Strategy

Connectivity exposure is the new IT risk many businesses are ignoring at their peril. Utter dependence on a single telecoms circuit for connectivity is the IT risk that the vast majority of Irish businesses are ignoring. They do so at their peril. With even the most basic systems and processes tied to the internet, a network fault has the power to bring companies shuddering to a standstill within seconds. As professional advisors, accountants and auditors must be cognisant of their clients’ vulnerability to costly disruptions and educate themselves about network resilience, or ‘redundancy’, as a means of mitigating risk, improving controls and guaranteeing business continuity. Why network outages are the new IT risk Accountants and their clients are acutely mindful of the threat posed to their security by viruses, malware and fraudulent phishing scams. Yet, even the most informed business owners persist in ignoring single circuit connectivity as their biggest IT vulnerability.  The move to the cloud has been touted for so long, we would be forgiven for presuming we all work in one centrally located nirvana by now. There are many legitimate business advantages associated with moving to the cloud, but cloud adopters must be aware that the very move that helps their business opens their company up to a new risk. In short, by trusting critical applications to the cloud, Irish businesses render themselves wholly reliant on a fast, secure and dependable connection to the internet. Head in the clouds Happily, most companies have a data connection that works for them – most of the time. And many enterprises feel entitled to shrug off the risk of outages, confident that they work in a relatively low-tech environment. A quick look around their operations typically tells a different story. Accounting software, payroll, invoicing, CRM systems, databases, point of sale systems, even Microsoft 365 applications generally all require a network connection to operate, making connectivity junkies of us all. Counting the cost  Operating in this highly connected cloud-based reality means that a network fault or outage will bring work in any office, retailer, manufacturing or professional services firm grinding to a halt. Once a connection is cut, the clock starts ticking on missed business opportunities and plummeting employee productivity. VoIP phones go down, along with email and web queries, making it impossible for frustrated clients to get in touch or for a business to respond. This means that the impact of an outage on reputation and client goodwill may reverberate long after the connection is restored. Faults, payments and penalties Fault repair time from the country’s largest broadband providers can stretch to over five days as losses continue to mount – not that an outage has to be lengthy to be damaging. Imagine, if you can bear to, a network fault that coincides with a peak ROS deadline, resulting in a 5% surcharge of tax liability for every late filing. Accountants are not alone on this one. A small company that misses a CRO deadline could lose their exemption and find themselves embroiled in an audit with all its associated costs. Meanwhile, the real-time reporting regime coming into effect on 1 January 2019 will impose mandatory online filing deadlines on every PAYE employer nationwide. One suspects that explaining to Revenue that your internet connection failed may go down like a lead balloon – landing somewhere close to “the dog ate my homework”. Network redundancy  Why would an otherwise prudent business ignore a risk of this magnitude? Simply put, the larger national and multinational companies don’t. Enterprise-class businesses have led the way in managing exposure in this field. For years, they have protected themselves against network outages by building wired resilience into their infrastructure. Denis Herlihy, Chief Technical Officer at Ripplecom, feels very strongly about owners, managers and professional advisors who are not countenancing network dependence as a vulnerability. “Any assessment of IT risk that ignores the need for network redundancy in this day and age is quite frankly negligent, in my opinion. One bad experience is more than enough to send companies scrambling for a resilient solution but for a smaller business, one bad experience is more than they can afford.” Management controls to minimise risk  No one believes that accountants should advise their clients to shun the cloud and lose all its advantages. So, what measures can be implemented to manage the risk? Disaster recovery plans are on everyone’s risk management radar but while this will protect files, it is powerless to restore productivity or diminish reputational damage. The custom infrastructure built by large companies is beyond the resources of most companies. However, advances in technology mean that more modest-sized businesses can now incorporate a ‘failover’ solution into their IT set-up. A good failover will deliver the type of network redundancy that larger enterprises have enjoyed for years, but at a fraction of the cost. Failover protection At its simplest, a failover adds a second ‘back-up’ connection that takes over when a network fault occurs or a circuit becomes unavailable. A resilient business with a quality failover will have two diverse network connections – one primary and one secondary. Usually, all internet traffic uses the primary connection but when an outage strikes, all connected systems and devices switch quickly and smoothly to the secondary circuit. Once the main connection is restored, traffic switches back to the primary route. Linked systems and devices continue to operate normally throughout the outage keeping customers, employees and ultimately the business happy. Checklist: how to determine the value of a failover However, not all failover solutions are created equal. When investing in a failover, or advising a client who is, consider that – on top of speed, security and cost-effective pricing – each failover connection should use a distinct access method to reduce the possibility of being impacted by the same outage or physical fault. To add real value, a failover should be automatic (an auto-failover) so that no physical intervention is needed on the part of the client or their IT services company. A market-leading auto-failover, such as Ripplecom’s Orion, will be engineered to continue in the same IP stream to allow for a truly seamless switch from one connection to another. Service disruptions and network faults are outside of a business’ control and are impossible to predict. However, a failover solution that meets these criteria will not just mitigate the threat, it will virtually eliminate it. With a suitable failover in place, owners, managers and advisors can relax knowing that, when an outage does occur, their company will stay securely connected and operational. John McDonnell FCA is a Founding Director of Ripplecom, an Irish telecommunications company specialising in resilient connectivity.

Aug 01, 2018
Business Law

With the Criminal Justice Act 2018 now coming into force, what is required to protect your organisation’s integrity and reputation? The newly enacted Criminal Justice (Corruption Offences) Act of 2018 is a robust piece of legislation that introduces new corruption-related offences, extra-territorial reach, tougher penalties for those convicted of corruption and the potential for companies to avail of a defence based on taking “reasonable steps” and performing “due diligence” to avoid an offence under the Act. The Act was one of the key measures contained in the Government’s white collar crime package, which was published in November 2017. The Act is also intended to fulfil national commitments under various international anti-corruption instruments including the Organisation for Economic Co-operation and Development (OECD) Convention on Bribery of Foreign Public Officials, the United Nations Convention against Corruption (UNCAC) and the Council of Europe Criminal Law Convention on Corruption. The Act introduces the new offence of “trading in influence”, which criminalises bribery of Irish or foreign officials. It has also introduced “strict criminal liability” for organisations. In effect, this means that the body corporate (“corporates” or “organisations”) will be criminally liable for the actions of its directors, managers, employees or agents should they commit a corruption offence for the corporate’s benefit. Key measures The Act includes the following key measures: Active and passive corruption: a person who corruptly offers, gives or agrees to give a gift, consideration or advantage to any person doing an act in relation to his or her office, employment, position or business shall be guilty of an offence. A similar provision also applies to the acceptance of a gift, consideration or inducement on this basis. The offences address corruption within both the public and private sectors. Furthermore, the reference to office, employment, position or business is intended to cover all public and private sector positions, including those in voluntary bodies such as sporting or charitable organisations; Trading in influence: the Act includes a new offence of “trading in influence”, both active and passive, which criminalises both the offering of a bribe in order to induce a third-party to exert an improper influence over an act of an official, and corruptly accepting the bribe on these grounds; Extra-territorial reach: the Act provides for extraterritorial jurisdiction over acts of corruption outside Ireland committed by Irish persons or companies, or other Irish-registered entities; Presumption of corruption: the Act introduces a presumption of corruption where benefits have been given to an official. It also introduces the concept of a “connected person”, which was one of the key recommendations arising from the Mahon planning tribunal; Strict criminal liability offence: a fundamental element of the Act is the section that will make organisations liable for the corrupt actions committed by its directors, managers, secretaries, employees, agents or subsidiaries. Section 18(2) of the Act affords a possible defence that the corporate took all reasonable steps and exercised all due diligence in order to avoid the commission of the offence; and Penalties: the Act provides for sentences of up to 10 years in prison and unlimited fines for conviction on indictment of serious corruption offences. There are also additional penalties in respect of office holders and public officials. What to do… Organisations must develop and implement robust anti-corruption policies and procedures. It has become increasingly crucial for organisations to develop anti-corruption programmes to help minimise the risk of non-compliance. Given the extraterritorial reach of the Act, it is important for organisations to take account of both local and international activities. As outlined earlier, in order to present a defence against a corruption charge, a body corporate must prove that it took all “reasonable steps” and exercised all “due diligence” to avoid the commission of the corruption offence. In terms of developing an anti-corruption programme, there is a need to perform a comprehensive, risk-based assessment that takes account of: Country risk: dependent on the level of international activities (i.e. beyond national borders); Sectoral risk: a recent fraud-based survey identified corruption as the most common occupational fraud scheme in every global region, including Western Europe. Corruption poses significant risks to several industries and is more prominent in the energy, construction, manufacturing and government and public administration sectors. The survey estimates that the average loss to victim organisations is $250,000; Transaction risk: certain types of transaction give rise to higher risks (e.g. charitable or political contributions, licences and permits, and transactions relating to public procurement); Project-based risk: such risks might arise in high-value projects, with projects involving many contractors or intermediaries, or with projects that are not apparently undertaken at market prices or do not have a clear legitimate objective; and Relationship risk: certain relationships may involve higher risk. For example, the use of intermediaries in transactions with foreign public officials; consortia or joint venture partners; and relationships with politically exposed persons or those with links to prominent public officials. It is important that the risk assessment is tailored specifically to the organisation’s environment and enables the organisation to identify and prioritise the risks it faces. The risk assessment framework should also recognise: Oversight of the risk assessment by top level management; Appropriate resourcing; Identification of the internal and external information sources that will enable risk to be assessed and reviewed; Due diligence enquiries; and Accurate and appropriate documentation of the risk assessment and its conclusions. Lessons from the UK In many ways, the Act reflects the approach of similar legislation operating in the UK, namely the UK Bribery Act (UKBA) 2010. Under the UKBA, the means of defence against prosecution is based on having established “adequate procedures” to prevent corruption acts. UK-based enforcements and prosecutions reveal that bribery and corruption are significant risks where organisations operate internationally. They also highlight the dangers “associated” persons can pose. In the UK, a common denominator in the numerous enforcement actions to date has been the role of third parties in paying bribes or facilitating payments. Consequently, third-party due diligence, contractual protections and compliance audits continue to be critical components of companies’ anti-bribery and corruption policies and procedures. In certain cases, it is not sufficient for an organisation to merely have a policy in order to invoke the “adequate procedures” defence. This policy must be reviewed over time to ensure it remains fit for purpose and must be properly implemented. Beyond the Act, corporate culture plays a significant role in preventing corruption and this ultimately rests on employees’ behaviour. Boards and senior management need to demonstrate and communicate a proactive stance against corruption. The effectiveness of the “tone at the top” cascading throughout the organisation is a key factor in ensuring the commitment of middle managers and staff across all levels of the organisation. Conclusion The process of developing adequate procedures to minimise corruption risk does not have to be onerous. A sound assessment of the risk of exposure to bribery and corruption is the starting point. Organisations must be proportionate in their response; a well-managed and risk-aware organisation should not have any difficulty in developing adequate procedures, which form the defence against prosecution, and in making these work. Detecting any potential corruption offence is a difficult challenge for any organisation. Understanding the methods by which corruption offences are detected is critical for both investigating schemes and implementing effective prevention strategies. Surveys demonstrate that corruption is likely to be detected by tip-offs, which highlights the importance of having secure whistleblowing systems and procedures in place. It is important to note that, while the promotion of arrangements such as the whistle-blower hotline is often aimed primarily towards employees, organisations should also consider promoting their reporting mechanism to outside parties, especially customers and suppliers. The ultimate test for an anti-corruption programme is whether it actually works, and organisations must be prepared to demonstrate this. Ongoing monitoring and auditing, including culture-based audits, also further strengthen organisations’ means of defence. Ultimately, organisations should take a common-sense and risk-based approach to developing and implementing anti-corruption programmes in order to protect their integrity, interests and reputation. Justin Moran is a Director in the Governance, Risk and Internal Controls division at Mazars.

Aug 01, 2018
Management

Coaching entire organisations could bring the popular concept of self-directedness to life. There’s a bit of a shift going on in how some organisations want to work. We’re hearing the term ‘self-directed teams’ being bandied about frequently now. We’ve even heard about the existence of self-directed organisations. ‘Self-directedness’ has become a bit of a buzzword in leadership seminars and at organisational development CPD events. Guru-type books such as Frederic Laloux’s Reinventing Organisations tend not to use the phrase, but they’re talking about it all the time. According to IGI Global, “key characteristics of self-directedness include motivation, self-responsibility, ability to self-assess, ability to transfer knowledge/skills, and comfort with autonomy”. Meanwhile, over at Wikipedia, they’re calling it “a personality trait of self-determination, that is, the ability to regulate and adapt behaviour to the demands of a situation in order to achieve personally chosen goals and values”. You can see the potential for a dark side but, fundamentally, it feels like a positive thing. Organisations evolving in a people-affirming direction; people owning situations and taking responsibility for outcomes. Its main proponents seem unified in their belief that the most effective way to bring about self-directedness is through coaching. Not just any old coaching, however, but organisational coaching – coaching the whole organisation. Positive deviance So at a recent coaching and mentoring research conference, we duly trotted along to the workshop on organisational coaching in an attempt to get with the programme, eyeball the cutting edge, ride the next wave, move out ahead of the curve and generally find out more about this growing idea – this organisational coaching-inspired voyage towards self-directedness. And we have to report that the workshop was really good. Kaj Hellbom of Helsinki’s Centre for Positive Leadership certainly knows his stuff. The journey towards self-directedness in an organisation begins, says Kaj, with a root and branch search for positive deviance within the workforce. “There is always a positive deviance,” he tells us. “Always.” Richard Pascale-Jerry and Monique Sternin, in their book The Power of Positive Deviance, are a bit more forthcoming. “In every community, there are certain individuals whose uncommon practices and behaviours enable them to find better solutions to problems than their neighbours who have access to the same resources and environment.” Thus, rather than focusing on fixing failures by instituting more control from the outside, positive deviance focuses on success achieved from inside. It leverages the good stuff – the unique; the unexpected brilliance that can be discovered going on in the organisation every day. There is always a positive deviance.  Internal consultants Kaj’s next point builds on this. It’s a fundamental milestone on the road towards creating self-directedness to realise that every organisation already has all the resources it needs to achieve – well, anything really. “All the consultants you need are already working for you,” he suggests, before adding slyly, “If you can find them.” And that is the point at which organisational coaching can make a major impact. First, by working with individuals, duos, teams and large departmental or service groupings to help them unearth the positive deviance in specific individuals and groups. By creating a non-judgmental and encouraging space to facilitate the surfacing of the organisation’s stories; to gauge internal reaction to those stories and interrogate the uncommon practices and behaviours that “enable these individuals to find better solutions to problems than their neighbours who have access to the same resources and environment”; to help colleagues discover a pathway towards having confidence in the thinking of those who have hitherto perhaps been seen as living out their work-life somewhere on the ‘maverick-genius’ scale; and to help them join up the dots between these “better solutions” and hard-numbered organisational results. And then by working some more with those individuals, duos, teams, and larger groups to help them shift their own thinking. To follow the positive deviance for themselves and scale up the thinking in a way that moves an organisation from okay to exceptional. So that was the gist of the workshop – now it’s about doing it ourselves at home.  Begin in the boardroom What might it look like to coach an entire organisation? Where should one start? How long would it take? What would it cost? Who should represent the stakeholders? How should the learnings be collated and curated in a meaningful and helpful manner? Who would own the project? How might they obtain enough organisational buy-in? These are big questions. Finding the answers begins, it seems, in the boardroom. “The development of organisational coaching has been slowed down,” writes Michael Moral, “by the existence of several compliance-based methodologies like, for instance, business process re-engineering and performance management.” Moral argues that these consultant-heavy, top-down approaches give only token attention to “inclusive action-learning approaches, which position organisational players at all levels and locations with shared responsibilities for change”. And this, he tells us, is where organisational coaching is starting to have an impact. Good organisational coaches, he argues, bring a deep understanding of systems theory and corporate structures married with an ability to coach individuals, duos, teams and large groups in four key areas: Behaviours: which can have real impact on the organisational decision system; Emotions: which deeply affect, and to some degree drive, organisational culture; Situation: which is, of course, the area of applying systems thinking to organisational structures; and Cognition: increasingly important as technology becomes a bigger and bigger part of organisational life and thinking. It is, argues Moral, “necessary to traverse all four subsystems to facilitate sustainable change”. And these are the areas on which systemic coaches have been focusing in a deep way for the last five to 10 years. Writers like Peter Hawkins, Simon Western and David Clutterbuck have pioneered thinking in these areas, but many others are taking up the baton. Research is proliferating and coaching practice is beginning to impact whole organisations. Standing in the way at times like these is what is known as ‘immunity to change’, described by Robert Kagen and Lisa Lajey as being “a strongly held belief that not only keeps us in our groove, but also fights any change that threatens the status quo”. This is facilitated in organisations, according to Michael Moral, by the lack of a process or ending that permits organisational members to let go of the past. And in the times of volatility, uncertainty, complexity and ambiguity (VUCA) in which we now live and work, the past can be a very attractive place to inhabit. And here, says Moral, “executive (organisational) coaches who are savvy use resistance as information and energy to accelerate transformation. Coaches expect resistance and know how to use it”. Or as Kaj would put it, “You will meet people who will not move, but this is an everyday coaching issue”. And perhaps it is by dealing with these “everyday coaching issues” on a wider systemic whole-organisation basis that coaching will eventually fulfil its full potential as a positive force for organisational change and development; development that, in this sense, is clearly connected to organisational results and the empowerment of organisational people to produce results in a manner that demonstrated the ability to regulate and adapt behaviour to the demands of a situation. Ian Mitchell and Sîan Lumsden are co-founders of Eighty20 Focus, a real-time executive coaching organisation.

Aug 01, 2018
Ethics and Governance

Would you, as a person in a position of responsibility, know what to do if you received a protected disclosure?   As a senior financial officer, an external auditor, internal auditor, chair of an audit committee or in the myriad of roles that Chartered Accountants fill, it is possible that you will be asked to act as a screener,  investigator or advisor in a case of protected disclosure. Your training and experience are likely to have given you many of the competencies necessary to act in an independent and skilled manner, which should make you a trusted professional in this area. Before you undertake such a task, however, there are several things you should ask yourself. Do I understand the fundamental principles of protected disclosure? The three principles of effective protected disclosure are as follows: Disclosures of wrongdoing in the workplace should be screened and/or investigated; The identity of the person disclosing should be adequately protected; and The discloser, if disclosing based on a reasonable belief, should not be penalised for disclosing. If all these elements were in place, there would not be a need for detailed procedures and policies. Sadly, experience has shown that there have been failings on all three essentials, so you should be familiar with the law, policy and procedures which have proved necessary. Am I familiar with the 2014 Act and the organisation’s policy? Most organisations now have a policy, among its suite of governance policies, dealing with protected disclosures. This policy should derive from the board’s commitment to its culture, which should drive its strategic plan, which in turn gives rise to a business plan that is supported by its policies and procedures. Many organisations have had precursor policies such as, a whistleblowing or speaking-up policy. The 2014 Act refers to “protected disclosures” and so that is now the common nomenclature. The Department of Public Expenditure and Reform and the Workplace Relations Commission have issued guidelines as to what should be included in protected disclosure policies for public and private entities respectively. So, the first thing you need to do is to read the Protected Disclosures Act 2014 and the organisation’s policy. What major provisions do I need to understand? As you read the documentation, it should become clear that the main requirements you need to appreciate are as follows: An entity cannot prohibit or restrict the making of protected disclosures; The 2014 Act applies to all workers – employees, contractors, agency workers and people on work experience schemes. It includes workers in the public and private sectors (including members of An Garda Siochána). Although volunteers are not specifically mentioned, it is recommended that they be included; A worker, having a reasonable belief of wrongdoing in the workplace, can make a protected disclosure to the employer. A designated recipient will normally be mentioned in the policy and there will usually be provision for reporting further up the line if the belief of wrongdoing extends to the designated recipient; Wrongdoing in this context means information that comes to a complainant during his or her employment about a criminal act, failure to comply with a legal obligation, miscarriage of justice, endangerment of any individual’s health and safety, the endangerment of the environment, improper use of public funds, an act of a public body that is oppressive, discriminatory or gross negligence or mismanagement, and destruction of information regarding the above; It is not a protected disclosure if the disclosure concerns personal complaints such as personal employment complaints or allegations of bullying or normal day-to-day operational reporting; The worker must provide information tending to show wrongdoing. The complaint must not be based on a suspicion without tangible foundation. However, the complainant is not expected or entitled to investigate and find proof. The complainant should frame the complaint in terms of information giving rise to reasonable belief of wrongdoing and should not seek to draw conclusions about particular individuals or specific offences; The principles of natural justice and fair procedure must apply to a person against whom a disclosure is made. Any disclosure made in the absence of a reasonable belief will not attract the protection of the 2014 Act and may involve a disciplinary action against the discloser. However, if there is reasonable belief, a discloser cannot normally be sued for defamation; The motivation of the discloser is not relevant. So, even if the discloser will benefit in some way from the disclosure of the information, it does not matter. All that matters is that there is prima facie information about wrongdoing; Anonymous disclosures should be investigated as far as possible, but it can be difficult in the absence of the ability to seek out further details; The wrongdoing does not have to have happened in the State; There is an obligation to protect the complainant’s identity except in circumstances where the recipient shows that all reasonable steps were taken to protect identity, the investigator believes the discloser does not object, disclosure is necessary to effect a complete investigation, or to prevent a serious risk to the State, public health, public safety and so forth; and The complainant must not suffer any penalty for disclosing, such as any suspension, lay-off, demotion, loss of promotion opportunity, transfer of duties, unfair treatment, harassment, etc. What might I be asked to do? You might be asked to do any one of four tasks. First, you might be asked to receive a protected disclosure and conduct an initial screening. This would involve receiving the protected disclosure from the complainant, either in writing or orally. You should take careful notes where the complaint is oral only and ensure that the complainant agrees with your record. You will need to listen carefully and satisfy yourself that the complainant has a reasonable belief of wrongdoing, as defined. You may need to separate out elements of what is being said between personal complaints and protected disclosure. This screening process simply determines whether the matter is a protected disclosure or, in the case of a combination, which issues need to be investigated as a protected disclosure and which issues should be referred back to the complainant to pursue under the dignity at work or other HR policies. You should recommend the form an investigation should take – an informal approach if reasonably straightforward; a detailed and extensive investigation if the wrongdoing is of a serious nature; an external investigation if the matters are so grave; or a report to An Garda Siochána if the matters indicate a contravention of the law. You should set out the terms of reference for the investigation based on your findings of the matters to be investigated. Second, you might be asked to conduct an investigation – for example, as a member of senior management, of the board, chair of the audit committee or an independent external professional. This will necessitate setting up a framework appropriate to the screener’s recommendations and terms of reference. It may involve an informal establishment of facts, or a more formal process to take evidence from the complainant and such other persons as can provide information concerning the matters under investigation. During the course of your investigation, you should give appropriate feedback to the complainant and you should advise him or her when you have completed your consideration, although there is no need to give a complete account or to inform the discloser of any disciplinary action to be taken. Third, you may be asked to undertake a hearing into an allegation of penalisation by the complainant arising from, and attributable to, the protected disclosure. Since such a penalisation is specifically provided for in the 2014 Act, it is possible that the complainant may seek recourse to the courts. And fourth, following the screening and the investigation, the complainant may seek a review of the decision to disclose his or her identity, or of the outcome of the investigation of the complaint, or of the outcome of the investigation into any penalisation complaint. This review must be conducted by a person not involved in the initial screening, investigation or decision and would entail an independent, unbiased review of the policies, procedures followed and outcomes. You may be asked to conduct this review. There is no entitlement to two reviews of the same issues. What skills do I need to deal with a protected disclosure? To handle a case of protected disclosure, the skills and competencies that you should have, in addition to your professional competence, include: Technical skills such as knowledge of procurement policy, payroll legislation, accounting principles, taxation law and so on, depending on the nature of the disclosure; Good emotional intelligence; Listening skills. Often, people who make protected disclosures have been trying for some time to be heard and feel frustrated by the way they perceive they have been treated. They are often very independent and persistent people, but may be disengaged from the organisation and feeling stressed. They need to be heard actively and respectfully; Clear analytical skills. This involves an ability to extract the key details from what can be a lengthy and complex narrative; Good personal ethical values including independence, confidentiality and trustworthiness; An ability to read law and regulation, and apply it to different situations; A deep understanding of the organisation’s essence – its culture and ‘how things are really done around here’; and Patience. Who carries out the work of screening, investigation and review? This work is currently carried out by a range of internal disclosure recipients, supported by legal and accounting professionals. Entities may be nervous of internalising the process and some favour outsourcing it, seeking to protect themselves by putting the investigations into independent, outside hands. For example, the Office of Government Procurement has a list of firms approved for such work. However, although experience is building in the area of protected disclosure professional consultancy, it is still relatively new and many professionals are being very careful and fastidious in their work in this area as they build expertise. It can therefore be expensive, and organisations sometimes find that the amount budgeted and approved for this cost is inadequate to cover the final cost of screening, investigation and possible reviews. Time to review? The 2014 Act made provision for a review of the working of the legislation. The outcome of that review is due in August 2018 and it will prove interesting to see the outcome of the evaluation. In my own humble opinion, I feel that there is a risk that we have taken a very legal and/or compliance-focused approach to protected disclosures, focusing on defined events without really coming to grips with the communication, emotional and nuanced aspects that often underpin protected disclosures. It would probably be better if entities could take as much of this protected disclosure work as possible in-house, building trust in a process that is founded on a clear culture of real openness and respect. This would require shifting the lens from protecting from harm people who speak up to rewarding people who speak up if they unearth toxic behaviour that is contrary to the organisation’s culture. The Financial Reporting Council has urged us to spend time reflecting on our culture and examining how it should be embedded into our organisations. This area of protected disclosure is one festering vesicle that provides evidence of a culture which, while it may look great on paper, is not systemically flushing through the body corporate. An open environment with a strong and deeply embedded culture of doing the right thing should lead to fewer protected disclosures if people are listened to. Where someone spots a need to speak up, the culture should be one of naming and rewarding the early identification of potential wrongdoing. This approach is profoundly to be preferred to one of engaging an overly adversarial, legalistic and compliance-focused approach after the event, hiding the complainant and cushioning him or her from an expected backlash. It would be healthy for us, as a profession that has had some exposure to these protected disclosure cases, to share our experiences (on a no-name basis) with each other and engage with Government in reviewing the whole area. I commend such a debate and a contribution to the statutory review. Prof. Patricia Barker FCA is Adjunct Professor of Accounting at DCU and a former member of Council at Chartered Accountants Ireland.

Aug 01, 2018
Business law

Jeremy Twomey writes: Meeting General Data Protection Regulation (GDPR) compliance requirements has become a top priority for Irish businesses over recent months and accountancy practices are no different. Recognising that GDPR implementation presents both specific challenges and opportunities for accountants in practice, the Practice Consulting team has also been busy both offering advice and providing practical guidance in this area for our members. This guidance can be found at  https://www.charteredaccountants.ie/knowledge-centre/guidance/gdpr/gdpr-resources and includes the following: GDPR 8 Step Guide; Explanation of GDPR terms; GDPR Template Outline Procedures to be tailored and used by an accountancy firm; and Example paragraphs for a client engagement letter addressing GDPR and a template privacy statement. From talking with our members in practice over recent weeks, it is evident that practitioners are at different stages on their journey to GDPR compliance. While it may appear a daunting exercise at the outset, the process of becoming GDPR ready can be broken down into a few key practical steps. With this in mind, in this article, I am going to outline the key points to achieve GDPR implementation from our 8 Step Guide: 1.  Raise GPPR awareness As a starting point on your GDPR journey, the partners and staff at your firm need to be fully aware of the Regulation, the work to be undertaken to ensure compliance, the likely problems that may arise and any budgetary implications. A basic step that can be undertaken in-house at your firm is a GDPR awareness presentation for all the staff. Your clients also have to comply with GDPR, so it is worthwhile checking that they are aware of these changes, to tell them of their GDPR obligations and how your processes may be changing. Such support may be an ‘added value’ opportunity for your firm to assist your clients. 2.  Appoint someone senior to oversee the process & resource this appropriately Your firm should appoint someone internally to take control of understanding GDPR and how it will affect your practice. It is essential that this a senior member of staff who will take responsibility for overseeing the GDPR compliance process at your firm. While it is expected that the majority of the work in relation to meeting the requirements of GDPR can be undertaken internally, a project team may be required, which may include external support and assistance on certain issues. Hence, it is vital that reasonable funding and resources are set aside to achieve your GDPR requirements. It is currently envisaged that most accountancy firms will not be required to appoint a Data Protection Officer (DPO). It is, however, recommended that you still appoint someone to be responsible for data protection within the firm going forward, but give them a title other than DPO (i.e. “Data Privacy Lead”). 3.  Review and update existing information and cyber security measures Having comprehensive levels of information and cyber security is a key step towards building a resilient organisation and ensuring GDPR compliance. It is therefore recommended that members should review their existing security measures and update as necessary. Both controllers and processors are required under the Regulation to implement “appropriate technical and organisational measures” to ensure a level of security appropriate to the risks that are presented by the processing of personal information. Such measures are described as including: Pseudonymisation and encryption of data (The use of secure portals to share documents is also of benefit); The ability to ensure ongoing confidentiality, integrity, availability and resilience of processing systems and services; The ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident; and A process for regularly testing, accessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing. Detailed listings of examples of both practical physical and technical security measures to aid GDPR compliance at your firm are included in the full version of our 8 Step Guide as published on the Institute website. It is important to remember that managing cyber risk is not simply about managing data within your firm. Therefore, it becomes necessary to document the security risks from your supply chain (e.g. cloud service provider), as well as your own organisation. 4.  Map your data With the many potential pitfalls of non-compliance to GDPR, taking action to map any gaps in relation to the personal data your firm holds is critical. The first step is to get started by scoping the problem and mapping the data flows associated with your firm. It involves identifying, understanding and mapping out the data flows into and out of the organisation. As the data map evolves, you should be able to identify the flow of data, as well as gaps in required contracts and consents for processing data under the GDPR, and risks in security measures etc. that will need to be prioritised and resolved to ensure compliance. This requirement for data mapping is quite far reaching when you think about it. A typical accountancy practice possesses the following: accounting and tax software, audit software, payroll software, practice management systems, network drives and, of course, paper accounting, tax, company secretarial and audit files. This review will also need to extend to the many individual devices on which information is stored (e.g. laptops, desktops, tablets, phones and memory sticks). Finally, it is important to emphasise that, when completing your data mapping, GDPR compliance is only required for personal data that you hold. Company data is, for example, beyond the scope of the regulation, however your data mapping exercise may have an added benefit of identifying efficiencies that you can implement at your firm for non-personal data as well. 5.  Review your contracts with clients and suppliers As the GDPR imposes new obligations on data controllers and data processors, you will need to make sure you understand your status and your responsibilities with regard to both client data and firm data. At the very least, firm contracts will need to be updated to reflect the requirements of the GDPR. Accountancy firms should review their existing contracts with their clients, suppliers and sub-contractors to identify whether the accountancy firm is the data controller or data processor of any personal data it processes under the different contracts. This involves identifying which party ultimately determines the purpose and means of processing data. It is of vital importance that you satisfy yourself that your firm is correctly assigned the role of either data controller or processor (with matching appropriate requirements/liabilities) before signing any contract with your client or supplier. Remember that entering into a contract on the wrong basis may potentially open both you and your firm to unnecessary requirements/liabilities that may be difficult to overturn. More detailed guidance on each of these areas is included in the full 8 Step Guide, while Section 5 of our Outline Policies and Procedures provides advice on your firm’s likely status as either a Data Controller or Processor for a variety of possible assignments that you may undertake. Both of these documents can be found on the Institute website under GDPR resources. 6.  Employment contracts & information for your employees As with existing legislation in this area, under GDPR, certain information must be supplied to employees before their personal data is collected and processed by your firm. The information will typically be provided in the form of a notice to job candidates, and a further privacy policy will be supplied to successful job applicants as part of their on-boarding induction to the firm (typically included in an Employee Handbook along with other firm policies). It is also important to remember that, for the processing of employees’ personal data, where possible, the employer should rely on performance of the employment contract as the legal basis for processing, rather than consent. Consent is a weaker legal basis for such processing, as it can for example be easily withdrawn by the data subject Finally, do not forget to review (and redraft as necessary) employment contracts to update any data protection references or sections to comply with GDPR. 7.  Draft/update data protection policies and controls to meet the new requirements The GDPR introduces the principle of ‘accountability’. This means that all organisations must not only ensure they are compliant with the GDPR, but be in a position to prove this too. The best way to prove this is to document your data protection policies and procedures. We suggest that your firm’s GDPR policies and procedures should include, but not be limited to, the following (Outline policies in several of these areas are included in “Outline GDPR Policies and Procedures” on our website): Who is responsible for GDPR at your firm and what are the reporting lines? Data Processing Your policies in this area should detail the categories of personal data collected by your firm and the purpose for which it is collected. In addition, these policies should detail your firm’s role as a Data Controller and also instances when you act as a Data Processor, together with your responsibilities in fulfilling these roles. Data Subject Rights Your firm will need to have specific policies and procedures in place to ensure the rights of your data subjects are upheld under GDPR and that you have adequate processes and resources to meet the requirements of the Regulation. Specific subject rights areas requiring defined policies and procedures include: Data Subject Access Requests (DSARs); Right of erasure (Right to be forgotten); The right to restrict processing; The right to object to processing; and The right to data portability Some of these rights may not be enforceable by the data subject where data is held under legitimate purpose.   Data Governance Example areas of data governance to be considered for inclusion in your GDPR related policies and procedures include the following: Data Protection Impact Assessments (DPIAs), Privacy by Design and Privacy Notices, Document Retention, Security and Breaches. 8.  Staff training and ongoing compliance While not all staff will need to understand the GDPR in its entirety at your firm, each of your staff should at least be aware that data protection is an issue for everyone. For staff who do not deal with personal data, training can be limited to an annual (refresher) course on information and cyber security. On the other hand, for staff who regularly deal with personal data, training should focus on security over data, plus an awareness of the firm GDPR policies and procedures on a regular basis (at a minimum annually or more often if the need arises). Again this can be tailored to their particular role and responsibilities. Ongoing testing Testing in the areas of IT Security and other key aspects of GDPR compliance (e.g. audits of records held for constant compliance) should be formalised into a regular ongoing programme of work at your firm, as well as outsourced providers. Cyber security is a rapidly evolving area. Meeting best practice in May 2018 does not mean you will maintain compliance over the months and years ahead; you will need to keep this area under review. Conclusion At first glance, the process to ensuring GDPR compliance may appear to be a massive undertaking and a drain on resources for your firm. It is important to bear in mind that most accountancy firms and small businesses are in the same boat as you, and that by breaking down the required steps into clear manageable stages as above, you too can achieve GDPR Compliance in a timely manner. Should you need further assistance, Practice Consulting has also developed a half day consultation offering. One of our consultants can visit your firm and offer practical advice and guidance on how to tailor your procedures, make progress on your GDPR journey, and meet key compliance milestones. If you have any question in relation to GDPR, please feel free to contact either Conal Kennedy or myself in Practice Consulting.

Jun 01, 2018
Spotlight

To succeed as a true leader, one must embody a set of core traits and behaviours which can be developed through self-awareness and a willingness to grow. It was Mahatma Gandhi who said: “A sign of a good leader is not how many followers you have, but how many leaders you create”. This is worth reflecting on as we consider what we mean by leadership, how we prepare for it, and how we embrace it when, finally, the prize is ours. Technical competence is at the core of the Chartered Accountant – our discipline is an exacting one, and the training we undertake is rigorous and demanding. Rightly so, as many of us embark on careers in which we interpret and apply standards, guidance and codes of governance; we craft disclosures and market statements; we give the true and fair view of financial performance. Those of us who take our discipline into the non-accounting workplace bring with us that technical mindset, which provides a framework for how we approach the situations and challenges we face. Busting the myths How do we navigate the path to leadership? It is rarely something we are called upon to exhibit at the start of our career. Instead, it is something that comes later. My personal experience is of a career that happened in three phases – do, manage and lead. These are very different phases requiring very different competencies and, more importantly, dispositions. The last is perhaps the most challenging for the technically competent as to ‘lead’ is a role, an attitude, a presentation, and a way of being as opposed to a way of ‘doing’. Leadership is formed in the realm of emotional and behavioural intelligence, not in the realm of technical competence. Leading is not about authority, instruction or ordering, nor always being out front. It is a role that you embody by empowering, enabling, influencing, inspiring and impacting. To do this, you need vision and purpose. You need to see something bigger than yourself that others can identify with, believe in and follow. Starting from a technical place, how do we equip ourselves for leadership (assuming that we want to lead and know why we want it)? I will come back to the ‘why we want it’ later, as this is probably the most important determinant of just how good you can be as a leader. Don’t fall for those myths that are peddled about leadership or let some idealised notion of a leader get in the way of developing your inner leader. There is no ‘one size fits all’ – there are as many leadership styles as there are leaders and the circumstances in which you lead play a big part in informing the style you develop and adopt. You don’t have to have all the answers; you just know how to get other people to find them. You do not always have to lead from the front – not every challenge is the Somme – and it’s not all about you. In fact, very little of it is about you; it’s all about the environment you create for others. It’s not all high octane or high action; leadership requires reflection. And no-one is born to it. It’s not some ‘golden spoon’ that some are blessed with. Like a lot of things in life, it is a learnt behaviour and that learning often involves hard work with many knocks along the way. So, having busted the myths, where do vision and purpose start within a person and how do we nurture and develop those traits and behaviours that encourage others to follow us? Finding your inner leader When we are in the ‘do’ and ‘manage’ phases of our lives, we are very caught up in a ‘production’ environment which, on the surface, doesn’t require any great thinking around purpose or vision. But these are the very places where we should start to give ourselves the time and space to think beyond the immediate and ask: what is the end game, and why am I doing this? If you are interested in challenging yourself with these questions, you may well have an inner leader that is trying to get out. Very often, in the depths of doing you find the opportunity to lead – I found that in managing a structured asset finance business. In looking at how to optimise the balance sheet, I had a vision of a different way of managing risk and reward and from that, I lead a European risk syndication business. At first, I had few followers but senior people bought into the vision, trusted me to realise it and allowed me to get on with it.  Vision without purpose and values will not get you very far. I learnt quickly that it is not enough to have messianic zeal and passion – you must articulate a better place if you want people to go there for you – it must make sense, serve a higher purpose, meet a greater need and be supported by values that people can relate to. Now, I am a business person and I wasn’t taking anyone to the promised land but I could see a place where, if we changed what we did, we could do more of it and I knew that was what people wanted. When you take that step into leadership, make no mistake – you are putting yourself out there. You are separating yourself from the crowd and saying “look at me and follow me”. To succeed, I suggest there are a set of core traits and behaviours that true leaders have which can be developed through self-awareness and a willingness to grow. Authenticity and values Oprah Winfrey said: “I had no idea that being your authentic self could make me as rich as I’ve become. If I had, I’d have done it a lot earlier”. It was no doubt said firmly ‘tongue-in-cheek’ but as ever, Oprah was on to something here. Why limit our thinking to assume she just meant money? Consider the influence this woman has and the impact her actions have on thought formation and activism across the world. We feel we know who she is when she speaks. This is because she appears true to herself and has the courage to let people see that self in all its elements. Then we identify, then we empathise because the leader has taken the first steps to demonstrate authenticity and opened themselves up to possible rejection – now that’s putting yourself out there. Values are the soul-mate of authenticity. Without values, authenticity is hollow and people quickly see through it. Values take us beyond the charisma and allure of the person and into the heart of what the person is really about. When we know a person’s values, we can begin to understand their purpose. This allows us to interpret the vision that they are proposing we follow. More wise words from Mahatma Gandhi: “You must be the change you want to see in the world”. Leadership is fundamentally about consistency – who you present; what you present; the values you promote; the purpose you articulate; the example you set; what you say; what you do; how you treat others. If all of these do not connect consistently, you are not authentic. You may get things done, you may make people do things for you, but they will not be following you and you will not be leading. Reflection Making and taking time to reflect is so important. Very often, we are all just too busy ‘doing’ to carve out time to reflect. Ponder that old saying: “If you don’t know where you’re going, any road will take you there” and you will see that purpose and values, the cornerstones of leadership, are impossible to form and articulate without reflection. The phrase “ancore imparo” translates to “I am still learning”. I have a beautiful bronze plaque with this quote attributed to Leonardo da Vinci. When we are open, we are always learning – about the world, about others and about ourselves. Take all that learning and reflect upon it. Do this daily; challenge yourself to rationalise what you are doing and why you are doing it. How does it inform and support your purpose and the leadership that you show? Hear what others say about you, to you, think about you – learn from it. Have the confidence to take the hard stuff on board that will make you better and trust yourself to discard the envious and mean-spirited elements that can get in the way. Trust and respect Trusting yourself and trusting others is something that leaders seem to do effortlessly. This suggests an inner confidence, security and balance. This comes from self-knowledge, authenticity and values which support your vision and purpose. You are not playing at being something or somebody, so you can be free to enjoy leading and trust yourself to do the right thing. You can also trust others and when you do that, you prove Gandhi’s point because as a leader, you make more leaders and create a virtuous circle of empowerment and impact. The ability to trust has never been more important. We live in a mobile, integrated, technology-literate world. You cannot be everywhere, attend every meeting, always be with those you lead. So, share the leadership by creating other leaders. Disseminate your message through others and trust others to be the ambassadors of a shared vision and trust those who will realise that vision. In realising it, they make it their own. As Lao Tzu once said: “A leader is best when people barely know he exists, when his work is done, his aim fulfilled, they will say: we did it ourselves”. Finally, respect. This encompasses self-respect and the respect of others, both received and given. Don’t waste your time seeking popularity, it’s a fad, it’s fickle and easily replaced by the next more appealing thing on offer. Instead, earn and give respect. Respect is based on mutual understanding, hearing the voices of others and considering them. It is not earned by being always right. In my own experience, I have earned more respect from admitting to being wrong than I ever got from being right. Do the right thing by others – they may not agree with you, they may not like you, but they will respect you. Mentoring in both directions To be mentored and to mentor is an experience that will enrich your self-knowledge and aid your development and the development of others. Leadership is something that is learnt and what better way to learn than being mentored by a person whom you respect and see as a role model. While doing this, you too can be the mentor to someone who sees in you the character and values that they aspire to. In this relationship, you can discover how in leading you will create other leaders. So, what you gain from one experience is channelled into the other and the cycle of learning turns to the advantage of all concerned. Conclusion Let us go back to the question of why you would want to lead and how that determines the leader you can be. Why you want to lead is derived from your vision and purpose. When people see that your vision and purpose extend far beyond any personal self-interest and speak to something far bigger, they begin to listen; they begin to think about following you to the place you want them to go – to that place you have articulated and you exemplify every day in how you live the purpose that you promote. Lynda Carroll is Head of Capital Allocation and Risk-Based Pricing at AIB.

Jun 01, 2018
Management

If your workplace is being held hostage to a toxic atmosphere, it is time to tackle the issue head on. They notice every minor fault. They dampen a productive conversation with a mean-spirited put-down. They find no pleasure in success and their greatest joy is nit-picking every management decision. Chronic complainers are hard work, dispiriting and difficult to manage. Working with a negative colleague can be depressing yet if not addressed, the constant complaining can infect the workplace with negativity. How do you deal with it? Acknowledge the problem Dismissing a negative colleague as simply somebody who is having a bad day undermines the feelings of those who have to work in close proximity to the negativity. Management must first recognise that there is a problem. One way of doing this is by tuning into the emotional temperature of your office. Is it upbeat and friendly? Is it downbeat and cold? Are people tiptoeing around someone? Attuning yourself to this type of data can give you an insight into the experience of your staff. Are they right? It is easy to place the blame for a toxic office atmosphere on one person. It is more difficult to ask whether they might actually be right. Does the nit-picker have a point? Are they pointing out (albeit irritatingly) a pattern of problematic decision-making or highlighting an office issue that is simply being ignored? Asking this type of question may allow you to view the problem in a systemic context. Sometimes, complainers complain because it is an effective means of drawing attention to what is being covered up or ignored by the wider organisation. In this sense, complaining can be seen as a style of whistle-blowing. If they are not… If you are certain that you have a lone complainer and that they are impacting negatively on the atmosphere in the office, then it is time to take action. Ignoring the mounting tension or trying to rationalise the individual’s behaviour will only damage your credibility in the long run. Here are three strategies to deal with the situation: Create clear expectations for workplace engagement. Make staff accountable not just for reporting what isn’t working, but for contributing to what is. Moaning about the negative co-worker beside the water cooler is contributing to the atmosphere, not alleviating it. Dealing directly with workplace behaviour by discussing it with line managers is a more honest way of addressing the atmosphere; What does your staff member hope to gain by complaining in this way? Complaining is an attention-seeking behaviour that immediately gets results, either informal or formal. Listen for what the complainer is really getting at – it is most likely some kind of unmet need, vulnerability or a sense that they are being ignored or not being heard. There may be a more subtle way of reducing the negativity by focusing on a positive intervention; and If all else fails, refer the complainer to a business coach and set out clear areas for development. It is perfectly reasonable to expect a staff member to complete a course of coaching if you believe their behaviour is having a negative impact on performance or morale. There is rarely a ‘one size fits all’ solution to chronic complainers but everyone is in agreement that a healthy workplace cannot be held hostage to a toxic atmosphere. Hiring the right people may be the first step, but dealing with the fall-out of a negative colleague may be one of the ongoing challenges of managing people at work. Dr Annette Clancy is a Lecturer in Organisational Behaviour at University College Dublin and ran her own consultancy practice for over 17 years prior to joining UCD. 

Jun 01, 2018
Management

When poor performance or unacceptable behaviour can no longer be tolerated, employers must proceed with caution. Regrettable though it may be, there are occasions when – despite one’s best efforts – the ‘problem employee’ must be tackled. In such circumstances, adherence to proper procedure is influential in the majority of court determinations on such matters. Indeed, such judgments frequently focus more on the procedural provisions than the merits of the case. In 2015, the Workplace Relations Commission (WRC) issued instructions to employers availing of its services under such circumstances. The instructions stated that, prior to the hearing, employers “must set out the facts of the events leading to the dismissal including, where relevant, disciplinary meeting(s) held, investigation undertaken, disciplinary hearing(s) conducted, internal appeal(s) conducted...” This instruction goes to the heart of many unfair dismissal judgments, as the Courts have always taken the view that procedural fairness is a key dimension in its determinations. Consequently, to get the best out of the all-important hearing and to avoid unfavourable findings down the road, it is advisable that disciplinary interviewers proceed with caution before, during and after such interviews. Before the disciplinary interview An inadequate investigation of a situation on the part of an employer may give rise to a dismissal or disciplinary action being deemed unfair. Accordingly, a reasonable and fair investigation of the matter should be undertaken prior to a decision to initiate disciplinary proceedings or dismissal. An appropriate investigation will involve establishing the facts of the case, the range of relevant documents on the employee’s personal file (e.g. previous warnings, training received, appraisal records etc.), the required and average performance standards on the job, and the organisation’s disciplinary procedure and precedents. Indeed, it may be that, having completed the investigation, one decides to take no action or to settle for an informal ‘off the record’ counselling session. Depending on the nature of the alleged offence, the timing of the interview will normally be close to the incident. However, it shouldn’t compromise management’s responsibility to do the all-important preparatory work. In some instances, a cooling off period may be required to ensure that all parties approach the interview rationally rather than emotionally. If the alleged offence is adjudged to be of a serious nature, the employee should be advised immediately of the situation in the presence of her or his representative or nominated colleague and given an opportunity to respond. The employee in question may even be suspended (with pay) pending the investigation into the alleged misconduct. Management should then plan the interview structure and agree on the key questions. This can entail writing down all the facts and being prepared to substantiate each one. One should also note any assumptions and be prepared to inquire into them. Decisions will need to be taken as to the personnel to be involved in the process, ensuring that no-one plays two roles in the process (for example, witness and investigator). Where issues have reached a serious stage, at least two management representatives should be present to ensure correct and consistent application of the rules and procedures. One should also be clear as to who has the authority to formally warn or dismiss staff. The Government-issued Code of Practice on Grievance and Disciplinary Procedures recommends – in addition to the employee’s right to be accompanied by a representative – that the employee concerned be allowed to confront or question witnesses. Notably, a recent High Court judgment indicated that where serious allegations are being made that could result in dismissal or reputational damage, a right to legal representation also applies. Having completed the preparatory work, the employee should be advised of the interview’s time, place and purpose, and their representation entitlement. Where appropriate, the employee should also be provided with supporting evidence from the investigation. During the disciplinary interview Don’t be cosy, yet don’t be rude at the disciplinary hearing – strike the right balance. In any interview, the interviewee deserves a fair hearing. You don’t want to intimidate the employee to the extent that you only hear her or his side of the story when it is told by her or his legal representative at the WRC or the Labour Court. Management should make the opening statement. This can take the form of advising those present that – without pre-judgement – it is an interview under the organisation’s disciplinary procedure, the stage the procedure is currently at, one’s role relative to the procedure, and the function of other people present including ‘on call’ witnesses. The structure of the meeting should then be outlined. The structure of the meeting entails the aforementioned opening statement and posing questions. The employee and her or his representative will then reply, question witnesses and produce their own witnesses. One can then further question the employee and her or his witnesses. The employee should also be encouraged to highlight any issues she or he considers important, including any mitigating circumstances. Having determined whether there is any mitigating evidence, the action that management takes depends on such circumstances and the seriousness of the offence. When determining the action to be taken, the test of ‘reasonableness’ (i.e. does the punishment fit the crime?) must be borne in mind and should take account of these mitigating factors. In effect, this means that every situation must be evaluated on its own merits – though one must also be careful to be consistent, ensuring that one individual isn’t victimised or disciplined for behaviour that is tolerated elsewhere in the organisation. Prior to closing the disciplinary meeting, management should summarise to ensure that everyone understands the key issues. This summary should reflect the key points of the original case, the employee’s reply, the changes to the original case that have arisen during the meeting, the circumstances pertaining to the case as it now stands and the matters that warrant consideration or investigation during the adjournment. After this adjournment, one reconvenes the meeting to convey the decision, outline the outcome and state the action to be taken. Should the evidence point toward disciplinary action, management’s position should be explained to the employee who should be made fully aware of her or his shortcomings, the nature of the improvement required and the means for its achievement, together with the consequences of future transgressions. This is also an appropriate time to remind parties of their right of appeal. After the disciplinary interview After the disciplinary hearing, management must write up the records, advise relevant personnel, and send copies to appropriate parties (the human resources department, the employee and her or his representative, for example). Accurate records should be kept of all disciplinary issues but in particular, they should set down the dates, parties involved, the original case, the changes to that case arising in the proceedings, management’s action and its relationship to previous actions, and the particular circumstances of the case and how they affected the final action. Of course, good managers will work to prevent any deterioration in relationships. Disciplinary action can be a source of discomfort and resentment. While management’s final action may be fair and reasonable in the circumstances, it may not endear one to staff. Hence, the disciplinary action should be followed up to ensure that the problem does not arise again and that the process has been approached in a manner designed to help avoid the unacceptable behaviour or performance from recurring. Finally, the slate should be wiped clean in due course (if appropriate), as warnings should remain on an employee’s record only for as long as is consistent with the nature of the offence and in accordance with the organisation’s rules and practice. Gerard McMahon is Managing Director at Productive Personnel Ltd., a HR consultancy and training company.

Jun 01, 2018
Management

Six executive coaches reflect on the benefit of reflection at an individual, team and organisational level. Six executive coaches walk into a bar where their main objective was to discuss the type of cultural environment that makes it easy for an organisation to benefit from highly effective teamwork amongst its people. For the sake of anonymity, we’re calling them C1 to C6. For the sake of transparency, we need to admit that two of them were us. Learning and blame “Above all else, teams need to work within a learning culture,” began C2 when the first round was safely in. “As David Garvin wrote in the Harvard Business Review: ‘The world is changing. We’ve got new business models. If your rate of learning isn’t greater than the rate of change, you’re going to fall behind.’ I’ve been thinking about this a lot.” “Oh yeah,” exclaimed C1. “I like that a lot.” As did C6, adding, “This makes real sense to me as a coach. It provides clarity around what I’m seeking to achieve. I want to help organisations create an environment in which team members are constantly learning and refining what they do. But sometimes it’s hard to get there, isn’t it?” “Definitely,” said C3. “I’m working with a team right now who really struggle to reflect meaningfully on the ‘what just happened?’ question. The members seem more interested in justifying their positions than in harvesting any lessons from the outcomes that derive from their work together.” “Ah,” muttered C5. “It’s the old blame culture, isn’t it? I come across that so often in the organisations I work with and it’s so crippling, so counterproductive. It’s like Matthew Syed wrote in Black Box Thinking, ‘When something goes wrong, we like to point the finger at someone else.’ It’s hard to learn from ‘what just happened’ when we’re counting the fingers that are pointing at us.” At which point, five fingers turned towards C5, suggesting that it might be time for the next round. Resilience and business as usual By the time C5 returned from the bar, the conversation had moved on and C4 was holding court. “I think there may be too much talk of resilience within some of the organisations I work with. Do you not think that sometimes, staff are expected to bear too much?” “Absolutely,” replied C1. “Perhaps we should be coaching them around how best to resist, rather than to be resilient.” At which point, C3 reached for a handy napkin that was lying on the table and drew the following diagram while the rest looked on: “You see,” said C3 when the masterpiece was complete, “I’m getting worried that in some of the organisations I’m working with, resilience is now being seen as being a prerequisite for carrying out business as usual, rather than as a way to manage stress when something tough comes along, which requires you to dig deep.” “You know,” interjected C6, “that’s got me thinking. I mean, if the pressure to produce is so high in an organisation that its people need resilience just to get through a typical working day, what resource can they reach for when a crisis hits their sector or their company? That’s a great diagram, C3.” “Thanks,” said C3 modestly. “I suppose I’m just learning to use caution while seeking to develop greater levels of personal and team resilience with my clients. I see it as avoiding collusion with any organisational stakeholder whose world-view is one of ‘weaponising’ resilience by cranking up performance requirements to the point where it becomes a non-negotiable necessity when carrying out business as usual.” “Wise words,” said C2. “Now, go and get your round in.” Alignment and emotional intelligence “I’d like to talk a bit about the whole notion of alignment for a while,” said C2. “There’s a lot of talk about how important it is for an organisation’s people and teams to be aligned to its mission and values, but what does that mean in the real world? Is this really something it makes sense for teams to align to?” “Particularly in light of the ‘values inconsistency’ we so often see coming down to middle managers from boards,” chipped in C1. “That really confuses a lot of the people I coach.” “But,” asked C3, “if we don’t have a clearly articulated mission and values, how do people answer the ‘what do we do now?’ question?” This drew quite a lengthy response from C5: “I listened to a podcast recently in which alignment was described in terms of a person or team being tuned into what their system was wanting, saying or feeling at any one moment. The speaker felt that meaningful organisational alignment occurred when a team could match up the stuff it was feeling, wanting or saying as an entity in its own right, with the bigger picture; with the stuff that was being felt, required and articulated across the organisation as a whole.  They called it emotional alignment – I liked that.” “I heard that podcast too,” said C4. “It’s the one where the speaker talks about an organisation having an essence and a character. And that essence and character having a voice to which its people and teams can learn to attune their own voice. Perhaps it’s helpful to look at this as the deepening of collective emotional intelligence across an organisation and its various teams. Would that be helpful, do you think?”  “Speaking of the group collective voice...,” said C1 and headed swiftly towards the bar. Trust and vulnerability “A lot of this stuff comes back to trust, doesn’t it?” asked C1 on returning from the bar. “I’m finding quite a bit of cynicism in some of the teams I work with. It seems to be rooted in a dilution of trust both amongst colleagues and between an organisation and its people.” “Yes,” answered C3. “It’s like Amy Edmonson says in Teaming: when people trust and respect each other, it produces a sense of confidence and psychological safety. And this, in turn, encourages them to share their thinking without fear of being embarrassed or rejected.” “Patrick Lencioni calls that the ability to be vulnerable,” said C2, “because team members have a confidence that their peers’ intentions are always good so there’s no need to be self-protective. That, I think, ties back to the whole blame culture stuff we were discussing earlier.” “Yes, Lencioni says that a dilution of trust is the first and perhaps most important sign of a dysfunctional team,” said C4. “I find that to be true so often. It’s been particularly so in the climate of competitiveness that seems to be a necessary evil in many organisations. It’s hard to turn off those competitive instincts to develop a trusting environment within your team.” “I think the wider organisation needs to involve itself in helping to make this happen,” added C5. “It’s in their interests. I mean, think of the time and energy that’s wasted in teams trying to understand and manage other team members’ intentions. It’s a shocking waste of resource and really serves as a drain on morale.” Reflecting on organisational culture The issues discussed by C1 to C6 are all big issues for reflection at an individual, team and organisational level. Time spent reflecting on these issues can pay big dividends in terms of morale, engagement and performance. We don’t always have to reflect together in the boardroom. It’s often better to visit a decent coffee shop, restaurant or the local pub – or even organise a hotel-based away day. All of these discussion points offer an opportunity to establish some ground rules around banishing blame and exploring vulnerability – at least for the duration of the conversation – while considering some of these hugely important organisational culture issues. We’ve found reflective practice amongst peers to be a highly effective approach, both in our own firm and in working with our clients. We recommend it wholeheartedly to all organisations. Ian Mitchell and Siân Lumsden are partners in Eighty20Focus, a boutique firm of consultants, executive coaches and leadership trainers.

Jun 01, 2018
Ethics and Governance

There is an oft used, simple, but valid summary that “ethics is about doing the right thing”. However, what action to take in an ethical dilemma is not always so simple. What we consider to be right and wrong is influenced by what we know. What we do is influenced not only by our knowledge, but our instincts and the specific circumstances in which we find ourselves. To help you prepare for the day you encounter a difficult ethical dilemma, Chartered Accountants Ireland has launched an ethics quick reference guide, Five Fundamental Principles, Five Practical Steps. The concept of the guide is simple: it contains a summary of the five fundamental principles contained in the current Chartered Accountants Ireland Code of Ethics and includes a unique five-step ethical thought process to guide you in your decision-making. While the five fundamental principles form only one part of the 182-page Code, they are a core part of the conceptual framework that is embedded throughout the entire Code. Many Chartered Accountants will be familiar with these principles from either their days as a trainee accountant or from their most recent bout of Continuous Professional Development (CPD) referencing ethics in the accounting profession. While many Chartered Accountants will be familiar, we hope the principles summarised in the guide will resonate with all of you. The five practical steps outlined in the guide are designed to get you thinking about how you might behave in response to an ethical dilemma. Well-constructed codes are always useful and should be referenced at some stage in your ethical thought process. However, rather than basing the five steps on any particular code of ethics, they are based upon practical considerations of how one can respond to an ethical dilemma. Dealing with a front-line ethical dilemma is not always simple. The first challenge can often be to recognise that you are experiencing an ethical dilemma. We won’t right all the wrongs with one simple guide but if we succeed in getting professionals and business leaders thinking, we have a chance of righting some wrongs – or at least avoiding others.  The guide can be downloaded from the Ethics Resource Centre on  www.charteredaccountants.ie.

Jun 01, 2018
Spotlight

Ambitious women face many hurdles, but these can be overcome in the search for a place at the top table.  The issues of gender discrimination in the workforce and the gender pay gap are subject to increasing analysis – and rightly so. Given the amount of catching up to do, the equalisation of gender at the most senior levels of business should be on the agenda of companies in all professions, including accountancy. Discrimination and pay are two critical issues that need to be addressed for a fairer working world and it is important that the accountancy profession continues to encourage women to aspire to positions of leadership within the industry. Those who climb the leadership ladder will in turn inspire others as they lead the way. I truly hope that any woman reading this article and planning for promotion has never felt discriminated against or held back in so may me way because of their gender. Accountancy is a great career choice for women and men alike, and it offers huge scope for ambitious and consistent people. The business case for equality So, why does the accountancy profession – or, indeed, any profession – need more women on board? According to a study by The Centre for Creative Leadership, having more women in the workplace simply makes an organisation a better place in which to work. Not only that, having a higher percentage of female talent in an organisation predicted more job satisfaction; more organisational dedication; more meaningful work; and less burnout. But that’s not all. The researchers also found that having more women in the workplace was positively related to employee engagement and retention. Specifically, when asked why they stay with their current employer, people from organisations with a high percentage of women were more likely to cite positive and meaningful organisational culture. This includes enjoyable work; a job that fits well with other areas of their life; and opportunities to make a difference. These new findings persist regardless of participants’ age, industry, organisation size, leadership level, ethnicity or gender. In fact, while both men and women in our survey responded with this same positive pattern of results, the findings were even stronger for men on some measures. The emotional quotient Research has shown that women are more naturally empathetic and have a slightly higher level of emotional intelligence functioning than men. When in leadership positions, emotional intelligence can set you apart and allow you to better handle yourself, others and what is happening around you. Women can read a room in less than a second and generally have an easier time stepping into others’ shoes and showing empathy. These are incredibly powerful skills. We know that there is a growing empathy deficit in workplaces and that social connectedness increases performance and drive within a workplace, but if fewer women occupy leadership roles, this deficit may widen. The women leaders I am privileged enough to work with agree that it is vital that women do not feel that they must behave as a man would. They urge women to use their femininity and unique style to lead. Empower through trust To achieve gender equality, organisations must first learn how best to empower their female employees. In so doing, they will also improve the engagement, outcome, performance and happiness of both men and women in the workplace. To have an attractive employer brand, organisations must also find ways to encourage a more flexible and trusting workplace – one that encourages ownership and responsibility for work delivery on-site as well as remotely when required. This is not a gender issue; it is more about flexibility for both men and women that accommodates the need to balance personal and family demands and provides a roadmap to share the burdens and responsibilities of family life more effectively. One way to do this is to ensure that remote working systems are in place, including protocols for managing physical files. A cultural shift may also be required, one that gives employees the flexibility to work away from their desks, and trust is at the core. The millennial question Organisations must also consider the young women rising through the ranks who typically fall into the ‘millennial’ category. Millennials are more likely to expect their workplace to be flexible and don’t always see the value in adhering to ‘traditional’ rules. They also need to feel a connection to their work and want mentors to teach and inspire them. They want a clear career plan and although professionally immature, they need to feel that they will be provided with the scope and opportunities to progress. If we truly wish to encourage women leaders of the future, we must consider this millennial group and show them how other women have succeeded in their journey to the leadership table. Without this inspiration, they may falter. Strategies for success Leadership is quite the enigma, irrespective of gender. While some leaders have natural skills in influence, for example, they may lack natural skills in business strategy. Leadership therefore requires skills development and continued learning. Managers in today’s evolving corporate landscape face regular recalibration and with this comes challenge. Building resilience is a must for any leader, and this must be done while adapting to continued globalisation, tightening budgets and stricter reporting deadlines. Every leader needs an up-to-date tool-kit to help them improve their interpersonal skills incrementally and consistently. Men and women share a number of common leadership weaknesses. With daily stresses, even highly functioning leaders react to situations as they happen but don’t necessarily know how to carve out the time required to reflect on, and analyse, situations under pressure. For those females with promotion ambitions, here are some strategies that will help you advance your cause: Seek out mentors. Ideally, they should be women in your industry and in positions to which you aspire. Study what makes them successful; Partner with and support your boss in reaching his or her goals. This is about learning the skills to ‘manage up’; and Look for every opportunity to demonstrate your leadership capability and skills at work And here are some pitfalls to avoid: Don’t allow yourself to be overtaken by the distraction of your ambition or goals for development. Remember, you have a day job so do it well. This will ensure you are not dispensable; and Don’t put off any plans for leadership development training that will improve your self-awareness and influencing ability. Invest in building these leadership capabilities. And finally, a recently-published Accenture report offers three powerful accelerators to help women close the pay gap: Career strategy: aim high, make informed choices, and manage your career pro-actively; Tech immersion: acquire stronger technology and digital skills; and Mentoring: find a suitable mentor who will inspire you to become a leader. Performance matters To master your leadership edge in the field of accountancy, you need to shine a spotlight on your leadership style. Remember, your role in your company isn’t that of a superhero – rather, it is that of a transformative finance partner. To cultivate this reputation, be seen as someone who constantly monitors their own performance and that of others. In doing so, you will take a significant step towards career equalisation for women. Jane is author of The Career Book and co-founder of The Leadership Rooms.

Jun 01, 2018
Spotlight

What are the determinants of leader success in a volatile, uncertain, complex and ambiguous world? Recent times have been commonly described as volatile, uncertain, complex and ambiguous (VUCA). The VUCA world has been propelled by three fundamental shifts. First, the convergence of a couple of great disruptors – technology and globalisation – has made the pace and scope of change far greater than it has been since the industrial revolution. The emergence of new disruptive technologies and business models is becoming more commonplace and is reshaping the nature of competition across industries. As a result, executives may need to master additional skills to redirect their organisations in the face of attacks from a wider array of competitors than ever before, who create value for customers in fundamentally new ways. Second, and on a related note, executives are faced with a constant stream of information and trends that have become more readily available. It is therefore difficult to distinguish noise from actionable intelligence. As a result, executives may need to make decisions and advocate for them with little clarity on environmental trends. Finally, a fundamental shift is under way in the psychological contract between employers and employees. Unlike the past, when individuals often remained with a given employer for most or all of their working lives, individuals are now more likely to change jobs multiple times over the course of their career and employers are less likely to offer stable employment than prior generations. As workplaces come to be characterised by frequent turnover of staff and an increase in contractual and temporary staffing arrangements, leaders face increasing challenges in hiring, motivating and retaining employees and in preventing the loss of valuable skills and knowledge. When one considers the fundamental changes ushered in by these developments, it is not surprising that there is much interest among executives, consultants and academics alike in understanding the key leadership skills that can drive organisational success in a VUCA world. Questions have also been asked about how these leadership skills compare to those that drove success in prior decades. A key determinant of leader success in a VUCA world will continue to be the ability to effectively manage talent in one’s organisation. In particular, managing talent is becoming the foremost strategic priority and requires even greater executive attention. We are conscious that there isn’t any one boiler-plate or leadership template for managing talent. Rather, our aim is to discuss a few challenges leaders may encounter in a VUCA world and share examples of some practices that can enhance the probability of leader success. The hiring process The first and foremost talent management challenge facing leaders in a VUCA world is getting the hiring process right and treating it at par with other significant resource allocation decisions – but getting this right is easier said than done. Research has found that executives often staff their organisations with individuals with homogeneous skillsets and work experiences, often mirroring those of executives themselves. In doing so, they may create a ‘tunnel vision’ of sorts in the organisation when instead, greater diversity of thought and skills is likely to be needed for organisations to navigate the current VUCA times. There is also the temptation to make recruiting choices based on the immediate operational needs of the organisation or by prospective candidates’ fit with current activities instead of acquiring talent that will support the organisation in the medium- and long-term. One example is the need for technology-savvy individuals who are able to help the organisation capitalise on the digital and analytics disruptions that are reshaping the business world. As the famous hockey player Wayne Gretzky once said: “A good hockey player plays where the puck is. A great hockey player plays where the puck is going to be.” Nurturing talent A second, not-so-obvious challenge facing executives in a VUCA world is avoiding the extremes of either neglecting their top talent or singularly focusing on top talent while ignoring other employees. On the one hand, top talent disproportionately contributes to organisational performance despite being in the minority. Top talent is also generally highly mobile. Thus, leaders cannot afford to take these individuals for granted and must make efforts to motivate and retain them. On the other hand, the features of a VUCA world also imply that organisational performance is increasingly dependent on team effort as much as solo efforts by key employees. Important contributions to team effort are often made by employees who may not be the top-most performers, but are nevertheless good organisational citizens who provide valuable stability. Organisations should therefore be mindful of the unintended emergence of a vicious cycle whereby the nurturing of top talent comes at the cost of denying growth opportunities to others. The balancing act that leaders need to perform in order to retain and reward their top talent without alienating others often proves difficult. Good inductions, coaching, and emphasising and encouraging collaborative behaviour are a some actions leaders can take. Incentive and reward systems A third challenge facing executives in a VUCA world is preventing potential distortions triggered by the design of organisational incentive and reward systems. One such distortion can result from adopting incentive systems that are at odds with organisational objectives. This possibility was extensively discussed in the seminal article, On the Folly of Rewarding A while Hoping for B. For example, organisations commonly provide incentives for the achievement of individual targets while stating a desire for a collaborative organisational culture. Another distortion that can occur as a result of organisations’ incentive and reward systems is employees being promoted based on their performance in their current roles as opposed to their potential and suitability for future roles. Google’s ‘Project Oxygen’, for instance, revealed that individuals who were promoted to managerial roles largely on the basis of their current technical skills and performance were often not effective in these roles, as good managers also needed softer skills such as listening, coaching, developing others, and the ability to delegate. More generally, organisations’ incentives and reward systems could also generate distortions when they focus on a narrow set of behaviours and outcomes, thus inadvertently discouraging other value-creating behaviours and outcomes. For example, it is quite possible that a great salesperson may neither want to be a sales manager nor would make a good sales manager. Creating incentive and recognition systems that seek to recognise the different ways in which employees contribute to organisational success could be one way to avoid this. Conclusion A VUCA world has created immense opportunities for companies to tip the balance of competition in their favour and create the preconditions for lasting success. In doing so, leaders must approach the selection, motivation and retention of talent as a strategic priority. Karan Sonpar and Federica Pazzaglia are both Professors in the management subject area of UCD Smurfit School of Business.

Jun 01, 2018
Strategy

General practitioners can capitalise on the trend towards sector specialism, but planning is required.  The accountancy sector, like other professional service sectors, has witnessed an increased focus on sector specialisation to bolster general practice activities over the last decade. This trend is largely driven by clients who want their advisers to be experts not just in technical accounting issues, but also in the issues that impact a particular industry or client type. Niche services can be very profitable provided you choose the right niche. However, it is vital to ensure that the demand for your services will be sufficient for your firm to develop a sustainable and profitable business model – and that is where research comes in. Research the opportunity Once you have identified your target market, the next step is to define your service offering by focusing on your clients’ needs; the aspects of your services that meet those needs; and, importantly, the skills and talents that differentiate you from your competitors. Take time to get to know your target market and bear in mind that this is not a once-off exercise. Businesses evolve and client needs will change over time. It is therefore vital that small- and medium-sized practices (SMPs) are proactive and agile enough to anticipate trends and respond appropriately. The aim is to build a business model that is efficient and easy to replicate for the full spectrum of clients in your chosen sector. If your chosen niche is freelance IT business owners, for example, and you successfully develop a service offering that saves clients time and money while providing value-adding insights that ultimately help their businesses develop and grow, it is likely that your clients will refer other potential customers to you. Communicate your offering Having identified your target niche and refined your service offering, the next challenge is to let people know about it. There are various ways to reach your target market. Your website is important – not from an SEO point of view, although that can sometimes be useful, but because it will likely be the first port of call for prospective clients when they hear about your firm. Your website should be intuitive and easy to navigate. It should provide details of your expertise in plain English so potential clients can easily understand what services you have to offer, and it should provide your contact details. It is important that someone in the firm is responsible for monitoring website queries and responding promptly. Failure to get these basics right can result in lost opportunities. Utilise your website Your website can also act as a platform for your firm’s thought leadership activities – an increasingly popular way for businesses to share their expertise and showcase their abilities. Make it easy for potential clients to read your blogs, insights, press releases and news. If you are active on social media, provide links on your website to make it easy for potential clients to follow and connect with you. Surveys are very useful in generating insights that add value for clients. They can also provide excellent material for press releases, web and social media content. Similarly, attending, speaking at and hosting events for your target market is a great way to build your firm’s brand and profile in the marketplace. To maximise the value of these opportunities, it is essential to invest time in pre-event and post-event activity. Lastly, subject matter experts within your firm should be prepared and willing to accept media invitations for interview. Many accountants are apprehensive about speaking on air and therefore miss out on opportunities to showcase their professional expertise. Media training will help you develop the skills necessary for this valuable activity. Risk versus reward A limited budget doesn’t have to be an obstacle to effective marketing. The key thing is to know your target market and ensure that your message is relevant. Money spent educating yourself about your target market’s sector will deliver more long-term value than vying for attention in a crowded marketplace where your competitors might have deeper pockets. All of the top 10 accountancy firms in Ireland have clearly identified industry sectors in which they specialise. In my experience, if firms spread themselves thinly as generalists, they preclude the opportunity to build the deep, meaningful expertise necessary to reach beyond geographic or traditional markets. While focusing on a narrow market may feel risky as it ultimately means excluding other sectors, a practice that focuses on a small number of specialist areas has well-defined audiences to communicate with. As a result, its message is more likely to be heard.  I was recently chatting about this concept with an astute PR consultant who asked me why a firm would “take the risk” to focus on a narrow industry. But given the opportunity to develop a profitable, sustainable portfolio and win referrals, why wouldn’t they? Mary Cloonan is a freelance marketing professional and founder of Marketing Clever.

Jun 01, 2018
Strategy

While the pace of Brexit negotiations has quickened, the stakes remain high – particularly when it comes to the border. Political issues continue to dominate the debate about Brexit. In March, the European Commission published the draft legal text of a withdrawal agreement, which included  provision for a transition period and a “backstop” solution to prevent a hard border on the island of Ireland. In the event that no other solution to the border question is found, this would avoid a ‘cliff edge’ Brexit by creating a “common regulatory space” where goods could flow back and forth without border checks. However, Prime Minister Theresa May has said that the backstop undermines the UK common market and threatens the constitutional integrity of the UK. The UK is still of the view that the border should be solvable through a trade deal and/or technical solutions. At the time of writing, the main insight the UK government has provided into what these technical solutions might involve appeared in an August 2017 paper, which set out two approaches for the future customs relationship with the EU. The first option would use technology-based solutions to streamline and simplify customs requirements; the second would involve the UK, at its external border, applying EU external tariffs and origin rules for imported goods with their final destination in an EU member state, to ensure that the importer has paid the correct EU duties. For goods staying in the UK, companies would seek refunds where the UK’s import tariffs are lower. The paper describes the latter option as an “innovative and untested approach” which would “take time to develop and implement”. More recently, a House of Commons Select Committee on Northern Ireland Affairs looked at how technology might be used to avoid a hard border. Among the technologies considered was Automatic Number Plate Recognition (ANPR). Among other sources, the paper cites an Irish Revenue Commissioners (2016) draft paper which said: “An e-flow-style number plate recognition system would allow vehicles carrying goods to move from the Republic to the North and vice versa without having to stop in cases where a pre-departure/arrival declaration has been lodged and green-routed. In theory, upon arriving at the frontier, a vehicle could be identified by the ANPR system, associated with a particular pre-declared consignment and signalled as to whether clearance had been provided or engagement with customs was required.”  The Select Committee stated that use of cameras would require electronic pre-notification of the movement of commercial vehicles across the border. This is currently required for exports outside the EU. ANPR cameras cannot ascertain if the contents of a vehicle match the electronic customs declaration form, so customs officials would still be required to monitor compliance. In the course of its work, the Select Committee took evidence on the operation of other external EU customs borders. Cameras are used at customs borders in Norway, Switzerland and Gibraltar to help prevent smuggling and monitor the movement of vehicles. Norway is part of the Single Market, but outside the Customs Union. The Norway-Sweden border is over 1,600km in length, there are 57 crossings and 11 customs offices. The Committee was told that everyone declaring goods “has to stop at the border” and must “cross the border where there is a customs office”. One witness to the Committee highlighted the limitations of digital technology in practical terms: “The point that was made on the Sweden-Norway border, where they have a fully electronic system and people are sharing information, was: ‘Why are you still stopping people and x–raying trucks? They have told you what they have in their customs declaration’. They say, ‘How do we know they are telling the truth?’” Switzerland is also outside the Customs Union and has signed 30 free trade agreements with partners outside the EU. It has over 100 bilateral agreements with the EU, which cover many aspects of Single Market rules. Commercial goods entering Switzerland must use designated crossings and complete customs clearance at offices on the border. In Basel, 750 officials at eight customs offices deal with 50% of all Swiss commercial goods traffic. Closer to home, the UK government recently advertised over 550 border force roles. Controversially, candidates must hold British passports if they wish to apply for Border Force jobs based in Belfast. People in Northern Ireland who only hold Irish passports cannot apply for these roles. Meanwhile, the possibility of the UK remaining in the Customs Union has not entirely disappeared off the radar despite Prime Minister May’s repeated statements that the UK will leave both the Customs Union and the Single Market. In April, the House of Lords backed an amendment to the EU Withdrawal Bill that would force the government to explain what they have done to ensure that Britain can remain in a Customs Union after it leaves the EU. Understandably, political discussions continue to hog the spotlight; however, business leaders are all too aware that Brexit is not just a matter for national authorities. Business planning cannot wait for political certainty and there are important legal repercussions to consider, not least – as mentioned in my earlier Accountancy Ireland article – for Chartered Accountants providing statutory audit services and finance teams in companies subject to audit requirements. These individuals and firms will need to bear in mind that, subject to any transitional arrangement which may be contained in the withdrawal agreement, as of the withdrawal date, the EU rules in the field of statutory audit (in particular, the Statutory Audit Directive) will no longer apply to the UK when it becomes a ‘third country’. Elsewhere, Chartered Accountants can play a valuable role highlighting potential solutions that could work in specific sectors. For businesses moving goods between jurisdictions and concerned about the potential delays that may result from customs requirements at borders, a practical option worth considering is to apply for Authorised Economic Operator (AEO) status. This internationally recognised quality mark indicates that your role in the international supply chain is secure and that your customs controls and procedures are efficient and compliant. A benefit of having AEO status is that it gives you quicker access to certain simplified customs procedures and, in some cases, the right to fast-track your shipments through some customs and safety and security procedures. Mutual recognition agreements with other customs jurisdictions mean that companies authorised in one customs jurisdiction can be recognised as an AEO in a second customs jurisdiction. The EU has mutual recognition agreements with Norway, Switzerland, Japan, Andorra, the US and China. The EU summit in October is the target set by Michel Barnier to reach agreement on the Withdrawal Treaty. Before that, another significant milestone looms at the end of June when EU leaders will decide if enough progress has been made for a ‘political declaration’, which would set the framework for trade negotiations with the UK. While political tensions persist, there is a danger that progress made to date could still unravel, given that “nothing is agreed until everything is agreed”. European Council President, Donald Tusk, recently warned that without a solution to the border issue, “there will be no withdrawal agreement and no transition”. As this edition of Accountancy Ireland goes to press, there is talk that Prime Minister Theresa May could seek to align the entirety of the UK with the EU for a period of time pending the development of other solutions. It is as yet unclear whether she can win enough support to allow her to take this proposal to the EU. Unless a ratified withdrawal agreement establishes another date, all EU primary and secondary law will cease to apply to the United Kingdom from 30 March 2019. With less than a year remaining to that date, the pace of negotiations has quickened and stakes remain high. Michael Farrell is Director at PKF-FPM Accountants Ltd., a service provider for InterTradeIreland’s Brexit Advisory Service.

Jun 01, 2018
Spotlight

How, in this age of innovation, can leaders manage risk while enabling growth? As technological innovation continues to revolutionise the business landscape, organisations and their leaders are also grappling with new-found risks and uncharted challenges. PwC’s 2018 Risk in Review Study: Managing Risks and Growth in the Age of Innovation shows how a distinct set of risk management practices can arm organisations to capture value from their innovation efforts and better manage related risks for further growth. Organisations, and their leaders in particular, must understand that risk management and innovation go hand-in-hand. Innovation brings great opportunity. A keen awareness of the necessary actions to address both known and unanticipated risks that accompany innovation can equip risk executives to succeed in this fast-changing environment. Risk executives should be engaged throughout the innovation life-cycle to effectively identify, assess and manage innovation risk. Key drivers In an era of digital business and rapid technology change, virtually no company can ignore the imperative to innovate. Failing to do so is an invitation to lose business. The study identified a number of key drivers: New technology, including big data and the cloud; Human capability skillsets to support new technology; Market growth requirements; Cybersecurity and privacy threats; Industry peers; and Increased regulation. Strategy and risk management As organisations across all sectors increasingly face pressure to innovate, risk executives need to help their organisations strike the right risk/reward balance. After all, organisations that effectively manage innovation risk are more effective innovators. With innovation now forming part of organisations’ strategic direction, it becomes clear that innovation must be managed just as effectively as the strategy itself, as errors could have lasting strategic impacts. “Strategy” refers to an organisation’s plan to achieve its mission, vision and to apply its core values. A well-designed strategy drives the efficient allocation of resources and effective decision-making. It also provides a roadmap for establishing business objectives throughout the organisation. Risk management does not create the entity’s strategy, but it does influence its development. An organisation that integrates risk management practices into setting strategy provides management with the risk information it needs to consider alternative strategies and, ultimately, to adopt a chosen strategy. Therefore, the same principles should be applied to innovation and the risks surrounding it given its inherent correlation to strategy. Enterprise risk management COSO’s Enterprise Risk Management Framework – Integrating Strategy and Performance 2017 defines enterprise risk management as “the culture, capabilities and practices, integrated with strategy-setting and performance, that organisations rely on to manage risk in creating, preserving and realising value”. It emphasises its focus on managing risk through: Recognising culture; Developing capabilities; Applying practices; Integrating with strategy-setting and performance; Managing risk to strategy and business objectives; and Linking to value. To keep pace with innovation and risks changing at breakneck speed, organisations need to harness a range of methods that will continue to grow and evolve along with these forces. Enterprise risk management is not static, nor is it an adjunct to a business. Rather, it is continually applied to the entire scope of activities as well as special projects and initiatives (such as innovation activities). It is a part of management decisions at all levels of the entity. Key attributes of effective risk management programmes When organisations respond well to the range of innovation risks, it naturally follows that their innovations are more successful. There are some key attributes of effective risk management programmes which achieve this: Confidence in the risk management programme’s ability to effectively manage risks from innovative practices such as artificial intelligence, augmented reality, big data, the internet of things and robotic process automation; The risk management programme influences decision-making and the shaping of innovation strategy. Exerting influence over decisions about innovation positions risk executives to help their organisations understand – and therefore better manage – innovation-related risk; The risk management programme engages early and often across the innovation cycle. Risk plays a more active role across the innovation cycle. Risk advises on innovative activities before the planning stage, and they’re much more likely to halt initiatives based on risk assessments and suggest risk-based alternatives; Drive risk tone and culture from the top, and broadcast appetite and tolerance messages about innovation and risk across the organisation. Tie effective management of innovation risk to strategic planning and performance management to align behaviours which can be measured and monitored; The risk appetite and tolerances are adjusted with frequency. The overall risk appetite may need to shift over time due to market direction or competitive dynamics. As the organisation periodically adjusts its risk appetite and tolerances, all lines of defence are informed of such changes so that business decisions, controls testing, risk monitoring and risk reporting work in a synchronised and risk-aligned manner; Harnessing of new risk skills, competencies and tools to support innovation. Adapt risk capabilities to influence and enable the organisation’s innovation strategies, expand continuous risk assessment, and use new technology for more real-time information. Successful firms add knowledgeable, curious, action-oriented and tech-savvy recruits to keep pace with risks from technology-driven innovation. Their current workforces also continuously up-skill in new methods, metrics, tools, and technologies to make critical, in-the-moment risk/reward decisions; and The risk management programme uses a wider variety of metrics to monitor and assess effectiveness of risk management in multiple ways and by multiple parties, including external parties. Examining effectiveness through multiple metrics helps risk executives shore up areas where they fall short or are vulnerable, so that the C-suite and the board can rapidly make decisions about strategic initiatives while the business steps in to address any risk profile misalignments against risk appetite. Obstacles To spot risk and react at the right time in the right manner, ensuring that important messages cascade across and into the crevasses of an organisation, is critical. With innovation risks occurring at break-neck speed, there are undoubtedly various obstacles to overcome before effective risk management can be embedded. Some key obstacles include: Organisational culture that inhibits change and fails to foster idea creation in a controlled and welcomed manner; Lack of knowledge of innovation-related opportunities and risks; Lack of leadership buy-in; and Weak collaboration between the risk programme and the business. Fuelling innovative growth  Organisations must view innovation and risk as a double-edged sword, clearing the way for greater opportunity and increased revenue growth, with eyes wide open about all-but-certain and unimaginable risk. To allow for more innovation and to deflect or limit risks from new initiatives as they arise, risk executives must be engaged and influential over the entire innovation life-cycle – from high-level strategising to brainstorming, quantifying, executing, continuously taking decisions and actions about risk appetite and performance tracking. To play this important role, risk management programmes must be equipped to effectively identify, assess, and manage innovation risk. Applying rigour, using multiple approaches, pushing the organisation to periodically adjust risk appetite, adding sophisticated skills and tools, and comprehensively monitoring how successfully the programme is tackling innovation-related risk helps risk executives meet their organisation’s strategic objectives. As digital technology accelerates the pace of change, effectively managing innovation-related risk becomes crucial. When organisations effectively manage innovation-related risk, the likelihood that they will be successful innovators rises. That simple premise alone is a call to action for risk management programmes. Failure to do so all but guarantees under-performance. Jason McGee is a Senior Manager in Risk and Assurance at PwC.

Jun 01, 2018
Feature Interview

As Feargal McCormack takes the reins as President of Chartered Accountants Ireland, he shares his thoughts on the quality of the Institute’s membership, the importance of positivity, and his role as the conductor of the orchestra. In the corporate world, people often talk about their “core values” or “guiding principles” but few people live out their philosophy as comprehensively as Feargal McCormack, Managing Director at PKF-FPM. Feargal, who recently succeeded Shauna Greely as President of Chartered Accountants Ireland, is a firm believer in the philosophy of St Francis of Assisi – it is in giving that we receive – and this principle has shaped not only his work ethic, but also his leadership style and sense of value. Addressing the 130th Chartered Accountants Ireland AGM, the Warrenpoint native echoed the sentiment of St Francis when he outlined his main objective for his presidential year – caring for members, staff, trainee students and the community. While his evident sense of empathy could be attributed to the accumulated learnings from 27 successful years in business, it has its roots – in part at least – in his own family’s personal tragedy. “I went over a few hard stones on the way,” he said. “Our first child, Eimear, died after four days and our second child, Seamus, is severely autistic and requires round-the-clock care. Then, when my wife Anne was pregnant with Ruairi who is now 17, she suffered a brain tumour which she thankfully recovered from fully. “Although you wouldn’t want them or go looking for them, those experiences do prepare you for life. They put things into perspective and as a result, I’ve never lost a wink’s sleep over work,” he continued. “I love my work and I love life. From the outside, people would say I’m a reasonably busy person, but I love every moment of it.” A high achiever To say that he is “reasonably busy” could easily be described as an understatement given the amount of time and expertise he has shared with organisations throughout the island. From Special Olympics Ireland and his beloved GAA to Ulster University Business School and the Prince’s Youth Trust, Feargal has balanced his role as Managing Director of an award-winning mid-sized accountancy firm with various extracurricular roles – something he is keen to encourage in those who work with him. “I’ve always been able to mix work and home life with extracurricular activity, and I feel that both work off each other. You have to have balance in life, but interaction is important,” he said. Indeed, Feargal attributes his involvement in activities beyond the workplace with his ability to succeed as a young leader. “When I joined the Industrial Development Board, I was the youngest ever Principal Officer in the Northern Ireland Civil Service at 26 years of age,” he said. “At that stage, all of my subordinates were considerably older than me, but extracurricular activities gave me the experience to deal with that because from my teenage years, I was secretary or chair of committees where people were, in general, considerably older than me – old enough to me my father, I’m sure. “I believe that it’s key in any organisation to encourage your team to get involved in areas they’re comfortable with – whether that’s charity, sport or the church, for example – because they can then bring the skills they develop back to the workplace. I genuinely don’t believe that you can turn the clock off at 5pm so if you’re not a caring person after 5pm, you won’t be a caring person before 5pm.” Putting people first Feargal encapsulates this idea in another life-long mantra – “I don’t care how much you know until I know how much you care” – and he hopes to bring this to life within the Institute during his presidency. “For me, continuity is key. I’m a member of the Institute’s oversight board and I can’t recall one decision in the last three years that wasn’t unanimous, so there won’t be any solo runs,” he said. “I only see a slight change of emphasis to increase our focus on becoming more caring and people-focused. That’s very consistent with our core values of integrity and ethics so I will be encouraging us, as an organisation, to walk that vision.” The ultimate aim is to increase the Institute’s relevance amongst its membership and create a team of 26,000 brand ambassadors who will raise the profile of Chartered Accountancy – and Feargal plans to lead this charge. “I’ve always found that the key to happiness is looking outwards,” he said. “And throughout the Institute, there are many role models across many sectors who – both in work and beyond work – are making fundamental, positive differences to the societies in which they live. “I hope to have an opportunity to shine a light on those role models but to do that, it’s important to get out there and meet those members,” he added. “So, over the next 12 months, I will be busy visiting companies and schools throughout the island. You’ll also see Council members hosting events where the President can meet members, and this will give us a great opportunity to tell the story of how Chartered Accountants make a difference to society because ultimately, that is our key contribution.” Building the Chartered brand Feargal also plans to enhance the external profile of Chartered Accountants and build on the “excellent work” currently under way to raise the Institute’s voice in the business community and beyond. While this is a key ambition for his presidency, Feargal sees himself more as the “conductor of the orchestra” who brings the best out of people. “The diversity of our membership is our greatest strength – diversity not only in skillset, but geography also. There are some areas I’d like to explore a little bit further, including the diaspora of international members,” he said. “I would personally like to chair a taskforce to assess how we can best make use of our international dimension both for our membership on the island of Ireland and also, as a professional network for our overseas members and younger members wishing to work abroad.” Another area of focus for Feargal is the parallels between sport and business. “Nobody really wants to speak to a 58 year-old man promoting our profession, so I would like to see Chartered Accountants who are also involved in sport promoted as role models for the profession. It will be interesting to hear how they blend their Chartered Accountancy studies and career with success in the sporting arena; how that discipline of study and integrity in the workplace can be transferred onto the field. There’s a lot we could learn from this group.” Adapting to change Learning from each other feeds into another important issue for Feargal – enhancing the Chartered Accountant’s capacity to adapt to change, which is more important than ever in the context of a volatile international landscape. “If we think about leadership in the corporate setting, it’s all about the ability to adapt – to be agile and change,” he said. “There’s no doubt that we’re in a very challenging market environment but in challenging environments, there are always exciting opportunities. “We should therefore have positivity in the breadth of our membership. We can’t control what happens around us, but we can control how we respond and I firmly believe that there is no problem out there – however and whenever it arises – that we as an Institute cannot deal with,” he continued. “We have to prepare ourselves and be in a state of readiness, but there is nothing we should fear.” Feargal does acknowledge, however, that technology, regulation and governance will bring many good things, but they will also bring challenges for the profession. “Am I confident that these are issues that we, as an Institute, will address? Yes, I am. We may have to work in collaboration with other accountancy, professional and – in some cases – statutory organisations, but are we up to that? We certainly are.” Indeed, this drive for agility extends beyond qualified members and into the Chartered Accountancy syllabus, with a number of changes in the pipeline – a responsiveness that Feargal is keen to nurture. “Two new electives will soon be introduced for FAE students and I think that’s the start of a trend,” he said. “We’re also seeing responsiveness in the enhancement of technology in our exam process and in the flexibility we can now offer to students. All these factors will help us address challenges as they arise. “The most important thing for the Institute is to listen, and then move forward with pace. I suppose I would have a reputation – rightly or wrongly – for getting on with it and if we make a mistake, we go back and correct it,” he added. “If I have one frustration in life, it’s too much talking and not enough action. I firmly believe that action is the way forward – yes, conduct research but get on with the job quickly and learn from your experience.” He added, “I’ve only seen positive things in the last 12 months but I can assure you, if I come across any negativity I will ask people to desist or leave the room because I believe you must be solutions-focused. I’ve been known on quite a few occasions to stop meetings as in my view, negativity has no place in any progressive and forward-looking organisation.” The challenges ahead Despite the challenges ahead, the Institute is in a very strong position according to Feargal – a testament, he says, to the leaders that preceded him as President. “The Institute’s current churn rate is minimal and the fact that members who previously terminated their membership are now returning as members demonstrates better than anything else the value of being a member of our great Institute,” he said. “I would certainly like to encourage the Institute to continue the very good work that’s currently under way. We have made very significant progress in recent times and while we have achieved much, we must continue to work to ensure that we remain relevant to our members. Therefore, it’s always good to try new ideas and I certainly see us continuing to innovate because, in my experience, you either innovate or evaporate. “Finally, I am very honoured to become President of Chartered Accountants Ireland. The Institute has been fortunate in the quality of its leadership and I hope I can carry on that tradition,” he said. “I am also very conscious that it is the 130th year of the Institute and while we have come a long way in 130 years, the journey has only just begun.” Feargal McCormack is Managing Director at PKF-FPM and President of Chartered Accountants Ireland.

May 31, 2018
Management

Denis Reeves shares his thoughts on best practice crisis management planning, drawing on decades of experience as a Chartered Accountant working in management positions across the globe. When KFC – a fast food outlet known primarily for its chicken – ran out of chicken last month, it resulted in the temporary closure of over 600 outlets across the UK. While a dearth of fried chicken isn’t a life or death situation, it was certainly a crisis for the US-owned franchise’s management team. Just days previously, on Valentine’s Day, DHL took over the logistics contract alongside Quick Service Logistics which, according to the Guardian, has supplied KFC in Europe since 2011. Four days later, only 266 of KFC’s 900 outlets in the UK were open. The KFC brand ultimately weathered the storm thanks to an honest and apologetic crisis communications strategy, which has been described as a “masterclass in PR crisis management”. However, crisis communications is just one aspect of a holistic crisis management strategy according to Denis Reeves, a former Council member at Chartered Accountants Ireland. “The Oxford Dictionary defines crisis as ‘a time of intense difficulty or danger’ and at an enterprise level, it will typically be a significant and unanticipated event that will demand the immediate and almost exclusive attention of the senior management team,” he said. “Depending on the severity of the issue, it could also require the immediate notification of the chairperson of the risk committee or even the chairperson of the board of directors.” Known unknowns Given the “unanticipated” nature of the potential crisis, it is not uncommon for managers to put crisis management planning on the long finger. After all, how does one prepare for the unknown? “A crisis will mean different things to different businesses and it will usually be quite difficult to prepare fully for the exact crisis circumstances that unfold in an organisation,” said Denis. “But responses to crisis situations typically fall into two broad categories.” Denis describes a “category one” level of preparedness as a situation where the organisation has given some, or substantial, consideration to crisis recognition and has identified a range of appropriate response actions. In this category, the organisation will have a range of pre-approved template responses available to assist the pre-defined crisis response team. A “category two” level of preparedness, on the other hand, can be described as a situation where organisations have given no prior consideration to crisis preparation and have no structured response plan in place. According to Denis, many organisations will find that their level of preparedness lies somewhere between category one and category two. Action points While the KFC example above is a recent case of crisis management in action, other situations could include a major product recall, on-site fatalities, an event leading to the collapse of stakeholder confidence or the fall-out from an unanticipated high-profile executive departure. While this list represents a diverse range of potential crises, Denis maintains that situations requiring crisis management intervention generally exhibit a number of consistent attributes such as a dip in the organisation’s share price, a collapse in trade enquiries, damage to goodwill and significant uncertainty among key stakeholders including customers, staff, suppliers and media. In such situations, Denis advises management teams to back-fill some key roles on a short-term basis to allow the management team to focus exclusively on crisis management activity. Once the management team is freed-up to focus on the crisis at hand, Denis recommends a range of action issues:   Assemble and act: the nature of the event will dictate the required speed and intensity of response, and the skillset required to deal with the crisis; Take a broader view: consider the impact of different time zones vis-à-vis the crisis communications strategy; Access critical skills: a key factor in the success of crisis management activity is the identification of the skills or expertise required to supplement the organisation’s internal skills, and how to access them immediately; Communicate: promptly issue a succinct stakeholder update across all suitable media platforms. To do this efficiently, organisations will need immediate access to passwords for social media accounts and the resources necessary to update their website(s). The initial phase of a crisis is often characterised by an overwhelming requirement to provide information to a range of stakeholders; Be accurate: it is crucial that all information issued is correct. Frequent, accurate updates will prevent the creation of an information vacuum, which could lead to the spread of misinformation and ultimately sabotage the organisation’s crisis management strategy; Know who to contact: always maintain up-to-date lists of key stakeholders with complete contact details, and circulate as appropriate; Shorten the chain of command: in a crisis management situation, the decision chain needs to be much shorter than it otherwise would be. The imperative is to have all required personnel available as part of the crisis response team, and it should be noted that “required personnel” are often not found within standard reporting structures; Establish a ‘command and control’ structure: some crisis management practitioners report difficulty in moving from a standard information-based approach to decision-making to that of a command and control approach that is more typically based on the imperative to execute tasks promptly and report on outcomes immediately; Identify actions: establish an immediate task list and allocate tasks to the appropriate personnel; and Think beyond the business: establish whether there is a requirement to activate business continuity or hot-site arrangements, or to notify insurance providers and other such third-parties. The requirement to notify State agencies should be assessed at an early stage. Plan and prepare The action list above details a whole swathe of activity for the management team. Despite their best intentions, Denis believes that a crisis management plan is unlikely to be executed smoothly if the management team hasn’t invested time in preparation and planning. “Some organisations might find it useful to convene the core crisis management team on an infrequent basis to work through some potential scenarios,” he said. “It would also be prudent to review and refresh contact lists on a regular basis and reiterate the mechanism for communicating an urgent priority. Indeed, some organisations have a code word that basically means ‘drop everything’. “And lastly, the team could consider any changes to the team’s composition and communicate those changes accordingly,” Denis added. “Once a crisis kicks off, however, and the parameters of the crisis become clearer, all the templates available to the crisis management team must be tailored to create a detailed and situation-specific action plan. This plan, by its very nature, will be fluid and resourced on a ‘skills required’ basis.” Silver linings While crises are typically viewed as negative events, Denis maintains that crisis situations can have a silver lining. “Crisis management typically involves superior problem-solving, communication and execution skills,” he said. “Crisis situations often allow personnel who were previously relatively unknown within the organisation to come to the fore, and management should recognise such talent for subsequent development.”   Denis Reeves FCA is Director of Bespoke Ventures Ltd., an experienced interim manager and a Chartered Director.

Apr 03, 2018
Personal Development

In an always-on world, it can be difficult to strike the right balance between work and relaxation, but here are eight tips to help you tip the scales. For many in the workforce, achieving any type of work-life balance can be a myth – especially since technology allows us to be accessible around the clock. So how do we do it? I found myself back at work after maternity leave with a 10-month old working full-time and sharing a business with my husband. I remember feeling so overwhelmed and hugely distracted. To overcome this, I devised a list of top tips for balancing work and life. STEP 1 Firstly, take a deep breath. It will all be ok. STEP 2 Work life balance doesn’t happen automatically. It involves making deliberate choices about what you want out of life. Having a roadmap plan and committing to it. Realising what is important to you and working smarter not harder to ensure you can spend your time how you want to.  STEP 3 Communication is key. I still don’t believe we talk to each other enough. You need to be open about what’s working and what’s not. Work will always be there; however, you need to have your personal life and routine in check as a strong foundation. If you feel like you’re veering off course, reach out and talk to someone. STEP 4 Set aside time for your interests, family and friends. Make a point of planning and booking time off work to do the things that are important to you. Don’t wait to see what time is left over as I can guarantee that there won’t be any. Your list of tasks will never be complete and there’s never a good time. STEP 5 Set your own parameters around what success looks like to you. Having a strong sense of who you are, your values and what drives you will help you better understand what makes you happy and to get more of that in your life.  STEP 6 Turn off your distractions. It’s learning the skill of turning off the technology and enjoying the quality time. STEP 7 It’s also important to align your goals in pursuing your passion. Those that do achieve this balance usually have a defined plan around timeframes and what they are willing to sacrifice to get what they want in the end. Don’t let the situation control you, take hold of it head on. STEP 8 The most important tip to achieving work-life balance is building your A Team, also known as your support network. People who are successful and achieve good balance have a strong support network who help them through the tough times. Sorcha Pollack is an Audit Senior at EY Ireland.

Mar 06, 2018
Personal Development

Acknowledging our vulnerabilities and improving our self-awareness can allow us to succeed in our personal and professional lives. “What are your strengths and weaknesses” is a question frequently asked at interviews and one that interviewees are often least prepared to answer. While few have difficulty rhyming off strengths, describing one’s weaknesses or vulnerabilities is another matter. Doing so requires a level of disclosure that few of us are willing to make to ourselves, much less to others.  As Abraham Maslow, American psychologist who is known for creating Maslow’s hierarchy of needs, said, “We tend to be afraid of any knowledge that would cause us…to make us feel inferior, weak…We protect ourselves and our ideal image of ourselves by repression and similar defences”. However, research shows that vulnerability is the birthplace of innovation, creativity and change. We connect to others through vulnerabilities. They are key to our self-awareness and how we manage ourselves socially.  This article is designed to equip you with some means to identify and explore those vulnerabilities and improve your self-awareness.     Focus on the here and now Begin with noticing and self-reflecting. When interacting with others, you should slow yourself down and take notice of your emotions, thoughts and behaviours as situations unfold. Try to concentrate on what is happening to you in the moment. Studies show that we are able to concentrate on up to four voices at one time. One of those voices should be our own.  The ability to focus on the present can and should be practiced regularly by using mindfulness exercises. Mindfulness is simply concentrating on the present moment and focusing on one element to keep you in that moment, such as your breathing. Through mindfulness practice, we learn not to engage with passing thoughts but rather to observe them and take notice of recurring negative thoughts that may be affecting us. By practicing mindfulness privately, we develop skills that we can call on to ground ourselves when we feel stressed or unfocused. These skills help us to avoid being distracted by anticipatory thoughts and give us the ability to stay focused when circumstances demand.  Numerous apps are available to help develop or improve concentration skills. Headspace is one such option. Thinking errors How do we identify emotional or cognitive barriers to self-awareness? Be on the lookout for ‘thinking errors’ in your internal dialogues. These are harmful thinking patterns that may habitually hold us hostage so that we behave at the will of others or as victims of circumstance. Some examples of these include: ‘Awfulisation’: “That was the worst interview ever. I was awful.”; Blame-throwing: “It’s all his fault, he should have highlighted the difference.”; Demands: “He has to listen to me because this report is late”, “She should have pointed that out, she knew it was important.”; Extreme thinking: “she never listens”, “he’s always late” Globalising: “I failed my exam. That proves I’m a failure.”; Personalisation: “If I ask my manager for support, he’ll think I’m incompetent”. Such thinking errors should be intercepted and challenged by considering their usefulness. Are these beliefs helpful? Are they true? Is there evidence to support them?  Group dynamics While mindful meditation and self-reflection are useful tools for improving self-awareness, our reflection in other people is more informative. When working in a team, it is important to stay aware of how others react to our behaviours. Noticing such reactions provides us with valuable feedback. Active listening and observation can help us to recognise and then adjust any negative behaviours of our own.  A simple tool called the PFAT scan can help here. With it, we pay attention to: physical body reactions in other members of the group. Are they blushing, sweating, fidgeting, clenching their teeth or fists? others’ feelings suggested through their mannerisms or behaviours. Are they defensive, anxious, worried, bored, tense, challenged, or angry? the appearance of negative body language. Are they retreating or lunging forward? Are they stammering or yelling?; and  where their thoughts are focused. Are they speaking on task or are they defending their position, discrediting others, and redeeming themselves?    To gain greater insight into our relational habits, we should pay attention to group dynamics, focusing not only on how we think and what we observe but also on how we feel during teamwork or group work. Certain situations or people may trigger negative reactions within us. We may discover that what we are experiencing is the mirroring of past behavioural patterns seen in close family members. We should also seek feedback from trusted people seniors in your company and peers. Receiving such feedback openly and sharing our vulnerabilities can prove edifying. By accepting our vulnerabilities with reasonable self-compassion, we can start to accommodate them and to build on our strengths. March EI exercise Practice mindfulness and the reflective exercises described in this article.  Paul Price is is an Executive Coach at Dynamic Connections.

Mar 06, 2018
Business Law NI

Jeremy Twomey writes: Billed as the most important change in data privacy regulation in over 20 years, and with its enforcement deadline of 25 May 2018 fast approaching, ensuring General Data Protection Regulation (GDPR) compliance has become a top priority for the majority of Irish businesses. Over the last year, the Institute has been helping its members to prepare for GDPR in a number of ways. For example, we have provided guidance via articles in recent issues of Accountancy Ireland, while in the last few weeks we have run a series of half day roadshows and courses in a number of towns and cities across Ireland. In addition, the Practice Consulting team has been busy preparing detailed practical guidance in this area, explaining what the changes resulting from GDPR will mean for accountants and their clients. This guidance will be available under the Knowledge Centre section of the Institute website, and is designed to answer the GDPR-related questions that members have contacted us on over recent months. While preparing this guidance, it became evident that a number of “myths” have developed over the last couple of years surrounding the implementation of GDPR. In this article, I am going to address a few of these and try to help you ensure that you do not fall foul of these, as you prepare to achieve GDPR compliance at your firm. Myth 1 - GDPR Compliance is a once off project to be achieved by 25 May With so much hype surrounding the regulation, one should remember it is not a once off event or test for compliance. Unlike planning for the Y2K deadline in 1999, GDPR preparation doesn’t end on 25 May; it requires ongoing effort. It’s an evolutionary process for organisations; 25 May is the date that GDPR will be enforced but no business stands still. You will be expected to continue to identify and address emerging privacy and security risks in the weeks, months and years beyond May of this year. GDPR will require ongoing governance of data, as organisations migrate to new systems or apply their customer data to new markets and trends. Initial compliance is the first heavy lift, but ongoing governance is the long-term reality! All entities falling under GDPR should endeavour to be fully compliant by the implementation day, although this may not be possible in all instances. In such circumstances it is important that you address the essential elements of compliance at your firm as soon as possible, and can demonstrate your ongoing efforts in this regard in a comprehensive documented plan of work. Myth 2 - GDPR is only for large firms, a small accountancy practice or company is not expected to have the time or resources to achieve compliance You will have to comply with GDPR, regardless of your size, if you process personal data. Small accountancy practices do not escape the demands of compliance. GDPR needs to be prioritised by all firms, regardless of size. The vast majority of businesses across Ireland are small businesses and it is important to remember these firms often process a lot of personal data, and their data protection reputation and liability risks are just as real as for larger entities. Myth 3 - With Brexit, entities located in the UK, including Northern Ireland, will not have to comply with GDPR GDPR will apply to all EEA countries and any individual or organisations trading with them. As it comes into force on 25 May 2018 (before the UK is due to leave the EU), UK individuals & organisations must ensure compliance with the new regime by then. The British government has confirmed that the UK’s decision to leave the EU following Brexit will not affect the commencement of GDPR. Post Brexit, it is envisaged that if a UK organisation or individual processes personal data, then they will have to do this in accordance with GDPR. To ensure that the UK will be GDPR-compliant post Brexit, the new Data Protection Bill (currently going through Parliament in London) incorporates all of the GDPR. Myth 4 - GDPR is a completely new approach to Data Protection It is vital to remember that GDPR builds upon the existing legislation in this area. It is an update, not a wholesale revision, to meet the changes in technology and data use over the last twenty years or so. As a result of these changes, consumers’ privacy and data were not by now as well protected as they could be. GDPR rectifies this by increasing the responsibility on organisations to use personal data appropriately and to hold it securely. Although GDPR is not a completely new approach, it is more stringent in its application and the fines for non-compliance have been considerably increased. This means that doing nothing is not an option, although GDPR does allow organisations to take a risk based approach, based on your size and circumstances. Many organisations struggle to assess where they should start in preparing for GDPR. It is helpful to remember that we have had data protection legislation in both the UK and the Republic of Ireland for a number of decades and therefore, firms who have taken data protection compliance seriously are already in good shape for beginning to meet GDPR’s increased compliance standards. Myth 5 - GDPR is just more bureaucracy and work for small firms, with no potential  benefits When legislation of this nature is announced, one can take either a positive or negative view of the task at hand. If you take a negative view, you will see GDPR as more bureaucracy and cost to your firm. If you take a positive view, on the other hand, you will view GDPR as a necessary strengthening of the rights of individuals, and indeed a potential  opportunity. As accountants position themselves as strategic advisers to clients, GDPR is also an opportunity for firms to demonstrate to clients that they can securely hold and process information in accordance with data requirements, and that protection of client data is a priority for the practice. As a result, clients are likely to see their accountants as trusted professionals with whom they can partner to drive their business forward. Therefore, being a leader in this area may enhance your practice and its reputation. In addition, as trusted business advisors to your clients, you must have sufficient knowledge of this new legislation to be able to provide sound advice. SMEs need to be ready when the new law comes into force, but they may struggle to know where to start. Chartered Accountants in practice can help these small businesses bridge the gap to GDPR compliance and, in the process, win new business. Myth 6 - Outsourcing GDPR compliance will be a quick fix for me and my firm There is no quick fix to GDPR compliance. No one piece of software or outsourced service provider is going to provide everything you need to comply with GDPR. For accountancy practices, GDPR will impact on how you manage and store data across your entire firm (e.g. client, prospective client, contact, supplier and staff data). You cannot outsource your responsibility for this information, and compliance with GDPR will require considerable time and preparation from all levels within your practice. With the implementation date of 25 May approaching quickly, it is important to start sooner rather than later on this. Myth 7 - GDPR only applies to Digital Processing Under GDPR, data processing covers both automated personal data and manual filing systems. Manual/paper records are included if they are part of a ‘relevant filing system’. This means papers stored systematically, for example, in a filing cabinet are probably included, but ad hoc paper files may not be. Members should ensure that they apply the same levels of diligence to paper records as they do digital records and that any decisions made regarding the lawful basis for processing, adhering to data protection principles and upholding data subjects’ rights include paper records held. Myth 8 - Under GDPR, accountants will only be seen as Data Processors and hence avoid much of the responsibility that falls on Data Controllers in this new regulation The UK Information Commissioner’s Office (ICO) has previously advised that it considers that an accountancy firm providing accountancy services acts as a data controller. The firm’s status as a data controller in relation to clients arises because the firm has flexibility over the manner in which it provides services to its clients and will not be simply acting on their instructions. In addition to this, the firm has its own professional responsibilities regarding record-keeping and confidentiality. Therefore, because an accountant “determines what information to obtain and process in order to do the work”, firms act as “controllers in common” with clients. Under GDPR, member firms will also be data controllers with regard to their firm data (e.g. employee information). If there is any doubt regarding your status as a processor or controller in relation to your firm’s activities, you should take legal advice. Going forward, firms will need to ensure that client terms and conditions reflect this reality, potentially extending engagement terms as appropriate. No doubt, for many accounting practitioners, much work remains to be done to fully meet GDPR compliance requirements. Between now and the end of May, firms new  to the process will need to examine their existing data processing, review their data protection policies, procedures & controls, and identify any gaps that need to be addressed. Following on from this, firms will need to implement any changes required in a structured documented manner to meet the needs of GDPR and continue to show full compliance long after the implementation date. The Institute will continue to assist members on your GDPR compliance journey, with ongoing updates to our available guidance in this area and, should you have a specific query in this area, please feel free to contact the Practice Consulting Team.

Feb 01, 2018

Was this article helpful?