Ben Mitchell, Vice President of DocsCorp Europe
Accountancy practice management software has come a long way. Today, features like automated billing and reconciliations are easily integrated into the day-to-day practice workflow of Wolters Kluwer Tax & Accounting UK customers.
Our employees work side by side with our customers to create and manage these solutions – driven by a deep understanding of their needs and addressing the rapid changes in their environment.
However, it’s often hard to look beyond improving performance in day-to-day operations. Amid Brexit, the COVID-19 pandemic and other disruptions, accountancy practices and their clients are dealing with an unpredictable economic landscape. Future business planning can appear daunting.
However, technology can support accountancy practices (and their clients) in making informed business decisions, and planning for the future. In the first part of our Accountancy Practice Management for Future-Fit Growth series, we’ll explore how they can use technology to define and easily track Key Performance Indicators (KPIs). Doing so gives practices closer control of performance tracking, and deeper insights that will inform strategic growth plans.
Saving Time
For several decades, business technology platforms have enabled practices to track performance metrics that they have customised. This highlights areas that qualify for improvement and underpins strategic planning.
Contemporary technology, such as CCH KPI Monitoring, makes setting up KPIs faster and easier for accountancy practices than ever before. This is vital today. The current business landscape demands that firms assess and amend KPIs more frequently, based on fresh market variables. KPIs such as client retention rate and business time-to-recovery have become increasingly prominent performance indicators in the past year. If clunky technology makes KPI management difficult, practices have less time and insight to plan future growth.
Reducing Risk
CCH KPI Monitoring makes it far easier to track KPIs and report on them. This is fundamental in minimising risk. For example, if a KPI is set to track and escalate debt filtered by overdue dates, the ability to easily set alerts and automatically generate reports is critical to practice performance management.
Some practices are manually running monthly reports to measure KPIs. Others are running real-time reporting engines, a key feature of CCH KPI Monitoring. This latter solution allows practices to review essential data at any time – covering both performance management and compliance requirements. They can do so remotely or on-premise.
This means that firms can assess issues before they become problems, and thus act proactively. Real-time reporting is a true asset in building a future-fit practice.
The Proof is in the Practice
A number of Wolters Kluwer customers have been using CCH KPI Monitoring for several years now. Our customers look to us when they need to be right. Ryecroft Glenton has successfully integrated CCH KPI Monitoring with its own system. This consolidates information from several sources, including CCH Central and CCH Practice Management.
“We can use the year end date to trigger a sequence of reminders. Have we asked for the books? Have they been received? If a request to a client has been outstanding for a certain period, the partner will receive an alert via email. For limited companies, we can monitor the corporation tax and Companies House filing deadlines – as well as the different deadlines for pension schemes”
– Ian Smith, partner at Ryecroft Glenton
“Apogee are not just aprinting company, theyconsult with us and go onto deliver a full end to endservice from concept toinstallation. They go aboveand beyond and we lookforward to continuing ourjourney with them”
“Apogee are not just aprinting company, theyconsult with us and go onto deliver a full end to endservice from concept toinstallation. They go aboveand beyond and we lookforward to continuing ourjourney with them”
“Apogee are not just aprinting company, theyconsult with us and go onto deliver a full end to endservice from concept toinstallation. They go aboveand beyond and we lookforward to continuing ourjourney with them”
“Apogee are not just aprinting company, theyconsult with us and go onto deliver a full end to endservice from concept toinstallation. They go aboveand beyond and we lookforward to continuing ourjourney with them”
In the lead up to the General Data Protection Regulation (GDPR) coming into force, many organisations will be increasing their data protection by scrambling to prevent against cyberattacks and hackers. In most cases, however, it’s far more likely that information will leak unintentionally. The Information Commissioner’s Office (ICO) found that, of all data breaches reported between January and March of this year, 37% were a result of information being sent to the wrong recipient. It could be via a staff member sending an email to the wrong person or attaching the wrong document and exposing sensitive information. To be compliant with GDPR, it is just as crucial that organisations ensure data is managed and protected against accidental disclosure, in the same way they work to shield it from cybersecurity threats.
What is Accidental Information Disclosure?
Accidental Information Disclosure is the unintentional release of sensitive information outside an organisation, usually because of human error. Sending an email to the wrong person – particularly when that email contains confidential or sensitive information – can put an organisation’s reputation on the line. In order to be compliant with GDPR, businesses need to have security measures in place to protect personal data from being leaked unintentionally.
How AID can impact an organisation under GDPR
Under GDPR, organisations face fines of up to 4% of global revenue or €20 million, whichever is larger, if they fail to adequately manage and protect the personal data of EU citizens. For example, if a staff member were to send an email containing a spreadsheet of client details to the wrong person, this is considered inadequate data management and protection. Someone other than the client or the organisation that lawfully captured their personal data for a business purpose now has access to sensitive information like addresses, bank account details, and National Insurance Numbers. That organisation will then be subject to the same fines as if it were a victim of a cyberattack.
Metadata and Accidental Information Disclosure
It’s not just the information on the surface of an email attachment that can result in accidental disclosure. Each document created in a Microsoft Office program contains metadata, showing everything from total editing hours to Track Changes, author name, and date created. Though seemingly innocent, this metadata can be damaging – not to mention embarrassing – if it reaches the wrong person.
DocsCorp conducted a survey of small to medium (SME) business owners in the UK to learn how prepared they were for GDPR. 30% of business owners surveyed said they didn’t know about metadata, putting them at risk of breaching GDPR unintentionally since they are unaware of what information they were sending outside the business.
Remote working can increase the chances of data leaks
Our SME survey also found that 58% of businesses polled allow their staff to work remotely occasionally or, in some cases, permanently. This means that the stringent security measures organisations use must go beyond the desktop and cover data handled inside and outside the company’s network. Usually, large organisations will have staff working via Citrix or other thin client technology that means security is just as good as inside the network. Others will be working from employer-provided laptops that will also most likely be adequately secured. Small firms are at the most risk of having loose security measures in place and must take necessary steps to patch any holes in their security network.
How to protect against Accidental Information Disclosure
Using a metadata cleaning tool is the simplest way to minimise the chance of accidental leaks happening. A solution that integrates directly with your email is the best form of defence, since it can scrub attachments of metadata prior to them leaving the organisation. A metadata scrubber can remove any hidden cells or embedded objects as well as Track Changes and comments. The metadata cleaning step will help users slow down and take the time to double check email recipients and attachments.
Email recipient checking is an incredibly important security measure to have in place. The ICO found that 37% of all reported data breaches between January and March of 2017 were due to information being sent to the wrong recipient. DocsCorp will shortly introduce a new security measure in their metadata cleaning application, cleanDocs, that prompts the user to confirm they want to send emails to individuals outside the company domain. In the same step, they can choose to clean any attachments of metadata, ensuring complete management of information over email.
Don’t run the risk of being fined millions. Ensure you have the right software before the May 2018 compliance deadline and protect your business from breaching GDPR.
According to a recent Thomson Reuters survey of 650 UK accountants, 83% have not yet spoken to their clients about the General Data Protection Regulation (GDPR), but plan to. Surprisingly, just 13% have already discussed it, and 4% said they have no plans to talk to clients about GDPR.
On 25 May 2018, the EU General Data Protection Regulation (GDPR) comes into effect. With it comes changes to data protection law that anyone selling or monitoring data within the EU and holding customer data must comply with.GDPR replaces the Data Protection Directive 95/46/EC and was designed to harmonise data privacy laws across Europe, to protect and empower all EU citizens data privacy and to reshape the way organisations across the region approach data privacy.