Liam Lynch, Chairman of the Chartered Accountants Ireland strategy development board introduces the Institute’s recently published Strategy 2020. Every so often in the life of any organisation it is necessary to take the longer term view – to sit back, take stock and map our journey. It is a recognition that it is not good enough to simply exist from day-to-day. We must take time to remember our purpose, define precisely where we are now and make a plan for where we want to be. I was therefore honoured, and not just a little apprehensive, when our President, Ronan Nolan, asked me, at the beginning of his year, to Chair the strategy development board. We were set the task of developing a comprehensive strategy to lead Chartered Accountants Ireland to the end of this decade. Such a process has particular challenges for us. Are we to consider a strategy for the organisation that is Chartered Accountants Ireland or are we to consider a strategy for the profession that we represent? There are of course significant cross overs between the two, but they are not absolutely and precisely the same thing. It became clear in our discussions that first and foremost it is imperative that the purpose, vision and strategy are directed towards the success and development of the profession and of individual Chartered Accountants. The purpose of Chartered Accountants Ireland, as set out in our original Charter, is to ensure that there are professional accountants with the integrity, skills, expertise and judgement necessary to support the economy and society. In essence, it has a public interest remit to support the profession across the island of Ireland while also enhancing its global relevance. The profession and our members are paramount.Our vision sees Chartered Accountants as being the premier Irish business professionals who are respected around the globe. It sees our training as an ideal foundation for agile business leaders. However, it is not good enough to just say this. It must be the reality, and most importantly it must be accepted as being the reality by the business community and by society at large. This is the task we have set ourselves.There are many activities that Chartered Accountants Ireland carry out in pursuance of its purpose and vision. However, in order to make a qualitative and quantitative difference, to face the task we have set ourselves and move to another level of achievement, Strategy 2020 focuses on three themes:   Attracting the brightest and best; Relevance; and, Our voice. Each of these themes is backed by real and implementable actions across our students, our members, our voice and our enablers. It will be very much about doing the simple things extremely well. So what do we mean when we talk about our three themes?  Attracting the brightest and best The whole basis of the profession is that it attracts excellent people, from a diverse range of backgrounds, who have the aptitude to be technically excellent and to deploy that knowledge in a commercial and ethical way for the benefit of their clients, employers, and whoever they encounter. It is essential to the future of the profession that it is constantly fed by a stream of excellent people to maintain and enhance its superior reputation. Every Member buys into maintaining this reputation for the benefit of all Members, and each Member benefits from this collective reputation summed up in the title Chartered Accountant. The greatest support that can be provided to all Members is maintaining this reputation for the profession. The education and training of Chartered Accountants is therefore paramount in determining the future of the profession and also the wellbeing of our existing Members. Our approach in these twin areas has developed and adapted over the almost 13 decades of our existence. Today, the seismic changes occurring technologically, economically and in society mean that not only has the time arrived, but there is currently a unique opportunity to reimagine our approach to both. We will reimagine a training experience that is relevant in the 21st century. We will reimagine the delivery of education and entry routes to the professions. We will thereby secure the future of the profession for the benefit of all our Members and our students.  Relevance It is a truism to say that Chartered Accountants Ireland must be relevant to its Members. However, that is not to say that it is something that can be taken for granted. It is therefore central to the strategy for the next five years to enhance that relevance, whether it to be those in practice, where relevance is most pronounced in any event, or to those in business or the public sector, where sometimes it is less clear. Focus is therefore needed on the supports that are provided to Members, and especially the relevance of our learning propositions. Further, there are many Chartered Accountants who are employed (to take the word in its widest sense) outside the traditional pursuits of a Chartered Accountant and where the core technical expertise expected is less relevant in their day-to-day lives. However, their education and training remain lifelong assets, and the values instilled in and expected of Chartered Accountants remain central to the way they conduct business. Relevance to all Members is therefore essential, while accepting it will be greater or lesser from one member to another, or even from one year to the next in the career of each member. Finally, the relevance of the profession to society and to business is essential. Each Member must maintain their own relevance throughout their entire careers, and Chartered Accountants Ireland must help support this relevance. Additionally, the education and training of Chartered Accountants must produce professionals who are relevant well into the future. Our education and training must respond to this and define the professional of the future. Our voice There is a narrative in certain quarters at the moment that diminishes the contribution of business and of business people in society. That narrative extends to most professions and “experts”, with many reports using the phrase "so called" in an effort to undermine the description that follows. Often the advice of "experts" is publicly dismissed while at the same time being widely used and implemented. The reality is that as professionals we have much to offer, and we continue to make our professional expertise available. But many of our Members feel lost in a world of negative comment. We must, and we will, do better in representing the legitimate interests of the profession and also the needs of business. If we get these three areas right, if we attract the brightest and best people, if we improve our relevance and if we make our voice heard, we will sow a future of success.  Our values Underlining all of this is our adherence to our values, which remain for all our Members no matter what walk of life in which they find themselves. If our training is an ideal foundation for agile business leaders, our values are the foundation for everything we are and everything we do in our professional and business lives. Chartered Accountants are involved in a wide range of activities as their careers progress, but at the very root of all are our shared values. At the forefront are our ethics and our exercise of professional judgement with integrity. We prize technical excellence and innovation, and in so doing we respect both others and the common good. Finally, there is recognition that we are a profession and that we have responsibilities to each other to maintain the profession, and the trust given to us as professionals. These five values are at the heart of what it means to be a Chartered Accountant, and are the five things that we must never forget – ethical standards, integrity, technical excellence, common good and trust. If we have these then we have all we need. Council and Management are committed to the immediate and effective implementation of Strategy 2020. A process of detailed planning has started, including identifying the resources needed to make it a success, while ensuring the financial sustainability of Chartered Accountants Ireland. And Strategy 2020 will be a living, breathing process, the progress of which will be reported on to Members annually over the rest of the decade. Liam Lynch, FCA is Deputy President, Chartered Accountants Ireland.  

Ireland’s new Data Protection Commissioner, Helen Dixon spoke to Accountancy Ireland about the challenges in this complex and growing area and the opportunities that it presents for Chartered Accountants.   Last year, a high-profile data protection case sent shockwaves across the credit union sector when the directors of a ‘tracing agent’ company were successfully prosecuted by the Data Protection Commissioner. The case concerned a private investigations company employed by a credit union to obtain up-to-date contact information on certain individuals. While it is not unusual for companies in the financial services sector to use tracing agents to pursue clients for unpaid debts, in this particular case, the agent had misrepresented itself to a Government Dept and a State agency in order to obtain personal information. Under s29 of the Data Protection Act, the Commissioner successfully prosecuted the directors of MCK Investigations and sent a clear message to companies that they must rely on legitimate methods when collecting personal information.   While high-profile cases grab the headlines, most of the complaints received by the Data Protection Commissioner are smaller in scale. Typically, complainants are individuals who have sought access to a copy of the personal data held about them by an organisation where the organisation has either failed to provide the information or failed to provide it within the statutory 40-day period.   Appointed in September 2014, Helen Dixon took up her new role at a time when the protection of individuals’ data is rarely out of the news. In Ireland, as in other EU member states, data protection legislation derives from the 1995 Data Protection Directive and personal data can only be gathered legally under strict conditions, for a legitimate purpose and organisations that obtain and manage personal information have a duty to protect it from misuse.   Multinational companies like Facebook and LinkedIn with EU headquarters in Ireland, make Dixon responsible for protecting the personal data of millions of European citizens. On average, her office receives about 1,000 individual complaints and 2,500 notifications of breaches each year.   “While the majority of complaints are made by individuals, of course we also deal with more systemic complaints where, for example, a company notifies us that its website has been hacked or that it has lost laptops with unencrypted data. We investigate those breaches but in general our work is about the individual’s right to data protection and vindicating that right in individual cases. That surprises a lot of people but that’s what we’re doing,” Ms Dixon said.   Prior to taking up her appointment, Ms Dixon was the Companies Registrar so she has moved from an area governed by prescriptive and precedent-based legislation to one that is principles-based where she is required to strike a balance between the fundamental right to data protection and other interests.   “Part of the balance will be working out what people find acceptable and what people wish to see in the public domain.”   Recognising the growing challenges of protecting personal data in the digital age, the Irish Goverment approved an increase in funding (to €3.65 million) for the Data Protection Commissioner’s office last year and is currently recruiting an additional 18 staff to augment the existing team of 29, most of whom are based in Portarlington, Co Laois. Company obligations Under data protection law companies registered in Ireland must:   Fairly and lawfully obtain data; Process the data fairly; Use data only for the purposes for which it was collected; Store data securely; Retain data for no longer than necessary; and Provide a right of access so that individuals can correct data held about them or request that their data be deleted. Guidance for companies and individuals covering a wide range of topics including purpose limitation and retention, access requests, transfers of data abroad, data sharing in the public sector, direct marketing issues and employment related issues, is available online at www.dataprotection.ie. Data protection audits Around 40 organisations undergo data protection audits each year and this number is likely to increase with the additional resources that are being provided.   In 2014, organisations audited included 10 in the public sector/voluntary sector and 30 private sector organisations ranging from accountancy firms and financial services to  slimming companies. Audits conducted by the Data Protection Commissioner show that some organisations “still don’t understand their statutory obligation to respond to data access requests within a 40-day period”, Ms Dixon said, adding that the audit teams also identified:   Failures to limit the use of personal information to the purposes for which it was collected; and Retention of personal information for longer than legitimately required. “Purpose limitation is an issue that we see quite a lot. Organisations are taking in personal data for legitimate purposes which they state to their customers but are then using the data later on for a different purpose, such as direct marketing, without having obtained the consent of the person to directly market to them.   “Retention is another issue that comes up in audits. The legislation says that data should be retained for no longer than necessary but electronic records and cheap storage have led some organisations to retain records simply because they can do so without ever thinking about whether they still need to hold on to the data. So that’s an area organisations need to focus on.”   Organisations should have a clear data retention policy: “Typically when we do an audit, if organisations have thought about their data retention policy and can justify it and have set out their analysis and reasons, that will satisfy us because it is for an organisation to set out what statutory requirements it might have to keep data or to set out what other justifications it might have to keep limited data.”   Asked how companies are selected for audit, Ms Dixon explained that aggregated information from complaints, information gleaned during audits and comparative international information helps identify “risky” sectors.  She stressed that some audited companies had “exemplary” pro-cesses in place with full information management statements, clear data pro-tection protocols and good training for staff. “They maintain separate data subject access and breach registers and when an event occurs, they are able to make a clear decision as to whether to notify the Data Protection Commissioner,” she explained. Public information Setting appropriate boundaries for the protection of publicly accessible information presents interesting data protection challenges. Asked to comment on last year’s controversy which arose when The Irish Times reported that a member of the public had been able to access personal information on the www.irishgenealogy.ie website, Ms Dixon said: “There was a view in some quarters that since you can go in and access a birth certificate because it is a publicly available record, it be an idea to make it more conveniently searchable online. But in fact from a data protection point of view there are issues around the hyper-accessibility of data and there is a big difference in data protection terms between having publicly available information where access is managed in a specific and measured way and having the same information available on a public website that is searchable simply surname.”   “A similar issue arose in the Companies Registration Office where the register of companies includes the names and addresses of directors and officers. That information was set up so as to be searchable by company, and only when you had identified the company, could you drill down to request documents that would identify the directors. How you make information accessible is an important data protection question.” Data protection in the EU Ireland is part of the EU Working Party on the Protection of Individuals with regard to the processing of Personal Data established under Article 29 of the 1995 Directive. The Directive was transposed differently by individual member states with the result that there are differences in how complaints are dealt by different regulators. A proposed new EU Regulation seeks to achieve greater consistency by putting in place common rules across the EU to strengthen the protection of individuals’ privacy.   Within the EU, personal data means any information relating to an individual, whether it relates to his or her private, professional or public life – from a name, a photo, an email address, bank details, your posts on social networking websites, your medical information, or your computer's IP address. Social media Social media organisations obtain and control vast amounts of personal information volunteered by individuals and regulating these organisations involves gaining an understanding of the services they offer, how they are using data, and how they have obtained consent.   Ms Dixon said that individuals, as well as companies, have responsibilities to protect personal data. Individuals should read the privacy notices and cookie statements on websites, for example, but organisations must ensure that these notices are clear and that the propositions being put to individuals are reasonable.   “There is a lot to be learned and we are part of an Article Working Party where we coordinate compliance terms with our colleagues across Europe,” Ms Dixon said. Accountants and auditors Asked whether the increased resourcing of her office could create future career opportunities for Chartered Accountants, Ms Dixon said that the auditing and analysis skills of Chartered Accountants would be useful in organising audits, understanding the types of analysis that need to be done and the best practice recommendations that need to be made. Internal and external auditors and accountants can play an important role in helping organisations to assess their data protection compliance, Ms Dixon suggested. They have the skills to help an organisation review the data it collects, assess whether the data is obtained fairly, and whether customers are advised of why the data is being collected. For example, where personal information is being collected under anti-money laundering legislation, that would involve explaining to the individual customer why the data is being collected, how long it will be retained and for what purpose. Accountants also have the skills to test whether data collected for a specified purpose is only used for that purpose and to verify that the organisation is not using personal information for other purposes or selling or sharing the data with third parties where it shouldn’t.   “Depending on the skills of the accountant, he/she may be able to make enquiries as to the security of storage of personal information. Certainly the accountant may be able to identify issues with physical storage where it is visible that personal data is being stored in boxes in an unlocked room and without a proper filing system or access control.   “The privileged position internal and external auditors hold in organisations makes it possible for them to identify these issues and to assess whether front line staff in organisations are trained,” Ms Dixon suggested.   Whoever fills the 18 positions currently advertised, it seems likely that these won’t be the last new vacancies in the Data Protection Commissioner’s office. Rapid developments in the digital age together with the proposed new General Data Protection Regulation should ensure that there will be no shortage of work for Ms Dixon and her team in the years ahead. 

Reputation is high on the list of challenges when it comes to charities. Jim Hynes, Chief Operations Officer at Concern, winners at the Public Accounts Awards, tells Accountancy Ireland how they ensure their good reputation by their dedication to transparency and public accountability. Describe your own background – how long in your current role, and relevant previous roles, how your training as a Chartered Accountant has helped your career. I trained as an accountant in the old Coopers and Lybrand (now PWC), from 1987-91. I left them after completing my training contract to work with Concern in Ethiopia, which was my first exposure to real poverty. I did that for three years and then worked for PWC again in Russia in 1995/6 and subsequently did a number of other commercial finance roles in Ireland and overseas before re-joining Concern as Finance Director in 2004. In 2008, I became COO, which is my current position. Training as an accountant gave me the analytic skills (and the confidence), to approach different situations in a coherent and organised way. No training will cover all eventualities that you will meet, it is more about developing mental discipline and remaining relatively clear-headed and rational regardless of the pressures that you may be facing. Accountancy prepares you well for that, it does of course give you the obvious financial skills too, which are hugely important in every sector. Describe the finance function – team background and roles, scope of work, particular problems or challenges. In Concern Dublin, the finance function comprises approximately 15 people and they have a number of core tasks. First is budgeting and monitoring financial performance. The income for charities tends to be hugely unpredictable. Careful budgeting, that is regularly updated and actively managed, is key to success and survival. This has been particularly true of the last few years when resources dipped along with the rest of the economy. Second is compliance. A significant portion of the organisations income comes from governments and institutional donors, these are contractual relationships with huge compliance requirements – partly operational and partly financial. Because we have a very broad base of institutional donors the rules are complex and varied. Lastly is the core task of supporting operations. We work in 28 countries around the world with a combined budget of approximately €150 million, each of these has different – and often peculiar – requirements and operating environments. Providing effective financial support is a challenge. How do Concern's budgeting and forecasting differ from a typical business in the private sector? Not as much as you might imagine. We have to  generate revenue, compete for contracts and do all of the budgeting, monitoring and analysis that you would find in any business. What differentiates us is the huge uncertainty in income, and the volatility of the environments in which we operate where even simple things like getting cash into a country can be a major issue. What are the risk and internal audit challenges, and the particular issues they present in your organisation? As a multi-national organisation with 3,000+ staff and expenditure in dozens of currencies we have a substantial risk exposure. We address that through the development of an annual risk (and mitigation) register and the empowerment of managers to proactively address the issues. A lot of our risks tend to be around safety and security in countries of operation and around safe-guarding reputation (which is even more essential for a charity than for a commercial entity). Because the environments in which we are volatile risk identification and management is a fairly dynamic and changeable process. At the end of the day we have to strike a balance between managing risks and actually getting stuff done – too much of one can leave little room for the other. Internal audit is really key within all of that. We have a central internal audit function and we maintain local internal auditors in a number of our fields of operation. They play a key role in managing risk and ensuring compliance – as I said above, compliance with contractual requirements is a really big issue for us.  Are there any particular challenges facing Concern in the coming 12 months –responding to emergencies, call on funds, fundraising concerns? There is a number of key issues facing Concern. The strength of the dollar at the moment is an issue. 70% of Concern’s income is in euro whereas most of our spend is in US dollars or dollar related currencies. Right now that is not a good place to be and it does not look likely to get better in the short term. Our operational strategy calls for us to be increasingly operational in vulnerable countries and contexts: this has a substantial impact in terms of getting good staff – well trained staff may not exist or may be prohibitively expensive – there are also real problems with safety and security, for people and assets. We are also very dependent on the UK and Ireland to raise unrestricted funds. We were badly hit by that last recession and need to diversify our income sources. We are mitigating that exposure by investing in new fundraising markets and new fundraising programme. Events last year cast a spotlight on the need for charities to be transparent and publicly accountable. What strategies and procedures does your organisation rely on to maintain public confidence? Transparency and public accountability are long-standing values and directly influence our public engagement strategy. We are the only Irish member to have been certified as being fully compliant with the global Humanitarian Accountability Partnership protocol; the publication of accounts and our involvement in the development of various codes of good practice (covering governance, fundraising and other areas) meant that our supporters were aware of our approach to accountability and had sufficient trust in continuing to make our work possible. We were impacted, but not severely by the controversies of the last year. At the end of the day, reputation is a key asset for charities, it is hard to build and all too easy to lose. Unfortunately you do get collateral damage – it is easy for people to lose confidence in the sector. How does winning the Published Accounts Awards support public confidence? The importance of initiatives like the Published Account Awards is critical as it provides independent recognition of our commitment to reporting and our belief in public accountability. We are proud of the success we’ve had in the awards over the last few of years. It is important for our institutional donors as well as for the general public. Who is responsible for governance in Concern and what is their role? Concern is a membership organisation that elects a board of directors. There are 700 members. Its authority is further strengthened by a set of sub-committees (Finance, Business Organisation Development, Audit and Risk, Programme Monitoring and Evaluation, and Officers). Each sub-committee is comprised of board members and independent experts in the competence area. The committees do detailed work and then report back to the board on their work and recommendations. In most respects it is similar to what you would find in public companies. Concern is compliant with the Governance Code (a code of practice for good governance in the not-for-profit sector) and subscribes to the Dóchas Code of Conduct on Governance. We also undertake periodic governance reviews, which monitor compliance with all relevant codes and with best practice. The most recent of these was conducted in 2014. How important is it to have Chartered Accountants as board members? Why? Chartered Accountants play a critical role in the board’s oversight of the organisation, both as directors and through their membership of sub-committees especially on the Finance and Audit and Risk Committees. Not only do they bring the necessary financial management acumen to the table, they are also practiced and competent business advisers and strategists, able to support any number of business areas. We have been fortunate in that we have always had a strong financial skills base on the board. Are there opportunities for Chartered Accountants to volunteer or work with Concern? What particular skills do they have that are valuable? What do they gain from their involvement and how might it benefit their future careers? Concern is always looking for accountants, with opportunities to work in some exotic locations! Language skills (particularly French) are always useful, but not critical. In return, staff have the opportunity to work in a demanding, complex, dynamic environment, with significant levels of responsibility while being part of a team transform the lives of the world’s poorest people. Chartered accountants returning from overseas assignments bring pragmatic decision-making and strategic insights well beyond those who have chosen a more traditional career route. I strongly recommend it.