We all know that the internet poses many threats to the safety and security of our companies. However the old solution of simply blocking certain websites is no longer a viable option. With the increased necessity of social media sites to be used for business purposes, many employees need access to once restricted areas in order to do their jobs properly. Further, there are several ‘workarounds’ available for the more technically savvy members of your staff assisting them in gaining access to once restricted domains of the internet – putting your company at risk.

So then what is the solution?

The first thing is to make sure your internet usage policy is current, up-to-date, and that it works with and not against employee effectiveness while also protecting your organization from harm.

Secondly, be sure you are as up-to-date as possible on the workarounds being used to gain access to restricted sites. While some sites like LinkedIn and Facebook are more acceptable within our offices than they used to be, others like gambling sites should still be blocked to protect you from malware. We recently read a great article by Joan Goodchild, Senior Editor for CSO Online, discussing the most popular workarounds and ways to combat them and have provided a summary for you here.

Workaround 1: Typing in an IP address instead of a domain name

• Using the IP address of a blocked site will sometimes allow users to bypass security that looks for a domain name only, and there are many websites where the IP address can be accessed by employees.

Workaround 2: Finding a cashed version

• Search providers, like Google, cache websites on a regular basis – which basically means that they save a version of the site on their own servers. One can navigate to a cached site in Google by clicking on the ‘cached’ button after a search result.

Solution: Ignore the IP/URL blocking altogether and block sites based on the content line instead.

Workaround 3: Hiding behind encryption

• Entering HTTPS in front of the web address will often provide a stripped down version of the restricted site. There is also SSH, encrypted SOCKS, and other different alternative channels that masquerade as web traffic on less than intelligent network devices.

Solution: You may consider implementing a web proxy and gateway that allow content to be analyzed by creating a pit stop along the way.

Workaround 4: Using proxy servers and other privacy-friendly tools

• Some employees set up their browser so that their web queries go through an encrypted tunnel to an external server which may give them unrestricted access to sites. An example of this is GhostFox, a browser extension of Firefox.

Solution: If the proxy server is unencrypted, you can inspect the traffic and block either by blocking proxy connections at your firewall and/or by looking at web page content. If the traffic is encrypted then blocking becomes difficult, if not impossible.

Workaround 5: Using smartphones

• While using a personal smartphone isn’t necessarily tampering with a company computer, it can still be a violation of company policy if it is being used to access blocked sites during paid work hours.

Solution: Options for security in this instance are limited unless the device is provided by the company in which case it can be restricted through policies and proxy servers. However if it is a personal phone, the only answer is monitoring by management and strict no-usage policies.

Ultimately one of your best tools can likely be found in good old fashioned communication. Consistently letting employees know why policies are in place, and how they protect the organization can increase their respect for the ‘rules’. Further, an open door policy with your management that allows employees to explain why and how a restricted site may increase their customer service or productivity is a must. It is important to make sure we are not only protecting IT resources – but also encouraging our staff to find ways to become more efficient.

To read the entire article, click here.

A couple of weeks ago we reported that the AICPA had come against some of the more burdensome requirements originally included in the new Patient Protection and Affordable Care Act regarding new 1099 information reporting requirements. Namely a provision requiring businesses to report any purchase from a vendor (including corporations) of goods or services worth $600 or more. The main concern we noted was that, ‘this would put an unnecessary burden on small businesses compiling the data each year and that the information provided to the IRS wouldn’t be beneficial as it would be difficult to reconcile individual vendors from various 1099 statements in order to collect unpaid taxes.’

Recently members of the Senate have responded to this outcry with bill amendments to the Small Business Jobs Act hoping to relieve this and other issues.

A new modified version of the Business Jobs Act including an amendment to repeal the expanded 1099 filing requirement is scheduled for vote by the Senate on September 14th. However there are others who have further ideas in regards to the bill’s improvement including:

• Raising the threshold for reporting transactions from $600 to $5,000.
• The elimination of the $15 billion Prevention Trust Fund, which provides access to preventive services, including cancer screenings and smoking cessations programs.
• Repealing tax cuts for the five largest oil companies, allowing them to deduct 6% of their income from oil and gas production from their tax liability.

The bottom line is that the bill isn’t yet complete – and there is still time for improvements before it becomes effective in 2012. If you’d like to read more information on this issue, click here.

Free Live Webinar – Register today!

Wednesday, August 18, 2010
10:00AM PDT / 1:00PM EDT

Over a business’s lifespan, it will face the task of continually replacing, upgrading, or enhancing its business systems in response to changing market conditions, new technologies, and shifting strategies. Consider how your organization approaches ERP (Enterprise Resource Planning).  Are you effectively leveraging your people, processes and software in a way that keeps you operating efficiently and a step ahead of your competitors? 

This FREE LIVE Webinar will help you and your colleagues to chart a course for ERP evolution at your company, and to harness the power of your chosen solutions to achieve and sustain business value over the long term. Sign up now for this educational event and you’ll learn about the critical points for success, including:

• 7 steps to driving total business value using an ERP system
• A step by step approach for evaluating ERP solutions in a way that supports your specific and concrete business goals
• How to factor important benefits typically not reflected in classic ROI/TCO analysis—such as greater flexibility and business agility—into your project in a more formal, institutionalized manner
• How to build business transformation, value, and change management into the foundation of your deployment to ensure a successful ERP outcome

Who should attend:  CIOs, IT and Finance directors and managers, and ERP project managers.

A Chance to Win – Live attendees will be entered for a chance to win an iPod Nano. One winner will be selected from the audience by random drawing.*

If you’re interested but can’t attend the live event, register today and we will send you a link to the on-demand archive when available.

Featured Speakers: 

Eric Kimberling has over 10 years of experience devoted to the field of ERP and IT Benefits Realization, including performance measurement, process improvement, and organizational change management. He is the President and founder of Panorama Consulting Group, a US-based company that provides IT and ERP Benefits Realization consulting to international companies. Panorama Consulting Group also helps clients with ERP vendor selection, project planning, merger integration, third-party quality assurance, and strategy alignment.

Erik Kaas is Director of Product Management for Mid Market ERP products at Sage. He is responsible for managing the product life cycle from strategic planning to tactical activities. Erik manages a team of product managers responsible for specifying market requirements for current and future products. The product management team conducts market research supported by customer visits to ensure that engineering develops and releases products based on the needs of customers. Prior to Sage, Erik was responsible for product management at Pivotal Corporation, a provider of CRM solutions for mid market enterprises. He holds a Master in Computer Science degree from the Eindhoven University of Technology (the Netherlands) and a Master of Business Administration from Simon Fraser University (Canada).

Michael Oliver-Goodwin is a Contributing Editor for Focus. He is a widely published writer and an experienced editor for publications, including PC World, MacWeek and InfoWorld.

Register Now!

*Employees of associated companies are not eligible for drawing. Person must live in the US or Canada to be eligible. Winner is chosen at random. Winner will be notified at the conclusion of the live webinar. One prize will be given out per person selected from the drawing. 

Under the new healthcare law in the Patient Protection and Affordable Care Act is a new reporting requirement that requires businesses to report any purchase from a vendor (including corporations) of goods or services worth $600 or more.

The AICPA believes that this would put an unnecessary burden on small businesses compiling the data each year and that the information provided to the IRS wouldn’t be beneficial as it would be difficult to reconcile individual vendors from various 1099 statements in order to collect unpaid taxes.

The new reporting requirement will take effect for the 2012 fiscal year and will be reported on 1099 forms in 2013. In his letter, AICPA Tax Executive Committee chair, Alan Einhorn stated, “This expansion of information reporting may prove to be so burdensome to small businesses that we believe it will significantly contribute to the hurdles to growth and formation that businesses face. Repeal of section 9006 of the Act is the best alternative to imposition of an overwhelming compliance burden on the nation’s small business community.”

For more on this, click here.

Several weeks ago we introduced the topic of IFRS accounting standards to you and summarized a Sage whitepaper detailing how Sage Accpac can assist you in making the transition easier. As mentioned previously, the world is making a move towards a single set of global accounting standards in order to guarantee comparable financial statement preparation and disclosure on an international level. The United States plans to convert to these new reporting standards in 2014, and will require any publicly traded companies to report on both the current GAAP and IFRS standards in both 2012 and 2013. However there may be some benefit for all companies (including those not required as of yet) to convert to the IFRS standards as there is a good amount of speculation that the GAAP standards will eventually become obsolete across the board. 

Now that you are aware of the coming changes, what initial steps should you take to ensure your organization is ready? We realize the concept of completely changing the way you prepare your financial statements can be overwhelming, and that many of you are concerned about how the new standards will affect the way you do business. The first step to success is to do your homework. The more information you have regarding changes you’ll be making, the better prepared you’ll be when the time comes to implement the new processes. 

We found a great whitepaper on ifrs.com titled, Financial System Considerations in IFRS Conversion Projects, which we think will help you lay the foundation of knowledge for the new accounting process, and we’ve highlighted some of the information for you here.

Potential System Impacts of an IFRS Conversion
The impact to IT and financial systems can vary depending on your company’s existing structure and environment. This may include its IT and financial systems capability/integration, industry complexity, company size, relevance of business process/transaction, internal control structure, mergers and acquisitions process, and other attributes.

The extent of changes may also vary depending on the consolidation method that management chooses. Consolidations may be implemented at the corporate-level or at each individual country/entity. However, companies that implement at the corporate level may potentially run the risk of error and potentially re-stating their financial statements as well as other situations if the numerous journal entry adjustments are not tracked or controlled properly. Furthermore, if a dual reporting system is in place during the transition period, the reconciliation process needs to be taken into consideration. Reconciling between two different “views” of the financial statements poses different problems than singularly supporting one version or the other. Therefore, having an effective reconciliation reporting system is an important aspect to the learning curve of the IFRS transition.

Primary Differences beween IFRS and GAAP
Transaction Differences

Inventory

- IFRS does not permit Last In First Out (LIFO) method

- Method of measuring inventory

- Reversal of write-downs

Property, Plant & Equipment

- IFRS requires certain assets and depreciation be recorded at component level

- Intangible Assets (such as R&D) and Impairment

- Development costs may be capitalized when certain conditions are met and require detailed reporting

- Impairment testing

Share-based Payments

- Timimg of recognition

- Valuation of liability-classified transactions

In addition to the transaction examples above, the IASB and FASB are also working jointly on several MoU projects target for completion in 2010 and 2011. Some of these major convergence projects include:

• Revenue Recognition
• Leases
• Financial Instruments
• Consolidations
• De-recognition
• Fair Value Measurement
• Financial Statement Presentation
• Financial Instruments with Characteristics of Equity

Once these projects are completed and new standards are released, these changes will impact how the transactions are recorded, processed and/or reported within a financial system.

Certain IFRS/GAAP differences may be adjusted through General Ledger journal entries or chart of account structuring and do not require system changes at the sub-ledger level. The approach will vary depending on your organization’s structure and environment.

Impact to Financial or Business Reporting
Converting to IFRS will impact a company’s external and internal reporting requirements. Although some transactional differences require only journal entry adjustments within the GL, other changes may impact an organization’s current reporting infrastructure (such as data warehousing environment or associated reporting program). Furthermore, journal entry adjustments for multiple countries and parallel reporting in IFRS and GAAP may become cumbersome without additional tools to assist in the process. Companies will either have to (1) maintain both processes for statutory reporting until the three year requirement is complete, or (2) maintain one process and make topside adjustments to the other statutory reporting requirement.

Lessons Learned from the European Experience

• Start the planning process early. The average IFRS conversion time is likely to be between 2 ½ – 3 years
• Seek to identify difficult accounting or systems issues early in the process. Researching and securing the judgment of professionals on technical issues can take time.
• Allow for unforeseen problems, and perform system tests prior to going live.
• When evaluating accounting/reporting issues, give due consideration to long-term impacts of the resulting decisions.
• Devote extra attention to the extensive disclosure changes that may be required by the conversion.
• Complete training early and often.

To read the entire whitepaper, Financial System Considerations in IFRS Conversion Projects, click here..

There’s no doubt that getting the most out of your IT investment should be one of your top priorities. Many IT vendors have taken notice and are doing their part to ensure you’re working smarter and have access to the accurate data you need, when you need it. However the concept of IT Optimization can be defined in many ways, and we think a recent article on bigfatfinanceblog.com by Alan Radding narrows these down quite well.

1. Mission Optimization: The first step you should take is to determine what exactly you want your IT to do for finance, and your business as a whole. Your IT should be leveraging data, systems, and networks to help the business attract customers and generate more revenue.
2. Platform/Vendor Optimization: The more platforms your company supports the more difficult they are to manage. While a single platform may be unrealistic – you should strive to have as few as possible.
3. Application Optimization: Be sure to run the best mix of applications for your company. Focus on those like business intelligence, analytics, performance management and collaboration.
4. GRC Optimization: Define governance policies in a way that IT systems can be appropriately automated, monitored, and enforced.
5. Security Optimization: This goes hand-in-hand with GRC Optimization to address data protection and privacy. This last step should have a broad scope and should be built into everything IT does from the outset.

If done correctly IT optimization can lower costs and generate revenue. To read the article in its entirety, click here.

With over 100 countries now requiring or permitting IFRS reporting, some of which include Hong Kong, Malaysia, Australia, India, Pakistan, Turkey, Singapore, Russia, South Africa, the European Union and the Cooperation Council for the Arab States of the Gulf – there is little doubt we’re officially headed towards a global accounting system.

In Canada the Canadian Accounting Standards Board (AcSB) has confirmed that IFRS will replace the Canadian GAAP (Generally Accepted Accounting Principles), on January 1st, 2011, for publicly accountable profit-oriented enterprises.

In the U.S. companies making the change must run the GAAP and IFRS reporting in parallel for fiscal years 2012 and 2013, in preparation for 2014 when IFRS rules will become effective.

What Is IFRS?
IFRS is a single set of global accounting standards, developed by the IASB as a means to guarantee comparable financial statement preparation and disclosure throughout the world.

Why do we need global accounting standards?
With so many businesses throughout the world, both small and large doing business internationally – there was a need for a single, world-wide system of high-quality standards to improve transparency and support between investors and partnering organizations. It effectively allows international companies to speak the same financial language.

What challenges will this change pose?
Converting to IFRS will present a number of challenges for companies. You should have the responsible parties (CFO, Controller, etc.) within your organization begin to learn about the new standards and work with external accountants to help you in the process. It is vital that the learning and training process begin immediately to ensure you are ready when the time comes. Some specific items you’ll want to cover include:

• Researching technical accounting issues
• Learning the differences between IFRS and GAAP
• Ensuring your software is capable of handling the change

Why should small and mid-sized companies care about IFRS?
Though IFRS standards tend to apply more to publicly accountable organizations – or those listed on stock exchanges, it doesn’t stop there. Some say that GAAP guidelines will eventually disappear requiring all businesses to report under the new IFRS standards.

IFRS and Accpac
If you currently use Accpac – you are in luck. Sage Accpac already has the necessary features and functionality to support a transition to IFRS.

For example, Sage Accpac…

• Is familiar with IFRS reporting as they already has over 13,000 clients in IFRS jurisdictions.
• Currently allows users to choose from a wide range of configuration options to ensure their transactions are processed and their accounts are kept in compliance with whatever local rules they happen to operate under.
• Allows users to revalue monetary assets to comply with IFRS rules.
• Has seven IFRS-compliant inventory costing methods, and a full range of IFRS-compliant project accounting methods to choose from.

For more information on this topic click here.

According to a recent survey performed by Unit4 Coda, Accountants are under added unnecessary stress. The survey found that accountants feel they are being held to unrealistic deadlines and have an over-reliance on spreadsheets due to inefficient accounting systems. Further, among the top contributors to unnecessary stress is an apparent disconnect between executive management teams and accountants.

A report of the survey’s findings on unit4coda.com states, “Over 66 percent of the survey’s respondents(1) said an average close period takes over five days to complete, but the survey also revealed that more than 55 percent of accountants are expected to complete a close in a maximum of five days.”

Other items noted were:

• 70 percent of respondents reported that inadequate reporting from their financial systems was a source of stress.
• 58 percent spent more than four hours reconciling subsystems to the GL with 25 percent taking two days or more.
• 53 percent of accountants reported clocking overtime hours during a period close.

It appears as though many companies are still struggling with antiquated processes and software which is adding unnecessary pressure on accountants and employees as well as increasing the likelihood for error. If this situation sounds familiar, it is definitely time to take a look at how a better system and automation process can improve the overall operations of your organization.

If your company accepts credit cards for payments, PCI compliance applies to you. BV 2009 or any earlier version is not compliant.

Regardless of size or industry, all companies that accept credit cards must adhere to the safeguards mandated by the Payment Card Industry Data Security Standard—referred to as the PCI DSS. While most companies are aware of PCI, many are unsure what it means for their businesses. As well, companies that use a third party for clearing and remittance often incorrectly assume that PCI compliance does not apply to them.

So, what are the risks of noncompliance? Beyond exposing your customers to fraud or identity theft, your business can be held responsible for the credit card company’s losses. In the event of a security breach or lack of PCI compliance, credit card institutions can assess your company higher credit card processing fees and levy fines of up to $500,000—or even bar your company from processing any credit card transactions at all. Keep in mind that this applies to all companies that accept payment by plastic—even if they don’t store any related data.

The PCI DSS is a multifaceted security standard that includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures. This comprehensive standard is intended to help organizations proactively protect customer account data. It is a group of principles and accompanying requirements, around which the specific elements of the DSS are organized:

Build and Maintain a Secure Network

Requirement 1: Install and maintain a firewall configuration to protect cardholder data

Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters

Protect Cardholder Data

Requirement 3: Protect stored cardholder data

Requirement 4: Encrypt transmission of cardholder data across open, public networks

Maintain a Vulnerability Management Program

Requirement 5: Use and regularly update anti-virus software

Requirement 6: Develop and maintain secure systems and applications

Implement Strong Access Control Measures

Requirement 7: Restrict access to cardholder data by business need-to-know

Requirement 8: Assign a unique ID to each person with computer access

Requirement 9: Restrict physical access to cardholder data

Regularly Monitor and Test Networks

Requirement 10: Track and monitor all access to network resources and cardholder data

Requirement 11: Regularly test security systems and processes

Maintain an Information Security Policy

Requirement 12: Maintain a policy that addresses information security

Acquirer audits, which can be carried out at any time, cover the 12 areas of mandatory compliance. The failure rate for PCI certification audits is high; according to recent research by VeriSign in “Lessons Learned: Top Reasons for PCI Audit Failures and How to Avoid Them,” fewer than 30 percent of companies pass these examinations on the first try.

Accpac currently does not have a credit card processing module, so Accpac users do not need to do the approval process.  However, Accpac does have static fields for storage.  If a company is using these fields, there will be a utility supplied by June to scrub those fields of any data stored.  Anyone who uses any other program that stores credit card information will need to check with those providers to ensure they will be compliant by June 1^st.

To learn more and even take a self-assessment questionnaire to evaluate your risk visit: www.pcisecuritystandards.org.

Other helpful PCI resources include:

• www.pcicomplianceguide.org.  A great source for FAQs and PCI Myths, Articles on various PCI topics, explanation of SAQ forms and a section to instant message questions to a PCI expert.
• www.sagepayments.com/pci
• http://usa.visa.com/merchants/risk_management/cisp.html Visa link to CISP site that explains what to do if compromised PCI-DSS basics, PA-DSS definitions, and Service Provider information.
• PCI Webinar: https://trustwave.webex.com/trustwave/lsr.php?AT=pb&SP=EC&rID=50082902&rKey=57a7c878c0733489
• PCI for Dummies eBook http://cdn.bestsoftware.com/SageMail/Q3_2010%20PCIforDummies/PCI_Dummies.pdf

Customer Relationship Management (CRM) systems can provide much more than basic contact management capabilities, but many companies lack the knowledge they need to get the most out of their solution. Using the tools within your CRM program can help you more thoroughly understand your business from a sales, marketing and even operational perspective. Below are just some of the ways you can get the most out of your CRM solution.

Account Types
When used properly, your CRM system can assist you in identifying the distinctive demographics of those you do business with. You can gain this type of detail by simply assigning a ‘type’ to each account entered into the system. Some examples of types could be: Wholesale Customer; Retail Customer, Web Customer, or Donor, Member, Associate, and so on.  Also, you can add types such as Prospect; Partner; Vendor; Competitor and more. You can make them as specific as you’d like in order to best track different groups. You will be able to easily sort your database and run campaigns directly targeted to those demographics; invite all prospects in a specific city to a seminar, or offer a special to clients who have not done business with you in over a year.

Track Lost Sales
Tracking what’s not working is just as important as tracking what is. If you don’t know why people decide not to do business with you, you won’t know how you can improve. As one CEO put it, “The rate at which you are improving your service and offerings is equal to the rate at which you are rising above your competition.” To use your CRM solution to help you track lost sales you can add a list of reasons to the account form, and make selecting one mandatory before your staff can move on to the next screen. This will help you research whether it’s your prices, offerings, or competitors that are causing lost sales.

Track Lead Sources
Know where to target your marketing. Identify your most effective campaigns and successfully tracking your lead sources will help you get the most out of your marketing budget and ensure a full pipeline. Tracking your lead sources within your contact account form will give you the accurate data you need for future decision making.

Sales Management
Do you know how many sales opportunities are currently in your pipeline? How many expect to make a purchase in the next 30, 60 or 90 days? Having access to this information can help you greatly when it comes to budget and profit forecasting. To do this, simply implement stages for your sales opportunities within your CRM program.

Collections
CRM centralizes all of your important financial and customer data – making it easy for your financial team to get information, track calls, automatically follow up and bring in more cash faster.

These are just a few of the ways in which you can enhance your business through your CRM program however its capabilities are endless. Since your CRM is in essence a central repository of information you can literally use it across the board from improving your marketing to personnel management. A fantastic example of just how much customization is possible through CRM is what we did for the Jesuit Refugee Service.

The Jesuit Refugee Service (JRS) is a multi-national nonprofit organization providing support to more than half a million displaced people throughout the world. They span multiple continents and countries, and had been using a custom legacy system that was unserviceable, not to mention outdated. They needed a very specific solution to allow them to run their operations more efficiently.

We were able to help them through the implementation of a completely customized CRM application. While Sage CRM is a ‘Customer Relationship Management Application’ on the surface, it also has the capability to be almost anything you need. And what JRS needed was a web-portal with a back-end database that could enable them to provide access to members and regional managers all over the world through one application. We essentially stripped out all of the sales and marketing CRM features and then used the tools within the program to rebuild it from the ground up to fit JRS’ specific requirements.

With their new program, the Jesuit Refugee Service can now send regular communications and newsletters to anyone who requests information; take advantage of Sage upgrades; and execute better broad project management. The new capabilities will allow their regional managers to archive and report on all of their projects, goals and annual accomplishments, as well as provide a better communication channel with the Rome office. Sage CRM allowed JRS to automate some very tedious processes and gave them more time to devote to their cause.