cloud service provider – Cooper Mann Consulting

Lease Accounting Rules, Small Business Financing and the Cloud

Cloud Service Financing There are changes in lease accounting rules that may have broader implications than expected. Lease accounting, or accounting in general, isn’t exactly an exciting topic and generally doesn’t come up in conversation. But the changes to how business equipment and other leases are accounted for and reported could become additional fuel for cloud adoption by businesses – small business looking for financing, in particular (= lots).

First, what does accounting for leases have to do with small business financing? Quite a bit, actually. The balance sheet is one of the things a lender will look at when considering a small business for a loan, and if lease obligations and leased assets are on the balance sheet, they’re going to want to talk about them. They’ll also possibly look at asset turnover – trying to understand exactly how much in assets it takes for the business to make “x” amount of money. Banks and other lenders like to know they’re loaning money to a business that is going to pay it back, and in a reasonable amount of time. They will limit their risk potential as much as possible, and they do it by looking through the financials and related information.

Business value is generating sustainable cash flow. If you run a highly efficient business, the more top-line growth you deliver, the more cash flow you enjoy. For capital-intensive businesses (either through the need for capital equipment or working capital), growth can actually lower your cash flow and diminish your business value. To understand which side of the equation your business resides, accounting professionals will often look at the return on total assets calculated over time, dividing the operating income for each period from the P&L by the appropriate period values of total assets from the balance sheet. The resulting metric describes how efficiently assets are applied to creating earnings.

https://coopermann.com/2013/01/22/why-is-asset-management-important-to-a-business/

This can be a difficult conversation with the banker for new businesses, as they have little to go on in terms of historic data to show the bank. The P&L (profit & loss, or Income Statement) only reflects current business performance, not what it can do in a few months or years. By putting leases on the balance sheet, businesses are now reflecting a more realistic view of things, but are also introducing additional items for scrutiny and question by the lender; things which are often described more in terms of business strategy than in proveable numbers. That makes getting the loan just that much tougher.

Previous rules relating to business leases didn’t necessarily require that the business recognize operating leases (leased items and lease obligations) as assets and liabilities on the balance sheet. This is among the reasons why businesses lease equipment – they are able to obtain the item without having to record a single large capital expenditure.

The FASB changes demand that accounting for leases should be standardized, forcing the lesees to report all leases on the balance sheet, reflecting both the benefit (asset) and the cost (liability) associated with the lease. Stated in a press release on the subject: “The new guidance responds to requests from investors and other financial statement users for a more faithful representation of an organization’s leasing activities,” stated FASB Chair Russell G. Golden. “It ends what the U.S. Securities and Exchange Commission and other stakeholders have identified as one of the largest forms of off-balance sheet accounting, while requiring more disclosures related to leasing transactions.”

“a capital lease creates a tangible right where you own the equipment; the liability in a capital lease is true debt…”

http://www3.cfo.com/article/2013/9/gaap-ifrs_lease-accounting-elfa-fasb-iasb-global-convergence

By understanding how these changes in accounting for leases impact businesses, cloud solutions providers now have an additional lever to use with prospective customers: leasing equipment isn’t necessarily the way to keep capex off the balance sheet any longer.

One of the big value propositions offered by many cloud solution providers is that their service is paid for as a monthly business expense rather than a large up-front capital expenditure and investment. Businesses are able to use the solution and benefit from it without actually “buying” anything, it’s just subscribed instead. All of this is really a fancy way of saying “renting but not owning”, but the result to financial reporting is the same: it’s not on the balance sheet, it’s on the P&L in chewy chunks. This used to be a preferred treatment for leases, too, allowing businesses to reflect the usage and payment in little parts rather than a big one. It was “gentler” on the balance sheet. But leasing equipment and software for on-premises use won’t be competing with the cloud and subscription service any longer, closing off the “impact to the balance sheet” conversation entirely and making cloud IT just that much more important to small businesses who need cash to fuel business growth.

Make Sense?

Can you outsource compliance to the cloud?

Outsourcing IT to a cloud service provider can be tremendously beneficial for a business. The model allows an organization to offload not just IT infrastructure costs, but also the costs associated with developing and maintaining all of the practices and processes involved in managing and maintaining the infrastructure and systems. There is tremendous responsibility in handling everything from platforms and infrastructure to creating best practices for maintenance, management of scalability and growth, forecasting bandwidth requirements, implementing and monitoring security compliance, creating effective and comprehensive disaster recovery plans, and more.

The question which begs to be asked is whether or not HIPAA, PCI/DSS or any other compliance requirements, and the complexities, risk and legalities that come along with them, can also be outsourced to the CSP. For that matter, can any real level of responsibility be fully outsourced, where the liability for non-performance or noncompliance is also fully shifted?

Ummm. No. It is still your problem.

What too many companies really don’t understand is that they aren’t eliminating risk by moving to the cloud, and the requirement to meet various compliance requirements really can’t be outsourced. Particularly in this area, businesses need to recognize that outsourcing certain functions doesn’t reduce or eliminate responsibility or liability. Just the converse, it could make things a bit more difficult if you don’t keep close tabs on how the provider implements and is involved with your solution. Even beyond that, what is the impact to the business operation when requirements are not met? Cost recovery from the provider may be one option, but how does that help the business remain operating in the meantime?

“Gramm-Leach-Bliley (GLB) Act Requires financial organizations to enter into contracts with third parties that they share their customer information with (including cloud vendors) to ensure that the third-party handles that information securely. Executives of those financial organizations can be held personally liable for failure to do so.

Sarbanes-Oxley Act (SOX) Defines specific security mandates and requirements for financial reporting to protect shareholders and the public from accounting errors and fraudulent practices. SOX dictates which records are to be stored and for how long and requires the data owner to know the location of the data in the cloud and to maintain control of it. Failure to comply can result in fines and/or imprisonment.”

source: CIO.com

This discussion Isn’t limited just to compliance with regulations (at least it shouldn’t be)

In this conversation we need to also address what a business should do in terms of protecting and preserving its information assets (data!) even beyond what the CSP offers. Keeping confidential and private information secure and protecting the data of the business (and clients or patients or other entities) is essential, even when the CSP fails in its obligations or abilities. This aspect of disaster recovery and continuity planning is not often considered by the CSP yet remains critical to the business customer. The sales pitch, however, never really delves into this area, because it represents an aspect of service coverage that the provider simply can’t provide.

Illustrating this particularly difficult aspect of outsourcing to the cloud is the hard lesson learned by customers of a QuickBooks hosting provider who experienced a severe outage due to a ransomware attack. The hosting service provider promised customers it backed up their data and it did, but the backup archives were also compromised. In order to restore service, customers were expected to have their own backups of the cloud-hosted data.

While there may have been items in the service agreement which address these issues, I can say – based on a great deal of experience in just this area – the service providers rarely make this point very clear to customers, and more frequently tell customers backing up their data is no longer something they need to really worry about. It’s like that really tiny type at the bottom of a contract that nobody notices until it is too late.

“..restoration proved more difficult in Texas. Lezama explained that for the Texas clients, the backups had been compromised as well, because their backup data had synchronized with corrupt files. But Cloudnine clients are obligated backup their own data as well, as a sort of third-level security measure..”

source: AccountingToday

With compliance in the cloud, it’s their system, but your responsibility.

Outsourcing IT to a cloud service provider in no way eliminates or reduces the obligations of the business to manage certain aspects of information systems and data. What outsourcing can do is deliver a greater operational capacity and agility more affordably.

The responsibilities to establish information and systems management practices and processes remain firmly with the business, and actually represent a strategic component of the business that is unwise to outsource anyway. Resilience in a business and its ability to conform to regulatory and other requirements are the foundations of sustainability. Remember that cloud providers and services can be leveraged to improve certain cost and system performance metrics, but it remains solely with the business customer to find ways to reduce risk and create a greater assurance of continued operational capability.

Make Sense?