risk management – Page 20 – Cooper Mann Consulting

June 13, 2013June 17, 2013

Preparing for Disasters of the Legal Kind

As businesses begin to realize the benefits of cloud computing and business data mobility, they may be overlooking one of the most important issues any enterprise can face: information management in the event of litigation. While the IT department probably has a disaster recovery plan for handling various computer system failures, is there also a plan for managing system data and electronic information in the event of a “legal disaster”? In the spotlight is e-discovery, which is the requirement of the business to respond to legal requests for electronically stored information, and the issues CIOs and business owners should be paying attention to as computing solutions and technology models continue to change at a rapid pace.

The popularity of BYOD (Bring Your Own Device), data sync solutions, and online collaboration tools has created an environment where business data may exist in various states (meaning as in conditions or status, not as in State, like California) and on a variety of devices and systems, some of which may not be in the direct control of internal IT. Regardless of where or how the information was delivered to these devices and systems, CIOs and business owners should recognize that the information on those devices is included in discovery requests, and should be prepared with a plan for dealing with the response.

This “e-discovery plan” is the most important thing, and it means not only working through the various aspects of managing the information, but also providing consideration to keeping the plan updated. As technology changes, and as user behavior changes along with it, businesses must adjust their IT management approaches in kind. Consider that a user couldn’t store business data on their phone until the phone was able to handle that function. Now that smartphones are the norm and tablet computers are gaining in popularity, business data is roaming on personal and business devices. These advancements may introduce productivity and process gains which provide an advantage to businesses, but they also introduce potential risk and certain complexity when it comes to e-discovery.

Litigation is always expensive, but sanctions for slow response or other costs can be avoided if the plan helps the business respond in a timely manner. For this reason, the plan should include an identification of all sources for information (every location where business information and data is stored), as well as the steps to be taken to preserve this data in the current state. If the business has systems which regularly purge information (like accounting systems which purge prior period details, email systems which automatically purge old emails, or backup systems which delete old backup files as new ones are made), all of these activities must be halted. If the company doesn’t have access to control the various devices and systems to prevent these activities (or doesn’t know that they are happening), significant risk is introduced. In the case of a legal “hold”, all data and metadata and the audit controls and files must be preserved.

The final steps in the plan are the steps to be taken after the litigation is over. This is often times a forgotten part of the plan, which is the final destruction of the information gathered for discovery. Not that the original data must be destroyed (consider ALL dependencies), but the “database” of collected information related to the litigation probably should be. With this data pooled in a single place, it becomes a potentially valuable target for a data breach. At minimum, the collected information could too-easily be pulled into an entirely new legal case.

IT managers, CIOs and business owners must be realistic about the information their enterprises generate and store, including being realistic about the risk potential that duplicated and mobile data represents. It is not that the enterprise should be afraid of allowing mobility and providing remote access solutions, but it is essential that the enterprise control the use of these solutions and how they use or interact with business data. Without a strictly enforced policy of usage and control for all devices, services and solutions “touching” business data, any legal disaster planning falls short.

Joanie Mann Bunny Feet Make Sense?

Read More:

June 12, 2013

e-Discovery in the Cloud: Benefits versus Risks

After many years of working with business professionals in “enabling” their organizations to make better use of technology, I must say that it is a bit frustrating trying to get folks to understand that this new and wonderful cloud computing model (or Internet-based computing, SaaS, or whatever-you-want-to-call-it computing) is still just technology. It uses computers and disk drives, it runs software, it takes electricity, and it was developed by human beings. It can break. It’s not magical and perfect and you can’t get the good stuff for free. Swim at your own risk. So, assess the risks, and measure the benefits against the risks and costs. For many, the benefits outweigh the risks, as cloud computing approaches can deliver advanced capabilities at cost levels not previously available to most businesses.

No industry is immune to the security and access considerations surrounding a cloud computing model. Particular those lawyers involved in e-discovery (all of them) have recognizing the potential benefits – and tradeoffs – of the model. This reality was clearly revealed at the ILTA (International Legal Technology Association) 2010 event in Las Vegas. While the discussions at the conference were oriented specifically towards the legal profession, the IT-related discussions are totally relevant to every business. Accounting and finance professionals should pay close attention to this type of conversation, as it relates very directly to accounting’s approach to information technology and the application of IT in the business or professional practice.

In a recap of the event entitled ILTA 2010 in Las Vegas: Strategic Unity, Defensibility, and the Cloud, author Chris Dale discussed that professionals in both public and corporate service must work with the IT departments towards a common goal. “IT is no longer just a service department providing an infrastructure, applications, training, and troubleshooting.” While these elements still remain as critical aspects of IT, the role has grown to also incorporate considerations for collaboration (collaborative information management), mobility, and social media.

Recounting one session attended, called Defensible Ediscovery Processes, the author related the variety of definitions provided to the general term” defensible”, which were pretty amusing. These definitions ranged from “protected against attack“, to “less lousy practices“ or “practices which suck the least” (my personal favorite), and finally, “what you can get away with without being found guilty of spoliation“. From these definitions then came qualifiers, such as “reasonableness” and “faith”.

Why would defensible processes be important, and how does this relate to IT or cloud computing? An example of the element of “faith” came up in this context: ” how can [lawyers] have faith that the technology is delivering the right answers?” A panelist gave the sample of “an email retrieved from (or possibly not retrieved from [love those lawyers]) a system, with 26.5 pages missing. How can you be sure that the systems which you are using will not do that to you?” These are valid questions in any IT environment, and are no less important when considering a cloud-based technology model. The trade-offs are related to perfection in functionality and performance of the solution versus cost, and should be measured in proportion to one another.

The tradeoffs may come in a variety of areas, with collaboration and connectivity being the primary drivers (collaboration) and barriers (connectivity) to the model. Businesses are more than ready to adopt cloud computing strategies based on the belief in improved collaboration, access to information, and improved IT management, but tend to overlook the offsets in the areas of bandwidth availability (and consistency), application functionality (or lack thereof), and level of support available from the provider. In support of this argument, Jerry Justice (IT Director for SS&G – Certified Public Accountants and Advisers) posted in a LinkedIn discussion on the topic that “by design the Internet is ‘reasonably’ connected, but not the same as a well-connected [local] network. the upside is it gives you the ability to connect from great distances, the tradeoff is that you experience variable connectivity.”

“The underlying issues are that there is a paradigm shift to working on the Internet (from working in the office) and then another shift when you add in cloud-based environments (versus local apps). It is possible to be very productive, but .. you have to adapt your approaches“.

The idea “that perfect must be qualified by cost and proportionality” was also discussed in an ILTA session on cloud computing which included panelists from Autonomy iManage, Mayer Brown, and Ernst & Young. “Cloud computing remains a contentious area, with no obvious agreement even as to what the term means, let alone as to its implications” wrote Mr Dale in his recap of the event. While the panelists held differing views, the representative from Mayer Brown held a position similar to Mr Dale, in that it is important to “dissect the objections one at a time, accepting that there is room for more than one view, and testing arguments against the alternatives. Arguments based on pure cost are pretty compelling, and if one method of achieving an objective is very much cheaper than the others, then the burden shifts to those who argue for the more expensive route.”

Discussions went on to describe differences between public cloud providers and others, who segregate customer data in “private and identifiable silos”. “The key word here is identifiable“, writes the author, “which connotes a geographical certainty as well as anything else. I sometimes wonder if the imagery associated with cloud computing (invariably a jagged line disappearing into some cumulus) does not leave some people with the idea that their precious data is indeed floating in some inchoate container up in the air.”

“If you neglect to provide in your contract that your data remains in a specified jurisdiction, and if you fail to conduct proper due diligence checks on the provider, then you deserve all you get. Like any risk assessment, it involves weighing cost against other factors; most of these other factors are definable and quantifiable“.

I couldn’t have said it better myself.

Joanie Mann Bunny Feet J

original post March 24, 2011

June 10, 2013

Are the security requirements for accounting and finance professionals using cloud services any less stringent than those governing lawyers?

As accounting and finance professionals look to the cloud and Internet technologies to address collaboration, mobility, and improvements in service delivery, they should also be looking at ways to ensure the protection and security of client financial information. Professional services organizations of all types are embracing cloud products and services, sometimes without properly considering how it might impact information security and business risk. The security requirements for accounting and finance professionals using cloud services are no less stringent than those governing lawyers.

In her article “NC Bar Council issues final opinion on the cloud “, author Nicole Black points out some of the essential considerations for using cloud computing services in a professional legal practice. Accounting and finance professionals should recognize this guidance as being applicable to their businesses, too.

The main question stems from the ethical issues faced by “lawyers who intend to store confidential client information on servers owned and operated by third parties”. An opinion issued by the North Carolina State Bar Council addressed two primary questions in this area:

1. Is it OK for a law firm to use Software as a Service or cloud computing products?

2. Are there any special vendor assessments or other measures which should be taken by lawyers who wish to minimize the security risks of implementing this type of solution?

Read the entire article by Nicole here (PDF format)

Nicole Black is a Rochester, New York attorney and the Vice President of Business Development and Community Relations at MyCase, a powerful and intuitive cloud-based law practice management platform. She is also a GigaOM Pro Analyst and is the author of the ABA book Cloud Computing for Lawyers, co-authors the ABA book Social Media for Lawyers: the Next Frontier, and co-authors Criminal Law in New York, a West-Thomson treatise. She is the founder of lawtechTalk.com and speaks regularly at conferences regarding the intersection of law and technology. She publishes four legal blogs and can be reached at nblack@nicoleblackesq.com.

Joanie Mann Bunny Feet J

original post April 5, 2012

June 3, 2013

Client Solutions, not just Professional Services

Accounting Professionals serving a small business client base are struggling to find ways to demonstrate the value of the services they provide, yet many firms remain focused exclusively on their own processes and improving profitability therein rather than looking “outside the box” to see how they might involve the client in the discovery. The obvious element which these firms are not addressing is the client user, and how a direct participation by the client becomes the foundation for internal process improvement. After all, a lot of what accounting professionals are battling against is perceived value. If the client were to be a more direct participant, the value of the work and the tools which support getting it done could provide a more tangible or visible aspect and increase the overall value perception of the client.

It is easy to say “get the client more involved”, but actually doing it can be the real challenge. Professionals are recognizing this reality as they attempt to engage client users in online portals for document exchange and by providing application functionality which is supportive of the accountants’ processes. While some professional firms are experiencing success with this approach, many other firms are not. There are likely a variety of reasons why some firms have more success than others in getting clients to work with their online tools, but I believe there are two key elements which impact success: accountant-centric focus, and provider lock-in. Whether these elements work to the firms’ advantage or not depends solely upon the specifics of the service model and client market being served.

Accountant-centric focus

Most accounting professionals recognize that paperless approaches to working with client information and documents makes a lot more sense than working with the actual paper. Particularly with the innovations in image capture, OCR and zero-entry solutions, it is logical to try to get as much of the required information transformed into useful digital data as possible. Data entry time is reduced, accuracy is improved, and the resultant information is better and more useful and may be processed more efficiently… for the accounting professional. For the client, on the other hand, it’s just another way to get information to the accountant (who is always wanting more information). The value of the deliverable – the reconciled bank account, financial report, tax return or whatever – isn’t increased. The solution often offered to the client is a solution intended to solve not the client problems, but the accountant’s. For the client, it is difficult to see this as a “solution” to any evident problem they face.

Provider lock-in

Business software customers are often commenting about how the solutions they use don’t allow easy transition to alternative products, or add-ons are only available from developer-prescribed sources. Vendor lock-in is a consideration and may be a barrier to doing business, because business owners want to know that they have the ability to change as business requirements change… whether it means changing software and systems, or whether it means changing professional service providers. As more professional service providers attempt to engage their clients in technology-based approaches to doing business, clients are recognizing that these approaches may come with “strings attached”, limiting their future choices. While it is important for the professional services firm to protect its work product, it is also important to consider the client’s position. Part of every business relationship is trust, and that trust should not be one-sided. Just as the professional trusts that the client will work with them in a legitimate manner, so does the client trust that their professional will not hold their information hostage if they elect to make a change or engage with other providers in the future. Additionally, does the system provided by the accounting firm allow the client to collaborate with their own team members or other service providers, or does it address only the interactions between the accounting pro and the client? This also represents a barrier to participation, as any given client business likely interacts with a variety of providers – many of whom are also asking that owner to implement solutions which improve their ability to do a form of e-business together.

As accounting service providers look to technology to facilitate closer and more efficient working arrangements with clients, they would do well to also consider how that technology is positioned to benefit the client as well as the professional practice. Delivering a solution which provides clients with the capability to control information access, which allows collaboration with their various service providers, and which facilitates a lean process approach for all involved could be the right answer to the problem. Perhaps this becomes the most important factor – client enablement – and focusing on solutions which address the clients’ information management and processing requirements as well as those of the firm.

Make Sense?

May 23, 2013September 5, 2018

Moving Your Systems to the Cloud

The IT industry is promoting Software as a Service and online applications as the new normal for computing, and unless you’ve been living under a rock for the past few years you have heard how it is supposed to make our computing lives ever so much better. Hiding under that rock might also have spared you from reading about the various failures and outages which impact users, forcing them to make do without the online applications and data they have become so reliant upon. It’s surprising, but not unimaginable, that businesses rely so heavily on applications and services that didn’t even exist a few short years ago.

The potential benefits of a SaaS model are many, but the risks are equally significant and should not be minimized. This assessment should center on a review of the application software in use, considering whether or not it is meeting the needs of the business. Where and how the software runs is much less of an issue than the functionality and process support it provides – most “legacy” applications can be run in a cloud server environment, making remote access and managed service part of the service model.

There is risk in changing business applications – risk of data loss, changed or broken data relationships, lost productivity, and more. Many businesses would benefit by running their applications in a cloud model while continuing to utilize the software solutions their operation relies on.

Application hosting models where desktop applications are delivered on cloud servers is often overlooked when businesses go looking for cloud software because they are shopping for software and not the platform.

With Software as a Service (SaaS), the software and the platform are combined and together represent the solution. With application hosting on a cloud server, the software is the same software a business would traditionally run on PCs and servers, but the they are installed and managed on the cloud server rather than the local computers.

The big benefit is the agility of the platform and the user mobility it allows. The unspoken benefit is that you can still “take your ball and go home” if the service doesn’t work out.

Removing the barriers for adopting an online working model allows the business to experience the benefits attached to cloud computing without introducing unnecessary risk through unneeded changes in software and applications.

Make sense?

May 16, 2013August 7, 2017

Why Accountants and Bookkeepers Use the Cloud

When businesses do business, they generate a lot of information. In most cases, this information has a relationship to a financial transaction of some sort, like a bill from a vendor or an invoice or sales receipt for a customer. It can be difficult for a small business owner to find the best way to manage the information about customers and products and suppliers, and figuring out the best way to handle the bookkeeping and accounting is often a secondary issue. Sure, it’s important to know how much money is in the bank, but online banking helps with that. For a small business owner trying to keep their operation running, the biggest problems are the ones they face every day, like remembering which customer likes which products, or knowing which suppliers will deliver in a pinch. Bookkeeping just isn’t a huge focus other than during tax time because it doesn’t help them get business done.

It is this question of value in daily bookkeeping and accounting work that business owners and their accounting service providers alike struggle with. Certainly, most business owners recognize the necessity to get the books done, but it is generally for compliance purposes alone. Payroll taxes, sales and use taxes, personal property taxes, income taxes – these are the items that business owners think about when they think about accounting. If you see it through the eyes of the business owner, accounting = paying taxes. It’s a tough value proposition for the accountant, when you think about it. The business owner has to pay someone to figure out how much they have to pay someone else. Yeah, try to sell more of that, and good luck.

The cloud, on the other hand, is helping accounting and bookkeeping professionals change this perspective. It’s a relatively new working model for some even though the idea has been there for a long time. Better information helps business make better business decisions, and accounting professionals can help businesses implement the controls and processes which ensure that the information is complete and accurate; they can help make the information better and more meaningful.

Remotely accessed and hosted desktops and application models have been around for quite a while, too, but only recently has the market begun to realize the full potential of the hosted model. We have the investment in SaaS solutions to thank for this; they blazed the trail for online application adoption and created awareness of the possibilities around hosting and anytime/anywhere access. The SaaS and “true cloud” applications continue to gain in popularity and acceptance, yet the hosting model is providing businesses with the ability to retain use of their business applications and data yet benefit from the same managed service and remote access that other online solutions provide.

When you look at how public accountants and professional bookkeepers work with their clients, the concept of creating shared access to accounting applications and financial data makes a lot of sense. Time and distance are the real issues to be solved – the business owner and their accounting pros generally work from different locations, and likely need to access the information for different purposes at different times. If they aren’t in the same place and using the same tools, how efficient can the collaboration truly be? With the cloud, on the other hand, collaboration is fully enabled and allows each user to do what they need to regardless of the location and time.

As the accountant or bookkeeper is able to work more closely with their client (using the same tools and the same data in real time), information can be processed more regularly and with a higher degree of accuracy. Outsourced accounting and bookkeeping providers are then able to give their clients more timely and accurate financial information which supports making better business decisions all the time. Helping with the organization and processing of information as business happens, fewer gaps are found in the data and the improved controls protect against data loss or misclassification. The data becomes more useful in that it contains more details, is more accurate and complete.

For the accounting professional, the benefits are many. Not only is the professional in a better position to deliver tangible value to the client (much higher value than just a tax bill!), the value is delivered more frequently which increases the overall value perception of the service being provided. Note the word “value” is used a lot here; it is the basis for billing clients for the useful nature of services provided and not on the time it takes to provide them. Internally to the accounting or bookkeeping business, the increased efficiency introduced with real-time application and data access means that processing workflows and resources may be more streamlined and handled with a great level of efficiency, which drives improvement in profitability and the consistency of service delivery.

There are a lot of new and exciting products and services emerging: cloud application services, artificial intelligence and automation, and the Internet and Interfaces of Things.. and businesses are being encouraged to adopt these solutions for a variety of reasons. For accountants and bookkeepers working with small business clients, there is no doubt that the cloud, hosting and online collaboration are the keys to helping get more and better business done.

Joanie Mann Bunny Feet J

Read about Hosting All My Applications in the Cloud

or more about the Collaborative Online Model for Small Business Accounting Professionals