Tuesday, 10 July 2018

Re-writing history with the GDPR time machine



I recently had a conversation with someone where they told me that they had to politely explain to an employee that yes, they could delete their banking details from their HR system. This would be in line with the new General Data Protection Regulation (GDPR) requirements that say that people can check all the personal identification details a company holds on them, and then request that all, or some, are deleted within 30 days. The person then went on to explain to the employee that if they were to delete the banking details, the company would have no way of paying them their salary at the end of the month.

Similarly, on leaving a role an employee can ask their previous employer to erase all of their personal information. However, this obviously prevents the ex-employer from providing them with a reference in future.

Without taking away from the importance of having control over how our personal information is collected, stored and processed, I wonder if we haven’t gone too far with the GDPR. How would an ex-employee’s right to erasure work in practice? Personnel files would be reasonably easy to find and delete, especially if they were digital. The company would need to figure out if any hard copies had been made, and where they were. Formal archives are one thing, but random copies in the back of the finance director’s filing cabinet or on USB sticks are another.

Now consider last year’s budget, or the year before, where Pete was included and identified in the detailed salary budget. Erasure would mean that the budget does not balance, so instead we would “anonymise” Pete, retaining his values, but masking his name. Think that one through for a minute in the context of staff churn ratios… Looking back a year or two to understand how the budget was made up could result in a list of “AN Others”, depriving the reviewer of the ability to analyse or understand the context and build-up of the budget.

Another thought, what happens in an audit, external or tax (potentially going back seven years), when you cannot provide details to support entries in the accounts because the person’s personal details have been deleted as sanctioned by GDPR. Will the taxman accept this as satisfaction of an audit query? I suspect not.

Furthermore, in a digital world, our personal data footprint spreads far and fast. Sure, on the one hand it’s probably easier to search than paper information, but on the other: what a tangled web our digital lives are. That former employee’s email address in a chain of emails involving other people? A company newsletter with a captioned photograph of a team-building event, including the employee? A LinkedIn post written by that employee on behalf of the company, with a lively debate in the comments? Does other data, communication and content simply get razed to comply with the GDPR? “Sorry John, I know this was a valuable conversation with a customer and it would be good to keep a record of it, but it’s got to go because it mentions Pete. And, by the way, please delete all the copies you might still have of the newsletter from four years ago and replace it with this redacted one. Yes, I know we’ve ruined the picture by blanking out Pete’s face, but it is what it is…”

How is this workable? And is this even necessary: unless you are Jason Bourne, does it matter that you appear photographed with the winning company quiz team of 2014? Yet companies of all sizes could potentially get bogged down in administration, hunting down the most ephemeral of mentions within the 30-day compliance period. In the long-term, companies may reassess their corporate communications, or the systems they use – favouring one-system-to-rule them all to make searching for data easier, rather than best-of-breed systems that allow their people to do their best work. Or do companies start asking employees to opt out of their right to erasure to cover themselves for that one-time Pete is mentioned in the company newsletter? And would that even be legal?

One needs to ask when does personal data become company data? History can’t be changed, Pete was a part of the company, Pete’s salary was a part of the budget last year. The blog and the company newsletter represent the history of the company. Both the budget, the blog and newsletter are company property and reflect, in different ways, the company’s history. Does GDPR extend to changing or re-writing that history?

Some of the examples may seem a bit tongue in cheek but if one applies the letter of the law in it’s most draconian interpretation…. It is early days yet: the GDPR has only been in place for a month and no doubt some of these details will get ironed out as we go. But with the US, Australia and India already indicating they will follow the European Union’s lead, there is no doubt this may rapidly become the global standard. And the number of GDPR notifications I am seeing from South African companies today is an indication of how borderless the digital world is. I hope we haven’t just hamstrung our ability to operate in an increasingly digital, data-driven world, by bogging it down in bureaucracy.

 As published in AccountingWeb 26th June 2018
https://www.accountingweb.co.uk/community/blogs/kevin-philips/re-writing-history-with-the-gdpr-time-machine 

Tuesday, 26 June 2018

Sailing the digital sea



That the world is a much smaller place thanks to the internet and digital communication technology has probably not escaped anyone’s notice. But are you truly harnessing this to do your business better, and to grow beyond South Africa’s borders?

Gone are the merchant vessels of yesteryear circumnavigating the globe by sea to sell your products. Today the internet creates an even more extensive marketplace at the click of a button. To me, this presents three clear benefits for South African companies. Accessing best-of-breed, up-to-date and fit-for-purpose technology for your organisation is one of them; working more closely with your team, wherever they are, is another; and finally, growing your business beyond South Africa’s borders in a low risk, low cost, incremental way.

Thanks to advances in cloud computing, and the Software-as-a-Service (SaaS) model, you can pick and choose from a myriad of vendors offering a range of services, not only the ones who have (quite expensively) set up shop locally who may or may not have the exact solution you require. The difference is a bit like that between going down to your local mall, or shopping via Alibaba – except with instant delivery via the cloud.

Indeed, some of the services you access online may be the collaboration, video conferencing and chat tools that enable your team to work better together, wherever they are. Think of these tools as FaceTime for business! You’ll know I am a big fan of involving those at the coalface of your organisation in the budgeting process, and cloud-based collaboration is a great way to get this right.

But what about support for these web products? Interestingly enough, this can also improve, thanks to the providers’ use of many of the same online chat and collaboration tools, giving you instant and secure access to the exact experts who can solve your problem. And in here lies possibly the area of greatest interest for the SME to mid-market company in South Africa looking to expand.

Today globalising your business does not mean that you have to open an office on the other side of the world, employ a range of staff and train them to do what you and your team can do here. This is costly and has been the root cause of many great plans coming to nought as the start-up and initial day-to-day operational costs overseas sink the dreams before they have a chance to flourish.

The cloud-based communication and collaboration services that are now available are the key to you expanding your business outside South Africa. Online video conferencing tools have replaced many face-to-face meetings, and collaboration software is keeping everyone on the same page. This reduces travel costs and all but eliminates otherwise dead travel time, is less invasive for clients, and means you can keep face-to-face meetings for when they really matter.

I can’t promise it will be plain sailing at the outset, as there is always a degree of resistance to the digital world and the lack of a physical presence of a company from the organisations still invested in the 20th century, but the tide is turning. So weather the choppy water as you leave the harbour, look out to the widened horizon, and ride the globalisation wave.

As published in ASA Online Magazine - 1 June 2018
https://www.accountancysa.org.za/advice-sailing-the-digital-sea/ 



Tuesday, 15 May 2018

GDPR is coming: lessons from the South



On 25 May 2018, the General Data Protection Regulation (GDPR) comes into force. Thereafter it will apply to those of us around the world doing business with customers in the European Union. As a region, the EU is the third largest global trading partner of South Africa’s, so we’re certainly paying attention. 

It is worth saying that in principle it is essential that data protection laws move with the times, especially in a digital, cross-border world where your personal data is stored in the cloud, potentially anywhere around the globe, even though you might be dealing with a local company. I, as much as anyone, am annoyed by relentless unsolicited marketing calls and direct mail. And we’ve seen enough data breaches recently to know that they are a very real threat, and that companies should be obliged to report them speedily to minimise their impact. 

The devil is in the detail, however, and the burden on small and medium-sized businesses – ostensibly the lifeblood of economies that want to grow – is potentially crippling. According to the World Bank, formal SMEs contribute up to 60% of total employment and up to 40% of national income (GDP) in emerging countries. In South Africa, SMEs added 36% of the GDP in 2017, and the government has pegged its hopes on this sector contributing 9 out of 10 new jobs by 2030.
 
So, what’s the problem?

Well, in South Africa we are also planning for the enforcement of our own local data protection law, the Protection of Personal Information Act, affectionately known as POPI. And to ensure compliance, corporate South Africa is starting to get its ducks in order. However, it seems what this roughly translates into is the large corporates (with seemingly endless manpower and budgets) pushing their compliance protocols onto their supply chain with an instruction that they must implement the same or be registered as non-compliant. One has to ask whether the, typically SME, supplier can realistically and financially replicate the security protocols of their larger clients?  

And then along comes the double whammy. Enter large customer number two, with a similar volume of compliance protocols, except they are only similar, not identical to the first customer’s protocols. To illustrate, let’s assume large customer number one insists on security IDs for your staff to provide access control to your building, but large customer two insists on biometric security. Are you really expected to put both in place to be compliant with each customer? And then expect your staff to actually jump through these hoops just to enter the building? 

I am currently reviewing a number of 40-pages-plus contracts to ensure POPI compliance from various of our blue-chip customers and can confirm that, to ensure compliance across the board, it’s not entirely implausible that, for instance, we may indeed need fingerprint and retinal scanners to be installed at our offices to meet specific prescribed access control requirements. Or for our employees and consultants to never be able to take their laptops home with them – and if they were to, they would have to be transported by a security company. I’m not sure what these requirements would mean for access control and other compliance in employee homes, nor for smartphones, which are typically owned by employees and have full access, thanks to the cloud, to most information available via a laptop.  

This sounds ridiculous, but it is not impossible based on how POPI is being implemented on the ground, and the fact that as a business, we simply can’t walk away from our largest clients. Nor can we risk non-compliance, where the penalties would be a breaking point for SMEs. The fine for contravening POPI is R10 million (around GBP600,000), and maybe we have it light when you consider the fines for GDPR contravention is EUR20 million (around GBP18 million) or 4% of global turnover. Ouch! I don’t know that many SMEs that could handle that!  

Expense and practicality aside, these requirements also fly in the face of modern working practices, which enable collaboration, reduce distance and the need for traveling time and costs. I am of course referring to new technologies coming into and changing our daily work environment such as video conferencing, screen and machine sharing across the web, and being able to pull the best team together, from anywhere in the world, to work on specific projects. These are all exactly the sort of benefits nimble SMEs and independent contractors offer to big corporates and yet they will be effectively outlawed by the corporate, “belt and braces”, approach to implementation of this legislation.  

So, while I agree with the need for data security, I feel like the legislative approach is one step forward and two steps back, and that we have erred too far on the side of protecting individual data, over enabling the building of our digital futures. Perhaps we need a bit more common sense and forward-looking thinking when tackling these challenges. GDPR is coming, be prepared for the unintended consequences of compliance!

As published in AccountinWeb - 8th May 2018

Tuesday, 8 May 2018

idu-Concept Distinguished as a Budgeting Software Rising Star by Platform for SaaS Reviews


The team behind idu-Concept has worked tirelessly to provide businesses with a robust platform that simplifies and streamlines both financial budgeting and reporting, and we are glad to announce that our software has resonated well with users. B2B software review website FinancesOnline awarded idu-Concept with the Rising Star award for 2018 after we recorded a high 100 percent user satisfaction rating from their Customer Satisfaction Algorithm.

FinancesOnline utilizes its Customer Satisfaction Algorithm to determine the general perception of users about a product. It gathers the user reviews, opinions, and feedback of our users across the internet, including various social media channels. Because of our good traction with clients, we received the esteemed Rising Star award for best budgeting software. This distinction is given to new SaaS solutions on the market that are perceived as an efficient solution by clients, thus resulting in an increase in popularity for the product.

FinancesOnline also conducted a thorough review of our budgeting software. They highlighted several key benefits of our product such as accelerated budgeting and forecasting, detailed financial reports, easy tracking of assets, and effortless handling of administrative tasks, to name a few.

FinancesOnline also acknowledged that idu-Concept can indeed simplify various complex processes, so much so that they awarded us their Great User Experience award for 2018. This award is given to software solutions that provide users with powerful functionalities while ensuring that the software remains pleasing and easy to ease for facilitating one’s work processes. Features that allowed us to receive this award include our “plethora of smart forecasting and budgeting tools,” centralized financial information for easy access of financial data, and much more.

Make sure to visit the FinancesOnline website for the full review and try idu-Concept today.


Thursday, 19 April 2018

In Google we trust

Image result for AI ethics and morality
There is a Tesla Roadster broadcasting David Bowie on repeat while travelling through space. What a time to be alive! And, I’d argue, the perfect time to rethink what it means to be human. But, we need to do it very carefully.
We’re welcoming robots into our homes, cars and workplaces. And they are enabling things that were impossible, or very hard, or very expensive to do. Doesn’t it blow your mind that every day you can use satellites orbiting the planet to find out if there is traffic on your route home?
There is also an understandable moral panic that we are in the process of losing our humanity. This is it: we’ve opened Pandora’s Box and the inevitable result is subjugation by our cyber-overlords. While I agree we’ve reached the point of no return and a digital future is a certainty, I think we should take this chance to re-examine what it means to be human, and code this into the software that is part of our lives. This will, hopefully, ensure technology delivers on its promise to be an equaliser, and not per-petuate the divisions in society.
Unfortunately we’ve already seen a few instances where the latter has happened. Take Google’s facial recognition system that only recognised white faces. Or Google Translate, that translated the gender-neutral pronoun in Turkish in a decidedly 1950s way: ‘He is a doctor, she is a nurse.’ Or LinkedIn, that, when you enter a typically female name, suggests that you might be looking for the male equivalent, but not the other way around.
But this is hardly surprising, as the AI field is new, and we are still learning. On the other hand, it does seem that the less pleasant side of humanity is rising to the surface, thanks to lack of diversity in development and testing teams, and lack of repre-sentative data in samples. Or, as in the case of the Google Translate example, which was based on existing common word combinations, the machines are simply reflecting our shortcomings back at us.
Nevertheless, it is time for some serious thought. Trust, ethics and morality need to be coded into our software now – consider the decisions self-driving cars are going to start making on our behalf. Who will define these rules and algorithms, and what choices will they make? Because at the moment it is corporates that are making them (or not making them), and the last time I checked, increasing profit and shareholder value still ride very high on corporates’ priority list.
In summary
Trust, ethics and morality need to be front of mind as we enter the digital age. This is how we’ll unlock all the benefits of AI and other technologies, and hopefully limit the downsides.
I leave you with the words of Steve Wozniak, co-founder of Apple: ‘You used to ask a smart person a question. Now, who do you ask? It starts with g-o, and it’s not God …’



Tuesday, 10 April 2018

APIs: enabling best-of-breed solutions for your business


 Image result for what is an API?

Think about your smartphone and the apps you have loaded onto it. Sure, it arrived with some pre-loaded, but most you have probably chosen yourself. In fact, you’ve no doubt swapped a few out as well, say when you discovered a weather app that had better wind information when you took up sailing. Or a news app that that aggregates all your favourite newspapers so you don’t have to clutter up your phone with multiple apps, all sending you duplicate breaking news apps. Or selecting the mail service of your choice, be it Microsoft Outlook, Gmail or Apple Mail, depending on your personal preferences and specific requirements. 

In fact, most of us can barely remember dumb phones. It was exciting enough having the Snake game come pre-loaded on our old Nokia 3310s, and the thought of customising what was on the phone wasn’t even a pipe dream. (OK, maybe we could change the phone’s cover.) And I’m pretty sure that some of the AccountingWEB readers don’t even remember life before smartphones. 

But why is it, that when it comes to something as mission critical as our companies’ enterprise resource programming (ERP) systems, we keep getting sold on a black box approach, akin to those dumb phones from the last century, when this is no longer necessary thanks to the magic of  application program interfaces (APIs) — basically windows and doorways onto software that allows you to tap into their capabilities, typically over the internet. 

Sure, in their day ERP systems made life easier for companies, offering a single platform and database with all business requirements being met from one application. This was revolutionary in its time, avoiding the need for huge effort spent on getting a range of incompatible standalone services to work together. Of course there were niggles: including a lack of flexibility and user-friendliness, plus a one-size-fits-all approach to business requirements. Because, despite what the vendors said about their integrated systems offering all the business applications you might need, it was impossible for all of these applications to be best-of-breed for every unique niche across the broad range of business requirements. 

Instead, it was often a case of jack of all trades, master of none. But still, far better than the myriad of incompatible legacy systems you previously had to navigate. And the reason for the myriad of incompatible legacy systems? There was no effective API environment to knit these disparate systems together. 

Fast forward to today, though, the one-stop-shop myth is even more inappropriate in an API powered world. You don’t need to hack your Nokia 3310 to replace Snake with a game you’d prefer. Which is what is happening to those black box ERP systems in an attempt to help them limp into the future. Their source code is so huge that any upgrade, or integration with new third party capabilities, requires an extensive, expensive and extended re-write. Not to mention that the systems no longer leverage the latest technology, such as in-memory processing, which is an essential part of getting the most out of future technologies.  

Thanks to APIs, today you can build your utopian ERP solution. It should be as easy as selecting your general ledger functionality and then adding to it stock, budgeting, accounts payable, reporting, procurement, and so on. All components can now be best suited to your business requirements and accessed via the cloud if you prefer. This will deliver a best-of-breed solution with no sacrifice of quality, which is so prevalent in a one-size-fits-all paradigm. Thanks to APIs, now prevalent across software applications, this is not only possible but indeed standard, as is having your preferred, best-of-breed software work seamlessly with all the other systems in your business, ensuring optimum effectiveness and efficiency.

As published in AccountinWeb - 4th April 2018.
https://www.accountingweb.co.uk/community/blogs/kevin-philips/apis-enabling-best-of-breed-solutions-for-your-business

Wednesday, 28 March 2018

Unlocking An Agile Accounting House

Image result for agile
With technology hurtling headlong into all aspects of life, from our homes, cars and workplaces, to banks, schools and hospitals, it’s no surprise that business looks to the IT world for inspiration on how to adapt and thrive. An example of this is Agile, a method of developing software that is spilling over into all aspects of business, including the finance department
Agile, and being an agile organisation, is coming to the attention of the business world as a plausible way to navigate the disruption all businesses face today. This disruption is thanks to the transition to a digital economy and from the unpredictable nature of the world at large.
Agile software development, as opposed to the Waterfall method inherited from the hardware world, uses collaboration between self-organising, cross-functional teams to set requirements and figure out how to achieve them. And, according to the Agile manifesto, the key to this way of working is embracing changing requirements at any stage, delivering work frequently and continuously improving. As important as the work that is done is the work that is not done: simplicity and speedy time to market is paramount.
It is clear that the old way of working and a top-down, regimented approach will not cut it anymore. Take annual reviews, for instance. In the past they used to make sense to plot the future based on past experience and benchmarks. Today, though, we know that seismic shifts that are impossible to plan for are in fact a reality. Look at Trump, Brexit, the Cape Town drought and the astonishing rise of crypto currencies in the last year. Not only were these events unexpected, their impact has yet to play out, and can’t be guessed at. Expect the unexpected is the only thing that anyone can say with any certainty.
As a side note, I believe that in South Africa we do have an advantage over the Northern Hemisphere. We’re used to absorbing a level of uncertainty as part of our day-to-day lives, and this has made us resilient and entrepreneurial, hustling to find the advantage and opportunity, even in tough circumstances. Possibly to a fault South Africans tend to adapt rather than complain, protest or debate. For instance, look at electricity and water shortages: the delivery of both should be inalienable, and the failure to do so speaks volumes about our leaders. So yes, we are all unhappy about the state of affairs, but we make plans to adapt to the new reality, and we do it immediately rather than waiting to realise our complaints have borne no fruit.
Nevertheless, it sounds like we are all going to have to be nimble going forward. Long-term planning needs to factor in that things might change dramatically, and that people and companies need to be prepared to weather and maximise these shifts. To do this, the ability to change needs to be built into any plan.
Sounds like we are going to have to be pretty agile, right? And especially the finance department as it ensures the right amount of money is invested in the right places, that innovation is both enabled, and culled, as necessary. That the business continues to optimise in ways that build up to significant change. And that, above all, the bottom line is stewarded into the future.
So far, so good. But how do you go about making finance more agile?
Well, I’d argue that tapping into business process management (BPM) principles might be the key that unlocks an agile finance department. While BPM has its origins in the 1990s, much of its philosophy resonates with the Agile movement. Practices such as having a well-defined strategy and understanding how core processes underpin it; consulting the coal face about better ways of doing things; of breaking down silos and getting different teams into the same room together to collaborate and feedback to the business; driving a culture of ownership, buy-in and continuous improvement; favouring iterative, time-based activities over slam dunk delivery. Change and improvement is considered a journey, not a destination. Documentation and system adoption is key to getting IP out of people’s heads (like complex standalone spreadsheets), as well as standardising and automating processes.
Once you have created a strategy, you need to translate it into a delivery model, and this is effectively the budget or forecast at a financial level. But how do you pull all these strands together though, to allow BPM to unlock your agile culture? You don’t get there with spreadsheets, that is for sure. Fortunately, as so often is the case, the very technology that has opened Pandora’s Box has also enabled a new generation of business tools that will facilitate this agile shift.
Budgeting and forecasting can generally be viewed as the ground zero of a financial cycle, so let’s start there. A web-based interface rather than a spreadsheet can make financial data input and review accessible to anyone in your organisation. Now, non-financial managers can easily give you the figures you need, in a standardised format that can be rolled-up into a single version of the truth. You bypass the ineffective, time-consuming, and soul-destroying spreadsheet go-round, shaving weeks and months off the budget cycle in the process. And, importantly, by providing increased visibility and transparency, especially of business strategy, you foster buy-in to, and ownership of, the budget.
This way of working also opens the door to considering zero-based budgeting (ZBB). This bottom-up budget approach, where instead of adjusting the previous year’s numbers you start from a greenfield site and build your budget around what your strategic objectives are, has traditionally been dismissed as a pipe dream. Nice in theory, especially as it has been proven to save money, but too difficult and time consuming to implement in real life … Really? If we accept that the world is rapidly changing across the board how relevant is trend analysis for the past five years as a basis for projecting the future? Or even the relevance of basing this year’s budget on last year’s numbers?
So, considering the arguments above, is ZBB not only doable but also a practical way to empower your new, agile, future-proofed finance culture? It ties the budget directly to corporate strategic plans and allows for rethinking of the way things have always been done.
Empowerment, transparency and ownership in and of themselves, whether you adopt ZBB or not, will lead to better budgeting and budget management. As the actual numbers become available for comparison with the budgets, the same transparency drives the empowered user at the coal face to be more invested in delivering against that budget. Compare this to a manager that is handed a budget that they have had little or no involvement in, and yet are still expected to deliver against.
So, a hat trick of agile, business process management and zero-based budgeting can transform your financial processes from drudgery and frustration, into a user-friendly, creative process that drives innovation in your organisation. Ultimately, if your budgeting and forecasting process is more effective and responsive, this will impact your bottom line positively.
As published in Accountancy SA - March 2018 https://www.accountancysa.org.za/viewpoint-unlocking-an-agile-accounting-house/