Category: compliance

Posted on

To the EU and Beyond! Avalara acquires VAT Applications

To the EU and Beyond! Avalara acquires VAT Applications

Avalara, perhaps the best known and respected purveyor of sales tax compliance solutions in the US, has made another acquisition to expand their service line.  Just announced is Avalara’s acquisition of VAT Applications, provider of the iVAT suite of VAT compliance software and services. The iVAT solutions work for customers doing business in Europe and around the world, providing (among other things) cloud-based VAT compliance services for filing returns on all EU countries… in the required formats and languages.  By incorporating the iVAT solutions into the Avalara product line, the company extends its reach and capability to serve the global market.

To Infinity and Beyond! Buzz Lightyear from Pixar film Toy Story; image from wikipedia

To Infinity and Beyond!

While Avalara solutions are quite popular with US-based small businesses, the solutions are geared to work for businesses of virtually any size. iVAT solutions now take Avalara into EU and beyond, where VAT compliance is a necessity for enterprise as well as small biz (just as sales and use tax compliance is in the US).

Avalara has successfully acquired and incorporated several companies and solutions into its fold over the years, including EZtax, HotSpotTax, SuitePlus and Zytax.  This latest acquisition fills the cloud-based tax compliance solution line very well, and positions Avalara’s portfolio among the most comprehensive available anywhere.

Sales tax and VAT compliance is a big issue for business large or small.  Finding a solution that can not only address the business need, but that can serve businesses across borders and boundaries is essential in serving today’s global economy.  Even the smallest of businesses may find itself doing business internationally, selling to customers via the web often means crossing those lines and introducing new tax and compliance wrinkles and requirements.  Avalara addresses those business needs, and delivers solutions for the market whether it is local or global. It’s light years ahead of the rest.

jmbunnyfeetMake Sense?

J

 

Over 130 Marketing Tips in this Free eBook!Over 130 Marketing Tips in this Free eBook!.

I had the opportunity to contribute to this cool free ebook from Brother, sponsored by Small Business Trends.  Check it out.

it’s FREE!  🙂

Posted on

Criteria for Evaluating QuickBooks Hosting Providers: Going Beyond Pricing

Criteria for Evaluating QuickBooks Hosting Providers: Going Beyond Pricing

When a small business elects to run their QuickBooks desktop edition software in the “cloud”, it makes sense to work with an experienced provider – a company with the people and the experience to keep the QuickBooks desktop software working properly and securely.  The keys to selecting the best provider for the business are often hidden in the experiences of others; experiences which reveal issues that may significantly impact vendor selection and which have nothing to do with the price of the service. Criteria such as system performance, responsiveness to technical issues, resources for self-help, and knowledge of support personnel – these are the things that more frequently and directly impact the customer experience and, ultimately, the customer’s loyalty.

While Intuit supports QuickBooks Enterprise in terminal server and Remote Desktop environments, they only support the license when it is deployed for the single business organization the license was issued to. If a business has lots of different users on the platform and those users don’t belong to the one company who “owns” the infrastructure and the license, then the implementation is non-compliant and won’t be supported. Intuit also doesn’t offer direct support for QuickBooks Pro and QuickBooks Premier editions in remote desktop implementations, yet the software will work perfectly well in that environment. There are a few quirks and tricks to using the software in this manner, however, so provider technical experience specifically with QuickBooks is essential.

When working with a company providing managed application hosting services and not just managed server platforms, it generally means that the provider is taking responsibility not only for the server/network/infrastructure, but also for the setup, configuration and maintenance of system users and security, and the installation/management/maintenance of the applications running on the server.  When a business elects to outsource this level of service to any 3rd party, there are a variety of areas in addition to pricing which should be thoroughly explored prior to signing the service agreement.

When evaluating potential service providers, research the provider’s offerings and performance directly as well as evaluating the public’s perception of them, considering these 4 areas:

  1. Technology
  2. Innovation
  3. Business Practices
  4. Customer Satisfaction

The technology evaluation relates not only to the systems and tools applied to the service delivery, but also to the systems or tools applied to assist the customer with dealing with the service.  Too often, providers pay more attention to their ordering systems than their service delivery, believing that a quality customer experience rests more with simple purchasing processes than with a functional and well-performing application service.  Others may focus on delivering the best and highest quality application service, yet relegate their clients to sending emails or making phone calls to place service orders or request service information.  The providers who score the highest points in this category are those who recognize that both elements – service delivery and service administration – are critically important to providing a quality overall customer experience.

The innovation evaluation looks at the actual service infrastructure and delivery. This includes features as well as limitations.  One of the pitfalls of being an application service provider is the inertia created with existing systems and customers.  Once the platform is in place and there are a bunch of users on the systems, upgrading and updating the underlying technologies can be a tremendous challenge.  I have often related this as being like trying to change tires on a moving truck.  Unfortunately, systems age and lose functionality, compatibility, support, etc.

Keeping the platform updated isn’t the only element involved with scoring provider innovation.  Even more important than simple change management supporting status quo, true innovation speaks to efforts directed towards crafting a better, more functional and more useful solution delivery.  Many skilled technicians can set up a terminal server for remote access to QuickBooks using the “standard” tools available, but it takes more skill and understanding to create a service which offers more and better capability than everyone else.  The point isn’t that the provider is changing QuickBooks software in any way – that’s not really an option.  Rather, it is in how the provider elects to architect their systems and solution, and whether they are attempting to improve the experience and deliver with a unique approach rather than a generic one.

With increased competition and as some provider platforms experience challenges either due to age or capacity, certain “interesting” practices have emerged.  I now look at these business practices as part of the process of evaluating providers.  In the early days of hosting and application delivery, the business practices of various providers had some similarities, but not any more.  The practices which frustrate me most and which always cause me to score the provider with low marks in this category relate almost exclusively to transparency – or lack thereof.  Here are two scenarios which I’ve seen come up with some frequency, and which (in my opinion) are indications that the provider may not necessarily be one you want to work with.

  • A business has signed a one-year service agreement with a hosting provider, and has been required to prepay that annual contract.  The business was not provided with a demonstration or evaluation system prior to executing the service agreement; they simply trusted the information provided by sales.  After a few months on the service, the performance and support are so poor that the business wants out of the annual agreement, even though high service levels and support responses were part of the contract.  In order to be allowed to end the service agreement and stop paying for the service, the business was told they would have to not only buy out a portion of the remaining contract, but also sign an agreement not to communicate the service problems they experienced or the exit agreement terms with anyone. (*please note that I am essentially in agreement about having to buy out a committed term agreement, at least in part, but applying a gag order? Not so much).
  • A business is using the services of a hosting provider, and has a need to know details of their delivery (like server operating system version) in order to verify compatibility with a new software product they wish to purchase.  Before the business customer is allowed to obtain the information, the provider requires that they sign an agreement promising not to disclose the information they may receive to any other party.  (*note: While I recognize that this type of agreement is desirable to protect proprietary information, it is more often used to prevent the prospective customer from disclosing something potentially negative, and it certainly doesn’t do much in terms of building trust.)

The final evaluation is on customer satisfaction, where anecdotes and information is collected from both current and past customers of the provider.  Admittedly, much of this information I scour from various forums and discussion groups and interviews but it is truly amazing what you can learn about a business simply by listening to customer stories in various social venues.  The picture these stories paint is often (frequently!) very different from the “happy sunshine and rainbows” testimonials you find on websites and in marketing brochures.  Of course, who would buy from a provider who says their “support is great until you’ve been with us for a month, and then we pretty much don’t care about you any more”.  Also, people tend to be more vocal when they’re mad about something, so there is often more negative than positive out there in the social realm, so weight that carefully.  But the fact that certain provider names come up more often than others is the clue; when you don’t see the provider name come up in these discussions, it usually means they’re simply not making people mad.

There is a lot to consider in selecting the right service provider for the business, and the items listed above are just part of it.  While there are some (few) standards among application service providers, it is still what some might refer to as an “emerging” model and will continue to evolve with the market demand and technology.

For now, businesses just need to know that their solution provider is trustworthy and willing to communicate honestly and completely. Selecting the right provider – a provider who supports their business and model with full transparency to the client –  will help the business move forward just as the wrong provider is more likely to hold it back.  While pricing is an important and unavoidable aspect of the discussion, businesses should also put some focus on these other elements which help to reveal how the provider works with their customers, and to determine whether or not they can (or will even try to) meet your requirements now and in the future. 

Make Sense?

Joanie Mann Bunny FeetJ

Posted on

Compliance in the Cloud – Their System; Your Responsibility

Can you outsource compliance to the cloud?

Outsourcing IT to a cloud service provider can be tremendously beneficial for a business.  The model allows an organization to offload not just IT infrastructure costs, but also the costs associated with developing and maintaining all of the practices and processes involved in managing and maintaining the infrastructure and systems.   There is tremendous responsibility in handling everything from platforms and infrastructure to creating best practices for maintenance, management of scalability and growth, forecasting bandwidth requirements, implementing and monitoring security compliance, creating effective and comprehensive disaster recovery plans, and more.

The question which begs to be asked is whether or not HIPAA, PCI/DSS or any other compliance requirements, and the complexities, risk and legalities that come along with them, can also be outsourced to the CSP. For that matter, can any real level of responsibility be fully outsourced, where the liability for non-performance or noncompliance is also fully shifted?

Ummm. No. It is still your problem.

What too many companies really don’t understand is that they aren’t eliminating risk by moving to the cloud, and the requirement to meet various compliance requirements really can’t be outsourced. Particularly in this area, businesses need to recognize that outsourcing certain functions doesn’t reduce or eliminate responsibility or liability.  Just the converse, it could make things a bit more difficult if you don’t keep close tabs on how the provider implements and is involved with your solution. Even beyond that, what is the impact to the business operation when requirements are not met?  Cost recovery from the provider may be one option, but how does that help the business remain operating in the meantime?

Gramm-Leach-Bliley (GLB) Act  Requires financial organizations to enter into contracts with third parties that they share their customer information with (including cloud vendors) to ensure that the third-party handles that information securely. Executives of those financial organizations can be held personally liable for failure to do so.

Sarbanes-Oxley Act (SOX)  Defines specific security mandates and requirements for financial reporting to protect shareholders and the public from accounting errors and fraudulent practices. SOX dictates which records are to be stored and for how long and requires the data owner to know the location of the data in the cloud and to maintain control of it. Failure to comply can result in fines and/or imprisonment.”

source: CIO.com

This discussion Isn’t limited just to compliance with regulations (at least it shouldn’t be)

In this conversation we need to also address what a business should do in terms of protecting and preserving its information assets (data!) even beyond what the CSP offers. Keeping confidential and private information secure and protecting the data of the business (and clients or patients or other entities) is essential, even when the CSP fails in its obligations or abilities.  This aspect of disaster recovery and continuity planning is not often considered by the CSP yet remains critical to the business customer. The sales pitch, however, never really delves into this area, because it represents an aspect of service coverage that the provider simply can’t provide.

Illustrating this particularly difficult aspect of outsourcing to the cloud is the hard lesson learned by customers of a QuickBooks hosting provider who experienced a severe outage due to a ransomware attack. The hosting service provider promised customers it backed up their data and it did, but the backup archives were also compromised.  In order to restore service, customers were expected to have their own backups of the cloud-hosted data.

While there may have been items in the service agreement which address these issues, I can say – based on a great deal of experience in just this area – the service providers rarely make this point very clear to customers, and more frequently tell customers backing up their data is no longer something they need to really worry about. It’s like that really tiny type at the bottom of a contract that nobody notices until it is too late.

“..restoration proved more difficult in Texas. Lezama explained that for the Texas clients, the backups had been compromised as well, because their backup data had synchronized with corrupt files. But Cloudnine clients are obligated backup their own data as well, as a sort of third-level security measure..”

source: AccountingToday

With compliance in the cloud, it’s their system, but your responsibility.

Outsourcing IT to a cloud service provider in no way eliminates or reduces the obligations of the business to manage certain aspects of information systems and data.  What outsourcing can do is deliver a greater operational capacity and agility more affordably.

The responsibilities to establish information and systems management practices and processes remain firmly with the business, and actually represent a strategic component of the business that is unwise to outsource anyway. Resilience in a business and its ability to conform to regulatory and other requirements are the foundations of sustainability. Remember that cloud providers and services can be leveraged to improve certain cost and system performance metrics, but it remains solely with the business customer to find ways to reduce risk and create a greater assurance of continued operational capability.

Make Sense?

J

Posted on

In Bookkeeping, Accounting, and Information Technology: The Value of Outsourcing

The Value of Outsourcing

The small-business market, unlike the mid- and enterprise markets, utilize the general services of public accountants in much greater volume and typically for more fundamental business services – such as business bookkeeping and daily process support. Larger organizations typically employ accounting and bookkeeping departments and/or in-house personnel, and rely on outside accounting professionals for higher-level work. Small businesses, on the other hand, want to hand off much more of the core bookkeeping and checkbook management functions to their public accountant. This creates a volume of fairly mechanical work which can be burdensome and not terribly profitable for many CPA firms. But this level of work is of significant value to the small business owner, and thus the value of outsourcing to the accounting professional should be clear.

CPA firms started to step away from bookkeeping activities (this is in the 1980’s or so), reserving their time for compliance, audits, and other engagements referred to as the “higher level work”.  As business accounting became more complex (largely due to advances in information management technologies as well as accounting and tax regulations, which generated a LOT more detailed information to “account” for), many professional firms saw a need to focus on their core offerings, and not on the lower level bookkeeping and record keeping activities.  As a result, the emerging cottage industry of bookkeeping service providers grew in power and numbers, and came to represent a critical intermediary between the CPA and the small business owner.  Truly, bookkeepers and software consultants are often the folks who help to automate the processes, capture the information, and organize the data so that it is useful to the accountant.

The issue that revealed itself was that small businesses started to pay more attention to the technology and business solution advice and direction of their bookkeepers and consultants than the advice of the CPA.  In a lot of cases, the CPA kept an arm’s length from the business, concerning themselves with their tasks, and not paying significant attention to how the data is collected or controlled.  As long as they got the data, that was OK.  As the reality started to set in, that bookkeeping and information management consulting also delivered the “higher level” accounting work, CPAs once again sought a means to gain more direct participation in the client business… but through a somewhat less direct manner than previous.  Now, partnering was revealing itself as the means to more fully engage the business, and the bookkeeper or consultant, in the overall accounting value chain, resulting with the delivery of work as well as value back to the accounting professional.

The enabler of this value chain, where the accounting professional, the bookkeeper, and the business owner can all work in concert without limitations in systems or based on location, is the cloud.  Providing standardization in terms of data platforms and integration, offering mobility and device independence, and combining resource management and access into a comprehensive approach to solving business problems is enabled through cloud technologies and connected solutions and services.

For many, this concept of fully technology-enabled business seems frightening, like a loss of control or individual accountability.  But it’s important to recognize that, as things become more complex, the opportunity for specialists is always created.  In the ever changing world of technology, it’s a dangerous approach to believe that you can be all things to all people, just as in accounting or tax.  You can’t be a specialist in every area, so you specialize in your niche, do it better than anyone else, and outsource/partner to get the rest done.  This is a philosophy of the cloud, and it’s working.

The true value of outsourcing, whether it is a small business outsourcing their bookkeeping and accounting to a public accountant, an accounting professional outsourcing bookkeeping work to a bookkeeping provider/partner, or those businesses outsourcing information technology management to cloud solution providers, the end-result can include improved focus on the core business, greater agility in embracing and adjusting to new strategies, improved quality of information through attention to process and control, and a much higher level of value delivered to all participants in the value chain.

Make Sense?

J