governance. Accessibility issues: Files are either hidden in personal computers or locked for individual use on servers. Lack of true collaboration: Documents are created and edited in isolation. Security issues: Emailed files and comments are too often sent to the wrong recipient. Begin Improving the Reporting Process The most effective place to start is the process you are personally responsible for: Step 1: Collect and normalize data. Let the data collection process normalize your data for you. Step 2: Organize the information. Organize and control collected information, so reporting teams can easily access and understand the continuously changing information. Step 3: Create a single source of truth. Establish links between source data and all of its destinations. Step 4: Collaborate. Find an environment where users can work in parallel. Step 5: Review, approve and sign off on the same document. Establish a review process where project teams can review contributor feedback in one active document. Step 6: House final reports in one location. Provide an environment where you can leverage your certified and trusted source information. Leverage Technology to Improve Your Reporting Process There are new cloud-based, software as a service (SaaS) business reporting solutions on the market that enable you to take these steps and transform your reporting process. Conclusion If reporting challenges are getting you down, break them down into smaller actionable steps. First, evaluate the challenges in front of you. What challenges are you facing today in your reporting? How many processes are built on antiquated tools which are critical to you? How much time do you and your team spend chasing these non-value added items? Second, assess what you can do differently. Establish one source of truth in your reporting process. Connect constant changes. Connect your teams and your data to truly collaborate. Make sure there are accountability and audit ability. Use technology that is available to your advantage. Finally, stop waiting and take action. You and your team can conquer your reporting challenges.

Division Information Technology, IT, News, Science and Technology, Tomorrow's Talent May 7, 2019 Reliable information has always been vital to decision making, as well as to investor confidence, in the business world. Executives leading these enterprises, as well as their auditors, must be prepared for an environment that is data-rich and technologically enabled. Like so much in today’s business world, this new strand-data and analytics (D&A)-revolves around the indispensable use of technology, but just as important is the ability to connect and effectively use data. D&A enables auditors to harness the power of technology to arrive at greater rigor and precision and thus enhancing audit quality. The increased automation that D&A allows means that data can be processed much more quickly and across whole datasets. A company’s transactions, for example, can be analyzed virtually in their entirety and scrutinized at a more detailed level. How Are Data and Analytics Used in the Audit? Using D&A tools, we can start by analyzing the general ledger, running all the journal entries in the general ledger against accounting and audit rules and principles to assess the extent to which the contents of the ledger are in line with expectations or not. D&A enables an auditor to work at greater levels of detail, which could result in better audit evidence. For example, with a company’s revenue or sales, the auditor can analyze not just the postings in their financial management system, but the underlying documentation itself, such as actual invoices and bank feeds. And rather than just sampling, say, a couple of hundred invoices, literally millions can be analyzed: an analysis of all transactions. Disruptive events have called into question the reliability of assumptions in traditional forecasting and valuation models. Thus, while the examination of historical information is foundational, the ability to identify and assess future trends is becoming increasingly critical. This is important because if a company is overestimating future prospects, it could lead to an impairment or write-down further down the line-something that could hit its share price, cut the value of investors’ holdings and damage market confidence. In the near future, auditors will use leading technology applications to systematically analyze structured and unstructured data using text mining, semantic analysis, and similar techniques. Looking a little further ahead, they are also likely to use ‘cognitive technology’ (or artificial intelligence) to fine-tune assumptions and give a better sense of what the future may bring. The use of cognitive technologies and machine learning, the development of process robotics-all of these are exciting areas that could have far-reaching potential for the audit. The auditing profession must develop and deploy advanced technologies to harness this explosion of data and unleash the insights embedded within it to advance audit quality and provide a deeper understanding of business and financial reporting risks, processes, and controls. A recent Forbes Insights survey found 58 percent of auditors and businesses believe technology will have the single biggest impact on the audit over the next three to five years. And by 2020, smart machines will be a top-five investment priority for more than 30 percent of chief information officers. As businesses transform their operations to become more digital, and perhaps more global, many will be overhauling their IT systems with more sophisticated technologies. As a result, audit professionals must embrace the use of advanced tools such as data and analytics (D&A), RPA, automation, and cognitive intelligence to manage processes, support planning and inform their decision-making. Auditors will need to continue to develop innovative capabilities and technologies to maintain audit quality and strengthen the relevance of their audits into the future. Cognitive technology allows auditors to obtain and analyze information from non­traditional sources, including social media sites, TV, radio and the Internet, and determine if any of this external information may impact an audit either directly or indirectly. In combination with visualization tools, cognitive technology can bring audit information to life through automated charting and graphics that allow for a greater understanding of what’s been discovered and promote timely and calibrated responses. For instance, these tools can provide clear illustrations of account relationships and transaction flows as well as anomalies in the data, both of which can offer a wealth of insights about a company’s controls, processes, and performance. Cognitive technology will enhance the ability of auditors to: Cognitive technology (also frequently referred to as cognitive automation or artificial intelligence) essentially is an algorithm or chain of algorithms that enable the software to absorb information, reason and think in ways similar to human beings. When combined with advances in digital and process automation, and data and analytics, cognitive technology can have a profound impact across a broad spectrum of working environments and occupations. While cognitive and data and analytics are different, they work together to generate greater analytic depth, broader perspectives, and more effective decision-making. This combination of capabilities is essentially a force multiplier that can increase the level of detail and accuracy of audit processes, which in turn, enables auditors to sharpen their focus on higher-value audit activities and helps them deliver more insightful and effective audits. In this environment, teams of professionals must possess more than just an understanding of accounting and auditing-they need stronger critical thinking, analytical, data science, and IT skills to complement their financial and business acumen. The profession will need to continue to work with universities, regulators and leading technology companies to enhance the skill sets of its people and develop new capabilities to advance audit quality.

Division Accounting and Finance, BG Creative, Company Culture, Executive Leadership, Light Industrial Division, Professional Division, Real Estate Division, Team Building February 6, 2019 In January 2018, the new revenue recognition standard (Update No. 2014-09; ASC 606) takes effect. The standard has broad implications and may affect many parts of your organization: financial statements, business processes, taxes, and internal controls over financial reporting. It requires the collaborative efforts of multiple departments within the company, including financial reporting, IT, sales, tax, investor relations, human resources, and others. Jointly issued by the Financial Accounting Standards Board (FASB) and the International Accounting Standards Board (ISB, the revenue recognition standard will supersede virtually all existing revenue recognition guidance in Generally Accepted Accounting Principles (US GAAP) and International Financial Reporting Standards (IFRS). The intent of the new standard is to replace the existing guidance with a single industry-neutral revenue recognition model that will reduce complexity and increase financial statement comparability across companies and industries. The core principle of the model is to recognize revenue when control of the goods or services transfers to the customer, as opposed to recognizing revenue when the risks and rewards transfer to the customer under the existing revenue guidance. One of the best practices being adopted early on is to avoid the “Slippery Slope” of feeling pressure due to lack of sales and going beyond what is acceptable accounting standards when recognizing revenue. Review revenue from contracts with existing customers excludes other income and transaction-specific advice. There are significant disclosures related to the timing of revenue, level of granularity on significant customer contracts, obligations to refunds/returns/defects and why you aren’t recognizing the “downside” upfront. Below are 9 steps to get you on track to compliance: Build an internal team. This team will perform an initial assessment of the impact of the new guidance, communicate the impact and outline the strategy. A properly staffed team should include players from revenue management, IT and each department involved in the quote-to-cash process. If you don’t have in-house revenue management expertise, include your audit firm. The team needs to understand the impact of the new guidance and whether it means you have to change the way you book or sell in order to create better processes from a revenue recognition standpoint. Evaluate significant revenue streams. Don’t limit yourself to lines of business or “products and services”. Identify, evaluate and summarize contract types. This includes the identification of performance obligations and variable transaction price considerations. Sufficient time should be allowed to identify and analyze contracts to enable efficiency, consistency, and quality across the organization. Templates for gap analysis and contract reviews should capture information for future phases of the transition effort. Establish new policy requirements, where appropriate. Analyze and determine additional disclosure requirements. Identify how information to support disclosures will be provided. Evaluate the impact on periodic financial processes. Identify data gaps and process requirements. Design system changes, where needed Manage expectations around business planning and analytic reporting. Management and investors should be educated as to the expected impact of the new standard. Develop a project plan and roadmap. This should include key activities and milestones, training requirements and a detailed work-plan. Other key factors to understanding the change: Principle-Based vs. Rule-Based Requires more judgment when allocating transaction price and determining satisfaction of the performance obligation. Document reasoning for judgment exercised in recognizing revenue Restatement Options Full retrospective – restatement of all periods presented Modified approach – opening balance sheet adjustment in the year of adoption Impact on Taxes: Need to involve tax department Impact on deferred taxes Impact on revenue reporting for tax purposes Consider the need to file IRS form 3115

Division American Partners, IT, Professional Division December 28, 2018 Client Challenge One of the largest privately-held insurance companies in North America found themselves under increasing regulatory pressure as they expanded business lines into several key states previously dominated by their competition. Senior members of the CIS group and Project Management Office identified a core weakness specifically in IT Risk Management and Process and Compliance Management mostly due to the differences in compliance regulations for privately held vs. publicly traded companies. What they lacked was a process improvement manager and an IT Risk and Compliance Manager who had experience in publicly traded regulatory compliance. American Partners was engaged at this point. Alternatives Considered Our client had no plan B. In their mind, there was no other alternative. The only way to avoid unnecessary audits and market pressure from their publicly traded competition was to hold themselves to the exact same standards. Identified Resource American Partners quickly tapped its vast network of IT Professionals and in a matter of weeks was able to make several introductions to the PMO and CIS executives to further assess the daunting challenge of bringing a privately help insurance company into line with the same IT Risk and Compliance regulations of a publicly-traded company in order to avoid undue audits as market share increased across the country. American Partners provided the expertise of one IT Risk and Compliance Manager and one IT Process Improvement Manager who had both taken 2 of the largest companies in America from privately held to publicly traded and back again, directly addressing the process with “boots on the ground” experience. Consultant Action & Solutions Our consultants were immediately put to work tackling IT Risk and Security initiatives and a Process Improvement overhaul that included the formation of a Vendor Risk team. Our Security consultant increased penetration testing and facilitated internal and third-party attestations, audits, and certification efforts for the IT organization. They also rolled out a corporate-wide IT security training initiative while coordinating audit testing, documentation, self-assessment testing, and remediation activities All of this allowed the client to gain market share at a more rapid pace avoiding costly audits and delays in state licensing.

Division Career Tips, Company Culture, Executive Leadership, Team Building, Tomorrow's Talent December 12, 2018 Ethics can be an overused, buzzword in society today and we can become callused and non-responsive when we hear that term. Additionally, we can have a hard time knowing how to apply it in the various circumstances we face. By definition, ethics are the moral principles that govern a person’s behavior or the conducting of an activity. The word INTEGRITY is the quality of being honest and having strong moral principles. It is a trait that is also seen as being the same on the inside as shown on the outside. CHARACTER is the mental and moral qualities distinctive to an individual. To further delineate this, ethics is about integrity and integrity is about character. Character is the essence of who a person is and is more than talk; it is a choice to develop this principle. People can’t ultimately rise above severe problems in their character but the strong character in a person can usher in success. Consider using the terms character and integrity to keep this topic fresh and relevant to everyday actions. Furthermore, this topic should not be segmented by work, home or other areas. Integrity and character are who we are as a person and should be how we live in all areas of our life. Many employees in the realm of finance and accounting have been faced with situations where they were explicitly told or implicitly pressured to do something that contradicted their personal values. Dr. Mary Gentile, the creator, and director of Giving Voice to Values, after a career as a professor of ethics, chose to design a method of application, focusing on the implementation of ethics, so that decision making with integrity would become a habit. After years of lecturing, she determined that just teaching and talking about ethics was probably unethical, futile, and hypocritical as it just reiterated issues without helping individuals reach real solutions. She listed the following decades of scandals as historical references to the challenges we have faced: 1970’s – Defense Industry 1980’s – Insider Trading 1990’s – Dot-com Bubble 2000’s – Global Financial Crisis (Enron, WorldCom, Parmalat, Galleon Group) 2010’s – Wells Fargo, Volkswagen Discussion Groups From traditional teaching, she found that in discussion groups, thinking would become complicated and groups tend to focus on one- or two people’s voices who may not believe the most ethical path can be accomplished. She also discovered that almost all students had stories about being pressured to violate their own code of ethics, and, of these, none were from more troubled backgrounds, or had more organizational knowledge than others. The ones that succeeded were those who had made good choices and engaged in ethical practices earlier in their lives and careers. The writer thought leader, and leadership guru, John Maxwell purports that first, there needs to be a standard to follow and then the will to follow that standard. As for a standard, a common rule found in almost all cultures and religious organizations is to ‘do to others what you want to be done to you.’ This is commonly referred to as the Golden Rule. Golden Rule This Golden Rule is widely accepted, easily understood, mutually beneficial arrangement, and an internal compass for those times we need direction. If we contemplate how do we want to be treated and then, in turn, replicate that to others, usually we will be working a best-case scenario. Generally, we want to be valued, appreciated, trusted, respected, and understood. Moreover, we do not want others to take advantage of us. If we treat others this way, we will be walking in integrity, building good character, and making ethical decisions. The next step is the will to follow that standard or how to apply it. Dr. Gentile learned that rescuers from the Holocaust survived by having rehearsed ethical scenarios out loud with someone more senior than them at some point earlier in their life. They had identified behaviors that mattered to them, named them, and then voiced them to a leader. Behaviors and strategies enabled them to find better solutions to problems. Instead of teaching people (or ourselves) into thinking their way into a different way to act, we need to be acting to a different way of thinking. We need to rehearse these actions in the same way we may need to use it so that even if we temporarily stop or get distracted, we can still naturally move in the process. This is like an athlete who continually practices so they can be ready for in-game strategic plays, or a family who reviews emergency scenarios in their home so they will be able to act quickly in times of crisis. Successful outcomes to decision making during times of ethical crisis came down to being strategic and tactical, reframing the challenge and utilizing the tools already known. These tools can include, power, influence, negotiation skills, building coalitions, and applied education. Whereas the classroom lectures had taught models of reasoning, the alternate application of strategy allows for more practical implementation. Giving Voice to Value The basis of “Giving Voice to Value” is to create awareness, analysis and then continue this by a process with action. Case studies are intentionally short, based on people in all levels of the organizations, and from the protagonist view that has already decided on the ethical thing to do. The question asked is not WHAT is the right thing to do but HOW to get the right thing done. Answering the question “If the right thing to do is X, how can that get done?” This allows for creative thinking and problem-solving. Instead of the conversation being about the areas of ‘thou shalt not’, it’s about what we can do and how to go about that process. In doing this, we need to establish credibility based on the reality of the context and start from a position of respect. This is a nuanced, sophisticated and tactical approach which might include several different types of methods including: Writing a memo Asking questions Having someone talk for you to the decision-maker Making sure someone else is on the right committee or Building a distinct network over time Gentile states that the goal isn’t necessarily to change a person’s mind on what is or is not ethical but to give people the skills that they need to be who they already are at their best. Practice gives the opportunity to shape character and develop integrity. To reiterate, ethics is about integrity and integrity is about character. To make the best ethical decisions, we must practice good character and walk in integrity.

Division American Partners, Donovan & Watkins, Extrinsic, LJ Kushner & Associates, Professional Division, Vision Technology Services, Zycron December 5, 2018 An Executive Brief from Stephen Webster, MRE’s Chief Technology Officer Even a casual observer of the morning news is aware of the dangers hackers pose to American businesses. As an executive, you may be called upon to make decisions about how to protect your company’s data even if technology issues don’t normally fall under your responsibilities or expertise. Don’t worry — you don’t have to be a technology expert to make informed decisions about data protection. While every company has different security needs, a few simple guidelines can help give you a framework for making good decisions. KNOW YOUR DATA The first step in protecting your data is to know what data you have that might be valuable to cyber-thieves. Do you have volumes of private customer data? Do you have proprietary information that competitors could use to gain an advantage? Are you storing confidential data critical to your business strategy? The more valuable the data, the more security it will need. In addition, it is imperative to have working back-ups of the company’s key data and systems in place. With the rise of Ransomware and Malware aimed at these components, a backup is critical for protection and recovery in the case of an attack. Companies with large amounts of proprietary data, intellectual property, or other mission-critical information will need to consider stronger measures to safeguard their data. The more valuable the data, the more capable the intruder coming after it is likely to be. Also, be aware of what data you are legally required to protect. Privacy laws can allow corporate officials to be held personally liable if they don’t take adequate measures to secure certain sensitive information about customers and employees. If you don’t know what you are required to protect, ask information security or a legal expert for help. Remember, ignorance is no defense from the law. Expert advice can help you avoid legal troubles while you handle the setbacks that result from your data being compromised by hackers. SET THE RIGHT BUDGET How much money you need to spend to protect your data is a function of the value of that data. Spending too little on security can leave you and your firm open to some nasty surprises as motivated thieves circumvent your countermeasures. At the same time, it is possible to overprotect data out of fear and waste resources that could be better spent elsewhere. You have to decide on the proper balance to meet the needs of your firm. As a rule of thumb, firms should spend 5 to 12 percent of revenue on IT infrastructure. About 10 to 20 percent of that should be dedicated to IT security infrastructure. For many firms, this amounts to a sizeable expenditure. In such cases, it is a good idea to talk to outside IT security specialists to help establish what security level you need and what options are available. IT security is a specialty skill that is outside the expertise of many good IT departments. Security specialists can advise you on what you need to protect you from the most likely threats faced by your sensitive data. They can also recommend options that return greater security at a greater value. PUT THE RIGHT PROCESSES IN PLACE The human element is the single greatest risk in IT security. Good security is often foiled by the bad behavior of employees. Workers use weak passwords, lose laptops, open suspicious e-mail attachments, and sometimes let strangers access systems without thinking of the consequences. Employees can also forget to log out of computers and leave passwords lying out in the open. Furthermore, employees often download unapproved software, which can be a pathway for attackers. Most security breaches ultimately lead back to negligent behaviors. The best solution for this giant security hole is to have good procedures with proper controls and regular training in their use. Don’t count on technology to protect you from bad habits. THINK LAYERS No security system is foolproof. The key is to put enough layers of defense in place to discourage hackers and cause them to look for easier prey. Too many companies make the mistake of building a strong outer shell that they think is impenetrable. Once an intruder breaches that shell, the entire corporate data infrastructure is open. Instead, you want layers within layers of security. This greatly increases the chances of a hacker becoming frustrated or detected before he or she can reach sensitive information. A good system should also leave an extensive audit trail. If nothing else, this gives the security experts a clear path to follow in the event of a breach to track down and patch the hole in the defenses. STAY CURRENT You can never let your guard down. Cutting-edge viruses are constantly being developed to enable new methods of bypassing a system’s security. It is vital to stay up to date on current cyber-security trends and technology to prevent and prepare for security breaches. In their effort to stay current, software companies are constantly releasing new patches for their applications. Delaying an update allows cyber-criminals more time to become familiar with the targeted system and puts your system at greater risk. For example, the recent WannaCry and Petya ransomware attacks could have been prevented through proper and timely patching of the Microsoft operating system. RECOVERY So what do you do if all of your security fails, and you wake up one morning to find your company has been breached and its data stolen? The first rule is to stay calm. Figure out exactly what has happened and make sure you understand all the facts. The worst thing you can do is overreact. Don’t shut down your entire network in a panic and stay offline until you feel safe. Determine what was taken and who will be affected by the stolen data. Then alert those people as soon as possible. Trying to hide a data breach that puts other people in jeopardy can damage your corporate image and reputation, which in the end may do more injury to the firm than the data breach. Alerting the right people includes alerting the authorities, such as the FBI. Every country has an organization that should be contacted as soon as you assess what has happened. They can help deal with the problem and possibly help track down the threat. In cases of a virus requesting payment, it is recommended to never pay the ransom. Don’t try to solve the problem on your own or waste time thinking about striking back or taking revenge. Many hacking attacks are undertaken by criminal organizations and even foreign governments who likely have more resources than you. The best advice is to focus on patching the holes and taking care of your customers. Let the proper authorities find the perpetrator and take appropriate legal action. A security breach will often require outside experts to help resolve all the problems. Not only do IT security professionals have the specialized knowledge needed to help, but they can also provide good advice that isn’t tainted by the emotional shock of the breach that is affecting inside personnel. Don’t be afraid to admit when you need help. PUBLIC RELATIONS If members of the public were affected by the breach, the right thing to do is let them know with a public announcement. Be clear about who is at risk and reassure them that you are taking measures to fix it. Put measures in place to help them recover. If personal credit information was taken, offer to pay for a year of credit monitoring or some other compensation. Not only is this the responsible thing to do, but it can also further protect your brand from credibility damage. At this point in the crisis, a good public relations department can be invaluable in crafting a message and creating a proper response plan. If your company doesn’t have a public relations department, consider hiring a reputable outside firm to assist you. CONCLUSION You don’t have to be a technology expert to make good management decisions in regards to guarding data as long as you remember a few simple guidelines. Make sure you understand what your valuable data is and to whom it has value. Invest properly in data security and consult experts when needed. Support the technology you purchase with good policies that are monitored for compliance and constantly reinforced through training. Be proactive in ensuring that your defenses are properly layered and employees informed. In the event you do get hacked, respond appropriately and transparently with help from the proper authorities. The biggest thing to remember is to make it as hard as possible for unauthorized users to access your valuable data. Hackers seek out the path of least resistance. You don’t have to make your network an impregnable fortress. You have to make it just hard enough to discourage intruders so they seek easier targets elsewhere. About the Author: Stephen Webster, Chief Technology Officer, MRE Consulting, Ltd. Stephen is a recognized expert at designing and implementing infrastructure solutions and services for Global Fortune 250 companies. He has provided expert commentary on topics ranging from data security to cloud computing and has been featured on Bauer Business Focus, NPR and CBS Radio.

Division Accounting and Finance, BGSF, Career Tips July 10, 2018 With an estimated 7,500 state and local taxing jurisdictions and the complexity of state and local sales and use tax laws and regulations in these different jurisdictions, ensuring that your company is in compliance with these laws and regulations can be a difficult task. Recent research suggests that there may be as much as $26 billion in uncollected sales & use tax from e-commerce transactions alone. In an attempt to recover some of this uncollected sales & use tax, state and local taxing jurisdictions are increasing compliance activities and attempting to expand what constitutes business presence in their jurisdictions. In this increased compliance environment, companies need to be proactive rather than reactive in the area of sales and use tax compliance. The time to prepare for a sales & use tax audit is before an audit assignment is received. To prepare for a sales and use tax audit, companies need to conduct a thorough assessment of their business activities to determine in which taxing jurisdictions they have a compliance responsibility. Once that has been determined, the company needs to establish policies and procedures to ensure that they are in compliance with all applicable laws and regulations in those jurisdictions where a sales and use tax filing responsibility exists. To ensure compliance and reduce audit exposure, it is important for companies to maintain and leverage sales & use tax domain expertise, whether in-house or through a third-party professional services provider. Following is a list of best practices that can be adopted to ensure adequate sales and use tax compliance and minimize potential adverse audit assessments. Sales & Use Tax Best Practices Be proactive rather than reactive in sales & use tax compliance Perform nexus study to determine in which jurisdictions registration is required Review business activities to determine the taxability of products and services in applicable jurisdictions Register to collect and remit sales & use tax in all applicable jurisdictions Automate workflow from taxability determination to tax remittance to ensure timely and accurate compliance Automate tax rate updates to ensure accurate tax calculations Document exempt sales and maintain exemption certificate documentation Research all tax notices and audit findings to confirm the validity Stay current on laws and regulations