We all know that the internet poses many threats to the safety and security of our companies. However the old solution of simply blocking certain websites is no longer a viable option. With the increased necessity of social media sites to be used for business purposes, many employees need access to once restricted areas in order to do their jobs properly. Further, there are several ‘workarounds’ available for the more technically savvy members of your staff assisting them in gaining access to once restricted domains of the internet – putting your company at risk.

So then what is the solution?

The first thing is to make sure your internet usage policy is current, up-to-date, and that it works with and not against employee effectiveness while also protecting your organization from harm.

Secondly, be sure you are as up-to-date as possible on the workarounds being used to gain access to restricted sites. While some sites like LinkedIn and Facebook are more acceptable within our offices than they used to be, others like gambling sites should still be blocked to protect you from malware. We recently read a great article by Joan Goodchild, Senior Editor for CSO Online, discussing the most popular workarounds and ways to combat them and have provided a summary for you here.

Workaround 1: Typing in an IP address instead of a domain name

• Using the IP address of a blocked site will sometimes allow users to bypass security that looks for a domain name only, and there are many websites where the IP address can be accessed by employees.

Workaround 2: Finding a cashed version

• Search providers, like Google, cache websites on a regular basis – which basically means that they save a version of the site on their own servers. One can navigate to a cached site in Google by clicking on the ‘cached’ button after a search result.

Solution: Ignore the IP/URL blocking altogether and block sites based on the content line instead.

Workaround 3: Hiding behind encryption

• Entering HTTPS in front of the web address will often provide a stripped down version of the restricted site. There is also SSH, encrypted SOCKS, and other different alternative channels that masquerade as web traffic on less than intelligent network devices.

Solution: You may consider implementing a web proxy and gateway that allow content to be analyzed by creating a pit stop along the way.

Workaround 4: Using proxy servers and other privacy-friendly tools

• Some employees set up their browser so that their web queries go through an encrypted tunnel to an external server which may give them unrestricted access to sites. An example of this is GhostFox, a browser extension of Firefox.

Solution: If the proxy server is unencrypted, you can inspect the traffic and block either by blocking proxy connections at your firewall and/or by looking at web page content. If the traffic is encrypted then blocking becomes difficult, if not impossible.

Workaround 5: Using smartphones

• While using a personal smartphone isn’t necessarily tampering with a company computer, it can still be a violation of company policy if it is being used to access blocked sites during paid work hours.

Solution: Options for security in this instance are limited unless the device is provided by the company in which case it can be restricted through policies and proxy servers. However if it is a personal phone, the only answer is monitoring by management and strict no-usage policies.

Ultimately one of your best tools can likely be found in good old fashioned communication. Consistently letting employees know why policies are in place, and how they protect the organization can increase their respect for the ‘rules’. Further, an open door policy with your management that allows employees to explain why and how a restricted site may increase their customer service or productivity is a must. It is important to make sure we are not only protecting IT resources – but also encouraging our staff to find ways to become more efficient.

To read the entire article, click here.

A couple of weeks ago we reported that the AICPA had come against some of the more burdensome requirements originally included in the new Patient Protection and Affordable Care Act regarding new 1099 information reporting requirements. Namely a provision requiring businesses to report any purchase from a vendor (including corporations) of goods or services worth $600 or more. The main concern we noted was that, ‘this would put an unnecessary burden on small businesses compiling the data each year and that the information provided to the IRS wouldn’t be beneficial as it would be difficult to reconcile individual vendors from various 1099 statements in order to collect unpaid taxes.’

Recently members of the Senate have responded to this outcry with bill amendments to the Small Business Jobs Act hoping to relieve this and other issues.

A new modified version of the Business Jobs Act including an amendment to repeal the expanded 1099 filing requirement is scheduled for vote by the Senate on September 14th. However there are others who have further ideas in regards to the bill’s improvement including:

• Raising the threshold for reporting transactions from $600 to $5,000.
• The elimination of the $15 billion Prevention Trust Fund, which provides access to preventive services, including cancer screenings and smoking cessations programs.
• Repealing tax cuts for the five largest oil companies, allowing them to deduct 6% of their income from oil and gas production from their tax liability.

The bottom line is that the bill isn’t yet complete – and there is still time for improvements before it becomes effective in 2012. If you’d like to read more information on this issue, click here.

Under the new healthcare law in the Patient Protection and Affordable Care Act is a new reporting requirement that requires businesses to report any purchase from a vendor (including corporations) of goods or services worth $600 or more.

The AICPA believes that this would put an unnecessary burden on small businesses compiling the data each year and that the information provided to the IRS wouldn’t be beneficial as it would be difficult to reconcile individual vendors from various 1099 statements in order to collect unpaid taxes.

The new reporting requirement will take effect for the 2012 fiscal year and will be reported on 1099 forms in 2013. In his letter, AICPA Tax Executive Committee chair, Alan Einhorn stated, “This expansion of information reporting may prove to be so burdensome to small businesses that we believe it will significantly contribute to the hurdles to growth and formation that businesses face. Repeal of section 9006 of the Act is the best alternative to imposition of an overwhelming compliance burden on the nation’s small business community.”

For more on this, click here.

Several weeks ago we introduced the topic of IFRS accounting standards to you and summarized a Sage whitepaper detailing how Sage Accpac can assist you in making the transition easier. As mentioned previously, the world is making a move towards a single set of global accounting standards in order to guarantee comparable financial statement preparation and disclosure on an international level. The United States plans to convert to these new reporting standards in 2014, and will require any publicly traded companies to report on both the current GAAP and IFRS standards in both 2012 and 2013. However there may be some benefit for all companies (including those not required as of yet) to convert to the IFRS standards as there is a good amount of speculation that the GAAP standards will eventually become obsolete across the board. 

Now that you are aware of the coming changes, what initial steps should you take to ensure your organization is ready? We realize the concept of completely changing the way you prepare your financial statements can be overwhelming, and that many of you are concerned about how the new standards will affect the way you do business. The first step to success is to do your homework. The more information you have regarding changes you’ll be making, the better prepared you’ll be when the time comes to implement the new processes. 

We found a great whitepaper on ifrs.com titled, Financial System Considerations in IFRS Conversion Projects, which we think will help you lay the foundation of knowledge for the new accounting process, and we’ve highlighted some of the information for you here.

Potential System Impacts of an IFRS Conversion
The impact to IT and financial systems can vary depending on your company’s existing structure and environment. This may include its IT and financial systems capability/integration, industry complexity, company size, relevance of business process/transaction, internal control structure, mergers and acquisitions process, and other attributes.

The extent of changes may also vary depending on the consolidation method that management chooses. Consolidations may be implemented at the corporate-level or at each individual country/entity. However, companies that implement at the corporate level may potentially run the risk of error and potentially re-stating their financial statements as well as other situations if the numerous journal entry adjustments are not tracked or controlled properly. Furthermore, if a dual reporting system is in place during the transition period, the reconciliation process needs to be taken into consideration. Reconciling between two different “views” of the financial statements poses different problems than singularly supporting one version or the other. Therefore, having an effective reconciliation reporting system is an important aspect to the learning curve of the IFRS transition.

Primary Differences beween IFRS and GAAP
Transaction Differences

Inventory

- IFRS does not permit Last In First Out (LIFO) method

- Method of measuring inventory

- Reversal of write-downs

Property, Plant & Equipment

- IFRS requires certain assets and depreciation be recorded at component level

- Intangible Assets (such as R&D) and Impairment

- Development costs may be capitalized when certain conditions are met and require detailed reporting

- Impairment testing

Share-based Payments

- Timimg of recognition

- Valuation of liability-classified transactions

In addition to the transaction examples above, the IASB and FASB are also working jointly on several MoU projects target for completion in 2010 and 2011. Some of these major convergence projects include:

• Revenue Recognition
• Leases
• Financial Instruments
• Consolidations
• De-recognition
• Fair Value Measurement
• Financial Statement Presentation
• Financial Instruments with Characteristics of Equity

Once these projects are completed and new standards are released, these changes will impact how the transactions are recorded, processed and/or reported within a financial system.

Certain IFRS/GAAP differences may be adjusted through General Ledger journal entries or chart of account structuring and do not require system changes at the sub-ledger level. The approach will vary depending on your organization’s structure and environment.

Impact to Financial or Business Reporting
Converting to IFRS will impact a company’s external and internal reporting requirements. Although some transactional differences require only journal entry adjustments within the GL, other changes may impact an organization’s current reporting infrastructure (such as data warehousing environment or associated reporting program). Furthermore, journal entry adjustments for multiple countries and parallel reporting in IFRS and GAAP may become cumbersome without additional tools to assist in the process. Companies will either have to (1) maintain both processes for statutory reporting until the three year requirement is complete, or (2) maintain one process and make topside adjustments to the other statutory reporting requirement.

Lessons Learned from the European Experience

• Start the planning process early. The average IFRS conversion time is likely to be between 2 ½ – 3 years
• Seek to identify difficult accounting or systems issues early in the process. Researching and securing the judgment of professionals on technical issues can take time.
• Allow for unforeseen problems, and perform system tests prior to going live.
• When evaluating accounting/reporting issues, give due consideration to long-term impacts of the resulting decisions.
• Devote extra attention to the extensive disclosure changes that may be required by the conversion.
• Complete training early and often.

To read the entire whitepaper, Financial System Considerations in IFRS Conversion Projects, click here..

There’s no doubt that getting the most out of your IT investment should be one of your top priorities. Many IT vendors have taken notice and are doing their part to ensure you’re working smarter and have access to the accurate data you need, when you need it. However the concept of IT Optimization can be defined in many ways, and we think a recent article on bigfatfinanceblog.com by Alan Radding narrows these down quite well.

1. Mission Optimization: The first step you should take is to determine what exactly you want your IT to do for finance, and your business as a whole. Your IT should be leveraging data, systems, and networks to help the business attract customers and generate more revenue.
2. Platform/Vendor Optimization: The more platforms your company supports the more difficult they are to manage. While a single platform may be unrealistic – you should strive to have as few as possible.
3. Application Optimization: Be sure to run the best mix of applications for your company. Focus on those like business intelligence, analytics, performance management and collaboration.
4. GRC Optimization: Define governance policies in a way that IT systems can be appropriately automated, monitored, and enforced.
5. Security Optimization: This goes hand-in-hand with GRC Optimization to address data protection and privacy. This last step should have a broad scope and should be built into everything IT does from the outset.

If done correctly IT optimization can lower costs and generate revenue. To read the article in its entirety, click here.

With over 100 countries now requiring or permitting IFRS reporting, some of which include Hong Kong, Malaysia, Australia, India, Pakistan, Turkey, Singapore, Russia, South Africa, the European Union and the Cooperation Council for the Arab States of the Gulf – there is little doubt we’re officially headed towards a global accounting system.

In Canada the Canadian Accounting Standards Board (AcSB) has confirmed that IFRS will replace the Canadian GAAP (Generally Accepted Accounting Principles), on January 1st, 2011, for publicly accountable profit-oriented enterprises.

In the U.S. companies making the change must run the GAAP and IFRS reporting in parallel for fiscal years 2012 and 2013, in preparation for 2014 when IFRS rules will become effective.

What Is IFRS?
IFRS is a single set of global accounting standards, developed by the IASB as a means to guarantee comparable financial statement preparation and disclosure throughout the world.

Why do we need global accounting standards?
With so many businesses throughout the world, both small and large doing business internationally – there was a need for a single, world-wide system of high-quality standards to improve transparency and support between investors and partnering organizations. It effectively allows international companies to speak the same financial language.

What challenges will this change pose?
Converting to IFRS will present a number of challenges for companies. You should have the responsible parties (CFO, Controller, etc.) within your organization begin to learn about the new standards and work with external accountants to help you in the process. It is vital that the learning and training process begin immediately to ensure you are ready when the time comes. Some specific items you’ll want to cover include:

• Researching technical accounting issues
• Learning the differences between IFRS and GAAP
• Ensuring your software is capable of handling the change

Why should small and mid-sized companies care about IFRS?
Though IFRS standards tend to apply more to publicly accountable organizations – or those listed on stock exchanges, it doesn’t stop there. Some say that GAAP guidelines will eventually disappear requiring all businesses to report under the new IFRS standards.

IFRS and Accpac
If you currently use Accpac – you are in luck. Sage Accpac already has the necessary features and functionality to support a transition to IFRS.

For example, Sage Accpac…

• Is familiar with IFRS reporting as they already has over 13,000 clients in IFRS jurisdictions.
• Currently allows users to choose from a wide range of configuration options to ensure their transactions are processed and their accounts are kept in compliance with whatever local rules they happen to operate under.
• Allows users to revalue monetary assets to comply with IFRS rules.
• Has seven IFRS-compliant inventory costing methods, and a full range of IFRS-compliant project accounting methods to choose from.

For more information on this topic click here.

According to a recent survey performed by Unit4 Coda, Accountants are under added unnecessary stress. The survey found that accountants feel they are being held to unrealistic deadlines and have an over-reliance on spreadsheets due to inefficient accounting systems. Further, among the top contributors to unnecessary stress is an apparent disconnect between executive management teams and accountants.

A report of the survey’s findings on unit4coda.com states, “Over 66 percent of the survey’s respondents(1) said an average close period takes over five days to complete, but the survey also revealed that more than 55 percent of accountants are expected to complete a close in a maximum of five days.”

Other items noted were:

• 70 percent of respondents reported that inadequate reporting from their financial systems was a source of stress.
• 58 percent spent more than four hours reconciling subsystems to the GL with 25 percent taking two days or more.
• 53 percent of accountants reported clocking overtime hours during a period close.

It appears as though many companies are still struggling with antiquated processes and software which is adding unnecessary pressure on accountants and employees as well as increasing the likelihood for error. If this situation sounds familiar, it is definitely time to take a look at how a better system and automation process can improve the overall operations of your organization.

If your company accepts credit cards for payments, PCI compliance applies to you. BV 2009 or any earlier version is not compliant.

Regardless of size or industry, all companies that accept credit cards must adhere to the safeguards mandated by the Payment Card Industry Data Security Standard—referred to as the PCI DSS. While most companies are aware of PCI, many are unsure what it means for their businesses. As well, companies that use a third party for clearing and remittance often incorrectly assume that PCI compliance does not apply to them.

So, what are the risks of noncompliance? Beyond exposing your customers to fraud or identity theft, your business can be held responsible for the credit card company’s losses. In the event of a security breach or lack of PCI compliance, credit card institutions can assess your company higher credit card processing fees and levy fines of up to $500,000—or even bar your company from processing any credit card transactions at all. Keep in mind that this applies to all companies that accept payment by plastic—even if they don’t store any related data.

The PCI DSS is a multifaceted security standard that includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures. This comprehensive standard is intended to help organizations proactively protect customer account data. It is a group of principles and accompanying requirements, around which the specific elements of the DSS are organized:

Build and Maintain a Secure Network

Requirement 1: Install and maintain a firewall configuration to protect cardholder data

Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters

Protect Cardholder Data

Requirement 3: Protect stored cardholder data

Requirement 4: Encrypt transmission of cardholder data across open, public networks

Maintain a Vulnerability Management Program

Requirement 5: Use and regularly update anti-virus software

Requirement 6: Develop and maintain secure systems and applications

Implement Strong Access Control Measures

Requirement 7: Restrict access to cardholder data by business need-to-know

Requirement 8: Assign a unique ID to each person with computer access

Requirement 9: Restrict physical access to cardholder data

Regularly Monitor and Test Networks

Requirement 10: Track and monitor all access to network resources and cardholder data

Requirement 11: Regularly test security systems and processes

Maintain an Information Security Policy

Requirement 12: Maintain a policy that addresses information security

Acquirer audits, which can be carried out at any time, cover the 12 areas of mandatory compliance. The failure rate for PCI certification audits is high; according to recent research by VeriSign in “Lessons Learned: Top Reasons for PCI Audit Failures and How to Avoid Them,” fewer than 30 percent of companies pass these examinations on the first try.

Accpac currently does not have a credit card processing module, so Accpac users do not need to do the approval process.  However, Accpac does have static fields for storage.  If a company is using these fields, there will be a utility supplied by June to scrub those fields of any data stored.  Anyone who uses any other program that stores credit card information will need to check with those providers to ensure they will be compliant by June 1^st.

To learn more and even take a self-assessment questionnaire to evaluate your risk visit: www.pcisecuritystandards.org.

Other helpful PCI resources include:

• www.pcicomplianceguide.org.  A great source for FAQs and PCI Myths, Articles on various PCI topics, explanation of SAQ forms and a section to instant message questions to a PCI expert.
• www.sagepayments.com/pci
• http://usa.visa.com/merchants/risk_management/cisp.html Visa link to CISP site that explains what to do if compromised PCI-DSS basics, PA-DSS definitions, and Service Provider information.
• PCI Webinar: https://trustwave.webex.com/trustwave/lsr.php?AT=pb&SP=EC&rID=50082902&rKey=57a7c878c0733489
• PCI for Dummies eBook http://cdn.bestsoftware.com/SageMail/Q3_2010%20PCIforDummies/PCI_Dummies.pdf

Free Webinar – Register Now!

Thursday, June 10, 2010
10AM PDT / 1PM EDT

How do the most agile, responsive and successful businesses become that way? They effectively leverage what is arguably their most critical resource – accurate, complete, consistent, secure and timely information.  This webinar will show you how ERP solutions can help to transform disparate information silos into coherent, integrated and actionable forms that can improve the operational aspect of your organization. You’ll also get advice and practical tips for what to look for in an ERP system in the context of your information needs.

Sign up for this FREE LIVE event to learn how to:

• Ensure both high information quality and effective presentation of that information to enable better decision making across your organization
• Manage the distribution of information and the high speed of data transfer in a way that reduces information failures, security risks, and poor decision making
• Look for the practical features and core functionality that enables an ERP solution to meet your information requirements
• Extract the maximum value out of today’s ERP solutions to improve process efficiency, reduce costs and drive revenue

Featured Speakers:

Michael Oliver-Goodwin is a Contributing Editor for Focus. He is a widely published writer and an experienced editor for publications, including PC World, MacWeek and InfoWorld. He recently published his New Orleans book, Heaven Before I Die – A Journey to the Heart of New Orleans in December 2009.

Alexandre Attal is a General Manager for Sage North America, a subsidiary of Sage Group PLC, the world’s leading vendor of business application software for midsize enterprises. Attal manages Sage ERP X3 North American operations and is responsible for strategic product and marketing development, sales and professional services. With more than 20 years of sales and marketing experience in the technology industry, Attal has a proven track record of developing business value for both large and midsize customers in various industry segments. Prior to his current position, Attal held multiple management responsibilities at IBM. After becoming IBM France General Manager in 1995, he moved to IBM Corporation in the US in 1997. His career at IBM includes leadership positions in product marketing, distribution channel sales and services management. He operated Freelance.com, an Internet venture offering technology services, before becoming CEO of X3 developer Adonix in 2001. Adonix was acquired by Sage Group in 2005.

Michael Krigsman is CEO of Asuret, Inc., a consulting company dedicated to reducing technology implementation failures. Asuret’s suite of software tools improve the success rate of enterprise software deployments by quantifying and measuring governance issues that cause most project failures. Michael led the research effort underlying Asuret’s model of collective intelligence and its practical application to reducing IT failures in consulting environments. He is a recognized authority on the causes and prevention of IT failures and is frequently quoted in the press on IT project and related CIO issues. He is considered an enterprise software industry “influencer” and provides advice to technology buyers, vendors, and services firms.

Previously, Michael served as CEO of Cambridge Publications, which develops tools and processes for software implementations and related business practice automation projects. Michael has been involved with hundreds of software development projects, for companies ranging from small startups to Fortune 500 organizations. Michael graduated with an M.B.A. from Boston University and a B.A. from Bard College. He is a Board member of the America’s Cup Hall of Fame and the Herreshoff Marine Museum in Bristol, RI.

This webinar is complimentary however RSVP is required.

Register today!

A good software decision can greatly improve your productivity, business intelligence, and overall operations management. However a bad choice can at best cause unnecessary headaches, double work and provide poor data, and at worst put you out of business. Therefore avoiding some common pitfalls can be a great way to ensure the future success of your organization.

A recent article on Businessbrief.com notes the top five IT buying mistakes made by businesses and we’ve adapted it below.

1. Not knowing what you need.

Do not approach an IT purchase with the attitude of, ‘seeing what’s available and picking something.’ Similar to purchasing a house or car, you should make a list of your must have and ‘nice to have’ requirements to compare to possible vendors and software systems.

2. Being in a hurry to choose a system.

When you’re in a hurry, you’re less likely to do the appropriate amount of research. Experts recommend looking at several vendors and software options before making a choice. A larger group of options will give you a better view of the features and benefits available to you.

3. Looking at unqualified vendors.

If you have a needs list it will help you avoid this particular mistake. Knowing what you want and can afford will help you sort through which vendors can provide what you need, and at the right price.

4. Being vague about budget.

It is vital that you know how much you can afford in order to make sure you are staying within the appropriate scope throughout the process. If you end up spending more – there should be a very good reason, as well as an obvious ROI.

5. Being vague about scope.

Again, this goes back to your list of requirements. When you receive a quote from a vendor make sure all of your requirements are included in the implementation outline. Be sure you are receiving all of the customizations, specific reports and interfaces, etc. that you decided upon. Having a vague scope is the number one reason companies spend more than they can afford, and/or end up with systems that don’t meet their needs.

To learn more click here.