Tag Archives: Tatum LLC

About 1848 days ago Employee Policies

Setting Boundaries for Employee Internet Use

our beautiful site

Founding father Benjamin Franklin once said that time is money, and all too often, small and mid-sized businesses are learning the hard way how employees really spend their time during work hours. IDC research estimates that 30 to 40 percent of employees’ Internet activity is not business-related, which translates into millions of dollars in lost productivity every year. But this does not include the dollars businesses spend on legal counsel for harassment claims and copyright infringement violations that derive from inappropriate employee Internet use. At first glance, it may appear that prohibiting employees from accessing the Internet while at work is the best solution. However, a total ban is both impractical and bad for business because Internet access is a critical component for key business functions like payroll management and online banking. History also tells us that prohibition can often lead people to engage in the “banned” behavior more often and in secrecy. Rather than simply eliminate Internet use, the key for any business is to create a balance that not only increases employee productivity, but also protects businesses from outside threats. This type of balance often comes in the form of an acceptable use policy (AUP) in combination with Internet monitoring and filtering software. The AUP is the first step in the process, outlining rules on how employees can use the Internet while at work and the consequences for breaking these rules. Internet monitoring and filtering software tracks network traffic and reports or blocks any violations, increasing both network security and employee productivity. For the purposes of this discussion, we will focus specifically on the AUP and how to craft a policy that is both reasonable and effective.   However, before you grab your pen (I suggest pencil) to create an AUP, you should be aware of the key elements. The process of writing an AUP should be approached with the same amount of research, precision, and attention to detail as any other business plan developed by the company. Remember, the objective of any such policy is to be as granular as possible, eliminating the possibility of any ambiguity that can set the stage for confusion in the event that a problem does arise. What to consider when creating an AUP To surf or not to surf One of the most tangible benefits of an AUP is minimizing excessive Internet use not related to business activities. It’s estimated that nearly a third of workers surf the Internet with no specific objective. Through an AUP, employers can specify how much time, and for what purposes employees should spend on the Internet. In the age of blogs, webcasts, and Wikipedia, workers are not entirely to blame for the increasing reliance on the Internet, but making an effective and positive use of business resources probably does not include sending instant messages to friends, downloading music, or streaming the latest episode of American Idol. Recreational activities like these can significantly impact network performance and impede actual business-related activities. Hidden dangers The Web is a great tool for attracting new clients, conducting research and other knowledge building tasks, but it also poses a serious threat to a company’s networking equipment and software. Many companies can testify to the damage that a simple click of a mouse can do, including transmitting viruses and putting sensitive company information into the wrong hands. An efficient AUP will answer questions that employees have regarding potential Web threats.  Employers can avoid costly security threats by promoting awareness and responsible Internet use. Rules of engagement Employees no longer have to engage in insider trading or a lavish financial scheme to tarnish their employer’s good name. A simple blog post or a visit to an X-rated site can lead to lawsuits, harassment charges, and even criminal prosecution. An AUP should discourage and define any and all actions that pose potential liability for the company. All too often, companies are forced to dismiss employees or withstand adverse publicity in the face of serious employee missteps when policies are not clearly stated and enforced.  Violators will be prosecuted Arguably the most important elements of any AUP are not only its clarification of company policy regarding employee Internet use, but also the consequences of any violation and an explanation of how the company will detect such a violation. Employees should be aware of expected privacy on email and advised if Internet use is monitored in advance. This level of clarity will aid in the overall effectiveness of any AUP. Ready. Set. Write. While creating an AUP may seem like a daunting task (given the steady flow of technological innovations), it does not have to be. Make it a team event and engage employees from various departments in the company. First and foremost, an AUP should be clear and concise. Reading actual AUP documents of other organizations can offer guidance in determining what you should (and should not) incorporate. Also, remember to keep it simple. Avoid using overly technical terms or vague generalities. Ultimately, an AUP should be presented so as to instruct, not intimidate, users. Lisa Metcalfe is a Regional Practice Leader in the Technology Leadership Practice of Tatum LLC. Tatum is the nation’s largest executive services firm, providing financial and technology leadership nationwide.

About 1848 days ago Employee Policies

Setting Boundaries for Employee Internet Use

our beautiful site

Founding father Benjamin Franklin once said that time is money, and all too often, small and mid-sized businesses are learning the hard way how employees really spend their time during work hours. IDC research estimates that 30 to 40 percent of employees’ Internet activity is not business-related, which translates into millions of dollars in lost productivity every year. But this does not include the dollars businesses spend on legal counsel for harassment claims and copyright infringement violations that derive from inappropriate employee Internet use. At first glance, it may appear that prohibiting employees from accessing the Internet while at work is the best solution. However, a total ban is both impractical and bad for business because Internet access is a critical component for key business functions like payroll management and online banking. History also tells us that prohibition can often lead people to engage in the “banned” behavior more often and in secrecy. Rather than simply eliminate Internet use, the key for any business is to create a balance that not only increases employee productivity, but also protects businesses from outside threats. This type of balance often comes in the form of an acceptable use policy (AUP) in combination with Internet monitoring and filtering software. The AUP is the first step in the process, outlining rules on how employees can use the Internet while at work and the consequences for breaking these rules. Internet monitoring and filtering software tracks network traffic and reports or blocks any violations, increasing both network security and employee productivity. For the purposes of this discussion, we will focus specifically on the AUP and how to craft a policy that is both reasonable and effective.   However, before you grab your pen (I suggest pencil) to create an AUP, you should be aware of the key elements. The process of writing an AUP should be approached with the same amount of research, precision, and attention to detail as any other business plan developed by the company. Remember, the objective of any such policy is to be as granular as possible, eliminating the possibility of any ambiguity that can set the stage for confusion in the event that a problem does arise. What to consider when creating an AUP To surf or not to surf One of the most tangible benefits of an AUP is minimizing excessive Internet use not related to business activities. It’s estimated that nearly a third of workers surf the Internet with no specific objective. Through an AUP, employers can specify how much time, and for what purposes employees should spend on the Internet. In the age of blogs, webcasts, and Wikipedia, workers are not entirely to blame for the increasing reliance on the Internet, but making an effective and positive use of business resources probably does not include sending instant messages to friends, downloading music, or streaming the latest episode of American Idol. Recreational activities like these can significantly impact network performance and impede actual business-related activities. Hidden dangers The Web is a great tool for attracting new clients, conducting research and other knowledge building tasks, but it also poses a serious threat to a company’s networking equipment and software. Many companies can testify to the damage that a simple click of a mouse can do, including transmitting viruses and putting sensitive company information into the wrong hands. An efficient AUP will answer questions that employees have regarding potential Web threats.  Employers can avoid costly security threats by promoting awareness and responsible Internet use. Rules of engagement Employees no longer have to engage in insider trading or a lavish financial scheme to tarnish their employer’s good name. A simple blog post or a visit to an X-rated site can lead to lawsuits, harassment charges, and even criminal prosecution. An AUP should discourage and define any and all actions that pose potential liability for the company. All too often, companies are forced to dismiss employees or withstand adverse publicity in the face of serious employee missteps when policies are not clearly stated and enforced.  Violators will be prosecuted Arguably the most important elements of any AUP are not only its clarification of company policy regarding employee Internet use, but also the consequences of any violation and an explanation of how the company will detect such a violation. Employees should be aware of expected privacy on email and advised if Internet use is monitored in advance. This level of clarity will aid in the overall effectiveness of any AUP. Ready. Set. Write. While creating an AUP may seem like a daunting task (given the steady flow of technological innovations), it does not have to be. Make it a team event and engage employees from various departments in the company. First and foremost, an AUP should be clear and concise. Reading actual AUP documents of other organizations can offer guidance in determining what you should (and should not) incorporate. Also, remember to keep it simple. Avoid using overly technical terms or vague generalities. Ultimately, an AUP should be presented so as to instruct, not intimidate, users. Lisa Metcalfe is a Regional Practice Leader in the Technology Leadership Practice of Tatum LLC. Tatum is the nation’s largest executive services firm, providing financial and technology leadership nationwide.

About 1878 days ago Business Accounting Software

Taking Accountability: Selecting the Right Finance Software

our beautiful site

William Watcherley, the English dramatist, once said that “necessity [is the] mother of invention.”  How correct he was. When early humankind needed a way to transport ourselves relatively quickly, the wheel was invented. And when we needed to stop walking from the couch to the television to change the channel, the remote control was invented. From daily household tasks to business responsibilities, our needs have become more advanced, requiring new inventions to help fill those needs. But with so many options, selecting the right technology can be overwhelming, often leading decision-makers to implement costly solutions that don’t necessarily meet the primary needs of the company. Selecting the wrong technology can be harmful to your business, especially when it comes to how your money is accounted for and distributed. Many businesses face challenges in selecting appropriate accounting and finance software. It is essential to find a software solution that can not only support business-critical tasks such as payroll, expense tracking, financial reporting, and invoicing, but also grow with the company so that expensive upgrades can be avoided. As solutions continue to advance and more vendors emerge on the market, the question becomes, “How do I select the right solution for my business?” Kicking the tires You shouldn’t buy a home without researching the neighborhood, or a car without looking at reliability and safety reports. So when selecting an accounting software package, take the time to research the solutions on the market and identify what fits your company’s needs. As you conduct your examination of accounting software, here are some common-sense (but often forgotten) questions to ask yourself as you search for the right solution: What do I really need in an accounting solution? It’s easy to get caught up in the “bells and whistles” that many accounting solutions offer. Before selecting the most complex software, take the time to assess your company’s accounting needs. Do you need to be able to track inventory? Do you have special reporting needs or requirements?  If all you need are basic accounting features, purchasing a complex (and often, expensive) accounting solution will probably end up doing your organization more harm than good. Should I run the software in-house or consider a hosted solution? For organizations with limited internal technology support, a hosted solution can reduce the complexity of implementation by providing the required infrastructure to run the software.  Too often the costs of new hardware, disaster recovery and internal hardware support are lost in the cost equation of the new software. If I decide to implement an accounting solution to run in-house, how do I evaluate the systems implementer?  The good news is that in today’s environment there are many high quality software solutions for you business.  The key difference in a successful implementation is often the direct result of the quality and experience of the company hired to manage the implementation.  That may be a value added reseller (VAR) that sells the software and implementation services or it may be a systems integrator.  The decision of who implements your software requires at least as much diligence as selecting the accounting solution itself. Will my new software be compatible with what I already have in place? For a majority of businesses the answer to that question needs to be “yes.” Purchasing software and hardware can be expensive, and if your solutions don’t mix well, the result can be disastrous. Examine how difficult it will be to convert historical data from your old system. Evaluate what other system interfaces may be required. What kind of support does the vendor provide? In a perfect world, all technology would work correctly all the time. Unfortunately, that is not the case. As you evaluate your accounting software options, closely view the support that each vendor provides. Do you need to be able to reach a help desk 24/7? Can you access user forums to gain insight from real-world customers? What kind of documentation is available?  Are there online resources to access?  Are upgrades included and if so, how often? What is involved with implementing an upgrade? What are the annual maintenance costs?   Being prepared with the right kind of support for a potential technology problem can make the difference between a minor blip on the screen and a major company problem. From cost to compatibility, selecting the right accounting software may seem like an overwhelming process. But it doesn’t have to be. Taking the time during the selection process to evaluate your business requirements and asking good questions during the evaluation process can help you select the best fit for your company’s accounting needs. Lisa Metcalfe is a Regional Practice Leader in the Technology Leadership Practice of Tatum LLC. Tatum is the nation’s largest executive services firm, providing financial and technology leadership nationwide.

About 1938 days ago Internet and Online Business

The Ins of Outsourcing

our beautiful site

As the dollar continues to decline and markets remain volatile, businesses throughout the U.S. are looking at ways in which they can save on expenditure and bring in more profits. For some businesses this may involve hiring less staff, restructuring the company or seeking capital, but for many, outsourcing can helps accomplish these goals. Making the move to outsourcing for the first time can be downright scary. While the number of companies using outsourcing solutions is increasing, many avoid outsourcing because of a lack of understanding of how or when a smaller organization can benefit from this move. Gartner estimates that roughly 90 percent of all new businesses created in the United States are in the small-to-mid-sized sector. As these companies grow and gain momentum, they will realize that they can a) not do it all on their own and, b) achieve the same benefits as larger companies through outsourcing. When you hear the term outsourcing you may instantly think of a customer service call that is routed to a far-off destination. Think again! Companies of all sizes outsource pieces of the business process, including lead generation, marketing, public relations, information technology (IT), human resources (HR), customer service and finance. Outsourcing involves utilizing third parties for any business process. Offshoring, which is the movement of a business function to another country, is just one type of outsourcing that is often practiced by very large businesses seeking lower cost solutions for large scale operations. Ask not what your outsourcer can do for you… One of the most common forms of outsourcing, especially for small-to-medium businesses is business process outsourcing (BPO), or the contracting of a specific task to a third-party service provider. This is often used for business functions like accounts payable and technical support that are necessary for company operations, but aren’t the company’s core competency or critical to positioning in the marketplace. While the subject of outsourcing is often debated, it can help companies accomplish not only their critical goals, but keep non-critical tasks off their plate so employees can focus on business drivers. Ultimately, outsourcing is a way for businesses to fill needs externally that cannot, for one reason or another, be filled internally. Benefits of outsourcing include: Cost savings: Outsourcing is commonly used within IT departments to reduce costs. Purchasing, maintaining and upgrading technology hardware and software is costly to manage and timely to maintain. “Hosted” technology – software or hardware that is located and maintained at the vendor’s data center for a monthly fee – is a way to have top quality technology solutions, at a lower overall cost to the company. Hosted solutions enable businesses to save money by avoiding an up-front cash investment in the technology and labor time spent by the IT manager through installing and maintaining the technology. Thought leadership: Outsourcing provides companies with access to knowledge and experience beyond their own walls. Unfortunately we can’t be experts in everything, so when looking to enhance your business, specialized suppliers can provide information that helps you achieve business goals, especially if you are facing a daunting project for which you have no internal expertise. For example, if you are planning to undertake a major system implementation and no one on your team has experience in a project of that magnitude, it may save you time, money and frustration to bring in a project manager who already knows the potential pitfalls. Think about the parallel of legal issues. No one expects the in-house legal counsel to handle litigation or patent applications personally; he or she brings in a specialist who will do a better job. The same logic applies to strategic technology projects: bringing in people with highly specialized experience increases the odds of success. Increased capacity: Customer service and the IT helpdesk is one of the most commonly outsourced business functions. The ability to service customers 24/7 is critical to the success of any business. Access to additional resources improves a company’s capacity to service clients and customers. Improved competitiveness: Larger corporations typically have access to financial and human resources that smaller businesses do not. Through outsourcing, smaller businesses can access resources and expertise that were at one time only available for larger businesses, and thus better compete in the marketplace. The business world is incredibly competitive and lacking the right technology and resources can hurt a business. In addition to being able to stay abreast of the latest technologies and business trends, small to medium-sized businesses  will have more time to focus on specific initiatives that will enable company growth and prosp Like with anything in life, there are advantages and disadvantages. Outsourcing provides numerous advantages to businesses that may not have the time or resources to do every business function efficiently in-house. Whatever the benefit, make sure that you carefully examine your company needs and be open to ways in which to fill them. Ajay Sirsi, marketing professor at the Schulich School of Business at Toronto’s York University said, “Perhaps the biggest benefit outsourcing provides small and medium-sized companies is giving them the gift of time.” Isn’t that the best gift of all? erity. Lisa Metcalfe is a Regional Practice Leader in the Technology Leadership Practice of Tatum LLC. Tatum is the nation’s largest executive services firm, providing financial and technology leadership nationwide.

About 2000 days ago Computer Security

Disaster Recovery: Is Your Company a Phoenix?

Novelist Chuck Palahniuk said “only after disaster can we be resurrected.” For some that might ring true as the opportunity to rebuild and revitalize often creates strength — strength within you, your business, and community.  Like a Phoenix rising from the ashes, your company is reborn and ready to soar.   However, for the one in four companies that do not have a business continuity plan to respond to disasters, according to an 2004 AT&T study, resurrection after disaster is not a possibility. We live in a virtual world. Companies store and share data electronically while their mobile employees rely on electronic information to complete assignments. Accounting departments file and pay bills and compensation forms via websites, and Human Resources personnel have discarded paper files in exchange for online storage. Although technology has simplified the way we conduct business, if a company experiences a disaster without any preparation, the end result can be devastating. Businesses rely on continuous access to data and a loss of it during any disaster may have serious consequences. Depending on the particular situation, every hour of computer downtime can cost a business thousands, sometimes millions, of dollars. Very often, small-to-medium businesses are not adequately prepared for disaster recovery. The costs associated with data storage and other technologies are noted as the number one reason for failure. According to research conducted by the University of Texas, only six percent of companies suffering from a catastrophic data loss survive, while 43 percent never reopen and 51 percent close within two years. While disaster recovery and business continuity are cited as a top priority and business initiative, many technologists find that obtaining funding for disaster recovery is easier said than done. Although the company CFO or Controller looks at disaster recovery as important, it is difficult to identify how much the company really needs to spend to be sufficiently insured against a disaster. Gartner estimates that only 35 percent of small to mid-sized businesses have a comprehensive disaster recovery plan in place. Nobody can predict when a disaster will strike but from studies like the one by the University of Texas we can predict that a business that hasn’t taken precautions will likely go under.  This is tragic because business leaders can often make the necessary preparations at costs well below what they may think. Expect the unexpected When it comes to disaster preparation, many tend to think, “It will never happen to me.” After all, your company may not be in a hurricane or tornado zone, and your employees are loyal and educated on the do’s and don’ts of Internet usage. But data loss can result from any number of factors, including: human error; power outages; smoke or fire damage; water damage or floods; hardware failures or software bugs; human-threats such as hacking or viruses and even disgruntled employees. So how, you ask, could we possibly prepare for the unknown? There are some initial steps that you can take to create a comprehensive plan ensuring that you are on the right track should disaster strike: Examine risk: Thoroughly examine your company’s systems and determine what risks can affect overall uptime. When looking at a disaster recovery budget, many CFOs ask that IT managers thoroughly review the technology that is critical to the daily operations of the business. List the age of the assets and the likelihood of a breakdown. Review all of the software licenses and when upgrades are due. Many smaller businesses do not have the budget to consistently purchase new software or hardware, so make sure that routine maintenance is conducted and continually reexamine server capacity.  Often the most “basic” of systems failures (server outage or e-mail can cause the most damage). Determine which of potential threats are most likely to occur and prioritize them by looking at the probability and potential impact.   Develop a written plan that makes disaster protection part of the routine: After assessing all potential risks, develop a plan that will ensure business operations can fully recover from a physical, computing, or natural disaster. Your plan should reflect your specific business needs. What resources will be required over the course of time and where is critical data stored?  Files can be backed-up in a number of ways — online, microfilm and disks — and backup files should be stored completely offsite.  Companies should not store critical backup files at someone’s home.  This is not a secure location and it’s important to contract with an offsite storage company. After all, if your building is destroyed by fire having backups in your office won’t help. This seems obvious but preparing for a disaster is never a daily top priority, so having a systematic backup process that is integrated into daily routines is the only way to be sure you are covered. Depending on your company’s needs and budget, there are a variety of vendors who can help. Make sure that a list of all relevant numbers, passwords, and codes is issued to key people so that you can access the data in the event your disaster recovery plan is activated. Finally, keep in mind that communication in advance of an emergency is critical. Once you have decided on a plan and processes, review the plan with employees. Preparation ahead of time will help ensure that recovery processes run smoothly. Test the plan: Business continuation is a key focus of planning. Make sure that plans are in place and have been thoroughly tested. Bring in an outside expert who can vet the plan and revise it accordingly. It is important to keep all key personnel involved in the testing process, so they are aware of the necessary action required should disaster strike. Testing will help to determine the practicability of the recovery process and identify any inadequacies in current procedures. Most importantly, testing the plan will demonstrate whether the business will be able to recover. CEOs, investors and other stakeholders want to know that plans are real and not just words on paper. Conducting a thorough test will help you to demonstrate effectiveness and obtain necessary budget approval. According to the NFIB National Small Business Poll, man-made disasters affect 10 percent of small businesses, whereas natural disasters have impacted more than 30 percent of all small businesses in the U.S. Hurricanes are the most destructive natural disasters, causing power failure, flooding, customer loss, and the closure of many businesses. Although preparing for the unknown may seem like a difficult task, not preparing can have serious consequences to your business. Taking the first steps toward setting up a disaster recovery plan helps ensure that your company can, in fact, be resurrected after disaster — the Phoenix, restored to life and ready to fly.   Lisa Metcalfe is a Technology Regional Practice Leader for Tatum LLC. Tatum is the largest executive services firm in the United States, providing strategic and operating leadership in finance and technology nationwide.

About 2214 days ago Computer Security

Small Businesses and Security: What, Me Worry?

For a small business, making sure your IT is cost effective but also safe and secure can be a daunting task. It may be tempting to ignore data security, assuming malicious attacks on data are only directed at larger organizations. Unfortunately, you do have to worry about security — whether you’re a one-person shop, have 10 employees, or more than 100. Just because your business doesn’t have millions of credit card or social security numbers to mine doesn’t mean you aren’t a target. Hackers will often target small businesses as “practice” for bigger hits, and the evils of phishing and viruses and worms can affect anyone — no matter who you are. Leaving your business unprotected means running the risk of suffering a total data loss, something that can be catastrophic for a burgeoning business. Lost data means lost time.  Productivity suffers when IT systems go down, and often a small business owner can spend tens of thousands of dollars just to get a system back up and running.  In addition, many states have passed laws requiring that customers be notified of security breaches. There have been many high profile cases of companies acknowledging lost or stolen data, which can have a significant public relations impact to an organization. So what can a small or mid-size business do to ensure data is safe and secure? The first step is to understand the threats. Threats to small businesses There are a number of security issues you should be aware of and while some are simply inconvenient, others can result in your data being stolen or someone taking control of your network. Spam, spyware, worms, viruses and Trojans are just a few of the security issues that can result in a data disaster for your business. As we all know, spam has become a major issue in both business and personal inboxes. But it isn’t just annoying. Spam can lead to malware infection, data loss, identity, and financial theft and other fraud. Never open an email from an unknown sender, and be sure to never open attachments from someone unfamiliar. While spam is unsolicited and often inevitable, other types of security breaches can be prevented as long as you exercise caution when entering any network outside of your own. IT security firm Sophos recently released a report indicating that up to 90 percent of spam is now relayed from zombie computers hijacked by Trojan horses, worms, and viruses under the control of hackers. You can avoid the prospect of having one of your machines turn into a zombie computer by urging users to exercise caution when visiting websites and downloading documents or software. Often what appears harmless — a game or funny email — can contain malicious coding and enter your network via a user download. While most users in today’s business world are fairly savvy when it comes to these issues, just one user machine can make an entire network vulnerable, so it is essential to educate your users on the importance of exercising caution. Come up with specific company policies outlining the proper use of computers and procedures for downloading programs or applications. Your people have the power Unfortunately, it’s often not enough to encourage your employees to take IT security seriously. You should also evaluate your IT operations staff carefully. Whether your staff is small or large, it is essential that the people managing your network are technically competent and up to date on cutting-edge security features. If you don’t have an IT staff or are managing your network on your own, consider looking to a professional firm or hiring part-time staff to help you evaluate your current needs and ensure your company’s data security. Many small businesses choose to outsource IT operations to a vendor who can provide overall support for day-to-day operations and on-demand support for one-off issues. While it may be tempting to have your 16-year-old nephew manage your network, there are a number of more reliable options to help you get the support you need. The number of IT support companies for small businesses is as long as the phone book by now, so take some time to do research about the best ones in your area. Ask other local business owners who they use and interview potential candidates to ensure they have the best resources for your specific needs. If you have specialized software programs or a large amount of data to store, you may have different security concerns from other businesses. Good IT support staff will evaluate your current setup and recommend potential changes to ensure your data is as secure as possible. They’ll also make recommendations to your end users on passwords and other security features. Make sure you are aware of the cost of help desk support and emergency situations for any solution provider you hire — those potential costs may outweigh the benefits of low upfront prices. Your data is the DNA and lifeblood of your business. By taking steps to ensure its security, you’re setting the stage for growth and success. Lisa Metcalfe is a Regional Practice Leader in the Technology Leadership Practice of Tatum LLC. Tatum is the nation’s largest executive services firm, providing financial and technology leadership nationwide.

About 2275 days ago Business Software

Life after QuickBooks

There are many milestones in the growth of a business, but not all are wonderful moments of celebration. One that often sneaks up on the owner is outgrowing the accounting system. This system, which traditionally encompasses invoicing, payroll, expense tracking, and financial reporting, is at the center of operations any business. Growing beyond its capabilities is inevitable, but often painful. Operating on a small-scale a program like QuickBooks makes time-consuming critical processes run more smoothly. Millions of small businesses use QuickBooks, Peachtree, MYOB, or similar products to provide the financial infrastructure that facilitates growth. But at some point the requirements of the business expand, often exponentially. Additional features and performance may be necessities as your processes become more complex and your transaction volume skyrockets. So how do you know if you need a new financial system? One of the telling signs is sluggishness. If you are experiencing long delays as you work in the program, or if printing reports becomes slower, your data volume is taxing the system. The software that worked beautifully two years ago was designed to handle a certain size of business. The database performance is limited and the software can be overwhelmed. Programs designed for small businesses are also limited in security features and controls. It is an unfortunate paradox that as your company grows, protecting data becomes harder, yet is more important than ever. A system that lacks adequate security or audit trails can cause huge problems, especially if your eventual goal is an acquisition or a public stock offering (e.g. IPO). If records can be changed or permanently deleted without your consent, you have a problem. This brings us to the people (not person) using the system. As you grow you will have more people accessing the system at the same time, a capability which is limited in this tier of products. And then there is reporting. The information you need to run the business naturally evolves as you set new strategic directions. The system must provide information that helps you pursue your goals, but all too often it can actually become a roadblock. If you have realized you need to upgrade, what do you do next? First, you should be prepared to pay for the increased database performance and expanded features. While QuickBooks and similar products typically run in the hundreds of dollars, be ready to budget several thousand dollars for the upgrade. The budget needs to include not just the implementation, but also converting your existing files and training your staff. You also don’t want to overpay for a product that will far surpass your future needs. Estimate where the company will be in several years, and look for software that will fit your requirements at that point. Don’t buy a product designed for a $300 million company, when in five years you’re going to be at $15 million. You’ll just end up paying for features and capabilities that you will not use, nor do you need. Think about big changes. Will you be breaking into e-commerce? Are you expanding to multiple locations, or going international? Knowing what features will be helpful to you —  and not just how big the company will be — will help you make the upgrade successful. So what are the implementation “must-dos?” Be realistic and committed. Changing to a more advanced financial system can take months, depending on the size of the project, so be patient. If you need to minimize costs, make sure you do not cut the training budget. Having employees who can use all the system’s features will pay for itself down the road. Some systems can be used in an application service provider (ASP) or Web-hosted environment, where monthly fees are charged for each user of the system. If you have limited technology staff support, this approach can help you manage a more sophisticated technology environment without having to add staff. This approach can also help you avoid some of the upfront capital costs and license fees, but still requires effort in defining business processes and converting data from your current system. The downside is that you do not own the software and must budget for continued monthly fees. Getting it right the first time will involve a blend of adjusting your company’s practices to the system and tailoring the software to your practices. Also, know the details of your support and maintenance agreements, which often provide patches for current versions and some add-on products. Too many companies upgrade their accounting systems only after their business growth has been stifled. By implementing a financial system that can accommodate several years of expansion, you can make sure you have the financial infrastructure to achieve your next set of business milestones. Lisa Metcalfe is a Regional Practice Leader in the Technology Leadership Practice of Tatum LLC. Tatum is the nation’s largest executive services firm, providing financial and technology leadership to businesses nationwide.

About 2365 days ago Computer Security

Data Security: Focusing on the Wrong Things?

Data security is one of the most talked about, yet least understood, areas of risk management.  Unfortunately, far too many companies spend most of their time and energy in the wrong areas, leaving the organization open to massive legal exposure. The risk of a data breach is quite real. Hundreds of examples have been publicized since 2005, exposing more than 90 million private records — not surprising in an age where enormous amounts of data can easily be carried on miniscule USB drives. If you think data protection isn’t an issue for you, think again. Privacy regulation is no longer simply the concern of hospitals and retailers, nor is identity theft a problem only for consumers. Negligent treatment of employee information can now result in significant fines and/or litigation, upping the ante considerably. Even worse, most business insurance specifically excludes data breaches from coverage, leaving the company completely exposed should a breach occur. Maybe you think this is not a problem because you have a great firewall. Wrong again. The FBI and Secret Service estimate that up to 80 percent of data breaches can be traced to insiders, who may act knowingly or unknowingly, indicating that the traditional focus on firewalls is misguided. Most IT organizations spend 80 percent of their data security budget protecting against external threats, completely failing to address the biggest source of risk. Operational versus organizational risk So where are the “right” places to focus attention and budget? The answer lies in understanding the difference between operational risk and organizational risk. Operational risk is the traditional focus: keeping data from being hacked or misused, building “big walls.” Organizational risk takes a top-down approach to security, including legal ramifications related to a data breach. This includes litigation, bad media exposure and potential long term financial losses. Here is the real risk. This is the elephant in the room for companies who continue to view data security as an IT responsibility, rather than a C-suite business issue. To illustrate the importance of organizational risk, think about the importance of building a recognized and respected brand.  If you are like most companies, you have spent your entire history, not to mention tremendous sales and marketing dollars, trying to build a reputation with your customers. Each time a data privacy issue is exposed, negative press not only can, but will follow. The company may incur fines and regulatory penalties. Studies have demonstrated that publicly traded companies involved in negative media coverage regarding a data breach register a decline in market capitalization of up to 24 percent for at least a year. The good news is that while the risks are both real and growing, improving your defensive stance can be quick, if not easy. The key to successfully addressing data security risk comes down to changing your perspective, looking at the business problems, rather than simply the “IT” problems. Develop a data security plan The first step is to have a written data security plan in place. This is critical for a legal defense, but an amazing number of growing companies have never taken the time to produce a plan. When developing a data security plan, take the time to think about the full scope of digital assets, including customer data, sensitive employee information and corporate proprietary data. Then consider the governance structure surrounding this data. Are processes and procedures clearly defined and communicated? If the staff that you have managing this area has been “learning as they go,” this is a good time to bring in a security expert for a few days to make sure you address any weaknesses. Even more importantly in today’s litigious environment, have employees received written communication regarding data security policies and procedures? Developing and implementing a thorough and ongoing program will vastly improve the organization’s level of risk in this area.  Remember, every member of your organization is part of your security team. Smart organizations take it to the next level by defining an oversight function for governance of the new plan. The oversight committee is responsible for aligning risk management planning and turning it into policies that can be implemented. Ideally, there is at least one security expert on the oversight committee. This group also tracks changes in assets and vulnerabilities, updating the plan and procedures as necessary. The next time you see a headline about a breach, which shouldn’t take long, read the article. I think you will see what I mean about organizational risk and focusing on the business issues rather than only on the technology issues. Bill Huber is a Regional Practice Leader for Tatum LLC and head of Tatum’s National Risk Management Solution Team. Tatum is the nation’s largest executive services firm, providing financial and technology leadership nationwide.