June 28, 2017 | BY admin
Many business owners buy accounting software and, even if the installation goes well, eventually grow frustrated when they don’t get the return on investment they’d expected. There’s a simple reason for this: Stuff changes.
Technological improvements are occurring at a breakneck speed. So yesterday’s cutting-edge system can quickly become today’s sluggishly performing albatross. And this isn’t the only reason to regularly upgrade your accounting software. Here are two more to consider.
1. Cleaning up
You’ve probably heard that old tech adage, “garbage in, garbage out.” The “garbage” referred to is bad data. If inaccurate or garbled information goes into your system, the reports coming out of it will be flawed. And this is a particular danger as software ages.
For example, you may be working off of inaccurate inventory counts or struggling with duplicate vendor entries. On a more serious level, your database may store information that reflects improperly closed quarters or unbalanced accounts because of data entry errors.
A regular implementation of upgraded software should uncover some or, one hopes, all of such problems. You can then clean up the bad data and adjust entries to tighten the accuracy of your accounting records and, thereby, improve your financial reporting.
2. Getting better
Neglecting to regularly upgrade or even replace your accounting software can also put you at risk of missing a major business-improvement opportunity. When implementing a new system, you’ll have the chance to enhance your accounting procedures. You may be able to, for instance, add new code groups that allow you to manage expenses much more efficiently and closely.
Other opportunities for improvement include optimizing your chart of accounts and strengthening your internal controls. Again, to obtain these benefits, you’ll need to take a slow, patient approach to the software implementation and do it often enough to prevent outdated ways of doing things from getting the better of your company.
Choosing the best
These days, every business bigger than a lemonade stand needs the best accounting software it can afford to buy. We can help you set a budget and choose the product that best fits your current needs.
June 26, 2017 | BY admin
New York’s Paid Family Leave Benefits law (PFL), is set to take effect on January 1, 2018 and impacts all employers with employees working in New York.
What does the law provide?
The law provides eligible employees up to 12 weeks of paid, job protected leave starting on January 1, 2018 to (1) care for a family member with a serious health condition, (2) bond with a child during the first twelve months after the child’s birth, adoption, or placement in foster care, or (3) attend to a “qualifying exigency.”
How is the leave funded?
The PFL will be funded through deductions taken from the pay of full-time and part-time employees. On June 1, 2017, the Department of Financial Services announced the weekly contribution rate and the maximum employee contribution. The premium rate for Family Leave Benefits and the maximum employee contribution for coverage beginning January 1, 2018 is set at 0.126% of an employee’s weekly wage up to and not to exceed the statewide average weekly wage. New York State’s current average weekly wage is $1,305.92.
Starting July 1, 2017, employers may, but are not required to, begin deducting the contribution amount from employee wages to pay for the 2018 coverage period. This amount can be used to offset the cost of acquiring the mandated insurance policies. Employers who choose not to begin taking deductions on July 1, 2017, cannot retroactively make deductions in excess of the maximum weekly contribution to cover the cost of providing the required leave benefit.
No action is required by you at this time. The New York Workers’ Compensation Board has not yet issued the final regulations implementing the PFL law. We continue to assess the impact of the law on the services we provide in order to determine how best to serve you and will keep you informed.
As always please, reach out if you have any questions.
June 19, 2017 | BY admin
Some business owners make major decisions by relying on gut instinct. But investments made on a “hunch” often fall short of management’s expectations.
In the broadest sense, you’re really trying to answer a simple question: If my company buys a given asset, will the asset’s benefits be greater than its cost? The good news is that there are ways — using financial metrics — to obtain an answer.
Perhaps the most common and basic way to evaluate investment decisions is with a calculation called “accounting payback.” For example, a piece of equipment that costs $100,000 and generates an additional gross margin of $25,000 per year has an accounting payback period of four years ($100,000 divided by $25,000).
But this oversimplified metric ignores a key ingredient in the decision-making process: the time value of money. And accounting payback can be harder to calculate when cash flows vary over time.
Discounted cash flow metrics solve these shortcomings. These are often applied by business appraisers. But they can help you evaluate investment decisions as well. Examples include:
Net present value (NPV). This measures how much value a capital investment adds to the business. To estimate NPV, a financial expert forecasts how much cash inflow and outflow an asset will generate over time. Then he or she discounts each period’s expected net cash flows to its current market value, using the company’s cost of capital or a rate commensurate with the asset’s risk. In general, assets that generate an NPV greater than zero are worth pursuing.
Internal rate of return (IRR). Here an expert estimates a single rate of return that summarizes the investment opportunity. Most companies have a predetermined “hurdle rate” that an investment must exceed to justify pursuing it. Often the hurdle rate equals the company’s overall cost of capital — but not always.
A mathematical approach
Like most companies, yours probably has limited funds and can’t pursue every investment opportunity that comes along. Using metrics improves the chances that you’ll not only make the right decisions, but that other stakeholders will buy into the move. Please contact our firm for help crunching the numbers and managing the decision-making process.
May 23, 2017 | BY admin
Just days after President Trump signed a much-anticipated executive order on cybersecurity, a massive cyberattack—potentially the largest the world has ever seen, with more than 75,000 ransomware attacks in 153 countries—stole headlines.
The “WannaCry” ransomware program hit organizations around the world on Friday, May 12, encrypting computer files and demanding roughly the equivalent of $300 in Bitcoin (increasing over time) to restore user access.
Russia, Ukraine, India and Taiwan were reportedly the most affected countries, but organizations across Europe, Asia and North America—with an estimated 3,300 infections in the U.S. alone—were also attacked. Notable targets included, among others, the Russian Interior Ministry, logistics carrier FedEx, automakers Renault and Nissan, a number of Chinese universities and secondary schools, as well as Britain’s National Health System (NHS). Forty-seven of the 248 NHS trusts were attacked by the ransomware program, and as of May 15, seven trusts had yet to regain control of their computer systems.
The rapid spread of WannaCry is slowing, for two primary reasons: 1) Microsoft took the rare step of issuing patches for outdated versions of Windows operating systems it no longer supports, going back as far as 14 years; and 2) the accidental discovery of a “kill switch” by a security researcher in Britain, which spared much of the U.S. However, neither “fix” helps systems that are already infected, and hackers could easily create a new strain of WannaCry that bypasses or negates the kill switch.
In response to the threat, the FBI issued a FLASH (FBI Liaison Alert System) report with confirmed threat indicators and recommended steps for prevention, remediation, and defending against ransomware generally.
What is ransomware?
Ransomware is a type of malware that targets critical data and information systems for purposes of extortion, preventing users from accessing their data files until a ransom is paid. The software frequently infects computers through spear-phishing—a targeted attack via a malicious link or email attachment. Ransom demands are most often made in the difficult-to-trace virtual currency Bitcoin.
What’s different about WannaCry?
In April, an elusive cyber group called the “Shadow Brokers” leaked a cache of powerful NSA hacking tools, including highly sophisticated (and expensive) software exploits. WannaCry is purportedly based on one or more of these exploits, taking advantage of a zero-day vulnerability in Microsoft Windows that enables it to spread itself laterally. Microsoft issued a security update to address this bug in March, but users that didn’t make the update remain vulnerable.
WannaCry is the first cyber program to make use of the leaked NSA tools—but likely not the last.
Why were healthcare organizations the hardest hit?
The healthcare sector remains uniquely at risk to cyber incidents due to a variety of factors, including a lack of resources devoted to cybersecurity, the complexity of networks, and the vast array of internet-connected devices. Because many hospitals still maintain and rely on end-of-life technologies, and may prioritize immediate access to data over data security, cybercriminals have found their systems relatively easy to penetrate.
The healthcare sector is also one of the most targeted sectors by cybercriminals and nation states because it is the only sector which combines highly valuable and sought-after bulk data sets of personal health information, personally identifiable information, payment information, medical research and intellectual property.
Hospitals also don’t have the luxury of time: A ransomware infection that blocks access to critical medical data endangers patients’ health. Ahead of a scenario where patients’ lives are at risk, organizations should ensure they have preventive measures in place.
Is your organization safe?
The FBI recommends the following preventative measures:
- Apply the Microsoft patch for the MS17-010 SMB vulnerability dated March 14, 2017. (Organizations using unsupported Windows operating systems including Windows XP, Windows 8 and Windows Server 2003 should follow customer guidance from Microsoft.)
- Enable strong spam filters to prevent phishing e-mails from reaching end users and authenticate in-bound e-mail using technologies like Sender Policy Framework, Domain Message Authentication Reporting and Conformance, and DomainKeys Identified Mail.
- Scan all incoming and outgoing e-mails to detect threats and filter executable files from reaching the end users.
- Ensure anti-virus and anti-malware solutions are set to automatically conduct regular scans.
- Manage the use of privileged accounts, assigning administrative access only when absolutely needed.
- Configure access controls including file, directory, and network share permissions with least privilege in mind.
- Disable macro scripts from Microsoft Office files transmitted via e-mail. Consider using Office Viewer software to open Microsoft Office files transmitted via e-mail instead of full Office suite applications. Develop, institute and practice employee education programs for identifying scams, malicious links and attempted social engineering.
- Have regular penetration tests run against the network, no less than once a year, and ideally, as often as possible/practical.
- Test your backups to ensure they work correctly upon use.
We offer these additional recommendations:
- Don’t forget the human element. The WannaCry attack was entirely preventable. It succeeded at infecting computers because users failed to install a months-old patch—in other words, because of human negligence and a lack of awareness. Change user behavior by introducing a training program based on employees’ organizational roles, implementing cyber hygiene best practices (i.e., not opening suspicious emails or attachments) and regularly testing the program’s effectiveness.
- Implement a risk-based, threat-driven patch management program. Patch management should be a dynamic, risk-based process rather than a check-the-box compliance approach. Organizations must be able to identify system vulnerabilities and relevant patches in a timely manner, understand the degree of risk the vulnerability presents, and work with asset owners to deploy the update.
- Monitor, monitor, monitor. To be cyber resilient, organizations need to have threat monitoring and analytics tools to detect an attack, as well as the investigative and digital forensics capabilities to understand what went wrong and the scope of the damage. The sooner a cyberattack is detected, the sooner incident response and mitigation strategies can be put into effect. When it comes to ransomware, early detection can make all the difference in salvaging critical data and information systems.
What should you do when preventative measures fall short?
- Isolate the issue. Buy more time to respond to the attack by removing infected systems from the network and cutting off access to the parts of the network that are not corrupted. Change the passwords to those isolated segments, if possible.
- Secure backup data or systems by taking them offline. Make sure your backups are clean.
- Contact your local FBI field office’s Cyber Task Force immediately. The FBI is there to help; its role is not to find fault or lay regulatory blame on a victim organization, but rather to conduct the investigation in cooperation with the victim organization and determine who perpetrated the attack.
- Implement your incident response plan. Ensure all stakeholders have been notified and understand their respective responsibilities.
- Change all passwords. Once your networks are back up and running, change all online account and network passwords.
April 19, 2017 | BY Zacharia Waxler, Co-Managing Partner
Part I of II – The Importance of Employee Engagement
A CEO was asked how many people work in his company: “About half of them,” he responded.” It may be a joke, but in reality it can be a serious problem that a significant number of people had mentally “checked out.”
Quite clearly, CEOs and managers should be very concerned about a waste of time, effort and resources in their organizations. The reason is simple: If people are not engaged, how can these same leaders attain those business objectives that are critical to improving organizational performance?
What do we mean by employee engagement? How much does a lack of employee engagement cost an organization? What steps can leaders take to make employees want to give it their best? These and other questions are the focus of this article.
Do you, as a business owner or CEO, wake up in the morning excited to get out of bed and go to work? Are you excited to implement some new great ideas? Are you excited to meet your team and continue the project you’ve been working on the day before?
The real question is:
Are your employees just as excited as you are? Are they engaged in what they do?
What is employee engagement?
Employee engagement is about understanding one’s role in an organization, and being sighted and energized on where it fits in the organization’s purpose and objectives. Employee engagement is about having a clear understanding of how an organization is fulfilling its purpose and objectives, how it is changing to fulfil those better, and being given a voice in its journey to offer ideas and express views that are taken account of as decisions are made. Employee engagement is about being included fully as a member of the team, focused on clear goals, trusted and empowered, receiving regular and constructive feedback, supported in developing new skills, thanked and recognized for achievement. Employee engagement is about positive attitudes and behaviors leading to improved business outcomes, in a way that they trigger and reinforce one another. Employee engagement is about your employees feeling pride and loyalty working for our organization, being a great advocate of the organization to our clients, users and customers, going the extra mile to finish a piece of work. Employee engagement is about drawing on our employees’ knowledge and ideas to improve our products and services, and be innovative about how we work. Employee engagement is about drawing out a deeper commitment from our employees so fewer leave, sick absence reduces, accident rates decline, conflicts and grievances go down, productivity increases. And finally, Employee engagement is about organization actions that are consistent with the organization’s values. It is about kept promises, or an explanation as to why they cannot be kept.
In order to have an engaged employee we must have an engaged organization. Engaged organizations have strong and authentic values, with clear evidence of trust and fairness based on mutual respect, where two-way promises and commitments – between employers and employees – are understood and fulfilled.
Here are some facts that the Gallup Management Journal has published in a semi annual employment engagement index.
• Only 29% of employees are actively engaged in their jobs. These employees work with passion and feel a profound connection to their company. People that are actively engaged help move the organization forward.
• 54% of employees are not engaged. These employees have essentially “checked out,” sleepwalking through their workday and putting time – but not passion – into their work. These people embody what Jack Welch said several years ago. To paraphrase him: “Never mistake activity for accomplishment.”
• 17% of employees are actively disengaged. These employees are busy acting out their unhappiness, undermining what their engaged co-workers are trying to accomplish. Needless to say how detrimental this behavior is to the morale of the entire workforce.
Should business owners be concerned about these findings? It seems obvious that engaged employees are more productive than their disengaged counterparts. For example, a recent meta-analysis published in the Journal of Applied Psychology concluded that, “… employee satisfaction and engagement are related to meaningful business outcomes at a magnitude that is important to many organizations.”
A compelling question is this: How much more productive is an engaged workforce compared to a non-engaged workforce?
Several case studies shine some light on the practical significance of an engaged workforce. For example, New Century Financial Corporation, a U.S. specialty mortgage banking company, found that account executives in the wholesale division who were actively disengaged produced 28% less revenue than their colleagues who were engaged. Furthermore, those not engaged generated 23% less revenue than their engaged counterparts. Engaged employees also outperformed the not engaged and actively disengaged employees in other divisions. New Century Financial Corporation statistics also showed that employee engagement does not merely correlate with bottom line results – it drives results.
But what should leaders do, or consider doing, to increase the level of engagement among employees? I will let you think about it and we will discuss it in a future article.