Management

Even the smallest firm can punch above its weight with the right marketing strategy, and it doesn’t have to cost the earth. Marketing presents challenges for all SMEs. It takes time, costs money, diverts staff away from your ‘core’ business, and more than likely places you firmly outside your comfort zone. As an accountancy professional, your comfort zone is – presumably – accountancy. You may baulk at the idea of writing a blog or press release, setting up a social media account or conducting a media interview but if you own your business, these are important skills. They will not only help you communicate with existing clients, they will also contribute to your business growth. Setting strategic goals Before engaging in marketing, you need to be clear why you are doing it. What do you want to achieve? Is your aim to ‘upsell’ to existing clients? Or attract new clients? Do you want to position yourself as an expert in a specific field? Do you need to recruit skilled staff? There is no point in marketing just for marketing’s sake. Any promotional activities you undertake should be aligned to your overall business strategy. If your goal is to attract five new clients each quarter, for example, your marketing plan must contribute to that. Positioning yourself Once you have defined your goals, you need to think about how you position yourself to achieve them. How do you currently describe your business and does that description make sense? What sets you apart from your competitors? What are the qualities and services you want to be associated with? Who is your ideal customer? A surprising amount of companies – big and small – are very bad at describing what exactly they do. There is a tendency to go heavy on the jargon when it comes to company descriptions. For example, which of the following do you think is more likely to appeal to target customers: We are a cutting-edge consultancy, delivering innovative and automated solutions, integrated across diverse platforms and scalable for all sectors; or We provide user-friendly accountancy software and financial management advice for SMEs. When you are writing your company description, think of your target audience. If I am a potential customer, I don’t want to be bamboozled by jargon; I just want to know that you have what I need. Getting started Once you have set your goals and settled on the best possible way to describe yourself, you need to spread the word. The basic starting point for any marketing campaign is to make sure you have an effective website. If you have a tight budget, you can get a simple site designed and built at a very affordable cost. Indeed, if you are even mildly IT literate, you can have a go at building a basic site yourself using a platform like WordPress.com. A good business site is important because it is the starting point for all other marketing and PR activities. If done right, it can become your central repository for content for social media, marketing emails, digital ad campaigns, media relations and more. It also serves as your online shop window. Your site should be SEO and mobile-optimised. If I have just lost you with those two terms, it simply means that: Your site should appear high up in the results when people search for relevant terms online (SEO stands for ‘search engine optimisation’). For example, if someone conducts a Google search for “accountancy firms in Cavan” and your company is based in Cavan, your website should appear on the first page of search results; and If someone visits your website using a smartphone, it should look and function just as well as when it is accessed from a desktop computer. Most small- and medium-sized enterprises (SMEs) have little time or inclination to update their websites regularly. So design your site in a way that means most content is static (e.g. who you are, what you do, how to contact you), but have one section (your ‘news’ or ‘blog’ section) that is updated at regular intervals. Social media Once your website is up and running, you need to decide what other marketing tools to use. When it comes to social media, think of where your target customers ‘hang out’. For accountancy firms with limited time and money, I would suggest setting up just one or two social media profiles initially, starting with LinkedIn and/ or Twitter. LinkedIn is a professional networking platform, on which you can have both a personal profile and a company or organisational profile. I recommend establishing both. As an SME owner myself, I have found LinkedIn useful for making business connections and identifying potential collaborators. I can point to a number of business ‘wins’ that came about directly because of my interactions on LinkedIn. Twitter attracts lots of negative publicity, but it is a useful tool for disseminating news about your business, keeping up with the latest trends in your sector and getting on the radar of target media and clients. It is a very immediate platform and, to be used successfully, requires daily monitoring and lots of interaction. Don’t set up a profile unless you can commit to that. Email marketing Another cost-effective way to promote your business is through email marketing. This simply means building a contacts database (while making sure you adhere to best practice in data protection) and then, sending regular email updates to your contacts. These can be quarterly or monthly e-newsletters about your company, or more personalised emails promoting special offers, discounts or seasonal greetings. MailChimp is a free online tool that gives several options for designing, sending and saving template emails and e-newsletters. It also stores and makes it easy to manage your contacts database, and tracks the results of any marketing emails you send. Creating content Once you have a website, social media profiles and marketing emails in place, you need content to share on them. This is where the idea of your website as a ‘central repository’ comes into play. My advice is to publish one or two news posts (or blogs) every week on your website and then, share the links to these on your social media and in your marketing emails. The topics for your posts should be aligned to your strategic goals. So, if you want to be associated with tech solutions for accountancy, write posts about that topic. Publishing these posts on your site and sharing them on social media will enhance your SEO rankings. Over time, if done correctly, this means that people searching online for terms like “tech solutions for my business accounts” will be directed very promptly to your site. Measuring results Marketing success doesn’t (usually) happen overnight. It takes time to see what works best and contributes most towards achieving your goals. Measuring the impact of your marketing efforts is really important to make sure you get it right. All the digital tools I have mentioned here have in-built analytics that are easy to access and use. Most important, however, is to frequently revisit your business goals and assess how your marketing activities are helping you achieve them. Other tools to consider Apart from the digital tools mentioned, there are lots more options to consider including advertising (both digital and traditional), sponsorships, sectoral events, and more. There’s also the whole world of media relations to think about – but that’s for another day!

Feb 06, 2018
Innovation

Disruptors can now leverage the cloud to up-end entire markets overnight. How can your organisation protect itself? Software is eating the world. This was the message from Marc Andreessen, published in a seminal Wall Street Journal article in 2011. His powerful message was that a new type of company would build “real, high-growth, high-margin, highly defensible businesses”. He argued that these companies would be software companies delivering services through cloud-based infrastructure.  Marc founded one of the most successful Silicon Valley venture capital firms – Andreesen Horovitz – and was an early stage investor in emerging companies including Facebook, Skype and Twitter. The core of his argument was that the cloud helps to reduce a start-up’s costs. It facilitates faster go-to-market. It enables dramatically quicker scaling. In other words, a start-up can come up with a new idea and deliver it for a few hundred dollars a month on a hosted cloud service without making any investment in hardware or IT support services. Before the cloud, a similar service might have cost north of six figures per month to host and taken months or years to bring to the market. The impact of the cloud has been startling and pervasive. Now a start-up can come up with a great idea and scale with remarkable speed. Many industries have felt the impact faster than others. Retailers can tell you all about the impact of Amazon while traditional media has seen marketing dollars move at a frightening rate to new kids on the block like Google and Facebook, threatening their very existence. The examples are legion but the journey of disruption intermediated by cloud technologies has only started. No industry is safe. It only takes one smart start-up to spot a new, compelling way to deliver a service and within a few months, you may well face an existential threat in your own business. So, what can you do? I want to make the argument for innovation as a strategic response to changes wrought by the cloud. A common misperception But first, a quick clarification. Innovation is frequently conflated with technology. After all, most of us have become acclimated to regular updates from Amazon, Samsung or Apple launching the latest consumer innovations in the form of devices and services, all of which falls roughly into the innovation bucket in the public consciousness. Innovation is not a synonym for technology, however. New technologies are the outcome of innovation, which is an emerging yet practical management science that seeks out the customer rather than the research agency. It looks to test ideas in the market rather than the boardroom. Innovation is not expensive. It is quick, simple, low-risk and inexpensive. And that might come as a surprise. It is grounded in these straightforward steps: Identify a customer problem; Develop a service that solves that customer problem; and Monetise the solution. It couldn’t be easier, right? Well, not exactly. The concepts are simple but take focus and practice. It’s a little like golf. If you have ever been bitten by the bug, you will probably remember hitting one or, at most, two nice shots in your first round. It takes practice and focus to become adept – not to mention a few headaches along the way. Innovation is the same. You will almost certainly see quick results and quick wins, but you will need to work hard to build a consistent and repeatable pipeline of innovations. Your starting point The question for almost every organisation is: where do you start your innovation journey? Here are a few tips to get you started: Be pragmatic: to borrow from Donald Rumsfeld, don’t start with the unknown unknowns. Focus on areas where you have a reasonable idea of the nature and scope of the challenge. Look for a quick win, build organisational confidence and develop velocity from there; Keep it lean: keep your innovation focus narrow and lean. Keep costs low and look for evidence in the market before you take it further; Don’t reinvent the wheel: do your research and look for ideas and approaches used elsewhere that you could leverage in your own business; Train your team: get your staff trained up to understand innovation techniques and practices; and Innovate from the top: innovation must be supported from the very top of the organisation. The CEO must give at least 45 minutes every week to innovation management. Back to the cloud And finally, a few quick ideas to get you thinking about the role the cloud could play role in your organisation. Orchestrator: can you make use of existing cloud services or apps together with your organisation’s capabilities to create new services? Data: do you have lots of data? Data is the lifeblood of many new offerings in the artificial intelligence and machine learning space. Many companies don’t have enough data to ‘train’ their artificial intelligence. Can you leverage this raw material to create new partnerships? Incubator/open innovation: do you have capital and a strong management team? Could you open your business to start-ups by providing work space, capital and management expertise? By opening your business up to the start-up community, you can seek to identify the start-ups that might disrupt your business and invest in them. Embracing uncertainty Innovation is never comfortable. It has uncertain outcomes that you can rarely foresee. Few managers are comfortable with backing uncertain outcomes; it has traditionally been career limiting. But the pace of change brought about by innovation and supported by cloud technologies requires managers to come up with new strategies. And as the cloud continues to facilitate the disruption of one business after another, innovation may be the umbrella you are looking for, or better still, it may help you to identify the silver lining. David O'Leary is a Partner at DOL Associates, which helps businesses grow through innovation and digital strategy.

Feb 06, 2018
Strategy

There is much debate about the external cyber risks facing organisations, but how can firms cope with insider threats? The EMEIA Fraud Survey 2017, which was published by EY in June of last year, suggests that there is room for improvement in Ireland’s corporate culture with some staff prepared to bend the rules to meet targets. The survey states that bribery and corruption remain a significant risk to Irish businesses. Indeed, a more concerning finding is that employees are not open to the introduction of policies that would help detect fraud. Such policies would include email, telephone or social media monitoring. In the main, workers are honest and hard-working. However, experience shows that, due to weakness in controls or changes in individuals’ personal circumstances, individuals can on occasion take the opportunity to commit fraud or other kinds of malpractice against their employer.  Culture shock While surveys represent a snapshot in time as opposed to deeper and more engrained trends, it is nevertheless concerning that a significant number of individuals would bend the rules – in particular, recognising revenue earlier to meet a target. Indeed, this is a timely finding given the ongoing fake accounts scandal at Wells Fargo where staff created more than 1.5 million unauthorised deposit accounts and filed more than 500,000 unauthorised credit card applications between 2011 and 2016 in an effort to meet sales targets. The fact that 89% of respondents believe that the monitoring of data sources such as email, phone or instant messenger would represent a violation of their privacy might also lead one to wonder whether employees have something to hide or are using company facilities for inappropriate purposes. Communication is another issue worthy of consideration given the discrepancy between the perceptions of senior management and other employees when it comes to the effectiveness of communication around ethical standards. For example, almost half of all board directors and senior managers have heard such messages frequently compared to just 32% of their more junior colleagues, according to the survey. These issues, when considered in the round, point to issues around culture, so what can a company do? Back to basics To fully address the issue of insider risk, leaders will need to go back to basics. This will involve setting the right tone at the top while taking a ‘bottom up’ approach to change initiatives that aim to eradicate traces of malpractice among employees. The following 10 steps will assist organisations in battling insider risk and the subsequent material and reputational damage it can bring. Certain steps may require a level of investment and it is up to each individual company to set its own investment threshold. In many cases, however, simple improvements around leadership and communication, for example, can reap significant rewards. Internal policies Does your company have a policy that supports its investigations principles? The endorsement of a company’s policies by the chief executive and board is imperative as it leaves employees fully aware of the repercussions in the case of a policy breach. Equally, executive leadership teams should not be beyond reproach. A cursory review of media coverage suggests that major internal fraud cases in industry occur at senior management level where structure and independence play a critical role. Communication Does your company communicate internal malpractice through training? While eLearning is a successful tool and monitors the completion of standard mandatory training, face-to-face training should be preferred when the issue of malpractice is being discussed and enforced. Annual training should be provided to staff outlining potential red flags and actions to take, in addition to mandatory training. Investigation unit  If an issue occurred tomorrow, could you investigate the case? While a unit may be tasked with fraud investigations, one should question and test whether this unit is manned by skilled personnel who are independent to the investigation process, so much so that the process could not be challenged in a tribunal or court of law. The technical nature of internal investigations cannot be ignored and should be planned for accordingly. Disciplinary process In the event of an issue being confirmed, investigated and reported, does your business have a robust HR process supported by legal advice? Having investigated a case, it is not uncommon for organisations to fail to deal with the outcome of the case or pass the appropriate sanctions. Any failure in this area sends out the wrong message, one that could lead to further malpractice without reprisal. Speak up lines  Does your company have a ‘speak up’ line? Larger companies (those with 500 employees or more) should have a defined process for staff reporting issues which they feel cannot be addressed by line management. In line with legislation, individuals should be free from reprisals in making such reports and again, any subsequent investigations should be undertaken independently. Risk assessments Do you have a fraud risk assessment process? Fraud risk assessments are an additional means of understanding, through open discussion and workshops, the fraud risks the organisation is exposed to. The introduction and management of the assessment supports good governance and provides assurance to stakeholders and owners. Proactive auditing  Investigations are predominantly reactive, so how do you learn from previous issues? Mature investigation or audit functions should plan for proactive auditing and control testing, using data analytics. In the example of a customer who is contacted by their bank regarding a suspicious credit card transaction, data analytics should be employed to identify ‘out of the ordinary’ transactions and issues. Monitor employee actions What do you do to stop customer data or personal data leaving your business? Organisational data, including that of your customers, should be protected from corporate espionage. This can be achieved by enforcing simple controls to protect and restrict the inappropriate access and relocation of data without validation. The General Data Protection Regulation (GDPR), which will come into force on 25 May 2018, will make this a requirement. Performance appraisals Do your organisation’s management and leadership teams engage with employees in a meaningful manner? Managers and leaders should continually strive to make better use of performance appraisals and one-on-one catch-ups. Such discussions could highlight issues that may account for changes in the performance or behaviour of an individual, which may otherwise go undetected. An appraisal should also be undertaken as part of the organisation’s exit programme. Password innovation Does your company take a proactive approach to protecting IT systems and the data contained therein? Previous investigations have highlighted cases of employees sharing passwords and retaining staff members’ information after they have left the organisation, which in turn acted as a catalyst for abuse and theft. Given the corporate world’s ever-increasing reliance on computers, mobile devices and cloud computing, organisations should consider replacing the traditional password with biometrics in an effort to minimise the risk to the company. Michael Fitzgerald is Founder of Fraud Business Solutions, which provides investigation, consultancy and training services.

Feb 06, 2018
Regulation

As you prepare for the implementation of GDPR, there are a number of practical measures to consider when it comes to processing employee data. Most accountancy firms collect and process personal data relating to their employees on an ongoing basis as part of their everyday personnel administration. Personal data processed by your firm could be anything from salary details for administering payroll to sick notes presented by employees regarding absence. As a result, most accountancy firms will be affected by the EU General Data Protection Regulation (GDPR), which will regulate the processing of personal data when it becomes directly applicable from 25 May 2018. With four months to go before GDPR applies to your firm, this article focuses on what GDPR is and some practical measures you should consider in terms of processing employee data. What is GDPR? Over the past two years, we have noticed many organisations struggle to assess where they should start in terms of preparing for GDPR. It is helpful to remember that we have had data protection legislation in Ireland since 1988 and therefore, firms who have taken data protection compliance seriously are already in good shape for meeting GDPR’s increased compliance standards. GDPR builds upon, and enhances, many of the existing data protection requirements and principles under current Irish data protection legislation. Rather than fear it, GDPR should be viewed as an opportunity to re-visit your firm’s level of data protection compliance. From 25 May 2018, GDPR will replace the 1995 Data Protection Directive, which is the EU legislation on which the main Irish data protection legislation, the Data Protection Acts 1988 and 2003 (as amended) (DPA), is based. There will also be Irish implementing national legislation to give further effect to, and provide for exemptions from, GDPR. In Ireland, the Department of Justice and Equality published the General Scheme of the Data Protection Bill 2017 in May 2017 (General Scheme). The General Scheme essentially sets out the heads that are proposed to be included in the Irish implementing legislation when it is enacted. As a general comment, the General Scheme is very much in draft form and is lacking in detail. Therefore, publication of the draft Bill is anxiously awaited. At the time of writing, it is not yet known when a draft Bill will be published but it may be released before publication of this article. “Consent” in employment contracts As with the current DPA, in order to process an employee’s personal data your firm needs a legal basis to do so. Many of the legal bases that employers currently rely upon to process employee personal data will continue to exist under GDPR. The most relevant legal bases to employers, both under the DPA and GDPR, are as follows: The employee has given their consent to the processing; Processing is necessary for the performance of a contract to which the employee is a party to; Processing is necessary in order to take steps at the request of the employee prior to entering into a contract; Compliance with a legal obligation; Processing is necessary to comply with the employee’s vital interests; and For the purposes of the legitimate interests of the firm. In practice, we find that many employers tend to rely upon the first legal basis mentioned above for data processing, namely consent, which is usually procured in the employment contract. For consent to be valid, it must, among other things, be “freely given”. This raises concerns in an employment context as it is questionable whether an employee’s consent is freely given on the basis of the imbalance of power between employer and employee. The Irish Office of the Data Protection Commissioner (ODPC) has also raised this concern in the context of the existing DPA. The Article 29 Working Party, which is the representative group of EU data protection authorities, recently commented in non-binding guidance that an employee is rarely in a position to give free consent. Significantly for employers, consent can also be retracted by employees at any time and it must be as easy to withdraw consent as it is to give it. Operationally, firms will need to have the resources in place to facilitate an employee retracting their consent. Another point to bear in mind when relying upon consent is that certain data subject rights can only be exercised where consent is the legal basis – for example, the right to data portability and the so-called “right to be forgotten”. Based on the concerns with relying upon consent, now is the time to consider whether alternative legal bases could be relied upon by your firm for certain processing of personal data. For example, processing an employee’s details as part of payroll could instead be based upon the legal basis of performance of a contract with the employee. There may, however, be situations where consent is the only appropriate legal basis to rely upon. Such a situation may arise, for example, in the context of processing an employee’s medical information where such processing is not required by employment law. Where it is necessary to rely upon consent as a legal basis, consent should be procured through a declaration or other document separate to the employment contract, which is not intrinsically linked to the employee’s acceptance of their employment with the firm. Data subject rights GDPR introduces new data subject rights and also modifies some of the existing rights under the DPA. A modified right, which many firms may be familiar with, is the data subject access right (SAR). This essentially gives an individual the right to receive a copy of his or her personal data which a data controller (e.g. an employer) holds. In practice, we find that SARs are being made more frequently by employees, particularly as an alternative to discovery in litigation or as a fishing exercise prior to making an employment claim against the employer. SARs as they currently exist can be onerous for an employer to comply with and GDPR will not make them any easier from an employer’s perspective. The current tight time-frame to respond  to a SAR of “as soon as may be” but not longer than 40 calendar days will shorten under GDPR to a response being required “without undue delay” and in any event within one month of receiving a valid access request. Currently under the DPA, employers are entitled to charge an administrative access fee of €6.35 for processing a SAR, which will be abolished by GDPR unless the employer can demonstrate that the cost will be excessive. The shorter time-frame for responding to a SAR means that firms will need to ensure that they have the policies and procedures in place to comply with a SAR received and that they have sufficient staff and resources. However, if a request is complex or a number of requests are made, then the time-frame can be extended by a further two months where necessary. The data subject must be informed of the extension, and the reasons for it, within one month of the employer having received the SAR. Accountability Accountability is a core principle of GDPR. It requires that firms not only comply with GDPR by implementing appropriate technical and organisational measures and appropriate data protection policies, they must also be able to demonstrate their compliance. The current Data Protection Commissioner, Helen Dixon, has noted that this is not just a pen-pushing exercise. You therefore need to be able to meaningfully demonstrate compliance. As such, this will involve more than simply having data protection policies and processing registers in place that comply with GDPR. Your firm will also need to be able to show that it has implemented such policies through staff training and regular checks and testing, for example. Information to be provided to employees As with the DPA, under GDPR certain information must be supplied to employees before their personal data is collected and processed by your firm. Otherwise, such processing is unlikely to be considered fair and is likely to be contrary to the data protection principle that personal data must have been obtained and processed fairly and lawfully. The information will typically be provided in the form of a notice to job candidates and a further privacy policy will be supplied to successful job applicants as part of their on-boarding induction to the firm. While this information requirement continues under GDPR, the content of such notices and policies will need to include additional information. Under GDPR, the following information will need to be provided: The firm’s name and contact details and the name and contact details of your data protection officer (where one has been appointed); The purpose(s) of the processing as well as the legal bases for processing; Where the legal basis for processing is based on the firm’s legitimate interests, those legitimate interests should be identified; The recipients or categories of recipients of personal data; That the firm intends to transfer personal data to a third country and the legal basis for the transfer; The retention period for personal data and the criteria used to determine this; How employees (or job candidates) can exercise their right of access, rectification, erasure, restriction to processing, objection to processing and data portability, if such rights apply to the employee (or job candidate); How employees (or job candidates) can retract their consent to processing, where the processing by the firm is based on consent; The right to submit a complaint to the relevant Data Protection Supervisory Authority; Whether the employee (or job candidate) is required to provide their personal data pursuant to statute or a contract, and the consequences of failing to provide such data; and The existence of automated decision-making, including profiling, and the logic and consequences of the processing for the employee (or job candidate). It is important to review existing notices and policies given to employees and job candidates in order to check that they include the above information. Data Protection Officer An important change being introduced by GDPR is the requirement for certain data controllers and processors to appoint a data protection officer (DPO). The DPO will be responsible for overseeing the organisation’s compliance with data protection. The DPO is not, however, a new concept. While this will be the first time in Ireland that this role has been codified, many organisations may already have an individual responsible for data protection compliance and DPOs are in fact required in Germany. What is new under GDPR is the fact that a DPO must, under statute, be appointed for the following controller and processor organisations: Public authorities or bodies (except for courts acting in a judicial capacity); Data controllers and processors whose core activities consist of processing, “which require regular and systematic monitoring of data subjects on a large scale”; and Data controllers and processors engaged in large-scale processing of sensitive personal data or personal data relating to criminal convictions and offences. The Article 29 Working Party, in guidance, recommends that controllers and processors document their internal analysis conducted to decide whether a DPO is required. An important point that the Article 29 Working Party have also highlighted is that, while organisations are free to voluntarily appoint a DPO and the Article 29 Working Party encourages this, if an organisation does so, a voluntarily-appointed DPO is under the same obligations as a mandatorily-appointed DPO. With the above in mind, firms that already have an individual whose day-to-day work is largely the same as a DPO may want to consider the increased responsibility of the role; the fact that the DPO reports to the highest management level; that the DPO function must be adequately resourced; and further, that a DPO is expected to have expert knowledge of data protection law. Significantly, it is a form of protected employment as the DPO cannot be dismissed or penalised for fulfilling their tasks within the firm. This role needs to be carefully considered before making an appointment. Peter Bolger is the Head of Intellectual Property, Technology and Privacy at LK Shields.

Feb 06, 2018
Strategy

Chartered Accountants can play a vital leadership role as Brexit takes priority in companies’ strategic plans. Political considerations were the dominant theme in the media’s coverage of Brexit during the final weeks of 2017. Much of the debate focused on Northern Ireland as the joint report of the EU and UK negotiators on progress during phase one of the negotiations was finalised and presented to the European Council. The report affirms the UK’s commitment to protecting North-South cooperation and its guarantee of avoiding a hard border, stating that any future arrangements must be compatible with these overarching requirements. Furthermore, following negotiations with the Democratic Unionist Party (DUP), the UK has also committed to ensuring that Northern Ireland will not be treated any differently than the rest of the UK – a commitment that is likely to limit flexibility around potential trade deals. The joint report states: “The United Kingdom’s intention is to achieve these objectives through the overall EU-UK relationship. Should this not be possible, the United Kingdom will propose specific solutions to address the unique circumstances of the island of Ireland. In the absence of agreed solutions, the United Kingdom will maintain full alignment with those rules of the Internal Market and the Customs Union which, now or in the future, support North-South cooperation, the all-island economy and the protection of the 1998 Agreement.” How this will be achieved, and what it will mean in practical terms for businesses, very much remains to be seen. Hot on the heels of the joint report came EU guidelines for phase two of the negotiations, which will focus on finalising the divorce agreement for the “orderly withdrawal” and agreeing on a framework for the future relationship of the UK with the EU. In relation to the border issue, it will be critically important that businesses and Chartered Accountants on both sides of the border make their voices heard in the coming months. The guidelines state that, during this second phase of the negotiations, “in view of the specific nature of issues related to the island of Ireland, the work on detailed arrangements required to give effect to the principles and commitments set out in the Joint Report should continue in a distinct strand, some of which would be translated in the Withdrawal Agreement, others in the framework for the future relationship”. “Cliff edge” exit The guidelines supplement the negotiating directives from May 2017 and set out additional details on possible transitional arrangements. The need for clarity on transition is urgent. Decisions businesses make today can take 18 months to two years to implement and will impact future growth and jobs. Giving evidence to the Business, Energy and Industrial Strategy Committee in November 2017, representatives of the automotive industry highlighted the dangers of a “cliff edge” exit. Mark Wilson, Chief Financial Officer at Aston Martin, said: “In order to prepare, we have to understand the direction of travel, which is why it is really important that we get clarity quickly.” Mike Thompson, CEO of the Association of the British Pharmaceutical Industry, told the same select committee: “One of the challenges for us is that, if I may say, it is not unusual for politicians to think that you do not need to do a deal until the absolute last minute, but business people need to be able to plan ahead.” As we move into these negotiations, it is vital that Chartered Accountants on the island of Ireland play a leadership role in bringing Brexit front and centre in their company’s strategic plans – not necessarily to put a hard and fast plan in place, but to ensure that, at a minimum, potential issues are quantified and discussed. By doing this, a better understanding of the impact of potential trade deals on businesses will become apparent and they will therefore be in a stronger position to exert influence. There is clear evidence of progress in this area, albeit quite slow progress, with 70 companies approved for a Brexit consultancy grant with Enterprise Ireland and a further 100 expected to be approved in early 2018. Similarly, InterTradeIreland has approved 24 Brexit vouchers with a further 17 applications pending. While this progress is welcome, there is much work to be done in the early months of 2018. Although it is likely that both EU and UK citizens working in both jurisdictions will have their rights protected, the UK Government has stated its intention to register new arrivals from the EU as preparation for a future immigration system. At the time of writing, it is not yet clear what the final transitional arrangements will look like or how long the transition period will be. The EU guidelines propose that transition should apply “from the date of entry into force of the Withdrawal Agreement and should not last beyond 31 December 2020”. However, this is shorter than the two years proposed in Prime Minister Theresa May’s Florence speech and there may be some movement in the coming weeks as negotiations get under way. Future relationship With phase one completed and phase two negotiations now under way, businesses need to see progress on the framework of a future trade relationship. Existing models for a potential future trade deal were neatly summarised in a slide presented by Michel Barnier to the Heads of State and Government at the European Council on 15 December 2017 (refer to Figure 1). Of these, the Comprehensive Economic and Trade Agreement (CETA) appears to be attracting most attention. An ICAS-commissioned report by Dr James Ogilvy, a former member of the Canadian International Trade Tribunal and an adviser to the Government of Alberta during the CETA negotiations, suggests CETA could provide the foundation for a ‘Canada-plus’ framework tailored to UK requirements. A point of interest for Chartered Accountants is that CETA provides a framework for the EU and Canada to recognise each other’s qualifications in certain regulated professions including accountants, architects, engineers and lawyers. For all the talk, and despite recent developments and assurances, contingency planning will need to remain at the top of the agenda in the months ahead and Chartered Accountants must play a leadership role in this respect. Michael Farrell is Director at PKF-FPM Accountants Ltd., a service provider for InterTradeIreland’s Brexit Advisory Service. CETA: more than 20 years in the making The Comprehensive Economic and Trade Agreement (CETA) between Canada and the EU, which provisionally came into force in September 2017, is cited as a potential model for a future trade deal between Britain and the EU. Work on CETA arguably commenced at least two decades prior to the formal launch of negotiations between Canada and the EU in spring 2009. It then took a further five years before the text of an agreement was signed on 30 October 2016. Reasons for the delay included the complexity of issues to be addressed. For EU companies, CETA benefits include the removal of most Canadian customs duties and the opening up of the Canadian market to European exporters. However, the text of the agreement shows that many exceptions had to be negotiated along the way. For example, in the agri-food sector, CETA protects certain “sensitive” EU food products such as beef, pork and sweetcorn with limited, tariff-free quotas while the market for poultry and eggs will not be opened up. Significantly, from a Brexit perspective, CETA does not cover financial services. Regional political factors also delayed the negotiations, not least a last-minute crisis triggered by developments in Wallonia, Belgium where concerns about labour, environmental and consumer standards held up the EU’s scheduled CETA signing with Canada. While CETA is provisionally in force since 21 September 2017, EU member states still need to approve the text at national parliament level and, in some cases, regional level before it takes full effect.

Feb 06, 2018
Spotlight

To ensure success, businesses must take a strategic, flexible and long-term view when adapting to a cloud environment. As the world becomes more and more connected, organisations are increasingly adopting cloud-based services to meet their business needs. Cloud computing is a very clearly-defined computing model with essential characteristics such as pervasive, convenient, on-demand, measured, network access to a shared pool of configurable computing resources. It is a game-changing technology, which is driving – and will continue to drive – cost reduction and innovation across organisations. Risks and concerns While the potential benefits of cloud computing are compelling, the use of cloud computing services is driving new risks, security and privacy concerns, and opportunities that impact all elements of the business ecosystem. There is no doubt that organisations need a strategic, flexible and end-to-end security, risk and compliance capability to enable secure cloud transition and business cloud transformation. Furthermore, regulators are becoming increasingly more interested in cloud computing. It is understood simply as a version of IT outsourcing and with that comes legal and regulatory requirements which must be monitored, reported and adhered to. As part of cloud adoption and transformation, organisations must identify and prioritise threats and risks; then design, implement, and operate risk and cost-appropriate controls to address them. Legacy security, risk, control and compliance capabilities are not sufficient to address cloud risks. Organisations must evolve their security, risk, control and compliance capabilities to enable cloud transformation of the business and benefits realisation. It is good practice to ensure that an organisation’s cloud security capabilities address these key guiding principles:  Business and stakeholder mindset Legacy security mindsets won’t work. Security must operate with an agile business risk advisory mindset with understanding of cloud architecture and operations. Cloud is fundamentally changing all aspects of the digital business ecosystem. Security focused on technology will fail to deliver the required benefits; it must instead meet the current – and enable future – needs of a broad range of stakeholders. Risk-focused Security exists to reduce business risk. Cloud security must enable and provide solutions to understand and reduce risks to acceptable levels. Existing capabilities are often insufficient to address new cloud security risks. A continuous threat and risk management capability and secure operations capability should therefore be developed for current and planned cloud deployments. Protect the cloud Cloud security architecture and solutions should address security across multiple levels and use cases (infrastructure as a service, platform as a service and software as a service). Cyber and privacy compliance Cloud security capabilities should be implemented and operated to demonstrate and enforce cyber and privacy compliance to appropriate frameworks and regulations. Cloud adoption and transformation will likely mean expanding the use of third-party suppliers and collecting, storing and transacting user data across geographic and political boundaries. Organisations are responsible for ensuring compliance and protection of user data across the global landscape. The cloud security strategy must include a process whereby the organisation will achieve and maintain compliance to privacy laws, principles and regulations. Agile, on-demand and seamless While security fundamentals still apply, the security technology, process, people and delivery models must adapt to enable cloud adoption and operations. Invest smart Legacy investments are not enough. Agile, application programming interface (API) driven and purpose-built solutions for the cloud are required (security as a service, for example). Security guidance There are many industry-leading control frameworks that can be adapted to ensure organisations are managing the risks associated with cloud computing. Cloud security should align to common control domains, such as those addressed in leading control frameworks. The Central Bank of Ireland also released guidelines in September 2016, which deal with IT outsourcing risk (including cloud service providers) and these should not be ignored in the context of outsourcing to the cloud. In particular, organisations should note the requirement to complete adequate due diligence and the requirement to have appropriate contracts in place with cloud service providers. In addition, the European Banking Authority recently released a set of recommendations relating to the reporting and monitoring requirements for organisations that are outsourcing to the cloud. The principle of proportionality should be applied throughout the recommendations and the recommendations should be considered in a manner proportionate to the size, structure and operational environment of the organisation as well as the nature, scale and complexity of its activities. The recommendations include guidance on the security of the data and systems used. They also address the treatment of data and data processing locations in the context of cloud outsourcing. Organisations should adopt a risk-based approach in this respect and implement adequate controls and measures, such as the use of encryption technologies for data in transit, data in memory and data at rest. Regulatory interest It is clear that regulators are interested in the growing utilisation of cloud environments. Regulators are not averse to cloud computing, but their new and increasing focus on the area of outsourcing means organisations must ensure that they manage the risks associated with cloud computing to address regulators’ expectations. Table 1 summarises some of the areas of focus and regulator expectations. All areas should be included in the scoping phase and those most relevant to your cloud journey should be selected for assessment. Conclusion To summarise, transitioning securely to the cloud is not a piecemeal, one-time endeavour. Organisations need to adapt a strategic, flexible and well-planned approach to enable cost-effective adoption of multi-cloud environments and business cloud transformation. Organisations need to ensure that the adaptation of a cloud environment is beneficial for them from a long-term strategic perspective. Now, more than ever, it is crucial for organisations to have a fully-aligned business and IT strategy in place to drive the business forward in a fast-changing technological world. Jackie Hennessy is a Director in the Risk Consulting department at KPMG.

Feb 05, 2018
Spotlight

Cloud computing does not require a new incident response model, but entities must test their plans regularly and robustly. Cloud computing does not require a new model for managing the lifecycle of incident response (IR). When evaluating cloud services and deployment models, organisations need to review and, where robust, extend existing IR processes to their cloud environments. Where gaps exist, these should be addressed in advance of migration to the cloud and the obligations of the provider contractually agreed. Of course, this is not as trivial as it sounds as the core characteristics of the cloud, such as on-demand self-service, are all about empowering the user and removing reliance on the cloud service provider (CSP). It can therefore be difficult to get the required level of cooperation from a CSP when a security incident occurs. The level of interaction between the IR function and the CSP will depend on the organisation’s service and deployment model. The core characteristics of the cloud significantly complicate traditional IR activities. Characteristics such as resource pooling, rapid elasticity and measured service, for example, make it difficult to deliver focused incident detection and response capabilities in a cloud environments. Indeed, resource pooling can cause privacy concerns in co-tenanted cloud environments. Risks and benefits Without careful definition and demarcation, consumer cloud use may result in data – including personal data – crossing geographic and/or jurisdictional boundaries without customer knowledge or consent. The impending General Data Protection Regulation (GDPR) is significantly increasing focus on incident response capabilities in cloud (processor) environments. The level of fines and the legal consequences resulting from data breaches means that organisations will have to improve their incident handling capabilities significantly, especially when using cloud services to process personally identifiable information (PII) of EU citizens. Conversely, there are a number of ways the cloud can enhance the capabilities of an organisation to respond to an incident. For example, cloud monitoring systems can reduce the time needed to undertake an incident handling exercise. The inherent cloud benefits derived from virtualisation and elasticity can also allow for more efficient and effective containment and recovery. Investigations can be easier as virtual machines can easily be moved into lab environments. Division of responsibility Cloud deployment models (public, private or hybrid) and service models (infrastructure as a service or IaaS, platform as a service or PaaS, or software as a service or SaaS) generally dictate the division of responsibilities regarding IR in the cloud. Each service model differs in the amount of visibility and control a consumer has to the lower levels of the stack. For SaaS incidents, the CSP is responsible whereas for IaaS incidents, the responsibility is mostly with the cloud consumer.  Key components The key components of the incident response lifecycle do not change with cloud computing: preparation, detection and analysis, containment, eradication, and recovery and post-incident activity are all mandated. Preparation begins with a clear understanding and full account of where the cloud consumer’s data resides (in transit, process and at rest). A key output of the preparation phase is an incident response plan. Data flow diagrams that map data, assets and boundaries should be included in the IR plan to highlight any dependencies that could arise during IR. A CSP is essentially just another member of the supply chain and multiple parties can be involved in delivering the service. As such, service level agreements (SLAs) and contracts are the primary means of communicating expectations for responsibilities in each phase of IR, and it is recommended to share IR plans with all parties involved. Provide assurance SLAs provide a level of assurance that the provider has planned for the eventuality of incidents and roles are understood. IR teams will need to determine the appropriate logging required to detect events during preparation and this should all be defined in the SLA with the CSP. Communication points and channels, and the availability of IR teams for each party, should be also be clearly established. Incident definitions and notification criteria, both from provider to customer as well as to any external parties, should be agreed and documented. The consumer should clearly understand the level of support available from the CSP for incident detection (available event data or notification about suspicious events, for example). Define roles and responsibilities The definition of roles and responsibilities during a security incident should also be provided by the CSP. The IR plan should consider how sensitive data will be transmitted and protected. The most important part of preparing for an incident is testing the IR plan. This should involve all relevant parties. Furthermore, the availability of relevant data and the ability to interpret it will impact timely incident detection and analysis. IR in cloud environments is challenging for consumers as the availability of data depends on the provider. The consumer can only see and access what the CSP grants access to. Analysis is complicated because it includes third-party non-transparent infrastructure. Cloud customers should make sure they have access to the data sources and information relevant to incident detection and analysis. This is in addition to appropriate forensic support for incident analysis in the cloud environments they are using. Close co-ordination The containment, eradication and recovery phase requires close coordination with all stakeholders to ensure that the IR activities are effective and efficient. Strategies must be consistent with business goals and aim to minimise service disruption. Cloud deployment and service models may limit the options for this phase. Consumers of IaaS are primarily responsible for the containment, eradication and recovery from incidents, while this obligation falls on the CSP when using SaaS. The extent to which provider facilities and assistance will be made available to the consumer when responding to an attack should be identified in the preparation phase and contractually agreed. Conclusion In summary, for each cloud service that is used, the approach to detecting and handling incidents must be planned and described in the incident response plan. The SLA of each CSP should guarantee support for incident handling and effective execution of the incident response plan, and testing should be conducted at least annually.  Consumers should seek to integrate their testing procedures with that of their provider (and other partners) to the greatest extent possible. Ideally, a team comprising consumer and CSP members should carry out various tests of the incident response plan. Recommendations should also be reviewed and implemented into updated versions of the incident response plan on a regular basis. Ross Spelman is a Senior Manager in Cyber Risk Services at Deloitte Ireland.

Feb 05, 2018
Spotlight

Cloud computing cybersecurity can help your organisation mitigate certain vulnerabilities. Cloud computing has revolutionised how businesses operate and in doing so, has created new security challenges. The shift towards cloud technologies provides cost and efficiency improvements along with numerous advantages. This transition has created new security vulnerabilities and amplified existing ones. In this article, I consider some of the associated risks and how best to mitigate them. Finally, I will outline how cloud technologies will improve cybersecurity going forward. Cyber risks associated with cloud computing Data breaches: the first risk associated with cloud computing that comes to mind is data breaches. A data breach is an incident in which sensitive information is released, viewed or stolen by an unauthorised individual. Cloud servers often contains sensitive information, which is not intended for public release. Data breaches are not unique to cloud computing, but are a major concern for organisations using cloud services. Insufficient identity credential and access management: organisations are exposing themselves to unnecessary risks if they have insufficient identity, credential and access management. Attackers masquerading as legitimate users can read, modify and delete data, snoop on data in transit or even release malicious software. Insecure interfaces and APIs: enterprises use interfaces and application programming interfaces (APIs) to interact with cloud services. The overall security depends on the security level of the API. Poor interfaces and APIs may expose enterprises to risks that could affect their confidentiality, integrity and availability. System and application vulnerabilities: when organisations are using multi-tenancy in the cloud, systems from various organisations are placed close to each other and given access to shared memory and resources, creating a new attack path. The risk is that one of the organisations has system vulnerabilities, which attackers can exploit. This could allow them to steal data, take control of the system or disrupt service operations.  Account or service hijacking: cloud technologies add a new threat to the landscape when it comes to account or service hijacking. The risk is that attackers might gain access to a user’s credentials using software exploits or social engineering. The impact can be massive, as an attacker with stolen credentials can often access critical areas of cloud computing services. Malicious insider: a malicious insider, such as a system administrator, can access sensitive information and can have access to critical systems. It is worth noting that an insider threat does not always mean they have malicious intents. Systems that solely depend on cloud service providers for security are at a greater risk. Data loss: when organisations store data in the cloud there is always a risk of data loss. An accidental deletion by the cloud service provider could lead to the permanent loss of customer data unless the provider or cloud consumer takes adequate measures to back-up data. By employing cloud technologies, organisations are transferring most of their disaster recovery plans to the cloud provider. Insufficient due diligence: when defining a business strategy and roadmap, it is essential that organisations carry out due diligence on potential new cloud technologies before adoption. An organisation will expose itself to a number of risks if it carries out insufficient due diligence. Denial of service: organisations must be aware of the denial of service risk, which would prevent users from accessing their data or applications. Attacks can overload the targeted cloud service system resources and cause a system slowdown, leaving cloud users without access to services. How to manage these risks While the risks might appear to be significant, there are a number of measures – as outlined below – which organisations can take to prepare for the threat of cybersecurity attack: Identify the assets you are moving to the cloud and asses their confidentiality, integrity, and availability requirements. Perform effective due diligence before selecting a cloud provider to ensure they have strict measures for their security infrastructure; The use of multifactor authentication, strong passwords and automated rotation of cryptographic keys, passwords and certificates are all good security practice. Encrypting sensitive data can mitigate against a data breach; To mitigate the risk of system vulnerabilities and insecure APIs, organisations should ensure that proper patching and hardening is carried out; To minimise the risk of account hijacking through social engineering, all employees should receive security awareness training; To prevent a malicious insider attack, organisations should manage privileged accounts and log their actions. Threat monitoring capabilities can be used to identify suspicious user activity; To mitigate the risk of data loss, enterprises should not rely solely on one single cloud provider. It is also vital that organisations have disaster recovery and business contingency plans in place. How cloud computing improves cybersecurity Cloud services add a lot of value to businesses and their innovations improve upon cyber security by providing an architecture and foundation that is secure by design. Cloud providers invest heavily in advanced technologies, which allows them to improve upon cyber security in a number of ways, as outlined below. Threat monitoring and incident response: many large organisations leverage cloud-managed services to handle threat monitoring and incident response. By using a cloud-based solution, all alerts and threat information are aggregated while events that are not considered a security threat are filtered out. Large managed service providers often have access to global security operations centres and threat intelligence centres, which are critical in aggregating data and filtering out false positives. Replacing passwords with advanced authentication: advanced authentication helps manage access and improve trust among customers and business partners. Compromised credentials is the starting point for a lot of high-profile hacks and by relying solely on passwords, you are exposing your organisation to risk. There are many different cloud-based authentication platforms available, which use a combination of one-time passwords and hardware tokens that are more secure. Identity and access management: organisations employing cloud-based services to tackle identity and access management is a growing trend. Data analytics for identity and access management can be used to monitor employee usage patterns and flag any unusual behaviour. The solution looks for patterns around employee access entitlements and then identifies unwanted access. System updates, patching and hardening: updating software is a timely task and organisations often let it fall through the cracks. A core benefit of using the cloud is that system updates are facilitated by the cloud service provider. As soon as the latest versions and patches are available, the organisation will have them. Each virtualised operating system can be secured by using hardening software. Cloud providers take responsibility for the risk of threats: cloud service providers use stricter security measures for their infrastructures than most businesses. Their business and reputation is at stake and so, they need to ensure that everything is secure. These providers often have a global incident response team that works around the clock to mitigate against attacks. Organisations using cloud providers often operate in a more secure environment. Artificial intelligence and machine learning: artificial intelligence equips cloud computing with massive power and immense capabilities from a cybersecurity perspective. It helps analyse and learn from historical data, identify patterns and make real-time decisions. It can take many organisations several months to identify a breach. Combining cloud and artificial intelligence could help identify breaches the day they happen. A lot of time is spent by cyber security professionals gathering and processing information. IBM’s Watson supercomputer can currently ingest four million security-related documents in an hour. This highlights the potential capability of using artificial intelligence in the cloud to improve security. A final word Before an organisation transitions to the cloud, I would advise that they are aware of all the associated risks involved. I would also stress the importance of carrying out proper due diligence on potential cloud providers. As cloud technologies advance further and as new innovations come to the fore, we will also see improved cybersecurity. Leonard McAuliffe is a Director at PwC’s Cyber Practice.

Feb 05, 2018
Spotlight

Theo Lynn and Pierangelo Rosati explain the important role Chartered Accountants can play in helping organisations build the business case for the cloud. We are in the throes of a major transition. Social media, big data, mobile and connected devices are driving business and society to an internet-of-everything where everyone and everything is increasingly connected. And at the centre of all of this is cloud computing. Every day, billions of people and millions of businesses use cloud computing and there is a headlong rush for greater adoption. The accounting sector is no different. Accountancy firms and their clients are adopting cloud technologies to complement and substitute existing IT investments to achieve cost savings, greater flexibility or other benefits. IT, whether hardware or software, is a core part of nearly all businesses and for many is a significant investment. It is, therefore, all the more surprising that many businesses do not conduct a thorough cost benefit analysis before making the decision to adopt cloud computing or seek to measure whether they are achieving the full potential of their investment post-implementation. For many, cloud computing is simply a fog and calculating return-on-investment can seem more time consuming and difficult than its worth. Accountants can play a role in helping firms build the business case for the cloud and help ensure that they realise the full potential of their investments. Dispelling the fog of the cloud The Irish love talking property. Accountants may not understand the minutiae of IT but they understand property. Cloud computing is like deciding whether to build or rent premises. It can be as simple as that. If you decide to open a new accountancy office, you might consider building it. You have to find somewhere to locate it and decide what size the building will be – how big will your firm grow or scale up to? You don’t want to run out of space. You will have an architect designing the building for your existing and future needs, and ultimately you will be responsible for all those design decisions including fitting out the property. You will also be responsible for utilities, security and maintenance of the entire building.  In the case of disaster, you will need to have back-up plan. More critically, you are responsible for the upfront capital expenditure as well as the operating costs for the building. And if you decide to sell, you may or may not make a profit but until you do, your money is tied up in that property. Now when you rent, you share the property with other tenants and the landlord is responsible for the architecture and maintenance of the building. The landlord is also largely responsible for making sure the power and utilities are connected, for the security into the building and possibly for your offices. You decide on how much space you need and if you need more, you can negotiate with the landlord to scale up or down as your business changes. You pay a monthly rent but you can leave when you want. Cloud computing is the IT equivalent of the rental sector. It is an on-demand, multi-tenant, utility-based computing model. You are outsourcing IT infrastructure to cloud service providers whose core competence is building, maintaining and securing IT infrastructure, whether it is hardware or software, so that you can focus on your core competence. Building the case for the cloud The benefits of the cloud are well documented. Figure 1 divides these in to four main categories: cost reduction, revenue growth, competitive necessity and reliability. These categories can drive operational efficiencies or strategic competitive differentiation, depending on the centrality of IT to a given business. The issue is not identifying the benefits of the cloud but rather, measuring these benefits in such a way that allows comparison with the status quo and alternatives. Based on our experience and anecdotal evidence, the knowledge and ability to measure the wide range of costs and benefits, tangible and intangible, to justify an investment in cloud computing is neither common nor used widely to assess the efficacy of cloud investments a priori. Furthermore, when such an assessment is undertaken, it is not done in a comprehensive and robust way. Measuring the measurable and making measurable what is not so Accountants have historically played a critical role in mapping the value consumed or created within organisations. Migrating to the cloud typically requires significant resources in terms of investment, time and effort. Therefore, the decision to adopt cloud computing should be based on a careful assessment of the value it can create. This involves an in-depth recording of current and estimated costs and benefits for both current and future scenarios using comparable measures. Building a case for cloud computing adoption requires a clear understanding of what to measure, over what time horizon, and how. Total cost of ownership (TCO) and of return on investment (ROI) are well-established management accounting concepts for evaluating IT investments. The full range of costs (i.e. tangible and intangible) needs to be considered along the entire investment lifecycle (i.e. from adoption to termination). Cost components vary by organisation context (e.g. size, sector, etc.), cloud service (e.g. infrastructure-as-a-service, platform-as-a-service, software-as-a-service, etc.) and deployment models (e.g. public, private, community or hybrid clouds). It is therefore important to tailor calculation methodologies to the specific business case. In a cloud environment, IT operational costs are based on consumption. As long as the consumption of IT resources is predictable, these costs can easily be estimated. Cloud service billing, by the nature of the cloud business model, allows for greater transparency on consumption at levels of granularity and frequency that simply is not provided by conventional IT departments. Estimation time frames may vary across industries and sectors but ideally, it should be long enough to recover the initial investment and to fully exploit the potential benefits the investments generates, but short enough to provide reliable and realistic estimations. Three, five, 10 years; it is hard to tell what is the best option. Business-specific knowledge should inform this decision. As discussed, costs are only one side of the story and from a calculation perspective, probably the easier side – thus the popularity of TCO in the wider cloud community. However, if you view IT as a strategic driver of business growth, then ROI is a much more nuanced measure. In addition to accurate cost estimation over time, it requires significant time and effort to understand and measure both tangible and intangible benefits, both upfront and on an ongoing basis. Identifying and agreeing measures for benefits, and especially intangible benefits, that can be represented in monetary values requires the specialist knowledge and expertise that accountants have. ROI helps organisations not only to build the business case for cloud computing, but allows management to evaluate the investment against expectations and take corrective action. ROI is not just a destination, it’s a way of life. The accountant as cloud sensemaker Accountants have the opportunity to play an important role in the IT modernisation of business. As a trusted advisor, they can act as a sensemaker – operating between the IT department and the wider executive team to help management define, collect, interpret and communicate data on the costs and benefits of cloud computing before, during and after migration. If effective measurement is a prerequisite of effective management, then effective use of cloud computing mandates more effective performance measurement against strategic and tactical key performance indicators. This is a critical role accountants can take in the headlong rush towards digital transformation. Theo Lynn is Professor of Digital Business at DCU and Principal Investigator at the Irish Centre for Cloud Computing and Commerce. Pierangelo Rosati is a post-doctoral researcher at The Irish Centre for Cloud Computing and Commerce.

Feb 05, 2018
Spotlight

Here’s everything you, as a business executive and advisor, need to know about cloud computing. Cloud computing is a term used with increasing frequency in the past few years, as its popularity with business continues to grow. Essentially, it is technology that allows a business to store its servers and data off-site in secure data centres, which can then be accessed by users through the internet. The adaptation has spread across most industries and accountancy is no exception. Industry analysts, IDC, stated that worldwide public IT cloud services revenue reached approximately $100 billion in 2016, with a prediction that the market will grow to over $200 billion in 2020 – almost seven times the rate of overall IT market growth. Clearly, investment in cloud technology is displacing investment in onsite IT equipment at an aggressive rate. In a follow-up survey, this trend was reconfirmed: 78% of companies were already using public or private cloud technology, and their usage is increasing. 62% expect that by 2019, more than half of their IT capabilities will be delivered through some form of cloud service. What are the driving forces behind this phenomenal growth? In general terms, the cloud is allowing companies to improve customer experience, increase productivity, lower cost, and raise revenue generation by allowing a quicker time to market. Specifically, there are a number of key cross-industry global trends that are driving cloud adaptation. Digitisation Demand for anytime, anywhere access to information is disrupting all areas of business, including accountancy firms. Customers want, and have come to expect, a digital interface with enterprises and disruption is taking place in all geographies. Significant opportunities exist for companies to take advantage of connected devices enabled by the internet of things to capture vast amounts of information, enter new markets, transform existing products and introduce new business and delivery models. However, the evolution of the digital enterprise also presents significant challenges for enterprise IT to deliver solutions that can meet the timelines, capacity, and security requirements that comes with this demand. Application programming interfaces Application programming interfaces (APIs) allow IT systems to be broken into discrete components or domains, which then connect to other IT systems. This provides the platform to create new digital offerings by composing solutions on top of one or many APIs. These solutions can be internal or external. Enterprises with well-thought-out digital strategies recognise the need to be part of the digital ecosystem, where they share capability with others, thereby allowing the ecosystem to deliver new customer offerings on their behalf. A good example of API adoption is the recent Payment Services Directive 2 (PSD2), which mandates banks to allow regulated third-party providers (TPP) to access a customer’s bank accounts (with their digital consent). If you as a customer have multiple bank accounts, a TPP can provide a single digital dashboard across all banks by using each bank’s API on your behalf. As APIs are automatically sharing potentially huge amounts of information, the ability to handle unpredictable loads is critical. Furthermore, this exposes a new cyber-attack target that must be protected. These are areas where cloud service providers differentiate through the confidence their solution instils. Data growth As we continue to digitise, the volume of data and interaction grows exponentially. A new generation of data producers is being born. More than 83 million babies are being born each year, and it is expected that they will create on average 500MB of data every day of their lives. Furthermore, it is estimated that nearly four exabytes of new information were created last year (just one exabyte is equivalent to 25 billion DVDs) and the current projection is that the growth in data will double every two years. This growth of worldwide data is reflected within enterprise, and causing capacity constraints on enterprise data centres. Moving to the cloud provides the ability to flexibly add new storage, but also new computers to process the exponential increase in data volumes. Artificial intelligence and cognitive computing The growth in artificial intelligence has been coined as the fourth industrial revolution. Artificial intelligence is an overarching category within computing with a number of sub-domains: natural language processing, perception, motion and manipulation and machine learning. While all of these sub-domains are growing rapidly, machine learning is by far the largest area of investment for artificial intelligence. Machine learning is a field of computer science that gives computers the ability to learn without being explicitly programmed. It is inherently tied to the big data and cloud explosion of recent years, as most of the algorithms work on the basis of using large amounts of data in a high-performance computer platform to simulate human learning capabilities. Technology powerhouses including Google, Amazon and Microsoft have made high-compute computing available through hardware with graphical processing units; these are ideally suited to the execution of machine-learning algorithms on large data sets. Previously, this would have otherwise required significant capital expenditure and would be a niche market like weather forecasting. Furthermore, these providers have open-sourced their machine-learning platforms, which are provided as packaged cloud services, thereby making these capabilities far more attainable to enterprises. The open-sourcing of platforms such as TensorFlow is driving demand for cloud technology as the only realistic platform for execution. If you think the above applies to your business, it makes sense to start with the following steps before blindly jumping into the cloud: Conduct an application portfolio assessment: evaluate the value and cost of existing IT assets and use this as a vehicle to get out of the data centre business. Your digital agenda can only move as quickly as its slowest part, so use the opportunity to replace out-dated processes and migrate strategic applications to a suitable cloud service; Replace physical  packaged software with the vendor’s cloud service: Salesforce led the market as a ‘software as a service’ (SaaS) provider for many years, but all major enterprise software providers (Microsoft, IBM, Oracle and SAP, for example) have embraced the cloud with SaaS alternatives to on-premises technology. In migrating, companies will also benefit from the vendors’ latest functionality, and simplify future migrations, as this is the responsibility of the vendor; Ensure appropriate governance is in place: cloud service providers continue to improve their security tools, but it is incumbent on the migrating business to ensure that appropriate risk management, security and controls are in place. You remain accountable for your data, so work with your legal and audit teams to ensure that moving data and applications to the cloud meets or exceeds your own standards. Prepare for the shift from CapEx to OpEx: traditional on-premises IT systems typically have a capital expenditure for hardware, software and implementation. Cloud implementations do not incur capital expenditure for hardware and software. Rather, the cost is based on usage or consumption. At a macro level, this shift in expenditure type might look like the company is reducing its investment in IT, while operationally it is more costly to run. This can cause red flags, requiring a communication strategy on why this change is happening. The benefits of switching to a cloud platform are potentially very strong but as with all major business decisions, time must be taken to weigh up the different options and carefully select the best fit for the company’s needs. John Ward is Head of IT Architecture in EY Ireland’s Advisory division. Tom Slattery is Head of Technology Transformation in EY Ireland’s Advisory division.

Feb 05, 2018
Feature Interview

At the peak of a very successful career in the music industry, Dominic Kelly’s world changed for the better. This is his story of how, and why, he hit the reset button. As a young man, Dominic Kelly did not want to be an accountant. He was surrounded by them in his family life and had an abhorrence of the stereotypical “dyed in the wool” accountant. Yet, he created DKC – one of the country’s most successful and understated small accountancy practices. Dominic’s aptitude for a particular brand of accountancy became apparent over time. While he struggled through his schooling in Castleknock College, he found that he was good with numbers and eventually ended up in the College of Commerce in Rathmines. “I had a bit of a chequered path through college but I eventually got it,” he said. “At some stage in my final year, I was in a bit of a quandary because a business degree doesn’t really qualify you for anything in its own right.  “But I was good at numbers. I see numbers and balance sheets like a Rubik’s cube, almost like in 3D, so I decided to do accountancy. I managed to get an honours degree and went on to do my apprenticeship with Denis J. Byrne & Co. in Sandymount.” From unemployed to entrepreneur Dominic was mentored by Joe Moreau, who coincidentally now also practices in an office across the hall from Dominic, as a partner in Byrne Moreau Connell Chartered Accountants. During his time there, he learned one crucial thing: how to deal with clients. “They were really good at communicating with clients – talking to people, getting them into the office, understanding their business and needs, and having them see you as an ally,” he said. Having struggled with the old Prof 2 and Prof 3 exams, Dominic passed his FAE exams on the first attempt while working at the firm. Alas, the harsh truth was that, in those days, newly qualified accountants had to move on. So the following Monday, he decided to go solo. “There were no jobs and I knew that I wasn’t going to work for someone else or become an audit senior in practice,” he said. “And because I took the scenic route through the Prof exams, I was out of contract long enough to get my practising certificate immediately. It was a stroke of luck.” Working from home, one of Dominic’s first clients was a large rehearsal studio called The Factory on Barrow Street. “It was run by Robbie Wootton, who then managed the Hothouse Flowers and the Black Velvet Band. “I got on really well with Robbie but working from home was a disaster, and after three or four months I decided to take the top floor of The Factory and set the firm up properly. It was a risky move, as it was the most ‘un-accountancy’ location you could imagine, but I loved it.” The early days Dominic’s presence in The Factory put his career on a trajectory he couldn’t have dreamed of when starting his own accountancy practice. It was a mammoth four storey, 200,000 square foot building divided into individual units of 5,000 square feet, where the world’s biggest bands rehearsed before big shows. For bands, it was a ‘one stop shop’ with everything from guitar technicians to sound engineers and lighting experts all under one roof – and now, they had access to an accountant on the fourth floor. “I was a general practice accountant at the start but quite quickly, word spread and I had bands dropping in to talk about VAT, tour budgets and tax demands,” said Dominic. “They simply didn’t understand any of it, so they came to me and I was able to talk to them.” It quickly became apparent that he needed staff to cope with the demand for DKC’s services, both from musicians and clients looking for general accounting services. To give his business the best chance of success, Dominic’s first employees were two qualified accountants – Fiona Sheridan and Paula Gahan – who today are partners in the firm and run the general practice side of the business. This allowed Dominic to avail of an opportunity that came his way in 1993, when a concert promoter asked him to restructure his business. “I took it on and managed the money side, while the promoter focused on the music,” he said. “And we managed to turn it from a small lifestyle business to a global one, and one of Ireland’s most successful private entities.” The toll of rock n’ roll Dominic spent over 23 years in this business, while consulting into his firm’s general practice which was growing steadily in the background. As the years went on, Dominic worked with some of the biggest names in the music industry from REM to Robbie Williams, The Corrs, Barbara Streisand, Van Morrison, Billy Idol and the Hothouse Flowers. He has worked with every size of artist, from those just starting to get gigs to multi-platinum, stadium-level performers. Now with over 30 years spent in the music industry, Dominic and his team at DKC have advised and worked with emerging and global artists, promoters, venues, record labels, publishers, merchandisers and agents, production companies (from lighting and sound to staging and security), and technicians. Dominic quickly became one of the few accountants worldwide with intimate knowledge of how the music industry really worked, but his success wasn’t without its sacrifices. “Up to four years ago, I had three phones – one business, one private and a Blackberry. Ireland would stop at 5pm and the US would start at 4pm, and I was going nearly 24 hours a day,” he said. “But around 2014, I went on holiday to Spain with the family and we were in the middle of several acquisitions and disposals at the time. Long story short, 10 bankers’ boxes were sent out to me and I spent the entire holiday working. I might as well have stayed at home. “It was a disaster of a holiday, but it was a watershed moment for me. I was in boardrooms in New York every two or three months cutting deals and it was just too much, there was too much stress.” There were other factors too, which helped Dominic reappraise his priorities. He contracted a heart virus that ultimately stopped his heart, and his father passed away, both of which focused his mind on his future. “My wife sat me down and said: ‘You’re going to be dead in two or three years if you don’t stop’, and I’m very grateful for that,” he said. “Sometimes you need a kick and I got the point. “If you look at how life should be, mine was a mess. Financially, I was doing really well but I was unfit and overweight and working 15 hours a day, or longer if that’s what it took to get the job done,” he added. “But after that chat, it stopped. I was finished working with the music industry.” Becoming a brand manager Soon after, Dominic began the process of restructuring his life. He refocused his energy on the firm’s general practice and dropped 32 kilos as part of his newfound healthier lifestyle. The firm, which was already doing well, took off – but his reputation in the music industry lived on. In 2016, Dominic received a call from an old friend with a business opportunity. “He had a band and reckoned that they were going to be huge. He wanted me to take them on, and I said absolutely not,” he laughed. “He persisted, and repeated the point that this was different. I wasn’t going to be working for the industry, I would only be representing the artist. “And that struck a chord with me. The one thing artists were missing was real business management, the type of business management that protects their financial interests and helps them make, and keep, more money from gigs, record contracts, publishing and merchandising,” he said. “I knew how it all worked, because I had run those companies for a long time”. He accepted, and now specialises in acting as business manager for bands and artists specifically. “When you do major shows, the artist gets paid either a high percentage of the profit or a set fee – whichever is higher,” he said. “The reality is that the set fee usually ends up being the higher of the two but with my experience, I am able to improve the take for the artist by at least 20% for shows, by getting more on the top line and protecting the bottom line. “But the music industry is an eco-system; it has to be protected and nurtured. You can only ensure this by keeping the bigger picture in mind. It’s very important to see the overall context for all of the players while still maximising your client’s return.” According to Dominic, artists are currently underserved by most tax and audit firms. “These firms simply don’t have the specific industry-wide commercial experience to make the informed decisions that add value and ensure that artists get the returns they deserve from what can, in reality, be an unglamorous and ruthless business. Sector experience is critical and when I get involved, it’s upside only for the artist. They get certainty that they’re getting everything they should, their systems and compliance are first class, and they’re making a lot more money,” he said. “Now, I’m really glad that I took up the challenge and I’m enjoying being back working with bands, some of whom are breaking through into international stadium-level careers. It’s very rewarding to be able to use my accumulated experience and knowledge and apply it to the artists I represent.” Business beliefs This dogged commitment to creating value for clients is just one of Dominic’s unerring business principles, and one he adopted on day one of his fledgling accountancy practice. However, generating value is just one part of the battle as an accountant in business or practice. “Most entrepreneurs see accountants as a cost centre; you’re seen in the same mould as tax,” he said. “My goal from the very start was to become a profit centre, so the client is getting value for their money. If they get value, they’ll never quibble about the fee. It’s essential to create and operate a financial strategy for clients, and not just perform their compliance necessities.” While that approach might suggest a ‘keep the client happy at all costs’ approach to business, nothing could be further from the truth. Dominic is unwavering in his responsibility to deliver bad news when it’s due, and tell clients things nobody else will – a principle that also extends to the firm’s trainees who are expected to perform to an exceptionally high standard. “People have to trust you, but trust is earned through ethics. It’s about more than your textbook readings; ethics is often about saying no to people and telling them the things they don’t want to hear, but need to hear,” he said. “That earns respect. “It’s also important to be honest with trainees too,” he added. “A lot of employers bark at their staff but I’ve always tried to find the person’s strengths and attributes and work to them while highlighting our red line issues, which are accuracy and honesty. Speed comes later. “If you hand a balance sheet to a client and it doesn’t add up, that’s a problem. There needs to be no fudging and to that end, we have never allowed ‘suspense accounts’,” he said. “We will teach trainees how to be efficient and how to communicate. Some people can, and some can’t – those that can’t simply don’t last. They’re gone quickly because that’s the honest thing to do. It’s for their own benefit.” The next chapter While Dominic is back in the business of music, now working only with artists, he has found a much better rhythm. Having lived in Dalkey all his life, he is now based in Dún Laoghaire on the shores of Scotsman’s Bay. When he’s not at work, Dominic’s passion is deep water technical exploration diving and he recently returned from his deepest dive to date – 139 metres off the Sinai Peninsula. He has also rekindled his love of cars and “tearing them apart and rebuilding them again so they’re perfect” after a 30-year hiatus. While there’s much more balance in his life now, not to mention time for his five kids, it all somehow comes back to accountancy. “I’ve built a proper workshop to work on my cars and, to be honest, there’s a link with accountancy there. The logic of assembling numbers and seeing how they work is much the same as the logic behind rebuilding a gearbox. I can ‘see’ inside both a balance sheet and a gearbox in my head, so there’s a synergy there between the two.” Now that’s an interesting thought process for a man who once said accountancy was ‘the absolute last thing I wanted to do’. “Let’s be honest, accountancy can be boring – but it doesn’t have to be. With the right people, and the right tools, it can be fun.”

Feb 05, 2018
Business Law NI

Jeremy Twomey writes: Billed as the most important change in data privacy regulation in over 20 years, and with its enforcement deadline of 25 May 2018 fast approaching, ensuring General Data Protection Regulation (GDPR) compliance has become a top priority for the majority of Irish businesses. Over the last year, the Institute has been helping its members to prepare for GDPR in a number of ways. For example, we have provided guidance via articles in recent issues of Accountancy Ireland, while in the last few weeks we have run a series of half day roadshows and courses in a number of towns and cities across Ireland. In addition, the Practice Consulting team has been busy preparing detailed practical guidance in this area, explaining what the changes resulting from GDPR will mean for accountants and their clients. This guidance will be available under the Knowledge Centre section of the Institute website, and is designed to answer the GDPR-related questions that members have contacted us on over recent months. While preparing this guidance, it became evident that a number of “myths” have developed over the last couple of years surrounding the implementation of GDPR. In this article, I am going to address a few of these and try to help you ensure that you do not fall foul of these, as you prepare to achieve GDPR compliance at your firm. Myth 1 - GDPR Compliance is a once off project to be achieved by 25 May With so much hype surrounding the regulation, one should remember it is not a once off event or test for compliance. Unlike planning for the Y2K deadline in 1999, GDPR preparation doesn’t end on 25 May; it requires ongoing effort. It’s an evolutionary process for organisations; 25 May is the date that GDPR will be enforced but no business stands still. You will be expected to continue to identify and address emerging privacy and security risks in the weeks, months and years beyond May of this year. GDPR will require ongoing governance of data, as organisations migrate to new systems or apply their customer data to new markets and trends. Initial compliance is the first heavy lift, but ongoing governance is the long-term reality! All entities falling under GDPR should endeavour to be fully compliant by the implementation day, although this may not be possible in all instances. In such circumstances it is important that you address the essential elements of compliance at your firm as soon as possible, and can demonstrate your ongoing efforts in this regard in a comprehensive documented plan of work. Myth 2 - GDPR is only for large firms, a small accountancy practice or company is not expected to have the time or resources to achieve compliance You will have to comply with GDPR, regardless of your size, if you process personal data. Small accountancy practices do not escape the demands of compliance. GDPR needs to be prioritised by all firms, regardless of size. The vast majority of businesses across Ireland are small businesses and it is important to remember these firms often process a lot of personal data, and their data protection reputation and liability risks are just as real as for larger entities. Myth 3 - With Brexit, entities located in the UK, including Northern Ireland, will not have to comply with GDPR GDPR will apply to all EEA countries and any individual or organisations trading with them. As it comes into force on 25 May 2018 (before the UK is due to leave the EU), UK individuals & organisations must ensure compliance with the new regime by then. The British government has confirmed that the UK’s decision to leave the EU following Brexit will not affect the commencement of GDPR. Post Brexit, it is envisaged that if a UK organisation or individual processes personal data, then they will have to do this in accordance with GDPR. To ensure that the UK will be GDPR-compliant post Brexit, the new Data Protection Bill (currently going through Parliament in London) incorporates all of the GDPR. Myth 4 - GDPR is a completely new approach to Data Protection It is vital to remember that GDPR builds upon the existing legislation in this area. It is an update, not a wholesale revision, to meet the changes in technology and data use over the last twenty years or so. As a result of these changes, consumers’ privacy and data were not by now as well protected as they could be. GDPR rectifies this by increasing the responsibility on organisations to use personal data appropriately and to hold it securely. Although GDPR is not a completely new approach, it is more stringent in its application and the fines for non-compliance have been considerably increased. This means that doing nothing is not an option, although GDPR does allow organisations to take a risk based approach, based on your size and circumstances. Many organisations struggle to assess where they should start in preparing for GDPR. It is helpful to remember that we have had data protection legislation in both the UK and the Republic of Ireland for a number of decades and therefore, firms who have taken data protection compliance seriously are already in good shape for beginning to meet GDPR’s increased compliance standards. Myth 5 - GDPR is just more bureaucracy and work for small firms, with no potential  benefits When legislation of this nature is announced, one can take either a positive or negative view of the task at hand. If you take a negative view, you will see GDPR as more bureaucracy and cost to your firm. If you take a positive view, on the other hand, you will view GDPR as a necessary strengthening of the rights of individuals, and indeed a potential  opportunity. As accountants position themselves as strategic advisers to clients, GDPR is also an opportunity for firms to demonstrate to clients that they can securely hold and process information in accordance with data requirements, and that protection of client data is a priority for the practice. As a result, clients are likely to see their accountants as trusted professionals with whom they can partner to drive their business forward. Therefore, being a leader in this area may enhance your practice and its reputation. In addition, as trusted business advisors to your clients, you must have sufficient knowledge of this new legislation to be able to provide sound advice. SMEs need to be ready when the new law comes into force, but they may struggle to know where to start. Chartered Accountants in practice can help these small businesses bridge the gap to GDPR compliance and, in the process, win new business. Myth 6 - Outsourcing GDPR compliance will be a quick fix for me and my firm There is no quick fix to GDPR compliance. No one piece of software or outsourced service provider is going to provide everything you need to comply with GDPR. For accountancy practices, GDPR will impact on how you manage and store data across your entire firm (e.g. client, prospective client, contact, supplier and staff data). You cannot outsource your responsibility for this information, and compliance with GDPR will require considerable time and preparation from all levels within your practice. With the implementation date of 25 May approaching quickly, it is important to start sooner rather than later on this. Myth 7 - GDPR only applies to Digital Processing Under GDPR, data processing covers both automated personal data and manual filing systems. Manual/paper records are included if they are part of a ‘relevant filing system’. This means papers stored systematically, for example, in a filing cabinet are probably included, but ad hoc paper files may not be. Members should ensure that they apply the same levels of diligence to paper records as they do digital records and that any decisions made regarding the lawful basis for processing, adhering to data protection principles and upholding data subjects’ rights include paper records held. Myth 8 - Under GDPR, accountants will only be seen as Data Processors and hence avoid much of the responsibility that falls on Data Controllers in this new regulation The UK Information Commissioner’s Office (ICO) has previously advised that it considers that an accountancy firm providing accountancy services acts as a data controller. The firm’s status as a data controller in relation to clients arises because the firm has flexibility over the manner in which it provides services to its clients and will not be simply acting on their instructions. In addition to this, the firm has its own professional responsibilities regarding record-keeping and confidentiality. Therefore, because an accountant “determines what information to obtain and process in order to do the work”, firms act as “controllers in common” with clients. Under GDPR, member firms will also be data controllers with regard to their firm data (e.g. employee information). If there is any doubt regarding your status as a processor or controller in relation to your firm’s activities, you should take legal advice. Going forward, firms will need to ensure that client terms and conditions reflect this reality, potentially extending engagement terms as appropriate. No doubt, for many accounting practitioners, much work remains to be done to fully meet GDPR compliance requirements. Between now and the end of May, firms new  to the process will need to examine their existing data processing, review their data protection policies, procedures & controls, and identify any gaps that need to be addressed. Following on from this, firms will need to implement any changes required in a structured documented manner to meet the needs of GDPR and continue to show full compliance long after the implementation date. The Institute will continue to assist members on your GDPR compliance journey, with ongoing updates to our available guidance in this area and, should you have a specific query in this area, please feel free to contact the Practice Consulting Team.

Feb 01, 2018
Career Guide

Bad career advice is hazardous for your professional health. Here are some of the worst “tips” around. “There’s no need to over-think your CV, just get your old one and update it with the new stuff! Then, fire it out to as many companies as you can... it’ll take an hour max.” “Don’t add in all that information about your company on your CV. If they don’t know it, they’ll Google it.” “Of course the HR Manager will read your CV! And in detail, no less...” “Be sure to deal with as many recruiters as possible... get them all working for you.” “Interviews are a breeze. Just be natural... if you prepare too much, you’ll be too stiff and they’ll know you’re nervous.” “Play hard-ball when it comes to money. Always hold out for that extra €3,000.” “LinkedIn is a waste of time.” “Apply for a few jobs you’re not interested in and use the interviews as practice.” “You’ll definitely get a 50% increase in salary if you threaten to leave. Sure you’re worth it!” “If you’re busy at work, just tell them you’ll reschedule your interview for when you’ve less on your plate. They’ll understand.” “The company would be lucky to land you as an employee. Go in there and demand that they sell the role to you – they need you more than you need them!” “Don’t worry if you thought your email address was funny when you created it in Transition Year. They won’t notice. And that profile photo of you at Electric Picnic is fine too... it shows that you’ve a sense of humour.” “If your CV goes into an organisation from two recruiters, you’ll double your chances of getting noticed. Trust me...” “Don’t bother practising those competency-based questions. Everyone performs better when they’re being spontaneous.” “They don’t care about personality. You’re an accountant – they just want to know that you’re good with numbers.” Have you been on the receiving end of some terrible career advice? If so, send your story to editor@accountancyireland.ie and we’ll ask an expert from Barden to put you on the straight and narrow!

Jan 18, 2018
Career Guide

Ed Heffernan shares his top networking tips based on years of experience. But you won’t find this on Google... Networking is about relationships. It’s about being a first-class listener; as Dale Carnegie once said, “If you want to be interesting, be interested”. It’s also about serendipity – the idea that you can make random chance happen in a non-random way by doing certain things, going certain places and hanging around with certain people. Professor Dunbar first came up with the theory that an individual can only have around 150 meaningful relationships at any one time. In today’s world, however, we have thousands of connections on LinkedIn, Facebook, Twitter, Pinterest and so on. And therein lies the challenge... Networking is about having strong connections with a small group of people, and complementing that with a wide array of weak connections – from which opportunities can and will arise. It’s less about what you know and more about who you know – that’s what networking is all about. There’s a vast array of literature out there on networking for the modern professional, but here are some tips based on my personal experience. Position yourself Jeffrey Pfeffer tells a powerful story of a manager who attributes his success to his decision of where to sit. He noted that, during the course of the day, people walked to the cafeteria and to the washrooms. He found where the two paths tended to intersect, near the center of the open plan office layout, and took that position as his work location. He attributes much of his subsequent success to that simple move, since it gave him much better access to what was going on in his department.  So if you aren’t good at going up to new people, situate yourself so they’ll come to you. Open questions How does this translate to a CPD event or business lunch? First, everyone there will most certainly feel the same way you do. Standing awkwardly at the edge of people in conversation is not a place anyone wants to be, but we’ve all found ourselves there at some time or another. Going up to complete strangers and saying “Hi there!” feels a little unnatural and while there’s no magic bullet, there are a few things to keep in mind: If all you have to say is “Hi there. My name is Bob” followed by silence, then don’t bother. That’s a conversation that’s going nowhere. Have a few open questions  in your back pocket to stimulate some conversation, ideally where you can listen twice as much as you talk. “What brings you here this morning?” or “What’s keeping you busy these days?” are great open questions. Don’t talk about yourself. Instead, ask the person you’re speaking to about themselves.   Be the human being I prefer not to lead with a handshake or even “My name is Ed. I work with Barden. Barden is a recruitment company that works exclusively with the accounting and finance community in Ireland”. You’re there as a human being to meet other human beings, not as the manifestation of a business. Be yourself, not your company. You’re looking to make a human-to-human connection, not a business-to-business connection. Tonality In a first contact situation you should be engaged, enthusiastic, curious and have supportive non-verbal action. Folded arms don’t convey support, for example. Non-verbal communication is key as what we say accounts for just 7% of communication. How we say it (or tonality) accounts for 38% of the overall message while body language (non-verbal communication) accounts for 55% of the overall message. If you really want to get good at networking, I strongly encourage you to read up on some simple body language tips. Non-verbal body language Ask questions. Be excited. Ask for details. Don’t expect the other person to carry the conversation. Laugh (appropriately) and use that all-so-awesome secret weapon that we all have but often forget about: the simple smile (non-verbal communication again). Smiling is the single most powerful thing you can do when you first meet new people. Research shows that people evaluate everyone they meet in terms of warmth and competence. And of the two, guess which matters more? Yup, warmth. For more great networking advice, click here.

Jan 18, 2018
Career Guide

Receiving an offer can leave you on cloud nine, but you need to play your cards right to secure the best deal for you. Here, we help you navigate the offer process and leave your current employer on very favourable terms. If, by now, you have received a job offer – congratulations! You have surpassed your peers and you now have a superb opportunity to advance your career. However, there’s a lot of work yet to do. The offer process can be a delicate balancing act and of course, there’s the downside of having to break the bad news to your current employer that you’re leaving. In your longer-term interests, it’s important that you display the same professionalism at this juncture as you did in the interview room – and to both parties. With that in mind, here are tips to help guide you through the offer process and help you leave your current employer with your head held high, and no bad feelings. The offer process First off, take a steer from your recruiter on how to play your hand as there are feelings involved on both sides. If you want to play hard to get, be prepared to be disappointed as holding out for a few extra thousand euro can backfire. If you happen to find yourself in this frame of mind, you should first consider whether you really want the job at all. Understand that companies don’t typically give huge salary increases. Your offer will be a considered mix of your current salary, the internal rate for the role, and the external market rate for the role. Companies generally set a range for each role, and you should be aware of this range early in the process – it’s uncommon for a company to make an offer beyond the stated range. Don’t focus on the base salary on offer. Instead, focus on total compensation (i.e. the total monetary value of your remuneration package including bonuses, pension contributions, health cover etc.) Once an offer is made, remember that the clock is ticking. The longer you leave it to accept an offer, the more likely the hiring manager will be to question your commitment to the role and organisation. Leave with integrity Once you’ve accepted a job offer and signed your contract, the next item on your to-do list is to let your current manager know. Before you hand in your notice, remind yourself of why you searched for a new role in the first place; have conviction in your decision; and write a resignation letter as this is a perfect opportunity to say thank you without fear of fluffing your lines! When resigning, stay strong. Your manager may provide a counter-offer as it’s not in their interest for you to leave. Closing any discussion on counter-offers early will save you a lot of heartache, as entertaining a discussion when you know you’re leaving only makes the process harder. Remember that a significant percentage of those who accept a counter-offer are on the jobs market again within six months. The reason? The fundamental reasons for their initial move have not changed and promises of change within their role or organisation were not forthcoming. Move quickly to discuss how you want to exit the business in a positive sense, and how you and your manager can work together to make it an easy transition for the team. One month notice periods are generally non-negotiable whereas two- or three-month notice periods can be. Work with your employer to agree an exit that works for both parties but remember: the second you resign the best interests of your next employer should become your priority. How to leave with your head held high Larry Mayers, Director of People Development at Avolon, shares his advice for parting ways with your employer. A common mistake when people leave their current employer is that they often negate what they learnt at that job and view it as a move away from an employer-employee relationship that didn’t work out. This both reduces their learning opportunity and can burn bridges. I personally expect employees to tell me about their intention to leave as soon as possible. Should there be a notice period, I also expect them to work during this period to the best of their ability and with good grace. It is possible to leave on excellent terms, however, but this is often only possible if you were on good terms with your employer to begin with. Relationships are built over time and are easier to maintain if they were robust to begin with. Robust relationships based on honesty and shared positive intent will allow people to leave in a positive way. The person leaving will be open and honest about their departure, and will communicate it without difficulty. Likewise, the organisation will understand why as they would have had a history of open communication.

Jan 17, 2018
Career Guide

As psychometric testing becomes more popular, here are some tips for before, during and after the process. Psychometric assessments are being increasingly used by organisations at the selection stage of the recruitment process to help them select the best candidate for the role and for the organisation. These assessments often include personality and cognitive assessments. The cognitive assessments will indicate how well a candidate will deal with the intellectual challenges of the role whereas the personality assessments can give a good insight into how a candidate will interact with others and how they prefer to work. People often find this a daunting process but upon completion, most find that it has been both interesting and insightful, and a valuable experience for them overall. Here are some tips to help you prepare. Before the assessment Find out how long the appointment will take and make sure you give yourself ample time. Remember, this entire process is part of your interview, so conduct yourself accordingly – dress smartly, make your appointment promptly and don’t be late. Be friendly and polite towards everyone you meet as these factors may also be taken into consideration, particularly if personality profiling is part of your assessment. Sleep well the night before the assessment. Many companies try to avoid testing candidates late in the afternoon, and for good reason. People perform better when they are rested and more alert, so try to schedule your appointment in the morning or as early as possible in the afternoon. During the assessment If you don’t understand the instructions or examples, ask for clarification. It might sound obvious, but it is vital that you understand both before beginning the assessment. Take a break between tests if possible. If one isn’t offered, then ask – performance generally begins to deteriorate after 50-60 minutes. Taking a break after 40 minutes can reverse this trend. So don’t be afraid to ask for a short break – it will improve your performance. If you are doing cognitive assessments online, do them in a place where you won’t be disturbed. Generally speaking, these assessments will be strictly timed and it will not be possible to “pause” the test and return at a later time. Don’t worry if you feel that you’ve performed badly on an assessment. It’s difficult to gauge how well you’ve done. Also, most of the tests are designed so that only 1-2% of people can actually answer all questions. Set it aside and move on to the next one. For personality assessments, the key is to answer honestly. Give the first answer that comes to mind and don’t over-think it. Don’t give answers you think are desirable, but may be untrue. There are social desirability scales built into the assessments and it will show if you do this. More importantly, if you’re not going to be suited to the role or organisation, then you’ll have had a lucky escape. After the assessment Ask for feedback. Sometimes it will be offered but if it isn’t, ask if it’s possible to get feedback. In some cases, there will be a report written on your results and sent to the company. Ask if you may have a copy of this when the process is complete. Whether or not you get the job, it will be a useful and insightful thing to have, and could help highlight areas for future development. Jayne Lee is a Chartered Organisational Psychologist at Davitt Corporate Partners.

Jan 16, 2018
Career Guide

Take your interview technique to the next level with these expert tips from Ed Heffernan. If you Google “interview advice”, you will be presented with over six million results. Bizarrely, when you then search for “interview advice for accountants”, you have 84 million results to choose from! It’s impossible to work your way through the noise of the internet and uncover the real pearls of wisdom, so we’ve done it for you. In the pages that follow, you will find checklists for the three stages of interview – the planning or preparation stage, the ‘on the day’ stage, and the ‘next steps’ stage. We’ve glossed over all the stuff you already know, like show up on time, look presentable and have a firm but friendly handshake, so add these points to your checklist to give yourself the best chance of success. Before the interview Research the company: but go beyond the superficial. Get your head around what the organisation does but more importantly, why they do it. If you can demonstrate that your values align with those of the company you wish to join, you will put yourself in a good position. It will also help you answer those dreaded questions: “What do you know about your business?” and “Why does this company and role interest you?” Get comfortable with the company’s financials: you’re an accountant, after all, so this should be second nature. Depending on the industry, different figures will hold varying degrees of importance so in leasing, for example, impairment will be key while in the ‘software as a service’ business, revenue recognition and the revenue model will take precedence. Search for your interviewers on LinkedIn: to identify any similarities or common denominators. If you attended the same college or have a mutual acquaintance, you can create an immediate bond – however tenuous it might be. It’s also a nice idea to connect with the interviewers and send a ‘look forward to meeting you’ note ahead of the interview. It’s a small gesture, but it shows confidence and an understanding of the importance of relationships. Prepare for competency-based questions: telling an interviewer that you’re capable will only get you so far. If you can demonstrate your ability and quantify the effect of your efforts you will cast yourself in a much more favourable light. Prepare some probing questions: for the end of the interview because virtually every interviewee is asked: “So, do you have any questions for us?” You won’t get a better opportunity to demonstrate your knowledge, understanding of the company and enthusiasm for the role so leverage what you already know about the company to come up with some really challenging and insightful questions. Good examples include: “Can you describe the month-end process and how would I participate?” and “What are your expectations of this hire?” Confirm the format of the interview: irrespective of whether you’re dealing with the company’s HR department or a recruiter. The more you know about the interview process, the better prepared you will be. You should also ask for some information about the interviewers – their roles, career paths, what they’re like and so on – to give you a rounded view of what you’ll face when you enter the interview room. Know your dates: when you’re working through your career history and the experience you’ve gained in various roles, it’s important that the dates match those listed on your CV and LinkedIn profile as this will demonstrate your attention to detail. It’s also important to demonstrate how your past experience could benefit your future employer, but look beyond the superficial. For example, a large hotel chain and a renewable energy company have a lot in common. Do you know why? It’s all about context! During the interview Travel light: keep your phone on silent and out of sight, leave your bag and jacket at reception, and don’t bring your CV as you should know it inside out. Also, arrive five minutes early – but no more, as you don’t want to put your interviewer under pressure. Dress to match the culture: but err on the side of caution. If the office adopts a casual, dress-down approach, attend the interview in smart casual attire. Interviews can be decided on fine margins and in this scenario, jeans and a t-shirt could be the deciding factor. Make eye contact and smile: this is a common piece of advice but it cannot be reiterated enough. It demonstrates engagement and likeability, and will subconsciously position you as a team player and a thoughtful candidate. Keep it positive: if you’re asked a question that leads you to say “no” or “I can’t”, be sure to follow up with a qualifying statement that leaves a favourable impression and provides adequate context for the interviewer. The ability to say “no” is an admirable quality, but you need to be able to say it in the right way. Ask clever questions that get the interview panel talking: clever questions your peers wouldn’t ask as this will set you apart. There are questions you should avoid too – anything to do with salary, work-life balance and so on can be cleared up with the HR department at a later date. Stay on your guard: interviewers may appear casual and, on occasion, almost familiar in their approach but remember, you are being assessed at every point so keep it very professional. HR representatives are sometimes more formal and structured in their approach than hiring managers, but treat all interactions with the same high degree of professionalism. Be prepared for questions on the specifics: particularly if the role you’ve applied for has a technical slant. Anything less than a detailed, considered and confident response will leave room for doubt with regard to your ability, so be on top of your technical game. Be coy when it comes to talking about your salary: if you notice some buying signals (questions about salary, start dates and other interviews, for example), use it to your advantage. Questions about your current salary can be tricky, but you should stress that the company and role are most important and you hope to match or increase your current package in line with market norms. Where possible, leave salary negotiations to your recruiter and don’t disclose too many details as you may under-price or over-price yourself. After the interview Be patient: hiring managers will routinely say “We’ll get back to you tomorrow” and while it might be said with the best intentions, it’s often a promise that goes unfulfilled. Always add three days’ grace as this will help you avoid unnecessary disappointment and worry. Follow up by email with the HR department or recruiter: particularly if, after the interview, you’re still keen on the role and leave a positive message. In the case of a deadlock, it could tip the scales in your favour. Check in with your recruiter if you don’t hear back from them within three days: there’s a saying in recruitment that “time kills all deals”. You have an active role to play in the recruitment process, so use your initiative and take control. Prepare diligently for your second interview: if you’re invited for a second interview, congratulations! All interviews and hiring processes are unique so your second interview may be the same as the first, or it could be more detailed, or it could be broader in its scope. You may be interviewed by the same people, or new people. Whatever happens, prepare as diligently for your second interview as your first and you won’t go far wrong. Be positive and enthusiastic: remember, when you’re on par with another candidate in terms of your experience and academic record, the person who wants the job most and who appears to be the best cultural fit will win every time so don’t be afraid to show your enthusiasm! Leadership material Ken Bowles, CFO at Smurfit Kappa, shares his thoughts on becoming a great leader. We’ve a great culture at Smurfit Kappa and over the years, we’ve worked to define what makes a successful leader. The capabilities cover areas such as opening up, making the most of diversity, being authentic, knowing yourself, embracing learning and, of course, operational excellence and taking a strategic perspective. No-one will excel in all areas, but I look for these capabilities at all levels as they’re key to success in our organisation.  Our people help shape the future of Smurfit Kappa. We look for people with the potential and ambition to become future leaders... ultimately we’re a large global company but at the same time, we’ve a personable atmosphere with short lines of communication where you can contribute from day one. That said, people sometimes leave our organisation and the most positive exit experiences I’ve had with employees were when their exit didn’t come as a surprise. So my advice is: if the company isn’t delivering what you expected in terms of career growth or you are dissatisfied with your salary or benefits, talk to your manager first and try to resolve the issue. If it can’t be solved and you hand in your notice, take the time to attend exit interviews and give constructive feedback to your manager and the organisation as a whole. Leaving in a positive way is important; you never know when you’ll meet previous employees and old bosses again. How to tackle competency-based questions in four steps Prior to your interview, you should prepare answers to a range of competency-based questions such as “Tell me about a time when you solved a problem for your employer?” The answer should provide specific examples of activity in your previous roles. Adopting a structured and logical approach will help you prepare rounded and detailed answers that will impress your interviewers: Describe the situation you’d like to refer to. Outline what you did, and avoid referring to “we”. Define the outcome of your efforts. Describe what your learned from the experience. This approach will help you tackle a variety of competency-based and situational questions. It would be useful to practice your responses, but don’t go overboard. Just get used to applying a structured approach and familiarise yourself with the main points of interest.

Jan 15, 2018
Career Guide

Planning your route to market is a critical part of your career development journey. Here are six ways to set yourself up for success. Great careers don’t happen by accident. They are the result of many, many strategic moves over the course of one’s working life and just one bad decision – being lured by an attractive salary rather than longer-term career benefits, for example – can derail this process in an instant. In this article, we will help you find the best route to market for you. This process begins the moment you know you want a career change and ends at the CV submission stage. So, first things first… Do your research A career change doesn’t necessarily require a move to a new company, so explore internal and external career opportunities in tandem. At this early stage, it’s a good idea to re-draft your CV and have a trusted friend critique it. A good recruiter will also help you perfect your CV, but you can get a head-start by reading some great CV preparation tips here. Work with recruiters Seek out one or two specialist recruiters, ideally through referrals from people you know and trust. Sitting down with an experienced recruiter who knows your industry will help shape your thoughts and provide some useful insight into the current market. Tap your network While working directly with recruiters will greatly increase your chances of being discovered, don’t forget the potential in your existing network. Check in with past managers or partners in your target firms to seek their advice – they may even make a direct connection on your behalf. But don’t contact your network only when you want something – you need to give before you take. To build your brand throughout your career, read these tips. Tailor your CV At this stage, you will be in a strong position to apply for suitable roles. For each application, tailor the bullet points at the top of your CV or cover letter to outline why you should be interviewed for the role. Weave in the language used on the job specification and give some context as to why you are a suitable candidate. This could include your current industry, the size of your team, the nature of your current activity, the scale of your organisation, or its revenues or budgets for example. Keep a record You need to play an active role in the application process, so keep a record of the firms to which you have applied and when you expect to hear back from them. Follow up with the hiring manager or recruiter if you don’t hear back within your expected time-frame, and share responsibility for communication – hundreds of applications could be submitted for a given role, so bear this in mind! Give yourself time When you begin the search process, you should begin with a very narrow focus which can broaden over time. This strategy will maximise your chances of landing the best role for the next stage of your career. If your search criteria changes at any stage, however, you should keep the relevant people informed (recruiters, hiring managers, your network etc.) Conclusion While the route to market is a very personal journey, it’s sadly a very impersonal process in many instances – be prepared for that. Experience shows that you will get out what you put in so do your research, reach out to the right people, work on your CV and cover letter, and take responsibility for the journey. If you get that right, you’ll already be ahead of the pack. The hard truth... Companies aren’t always great at giving feedback or keeping in touch – even with the candidates they want to hire! Expect delays. Expect the hiring manager to promise that he’ll get back to you tomorrow, and then fail to do so. Expect weak feedback, or none at all. The hard truth is that, once you are not the person they’re going to hire, you fall off the priority list and recruiters rarely have time to look after the “must do that later” list. If you manage your expectations in this way, you’ll end up pleasantly surprised rather than sorely disappointed.

Jan 12, 2018
Career Guide

When contemplating your next career move, context should form a significant part of your research. Job hunting is a complex business, and for one simple reason: different companies tend to call the same jobs and job activities by different names. The job specs they provide can also be light on detail when it comes to hierarchy, division of labour and the weighting associated with different types of activity. So, what’s to be done? Well, the first thing you can do is forget the idea that you should apply for a role based on the job title. You’ll also need to set some time aside to consider your experience, assess potential opportunities and figure out what’s more and less likely in your next career move. It’s not an easy task, but it will help keep your career moving forward rather than slipping into reverse. Job titles The truth is, candidates tend to scan job specs and make quick decisions based on job titles and other key words. Likewise, HR managers will make fast calls based on a quick scan of your CV (more on that here). In accounting and finance, similar jobs will have similar – but different – job titles. One company’s ‘financial accountant’ will be another company’s ‘management accountant’. Other job titles such as ‘GL accountant’ might also creep into the mix. In this scenario, a candidate could overlook a very suitable career opportunity solely because of a misunderstanding around the job title. Likewise, a hiring manager could reject a candidate because their current job title means something entirely different in his or her company. Wouldn’t it be great if there was one universal language for job-related tasks and activities? It would indeed, but that’s a long way off. In the meantime, candidates can be tactical and use this to their advantage by using the job title that best reflects what the market calls the job. And never, even judge a book by its cover when it comes to job specs! What’s in a name? The job title is just one opportunity for confusion. Companies also tend to speak their own language when describing the activities of a job. For example, depending on where you work the payments process can be described as accounts payable, AP, purchase to pay, P2P, PTP, payables, payments, invoicing and even bookkeeping. It’s a relatively straightforward process, but one with a litany of possible names. It’s easy to see how you could be overlooked for a position simply because the person doing the initial scan of CVs doesn’t see the right word on the page in under 10 seconds – and it’s even more complex when you wade into the area of value-add activity. But now you’re aware of the possible pitfalls, be tactical and use context to ensure that your CV makes its way to the top of the pile. A question of weight Here’s another element of complexity that can muddy the water even further – two job specs could read the same, word for word, but the percentage of time spent on certain activities could vary wildly. For example, a role that’s 90% financial accounting and 10% analysis is very different to one that’s 10% financial accounting and 90% analysis. You mightn’t be able to figure out the exact weighting of the role’s activities based on the job spec alone, but do request a breakdown before applying for a role. It shows that you’re acutely aware of the nuances involved in individual roles and it could save you a lot of regret in the long run.

Jan 11, 2018
Career Guide

Go beyond the basics to understand how LinkedIn really works and how you can use it to your advantage. LinkedIn recently reached 500 million members globally, with well in excess of one million members in Ireland. Members traditionally thought of (and used!) LinkedIn to access new jobs. However, the platform has come a long way since then. Finance professionals now use it to share their ideas, concepts and experience while leaders and managers use it to showcase their personal brands and the curious use it to find the answer to the question: “Where am I now?” For the modern, discerning finance professional, participation on LinkedIn is no longer optional; it has become mandatory. So, the question now isn’t “Should I use LinkedIn?” Rather, the questions is “How should I use LinkedIn?” Jump past the basics We are not going to insult your intelligence by telling you to use a good photo, to bullet-point your experience and to refrain from treating LinkedIn like Facebook. Let’s assume you know the basics and a quick Google will get you lots of advice on the vanilla stuff. Instead, we are going to look at a few ways that, as a finance professional, you can get more out of LinkedIn. Focus on key words First, play the key word search game like a pro. Companies looking for talent and LinkedIn algorithms looking to push relevant roles into your feed all play the same game. If you have a word (or a combination of words) on your profile, then you are more likely to come up in a search for those words. Simple in principle, but not so simple in practice. To give yourself the best opportunity to be discovered, you have to cover off as many angles as possible. One company’s financial controller is another companies ‘FC’ or head of finance or finance director or financial director. Likewise, one company’s commercial finance manager is another’s ‘FP&A’ manager or senior business partner. One company’s CFO is another’s chief financial officer. Speak the language of the market, not the internal nomenclature you are used to using. This goes for job titles as well as for your summary section and role descriptions. It also goes for accounting specific terminology and for general industry terminology (e.g. manufacturing, FMCG, pharmaceutical etc.) alike. Slam your summary Get your summary section working for you. Your summary section is key – you can use it to your advantage. It is more ‘free-form’ than your experience in specific companies.  You should use it to give an overview of your experience and industries but, more importantly, you can use it to include words on your profile that you otherwise could not. For example, you may not have experience in FMCG or software companies, but you can state the following: “I have a variety of industry experience ranging from A to B to C and a genuine interest in the broader FMCG and software industries”. Take this concept, work it around your aspirations for the future, and give yourself the best opportunity to be discovered out there. Be a qualified success Watch out for the classic mistake of the Chartered Accountant. Achieving fellowship of Chartered Accountants Ireland is a tremendous achievement – something to be proud of. You become an ACA or FCA in time. Here is the thing about the letters “FCA” – they almost never appear in a job spec and are almost never searched for on LinkedIn. The terms searched for include ACA or “Chartered Accountant”. Consider using phrasing like “ACA (Fellow)” for your profile to make sure you give yourself the best chance of being discovered. Other opportunities The above points are just the basics. You can participate in group discussions, keep up-to-date on trends, share content, post your ideas and experience to help others and lots more. Get the basics right first and then get thinking about how else you can use the platform and how much you want to get involved. Like anything in life, you will get out of it what you put into it. Who knows you? Before LinkedIn, the saying went “It’s not about what you know, it’s about who you know”. That saying just doesn’t cut it these days. The 21st century version is “It’s not so much about who you know, but rather who knows you.” That’s where LinkedIn comes into its own.

Jan 10, 2018

Was this article helpful?