Latest Blogs

GAAP Conversion

GAAP Conversion


1.What is GAAP Conversion?

Converting from one GAAP to another GAAP. It often means changing more than just the numbers; there are often wider business or reporting implications to manage. It also requires change in strategic and operational procedures or policies.

2.Why is GAAP Conversion required?

The need for GAAP conversions arises for a variety of reasons:

  • Local regulatory change? particularly when an old GAAP is being replaced by a new one in a jurisdiction (this new GAAP could be a new local standard or one aligned to IFRS)
  • In the due diligence phase of an acquisition? where it is important to understand how the accounting of a target will change or be adapted as a result of being consolidated into a new group
  • Preparation of shareholder information pack, where financial reporting of a potential target needs to be included under the same accounting policies as the acquirer.
  • An initial public offering (IPO) ? when a company must prepare its financial statements under new rules for a listed company (most commonly under IFRS for listings cross border), which it did not have to apply as a private company.

3.What is process of performing GAAP Conversion?

Phase Objective and Process
Impact
Assessment
Objective:
Identify potential differences between reporting GAAPs under consideration
Process:
  • Read financial statements to determine applicable technical areas in scope
  • Read accounting manuals, existing white papers, key contracts and gather relevant information
  • Perform initial GAAP analysisand identify areas requiring in-depth research.
  • Prepare a conversion project plan
Measurement Objective:
Analyze differences to determine any adjustments, or prove that no adjustment is required and compute the adjustment amount.
Process:
  • Quantify new GAAP adjustments
  • Develop a reconciliation model to factor in the effects of the conversion
  • Revise KPIs and budgets based on updated measurements
Presentation and Disclosure Objective:
Skeleton accounts, including disclosures and accounting policies
Process:
  • Draft skeleton financial statements including footnotes
  • Create spreadsheet based reporting packages and supporting bridge analysis
  • Prepare opening balance sheet/group reporting template
  • Draft significant accounting policies and financial statement footnotes
Sustain Objective:
Embed new reporting framework into current processes
Process:
  • Assess the need to update systems and processes
  • Assess impact on tax, distributable reserves and other areas
  • Revise accounting policy and procedure manuals
  • Assess any staff training needs

2020-01-10 05:55:56

How A CFO Can Help You Sleep Better At Night

How A CFO Can Help You Sleep Better At Night


Babies, as any hollow-eyed new parent will tell you, often sleep for just a few hours at a time which is why ‘sleeping like a baby’ is a practice best avoided if you have a growing business to run and need to be on top of your game during working hours.

Instead, sleep experts recommend you look for ways to get between seven and nine unbroken hours of night-time sleep.

That’s because sleep is believed to be crucial to your physical and mental well being. It’s essential for maintaining cognitive skills such as communicating well, remembering key information and being creative and flexible in thought, says Dr Justin Varney in an article for Public Health England.

Insufficient sleep has a “profound impact” on your ability to function, he says. It makes you more vulnerable to infection and raises the risk of accidents and injuries.

What’s more, studies are beginning to show a link between a lack of sleep and conditions such as high blood pressure, heart disease and diabetes.

So, what can you do to ensure you get a great night’s sleep?

Almost every article you read on the topic will fail to mention what is arguable the number 1 strategy for a great night’s sleep… They’ll tell you to transform your bedroom into a technological-free zone (so no late-night watching of ‘Game Of Thrones’ or checking your Twitter feed before you shut your eyes). That’s as much to avoid too much stimulation before sleep as it is to minimise the amount of blue light you’re exposed to from some TVs, computer screens, tablets, smartphones, and LED lighting. The blue light can keep you awake by suppressing the sleep-inducing hormone melatonin.

Sleep hygienists (the name for experts in this field) also recommend you stick to regular bedtimes and avoid consuming caffeine and rich food in the last few hours before bed, and so on.

What most ‘sleep tips’ articles fail to mention is one of the best ways you can get your full quota of night-time sleep—that is how to deal with work-related stress which is one of the biggest causes of sleep problems. As the owner or CEO of a growing business, one of the best ways you can reduce your work-related stress is to hire an experienced Chief Financial Officer (CFO).

Take the CFO Centre’s part-time CFOs as an example. They all have many years of big business experience so that they can identify and assess the areas of risk in your business. More importantly, they can advise you on how to deal with such risks now and in the future.

Equally, part-time CFOs can highlight areas of risk that you are either unaware of or don’t know how to deal with. In other words, they’ll identify, quantify and help you to manage the risks your organisation faces.

But they do so much more than that. They will also advise, analyse and implement processes and practices to ensure your organisation performs better. They can provide strategic analysis and advisory support on every finance-related aspect of your business.

At any one time, they can be involved in all those areas of the business that have previously kept you awake at night: things such as reporting, auditing, tax planning, business planning, capital expenditure, working capital management, budgeting and exit planning. Your part-time CFO will work on your financial strategy and finance operations while also managing your tax planning, legals, compliance, outsourcing and banking relationships.

You can rest easy at night, knowing your part-time CFO will help you to improve your cash flow and profitability and provide the insight into how your business can move seamlessly to the next level.

With a part-time CFO on your side, insomnia and restless sleep should become a thing of the past.

How it will work

The CFO Centre’s part-time CFOs use a proven framework known as the ’12 Boxes’ to identify where the problems are within any business. They use it to review every aspect of your company finance function and identify every problem area.

They will help you to understand your company’s finances; eliminate cash flow problems; identify cost-savings and improve profits.

They can also help you and your team to understand your main profit drivers; find and arrange funding; identify your Critical Success Factors and Key Performance Indicators (KPIs), help you to expand nationally and internationally; and build value to make your business more attractive to investors or buyers.

To discover more about the 12 Boxes, .

2020-01-10 05:53:55

What to Expect from a Part-Time CFO

The idea of hiring even a part-time CFO may seem to some SMEs a bit OTT—like paying Quentin Tarantino to make a 90-second home page video or booking Wembley Stadium for the company’s five-a-side friendly football match.

But for companies whose ambition is to get into and survive the coveted scale-up phase, hiring a part-time CFO makes perfect sense. They know that they’re getting a finance veteran, someone with big business experience, who can provide the guidance they need to grow rapidly and help them to avoid the costly mistakes that so many ambitious SMEs make as they attempt to move into the Big League.

As Colin Mills, the Chairman of the FD Centre, said in his book about scale-ups, “The reality is that there is great value in having someone from the next level if you’re aspiring to get there.”

Companies who hire part-time CFOs understand that today’s CFOs are capable of delivering far more than bookkeeping or accounting services. They provide the kind of strategic business perspective and support that fundamentally alters the performance/profitability and long term potential for a business. They can work with your board of directors and external stakeholders such as your bank or investors. They can also advise you on mergers and acquisitions. Besides strategic analysis, they can provide operational support on everything finance-related in your business.

Their responsibilities might cover business planning, capital structure, risk management, auditing and reporting, tax planning, capital expenditure, investor communication, R&D investment, working capital management and company budgeting.

Companies that don’t hire CFOs are often unaware of the opportunities and profits they’re missing out on. When asked why so many SMEs don’t hire CFOs, Matthew Bud, Chairman of the international Financial Executives Networking Group, said business owners are either unaware of their need for a CFO or reluctant to spend the money.

What many entrepreneurs don’t realise is that they’re already spending that money in lost profits and misspending,” he told Inc.

“They’re not seeing the dynamics of the business from an educated financial perspective. You can’t always go with your gut in making financial decisions, which is what a lot of entrepreneurs try to do.”

So, what can you expect from a part-time CFO?

Well, the role a part-time CFO will play in your company will depend on factors such as the size of your business, your expectations, your industry, and your corporate strategy and business goals. But a good CFO will work on your company’s finance strategy and finance operations and manage areas such as compliance, tax planning and legals, outsourcing and banking relationships.

To achieve success in these different roles, a CFO will need outstanding hard and soft skills.

If you’re a CEO, the CFO will be your strategic partner, providing financial insight and strategy and helping you to improve profitability and cash flow.

A good CFO won’t, however, be a ‘Yes’ person, someone who rubber-stamps every initiative without due diligence. On the contrary, they will challenge you and your vision for your business asking the kinds of questions which leads to transformation as opposed to incremental improvement.

Charles Holley, CFO-in-residence at Deloitte and former Walmart CFO, says good CFOs are independent-minded yet supportive of their CEO.

My CEOs counted on me to be the truth teller, to form my own opinions on important company decisions and to speak up. At the same time, they expected my support for execution.”

Great CFOs challenge the business, he says. They point out problems and propose possible solutions to “spark the debate”.

CFOs are in the best position to call attention when the numbers aren’t supporting the strategy. For example, CFOs can push the business to change capex priorities when the underlying ROI assumptions are no longer supported by the numbers.”

Besides being a trusted advisor and sounding board, a good CFO will help to raise efficiencies, identify opportunities, manage risk management, and manage capital structure.

Since they speak the language of financiers and understand what they are really interested in, CFOs can also liaise with financial institutions, investors, and auditors on your behalf.

In other words, a part-time CFO can help you to manage the transition into the scale-up phase more smoothly and ensure you reach your growth targets sooner.

How it works in practice

The CFO Centre’s part-time CFOs use a proven framework known as the ’12 Boxes’ to identify where the problems are within any business. They use it to review every aspect of your company finance function and identify every problem area.

They will help you to understand your company’s finances; eliminate cash flow problems; identify cost-savings, and improve profits.

They can also help you and your team to understand your main profit drivers; find and arrange funding; identify your Critical Success Factors and Key Performance Indicators (KPIs), help you to expand nationally and internationally; and build value to make your business more attractive to investors or buyers.

To discover more about the 12 Boxes, click here.

Need help?

2020-01-10 05:52:46

Applicability of Transfer Pricing

Applicability of Transfer Pricing


In the Income-tax Act, 1961 (“Act”), Sections 92 to 92F govern and regulate the transfer pricing provisions in India. Section 92(1) provides that any income arising from an International Transaction shall be computed having regard to the arm's length price (“ALP”).
Where in an International Transaction or SDT, two or more Associated Enterprises (“AEs”) enter into a mutual agreement or arrangement for the allocation or apportionment of, or any contribution to, any cost or expense incurred or to be incurred in connection with a benefit, service or facility provided or to be provided to any one or more of such enterprises, the cost or expense allocated or apportioned to, or, as the case may be, contributed by, any such enterprise shall be determined having regard to the ALP of such benefit, service or facility, as the case may be.

Definition of International Transaction
As per Section 92B of the Act, an International Transaction means a transaction between two or more AEs, either or both of whom are non-residents, in the nature of: the purchase, sale, transfer, lease or use of tangible property including building, transportation vehicle, machinery, equipment, tools, plant, furniture, commodity or any other article, product or thing;

  • the purchase, sale, transfer, lease or use of intangible property, including the transfer of ownership or the provision of use of rights regarding land use, copyrights, patents, trademarks, licences, franchises, customer list, marketing channel, brand, commercial secret, know-how, industrial property right, exterior design or practical and new design or any other business or commercial rights of similar nature;
  • provision of services, including provision of market research, market development, marketing management, administration, technical service, repairs, design, consultation, agency, scientific research, legal or accounting service;
  • lending or borrowing money or capital financing, including any type of long-term or short-term borrowing, lending or guarantee, purchase or sale of marketable securities or any type of advance, payments or deferred payment or receivable or any other debt arising during the course of business;
  • a transaction of business restructuring or reorganisation, entered into by an enterprise with an AE, irrespective of the fact that it has bearing on the profit, income, losses or assets of such enterprises at the time of the transaction or at any future date;
  • any other transaction having a bearing on the profits, income, losses or assets of such enterprises and shall include a mutual agreement or arrangement between two or more AEs for the allocation or apportionment of, or any contribution to, any cost or expense incurred or to be incurred in connection with a benefit, service or facility provided or to be provided to any one or more of such enterprises.

The term “intangible property” has been defined to include:

  • marketing related intangible assets, such as, trademarks, trade names, brand names, logos;
  • technology related intangible assets, such as, process patents, patent applications, technical documentation such as laboratory notebooks, technical know-how;
  • artistic related intangible assets, such as, literary works and copyrights, musical compositions, copyrights, maps, engravings;
  • data processing related intangible assets, such as, proprietary computer software, software copyrights, automated databases, and integrated circuit masks and masters;
  • engineering related intangible assets, such as, industrial design, product patents, trade secrets, engineering drawing and schematics, blueprints, proprietary documentation;
  • customer related intangible assets, such as, customer lists, customer contracts, customer relationship, open purchase orders;
  • contract related intangible assets, such as, favourable supplier, contracts, licence agreements, franchise agreements, non-compete agreements;
  • human capital related intangible assets, such as, trained and organised work force, employment agreements, union contracts;
  • location related intangible assets, such as, leasehold interest, mineral exploitation rights, easements, air rights, water rights;
  • goodwill related intangible assets, such as, institutional goodwill, professional practice goodwill, personal goodwill of professional, celebrity goodwill, general business going concern value;
  • methods, programmes, systems, procedures, campaigns, surveys, studies, forecasts, estimates, customer lists, or technical data;
  • any other similar item that derives its value from its intellectual content rather than its physical attributes
  • Further, transactions with a third party would be deemed to be a transaction between AEs if:
  • there exists a prior agreement in relation to the relevant transaction between the third party and the AE; or
  • terms of the relevant transaction are determined in substance between the third party and the AE

Maintenance of prescribed transfer pricing documentation
TP Report:Section 92D read with Rule 10D provides that every person who has undertaken an International Transaction or SDT shall keep and maintain such information and documents as
specified by rules made by the Board (Rule 10D) and supported by authentic documents in a case where the aggregate value, as recorded in the books of account, of international transactions entered into by the assessee exceed one crore rupees. The Board has also specified by the Rules that information and documents are required to be retained for a period of 8 years.
Form 3CEB:Section 92E read with Rule 10E provides that every person who has entered into an International Transaction/SDT during a previous year shall obtain a report from an accountant and furnish such report on or before the specified date (i.e. 30 November of the relevant Assessment Year) in the prescribed form (Form 3CEB) and manner.

 

2020-01-10 05:51:07

Applicability of Transfer Pricing

Applicability of Transfer Pricing


In the Income-tax Act, 1961 (“Act”), Sections 92 to 92F govern and regulate the transfer pricing provisions in India. Section 92(1) provides that any income arising from an International Transaction shall be computed having regard to the arm's length price (“ALP”).
Where in an International Transaction or SDT, two or more Associated Enterprises (“AEs”) enter into a mutual agreement or arrangement for the allocation or apportionment of, or any contribution to, any cost or expense incurred or to be incurred in connection with a benefit, service or facility provided or to be provided to any one or more of such enterprises, the cost or expense allocated or apportioned to, or, as the case may be, contributed by, any such enterprise shall be determined having regard to the ALP of such benefit, service or facility, as the case may be.

Definition of International Transaction
As per Section 92B of the Act, an International Transaction means a transaction between two or more AEs, either or both of whom are non-residents, in the nature of: the purchase, sale, transfer, lease or use of tangible property including building, transportation vehicle, machinery, equipment, tools, plant, furniture, commodity or any other article, product or thing;

  • the purchase, sale, transfer, lease or use of intangible property, including the transfer of ownership or the provision of use of rights regarding land use, copyrights, patents, trademarks, licences, franchises, customer list, marketing channel, brand, commercial secret, know-how, industrial property right, exterior design or practical and new design or any other business or commercial rights of similar nature;
  • provision of services, including provision of market research, market development, marketing management, administration, technical service, repairs, design, consultation, agency, scientific research, legal or accounting service;
  • lending or borrowing money or capital financing, including any type of long-term or short-term borrowing, lending or guarantee, purchase or sale of marketable securities or any type of advance, payments or deferred payment or receivable or any other debt arising during the course of business;
  • a transaction of business restructuring or reorganisation, entered into by an enterprise with an AE, irrespective of the fact that it has bearing on the profit, income, losses or assets of such enterprises at the time of the transaction or at any future date;
  • any other transaction having a bearing on the profits, income, losses or assets of such enterprises and shall include a mutual agreement or arrangement between two or more AEs for the allocation or apportionment of, or any contribution to, any cost or expense incurred or to be incurred in connection with a benefit, service or facility provided or to be provided to any one or more of such enterprises.

The term “intangible property” has been defined to include:

  • marketing related intangible assets, such as, trademarks, trade names, brand names, logos;
  • technology related intangible assets, such as, process patents, patent applications, technical documentation such as laboratory notebooks, technical know-how;
  • artistic related intangible assets, such as, literary works and copyrights, musical compositions, copyrights, maps, engravings;
  • data processing related intangible assets, such as, proprietary computer software, software copyrights, automated databases, and integrated circuit masks and masters;
  • engineering related intangible assets, such as, industrial design, product patents, trade secrets, engineering drawing and schematics, blueprints, proprietary documentation;
  • customer related intangible assets, such as, customer lists, customer contracts, customer relationship, open purchase orders;
  • contract related intangible assets, such as, favourable supplier, contracts, licence agreements, franchise agreements, non-compete agreements;
  • human capital related intangible assets, such as, trained and organised work force, employment agreements, union contracts;
  • location related intangible assets, such as, leasehold interest, mineral exploitation rights, easements, air rights, water rights;
  • goodwill related intangible assets, such as, institutional goodwill, professional practice goodwill, personal goodwill of professional, celebrity goodwill, general business going concern value;
  • methods, programmes, systems, procedures, campaigns, surveys, studies, forecasts, estimates, customer lists, or technical data;
  • any other similar item that derives its value from its intellectual content rather than its physical attributes
  • Further, transactions with a third party would be deemed to be a transaction between AEs if:
  • there exists a prior agreement in relation to the relevant transaction between the third party and the AE; or
  • terms of the relevant transaction are determined in substance between the third party and the AE

Maintenance of prescribed transfer pricing documentation
TP Report:Section 92D read with Rule 10D provides that every person who has undertaken an International Transaction or SDT shall keep and maintain such information and documents as
specified by rules made by the Board (Rule 10D) and supported by authentic documents in a case where the aggregate value, as recorded in the books of account, of international transactions entered into by the assessee exceed one crore rupees. The Board has also specified by the Rules that information and documents are required to be retained for a period of 8 years.
Form 3CEB:Section 92E read with Rule 10E provides that every person who has entered into an International Transaction/SDT during a previous year shall obtain a report from an accountant and furnish such report on or before the specified date (i.e. 30 November of the relevant Assessment Year) in the prescribed form (Form 3CEB) and manner.

 

2020-01-10 05:50:09

Legal Consideration for a startup

Legal Consideration for a startup


Babies, as any hollow-eyed new parent will tell you, often sleep for just a few hours at a time which is why ‘sleeping like a baby’ is a practice best avoided if you have a growing business to run and need to be on top of your game during working hours.

Instead, sleep experts recommend you look for ways to get between seven and nine unbroken hours of night-time sleep.

That’s because sleep is believed to be crucial to your physical and mental well being. It’s essential for maintaining cognitive skills such as communicating well, remembering key information and being creative and flexible in thought, says Dr Justin Varney in an article for Public Health England.

Insufficient sleep has a “profound impact” on your ability to function, he says. It makes you more vulnerable to infection and raises the risk of accidents and injuries.

What’s more, studies are beginning to show a link between a lack of sleep and conditions such as high blood pressure, heart disease and diabetes.

So, what can you do to ensure you get a great night’s sleep?

Almost every article you read on the topic will fail to mention what is arguable the number 1 strategy for a great night’s sleep… They’ll tell you to transform your bedroom into a technological-free zone (so no late-night watching of ‘Game Of Thrones’ or checking your Twitter feed before you shut your eyes). That’s as much to avoid too much stimulation before sleep as it is to minimise the amount of blue light you’re exposed to from some TVs, computer screens, tablets, smartphones, and LED lighting. The blue light can keep you awake by suppressing the sleep-inducing hormone melatonin.

Sleep hygienists (the name for experts in this field) also recommend you stick to regular bedtimes and avoid consuming caffeine and rich food in the last few hours before bed, and so on.

What most ‘sleep tips’ articles fail to mention is one of the best ways you can get your full quota of night-time sleep—that is how to deal with work-related stress which is one of the biggest causes of sleep problems. As the owner or CEO of a growing business, one of the best ways you can reduce your work-related stress is to hire an experienced Chief Financial Officer (CFO).

Take the CFO Centre’s part-time CFOs as an example. They all have many years of big business experience so that they can identify and assess the areas of risk in your business. More importantly, they can advise you on how to deal with such risks now and in the future.

Equally, part-time CFOs can highlight areas of risk that you are either unaware of or don’t know how to deal with. In other words, they’ll identify, quantify and help you to manage the risks your organisation faces.

But they do so much more than that. They will also advise, analyse and implement processes and practices to ensure your organisation performs better. They can provide strategic analysis and advisory support on every finance-related aspect of your business.

At any one time, they can be involved in all those areas of the business that have previously kept you awake at night: things such as reporting, auditing, tax planning, business planning, capital expenditure, working capital management, budgeting and exit planning. Your part-time CFO will work on your financial strategy and finance operations while also managing your tax planning, legals, compliance, outsourcing and banking relationships.

You can rest easy at night, knowing your part-time CFO will help you to improve your cash flow and profitability and provide the insight into how your business can move seamlessly to the next level.

With a part-time CFO on your side, insomnia and restless sleep should become a thing of the past.

How it will work

The CFO Centre’s part-time CFOs use a proven framework known as the ’12 Boxes’ to identify where the problems are within any business. They use it to review every aspect of your company finance function and identify every problem area.

They will help you to understand your company’s finances; eliminate cash flow problems; identify cost-savings and improve profits.

They can also help you and your team to understand your main profit drivers; find and arrange funding; identify your Critical Success Factors and Key Performance Indicators (KPIs), help you to expand nationally and internationally; and build value to make your business more attractive to investors or buyers.

To discover more about the 12 Boxes, .

2020-01-10 05:43:12

Innovation and Business

Innovation and Business


Babies, as any hollow-eyed new parent will tell you, often sleep for just a few hours at a time which is why ‘sleeping like a baby’ is a practice best avoided if you have a growing business to run and need to be on top of your game during working hours.

Instead, sleep experts recommend you look for ways to get between seven and nine unbroken hours of night-time sleep.

That’s because sleep is believed to be crucial to your physical and mental well being. It’s essential for maintaining cognitive skills such as communicating well, remembering key information and being creative and flexible in thought, says Dr Justin Varney in an article for Public Health England.

Insufficient sleep has a “profound impact” on your ability to function, he says. It makes you more vulnerable to infection and raises the risk of accidents and injuries.

What’s more, studies are beginning to show a link between a lack of sleep and conditions such as high blood pressure, heart disease and diabetes.

So, what can you do to ensure you get a great night’s sleep?

Almost every article you read on the topic will fail to mention what is arguable the number 1 strategy for a great night’s sleep… They’ll tell you to transform your bedroom into a technological-free zone (so no late-night watching of ‘Game Of Thrones’ or checking your Twitter feed before you shut your eyes). That’s as much to avoid too much stimulation before sleep as it is to minimise the amount of blue light you’re exposed to from some TVs, computer screens, tablets, smartphones, and LED lighting. The blue light can keep you awake by suppressing the sleep-inducing hormone melatonin.

Sleep hygienists (the name for experts in this field) also recommend you stick to regular bedtimes and avoid consuming caffeine and rich food in the last few hours before bed, and so on.

What most ‘sleep tips’ articles fail to mention is one of the best ways you can get your full quota of night-time sleep—that is how to deal with work-related stress which is one of the biggest causes of sleep problems. As the owner or CEO of a growing business, one of the best ways you can reduce your work-related stress is to hire an experienced Chief Financial Officer (CFO).

Take the CFO Centre’s part-time CFOs as an example. They all have many years of big business experience so that they can identify and assess the areas of risk in your business. More importantly, they can advise you on how to deal with such risks now and in the future.

Equally, part-time CFOs can highlight areas of risk that you are either unaware of or don’t know how to deal with. In other words, they’ll identify, quantify and help you to manage the risks your organisation faces.

But they do so much more than that. They will also advise, analyse and implement processes and practices to ensure your organisation performs better. They can provide strategic analysis and advisory support on every finance-related aspect of your business.

At any one time, they can be involved in all those areas of the business that have previously kept you awake at night: things such as reporting, auditing, tax planning, business planning, capital expenditure, working capital management, budgeting and exit planning. Your part-time CFO will work on your financial strategy and finance operations while also managing your tax planning, legals, compliance, outsourcing and banking relationships.

You can rest easy at night, knowing your part-time CFO will help you to improve your cash flow and profitability and provide the insight into how your business can move seamlessly to the next level.

With a part-time CFO on your side, insomnia and restless sleep should become a thing of the past.

How it will work

The CFO Centre’s part-time CFOs use a proven framework known as the ’12 Boxes’ to identify where the problems are within any business. They use it to review every aspect of your company finance function and identify every problem area.

They will help you to understand your company’s finances; eliminate cash flow problems; identify cost-savings and improve profits.

They can also help you and your team to understand your main profit drivers; find and arrange funding; identify your Critical Success Factors and Key Performance Indicators (KPIs), help you to expand nationally and internationally; and build value to make your business more attractive to investors or buyers.

To discover more about the 12 Boxes, .

2020-01-10 05:41:21

Startup Ecosystem

Startup Ecosystem


Babies, as any hollow-eyed new parent will tell you, often sleep for just a few hours at a time which is why ‘sleeping like a baby’ is a practice best avoided if you have a growing business to run and need to be on top of your game during working hours.

Instead, sleep experts recommend you look for ways to get between seven and nine unbroken hours of night-time sleep.

That’s because sleep is believed to be crucial to your physical and mental well being. It’s essential for maintaining cognitive skills such as communicating well, remembering key information and being creative and flexible in thought, says Dr Justin Varney in an article for Public Health England.

Insufficient sleep has a “profound impact” on your ability to function, he says. It makes you more vulnerable to infection and raises the risk of accidents and injuries.

What’s more, studies are beginning to show a link between a lack of sleep and conditions such as high blood pressure, heart disease and diabetes.

So, what can you do to ensure you get a great night’s sleep?

Almost every article you read on the topic will fail to mention what is arguable the number 1 strategy for a great night’s sleep… They’ll tell you to transform your bedroom into a technological-free zone (so no late-night watching of ‘Game Of Thrones’ or checking your Twitter feed before you shut your eyes). That’s as much to avoid too much stimulation before sleep as it is to minimise the amount of blue light you’re exposed to from some TVs, computer screens, tablets, smartphones, and LED lighting. The blue light can keep you awake by suppressing the sleep-inducing hormone melatonin.

Sleep hygienists (the name for experts in this field) also recommend you stick to regular bedtimes and avoid consuming caffeine and rich food in the last few hours before bed, and so on.

What most ‘sleep tips’ articles fail to mention is one of the best ways you can get your full quota of night-time sleep—that is how to deal with work-related stress which is one of the biggest causes of sleep problems. As the owner or CEO of a growing business, one of the best ways you can reduce your work-related stress is to hire an experienced Chief Financial Officer (CFO).

Take the CFO Centre’s part-time CFOs as an example. They all have many years of big business experience so that they can identify and assess the areas of risk in your business. More importantly, they can advise you on how to deal with such risks now and in the future.

Equally, part-time CFOs can highlight areas of risk that you are either unaware of or don’t know how to deal with. In other words, they’ll identify, quantify and help you to manage the risks your organisation faces.

But they do so much more than that. They will also advise, analyse and implement processes and practices to ensure your organisation performs better. They can provide strategic analysis and advisory support on every finance-related aspect of your business.

At any one time, they can be involved in all those areas of the business that have previously kept you awake at night: things such as reporting, auditing, tax planning, business planning, capital expenditure, working capital management, budgeting and exit planning. Your part-time CFO will work on your financial strategy and finance operations while also managing your tax planning, legals, compliance, outsourcing and banking relationships.

You can rest easy at night, knowing your part-time CFO will help you to improve your cash flow and profitability and provide the insight into how your business can move seamlessly to the next level.

With a part-time CFO on your side, insomnia and restless sleep should become a thing of the past.

How it will work

The CFO Centre’s part-time CFOs use a proven framework known as the ’12 Boxes’ to identify where the problems are within any business. They use it to review every aspect of your company finance function and identify every problem area.

They will help you to understand your company’s finances; eliminate cash flow problems; identify cost-savings and improve profits.

They can also help you and your team to understand your main profit drivers; find and arrange funding; identify your Critical Success Factors and Key Performance Indicators (KPIs), help you to expand nationally and internationally; and build value to make your business more attractive to investors or buyers.

To discover more about the 12 Boxes, .

2020-01-10 05:40:06

Who Can Perform a SOC Audit?

Who Can Perform a SOC Audit?


As the requirement to receive SOC 1 or SOC 2 reports as part of a contract, request for proposal (RFP), or security program increases as a barrier to receiving major clients, it’s important to understand who can perform these audits. This post will identify a number of questions to answer who exactly can perform SOC 1 and SOC 2 audits.

Can a Non-CPA Organization Perform a SOC 1 & SOC 2 Audit?

No. If a firm is not a certified CPA firm, then they cannot complete a SOC 1 or SOC 2 audit that will be acceptable in the eyes of the AICPA and users of the report cannot rely on the contents provided within.

A SOC 1 and SOC 2 examination has at least four main sections that users of the report should look for. Those include the following:

  • Management’s Assertion
  • Auditor’s Opinion
  • Description of Services
  • Results of Testing

If a firm completes a SOC audit that is not a certified CPA firm, then they cannot provide an opinion of the contents detailed within the Description or Services and Results of Testing. Because of this, it is imperative to confirm that the firm your organization chooses to perform the SOC audit, meets this fundamental requirement.

Can Non-CPA Organizations Partner with CPA firms to Perform SOC 1 & SOC 2 Audits?

No. If you think otherwise, contact any member of the AICPA Trust Information Task Force. Any one of them would be more than happy to take down your information and have a dialogue with you about this topic.

With that said, the AICPA requires that team members that work on engagements have a certain level of competence and capabilities. While a non-CPA organization may have the technical capability to perform a review of the services or system being examined, they must also have experience with the following:

  • Evaluating the design of controls and the operating effectiveness to confirm that they have functioned over a period of time and meet the applicable trust service criteria included in the report.
  • Understand professional standards that are required by the AICPA such as the AICPA Code of Conduct along with other audit standards that allow auditors to apply professional skepticism and judgment as required

This, however, does not mean an auditor cannot enlist the use of a specialist, if required, to complete an audit. This question will be addressed in question number five.

Yes. As part of the AICPA Code of Conduct, CPA firms MUST be independent before they can engage with a client to perform an audit. The AICPA requires that “a member in the public practice should be independent in fact and appearance when providing auditing and other attestation services,” such as a SOC 1 or SOC 2 examination.

What are the Ramifications to the Service Organization if One of the Above has Happened?

Any user organization and/or user auditor that relied on the SOC 1 or SOC 2 examination report from the service organization may have placed unwarranted reliance on that SOC report. In other words, the user organization’s financial statement audit may have to be performed again for each period in which there was unwarranted reliance. Moreover, it is illegal to depart from state laws in regard to performing attestation services.

SOC 1 and SOC 2 follow the guidance found within the Statement on Standards for Attestation Engagement (SSAE 18). SSAE 18 is meant to be a clarification and recodification which replaces SSAE 16 as the standard for SOC 1 reports. SSAE 18 has integrated concepts found in AT-C section 105, Concepts Common to All Attestation Engagements; AT-C section 205, Examination Engagements; AT-C section 210, Review Engagements; and AT-C section 215, Agreed Upon Procedures. These standards together are now the standards for both SOC 1 and SOC 2 reports. For more information on SSAE 18, check out other posts linked within the summary section.

Guidance also exists that states that the only type of organization that may perform a SOC 1 and SOC 2 audits is a licensed CPA firm. The following bullets are selected excerpts from authoritative sources listing some, but not all, of the relevant guidance supporting the comments above:

  • “[A]uditor should not assume responsibility for the predecessor auditor’s work or issue a report that reflects divided responsibility” (AICPA, AU315.16).
  • “The independent auditor also has a responsibility to his profession, the responsibility to comply with the standards accepted by his fellow practitioners” (AICPA, AU110.10). This includes adherence to CPE, Ethics, and licensing requirements.
  • “No person, partnership, professional corporation, or limited liability company shall, without an active certificate of certified public accountant or a valid registration: Attest or express an opinion, as an independent auditor” (Colorado Revised Statute 12-2-120 Unlawful Acts (6)(II)(B)).
  • “The practitioner must adequately plan the work and must properly supervise any assistants” (AICPA, AT101.42).
  • “Attest services may only be rendered through firms holding permits from the state” they are performing attest services. (Uniform Accountancy Act, Section 7).

Can a Firm Use the Work of a Specialist to Perform a SOC 1 or SOC 2 Examination?

Yes. When engaging to perform a SOC 1 or SOC 2 examination, the auditor may decide it is necessary to enlist the use of a specialist. AT-C 205, Examination Engagements requires that auditors assess the following items:

  • Does the specialist have the required skills to understand the service or system and do they have the required independence to complete the required work?
  • Is enough evidence available to the auditor to determine whether the specialist has the necessary proficiency to understand the nature of the specialist’s work along with the scope of their expertise, and determine whether the objective of their work meets the needs of their expected role as a specialist?
  • Will the auditor and the specialist be able to come to an agreement on the expected work (i.e. nature, scope, and objectives) to be completed by the specialist, the roles and responsibilities that will be required of the specialist, when and the extent of work expected by the specialist, and the duties and any confidentially requirements that are expected of the specialist.

Through consideration and documentation of the items listed above, an auditor can engage the use of a specialist.

Summary

The overall goal of an attestation engagement is to provide users of the report or clients of subservice organizations, in this case, with an opinion on the assertions made by management. As a result, report users can place reliance on the information before deciding whether they want to put an agreement or contract in place to use that system or service. Because reliance is placed on these reports to enter into or agreement often times, it is important to understand who exactly can perform a SOC 1 and SOC 2 audit.

The main take-away from this post is this: if the report is not completed by a CPA firm, the report should not be relied on.

2020-01-10 05:38:35

What is a SOC 2 Report? Expert Advice You Need to Know

What is a SOC 2 Report? Expert Advice You Need to Know


BY ROB PIERCE, PARTNER | CISSP, CISA ON JANUARY 16, 2019

In this article, we will cover some common questions that come up related to SOC 2 reports. SOC 2 compliance does not have to be difficult although with some of the terminology, it can initially be confusing. So what are SOC 2 reports and examinations? Let’s dive in!

What is SOC 2 Certification or Attestation?

While there is no such thing as a SOC 2 certification, many still refer to a SOC 2 certification. One of our clients recently received a request from a prospective client asking whether they were a SOC 2 certified data center. Our client, being more savvy than most, said, “We don’t have a SOC 2 certification. We have a SOC 2 attestation.” Our client’s prospect, or user organization, in SOC language, wanted to hop on a call to discuss.

The prospect was considering backing out of the deal because our client was not SOC 2 “certified.” We joined on the call and told our client’s prospect that our client did in fact have a SOC 2 report, but they were not SOC 2 “certified.” The prospect then said, “oh, so you are SOC 2 certified” and the deal moved forward. We laughed afterwards with our client because our client’s prospect could not grasp the terminology.

What is a SOC 2 Report?

SOC 2s differ from some other information security standards and frameworks because there is not a comprehensive list of “thou shalt” requirements. Instead, the AICPA provides criteria that can be selected by a service organization to demonstrate they have controls in place to mitigate risks to the service they provide. This can be a bit annoying for some first time clients since there isn’t one right answer for how to address the applicable criteria. Instead, a good auditor’s job is to identify what is already being done by their clients to meet the applicable criteria. In some cases, there are gaps and clients must implement new controls. In other cases, existing controls need to be tweaked slightly to better address the criteria. Our goal is for our clients to meet the criteria selected, but to create the least impact and additional overhead when remediating controls as possible.

SOC 2 reports are considered attestation reports. For a SOC 2 attestation, management of a service organization asserts that certain controls are in place to meet some or all of the AICPA’s SOC 2 Trust Services Criteria (TSC). Management also selects which of the five TSCs best address the risk of the services provided by the service organization.
See the AICPA page related to attestation reports for more information.
When a service organization completes a SOC 2 report, the report contains an opinion from a CPA firm that states whether the CPA firm agrees with management’s assertion. The opinion states that the appropriate controls are in place to address the selected TSCs and the controls are designed (Type I report) or designed and operating effectively (Type II report). In many cases, the opinion is positive and the CPA firm agrees with management’s assertion. In other cases, the CPA firm does not agree with management’s assertion and provides a qualified or adverse opinion. See past blog post on qualified opinions.

What Does SOC 2 Stand For?

A SOC 2 is a System and Organization Control 2 report. There are three types of SOC reports. See this AICPA whitepaper comparing the reports. Some companies struggle with the differences between SOC reports, and whether they should get a SOC 1, SOC 2, or SOC 3. We start by asking prospective clients about the type of clients and stakeholders asking for the report as well as the type of services provided to clients. This allows us to assess whether prospective clients may impact the internal controls over financial reporting (ICFR) of our prospective clients’ user organizations.

If a service organization can impact the ICFR of its user organizations, a SOC 1 report may be the best report option. If a service organization cannot impact its user organizations’ ICFR, but they can impact the security, availability, processing integrity, confidentiality, or privacy of their user organizations, then a SOC 2 may be the best report for the service organization’s clients.

SOC 2 Report Structure

The SOC 2 report structure is similar to a SOC 1 report structure, which we outlined in our SOC 1 article, and consists of:

  • The Opinion Letter
  • Management’s Assertion
  • Description of the System
  • Description of Tests of Controls and Results of Testing
  • Other Information

Who Needs a SOC 2 Report?

Service organizations that do not materially impact the ICFR of their user organizations, but do provide key services to user organizations may need a SOC 2 report.

SOC 2 Report Example

Many companies outsource IT infrastructure to service organizations, such as data centers and cloud hosting providers (e.g., Amazon’s AWS). What do these service organizations do to prove to clients and stakeholders that they are adequately protecting their servers and sensitive data? Service organizations receive SOC 2 reports to demonstrate they have certain controls in place to mitigate security, availability, confidentiality, processing integrity, or privacy risks. A SOC 2 report will include a CPA firm’s opinion on controls design and potentially operating operating effectiveness over a period of time.

Using AWS as an example, many companies use AWS and request assurance from AWS that there are controls in place to mitigate the risk of AWS’ systems and data being compromised. AWS could attempt to provide different answers to every single client that asks security related questions, but that would take too much time. Instead, AWS has selected an independent CPA firm to perform a SOC 2 examination (among many other AWS compliance exams). Then, rather than respond to all the questions regarding AWS’ security posture, AWS provides its SOC 2 report, which answers many of the common questions asked by its user organizations related to security, availability, confidentiality, processing integrity, and privacy.

Learn more in our article, Leveraging the AWS SOC 2: How to Build a SOC 2 Compliant SaaS.

What is SOC 2 Compliance? The Trust Services Criteria (TSC)

A service organization should choose the SOC 2 TSCs that mitigate the risk of their user organizations use of the service organization’s services. At a minimum, SOC 2 reports must include the Security or Common Criteria. The other TSCs can be added depending on the needs of user organizations.

Recently we had a prospective client say they wanted all of the TSCs included within their report because they wanted it to be the strongest report possible. Unfortunately, not all TSCs may apply to a particular client’s service. For example, if your company does not process transactions, processing integrity is probably not applicable. I’ve heard of firms including TSCs when they are not applicable within a report and then explaining why they are not applicable within the report. That’s not advised. Your best bet is to select criteria that is applicable to your services and answer the questions you hear most from your clients and prospective clients.

The Trust Services Criteria are noted below:

  • Security – The system is protected against unauthorized access (both physical and logical).
  • Availability –b> The system is available for operation and use as committed or agreed.
  • Processing Integrity – System processing is complete, accurate, and authorized.
  • Confidentiality – Information that is designated “confidential” is protected according to policy or agreement.
  • Privacy – Personal information is collected, used, retained, disclosed, and disposed of in conformity with the commitments in the entity’s privacy notice and with criteria set forth in Generally Accepted Privacy Principles issued by the AICPA.

Other Common Questions About SOC 2 Reports

Is There a SOC 2 Checklist?

There is no checklist, but the AICPA’s SOC 2 criteria can be obtained and reviewed. So how do you get it? You can buy it from the AICPA or contact us for a consultation. The criteria contains requirements related to each of the TSCs outlined above. The requirements may be met in a variety of ways, so there is not a one size fits all checklist for SOC 2 compliance. It is dependent on the services provided by a service organization. The SOC 2 criteria is also going through an update. See our blog post on the updated SOC 2 criteria which now more closely aligns with COSO.

Should You Get a SOC 2, Type 1 or Type 2 Report?

SOC 2 reports can be Type 1 (aka Type I) or Type 2 (aka Type II) reports.
SOC 2 Type 1 reports reports are as of a particular date (sometimes referred to as point-in-time reports) that include a description of a service organization’s system as well as tests to help determine whether a service organization’s controls are designed appropriately. They test the design of a service organization’s controls, but not the operating effectiveness.

SOC 2 Type 2 reports cover a period of time (usually 12 months), include a description of the service organization’s system, and test the design and operating effectiveness of key internal controls over a period of time.

Learn more in our article, SOC Report Types: Type I vs Type II.

How Much Does a SOC 2 Report Cost?

SOC 2 examinations are not cheap and fees depend on a number of factors. Factors include the scope of services included within the report, the TSCs included, the size of the organization, and the number of in scope systems and processes. For example, if a company has 3 different patch management processes to ensure servers and workstations stay up-to-date, the auditor will need to gain assurance that each of those processes is designed operating effectively. Learn more in our article, How Much Does A SOC Audit Cost?

Who Can Perform a SOC 2 Audit?

Licensed CPA firms that specialize in information security audits are the only organizations that should perform SOC 2 examinations. There are some companies that perform SOC 2 audits and have a CPA firm sign off on their report even though the CPA firm did not perform the audit. We recommend staying away from that approach. We also recommend selecting a firm that has experienced IT auditors and not financial audit CPAs only. When selecting a firm to perform a SOC 2, we recommend asking for the resumes or bios for any of the auditors that will complete the work. Then, ensure the firm you select has auditors with the appropriate skills and expertise. Certifications such CISA or CISSP are good to look for. Also, check references and ensure the firm you select has experience in the field you are in.

Updated SOC 2 Guidance

On December 15, 2018, new SOC 2 guidance went into effect and all reports following that date must include the updated criteria. See our previous blog post related to the latest SOC 2 criteria update.

2020-01-10 05:36:56