Colin McArdle - Senior Account Director at Tikit
Accountancy practice management software has come a long way. Today, features like automated billing and reconciliations are easily integrated into the day-to-day practice workflow of Wolters Kluwer Tax & Accounting UK customers.
Our employees work side by side with our customers to create and manage these solutions – driven by a deep understanding of their needs and addressing the rapid changes in their environment.
However, it’s often hard to look beyond improving performance in day-to-day operations. Amid Brexit, the COVID-19 pandemic and other disruptions, accountancy practices and their clients are dealing with an unpredictable economic landscape. Future business planning can appear daunting.
However, technology can support accountancy practices (and their clients) in making informed business decisions, and planning for the future. In the first part of our Accountancy Practice Management for Future-Fit Growth series, we’ll explore how they can use technology to define and easily track Key Performance Indicators (KPIs). Doing so gives practices closer control of performance tracking, and deeper insights that will inform strategic growth plans.
Saving Time
For several decades, business technology platforms have enabled practices to track performance metrics that they have customised. This highlights areas that qualify for improvement and underpins strategic planning.
Contemporary technology, such as CCH KPI Monitoring, makes setting up KPIs faster and easier for accountancy practices than ever before. This is vital today. The current business landscape demands that firms assess and amend KPIs more frequently, based on fresh market variables. KPIs such as client retention rate and business time-to-recovery have become increasingly prominent performance indicators in the past year. If clunky technology makes KPI management difficult, practices have less time and insight to plan future growth.
Reducing Risk
CCH KPI Monitoring makes it far easier to track KPIs and report on them. This is fundamental in minimising risk. For example, if a KPI is set to track and escalate debt filtered by overdue dates, the ability to easily set alerts and automatically generate reports is critical to practice performance management.
Some practices are manually running monthly reports to measure KPIs. Others are running real-time reporting engines, a key feature of CCH KPI Monitoring. This latter solution allows practices to review essential data at any time – covering both performance management and compliance requirements. They can do so remotely or on-premise.
This means that firms can assess issues before they become problems, and thus act proactively. Real-time reporting is a true asset in building a future-fit practice.
The Proof is in the Practice
A number of Wolters Kluwer customers have been using CCH KPI Monitoring for several years now. Our customers look to us when they need to be right. Ryecroft Glenton has successfully integrated CCH KPI Monitoring with its own system. This consolidates information from several sources, including CCH Central and CCH Practice Management.
“We can use the year end date to trigger a sequence of reminders. Have we asked for the books? Have they been received? If a request to a client has been outstanding for a certain period, the partner will receive an alert via email. For limited companies, we can monitor the corporation tax and Companies House filing deadlines – as well as the different deadlines for pension schemes”
– Ian Smith, partner at Ryecroft Glenton
“Apogee are not just aprinting company, theyconsult with us and go onto deliver a full end to endservice from concept toinstallation. They go aboveand beyond and we lookforward to continuing ourjourney with them”
“Apogee are not just aprinting company, theyconsult with us and go onto deliver a full end to endservice from concept toinstallation. They go aboveand beyond and we lookforward to continuing ourjourney with them”
“Apogee are not just aprinting company, theyconsult with us and go onto deliver a full end to endservice from concept toinstallation. They go aboveand beyond and we lookforward to continuing ourjourney with them”
“Apogee are not just aprinting company, theyconsult with us and go onto deliver a full end to endservice from concept toinstallation. They go aboveand beyond and we lookforward to continuing ourjourney with them”
GDPR – what is it?
On 25 May 2018, the EU General Data Protection Regulation (GDPR) comes into effect. With it comes changes to data protection law that anyone selling or monitoring data within the EU and holding customer data must comply with.
GDPR replaces the Data Protection Directive 95/46/EC and was designed to harmonise data privacy laws across Europe, to protect and empower all EU citizens data privacy and to reshape the way organisations across the region approach data privacy.
What are the penalties for non-compliance?
Non-compliance with GDPR could lead to fines of 4% of turnover or €20million, whichever is greater.
How is GDPR relevant to Disaster Recovery?
GDPR covers the requirement to have adequate DR provisions in place to comply, as outlined in article 32(1):
All companies handling customer data should therefore have an adequate DR solution that can restore both the availability of and access to personal data.
In addition to your live system, your DR system will also need to meet GDPR compliance. Because your DR provider is obtaining, holding and retrieving data, they will be a ‘data processor’. If your DR provider is non-compliant it could render you non-compliant. It is therefore critical that any DR provider meets GDPR compliance.
You should assess your DR provider before GDPR comes into effect to ensure they meet compliance criteria:
Will customer data be accessible and availability in a timely manner? A backup of the data is not good enough – it needs to be available for user access (i.e. on working systems) to comply.
What are the SLA’s around this and how are these SLA’s guaranteed? It would be wise to test that your DR solutions meets these SLA’s.Are your DR providers ISO27001 certified? Many of the ISO27001 policies are in line with GDPR policies around process e.g. security, staff training, auditing and reviews of policies. If you are ISO27001 compliant but your DR provider isn’t then your ISO27001 may be null and void.
Where is the data held? You need to be wary about transferring data outside of the EU otherwise it needs to meet the conditions of chapter 5 of the GDPR.
Does your DR provider have data breach processes in place? Data controllers are required to report breaches within 72 hours. What is the process of your DR provider reporting such breaches?
Can customer data in your DR system be controlled in line with regulations so that subjects can access, erase or amend their data? This requires backup data to be updated regularly in line with your live data, and meet security protocols for if/when the DR system is being used as the live system.
Does your DR provider offer regular testing and evaluation to ensure security of processing? Security covers the availability, integrity and confidentiality of processing. Your DR provider should be able to clearly demonstrate that they test these aspects of your DR solution. Again, ISO27001 goes a long way to demonstrate most of these.
Have you clarified under contractual agreement whether your DR provider is a data processor or data controller? This will help avoid gaps in responsibilities and confusion in the event of a data breach. The ICO offers a guide to help you understand the difference between a data controller and a data processor.
Do you have a data sharing agreement with your DR provider? This should cover how the data can be used and whether it can be further disclosed. Refer to the ICO data sharing practice for further details.
GDPR certification via appropriate certification bodies will be encouraged to demonstrate compliance, as outlined in the GDPR regulation.If you have any questions around GDPR, in particular with relation to disaster recovery compliance you can contact Plan B on 08448 707999 or info@planb.co.uk.
In the lead up to the General Data Protection Regulation (GDPR) coming into force, many organisations will be increasing their data protection by scrambling to prevent against cyberattacks and hackers. In most cases, however, it’s far more likely that information will leak unintentionally.
According to a recent Thomson Reuters survey of 650 UK accountants, 83% have not yet spoken to their clients about the General Data Protection Regulation (GDPR), but plan to. Surprisingly, just 13% have already discussed it, and 4% said they have no plans to talk to clients about GDPR.