It has been an unprecedented year filled with highs and undeniable lows. We not only survived – we thrived. We learned what it means to truly pivot and overcome great challenges. At the same time, we celebrated every success in lockdown and learned what we are truly capable of.
I don’t think anyone can honestly say that they were prepared for lockdown, however at AcctTwo, we were set-up for success because of our business model and the ability to work in the new remote cloud-based environment that many “traditional” organizations struggled with. I’m proud of how our team handled themselves – a year ago, they were only prepared to be out of the office for two-weeks but managed to carry on for fifty-two. Over this past year we have written about what it has been like to work in a COVID world.
We’ve expressed lessons learned and shared our thoughts on:
- Proactive Planning
- Digital Transformation
- Blocking and Tackling
- What-if Scenario Modeling
- How to Re-Examine Your Business Model
- Recurring Revenue Models
Now it is time to apply these lessons and figure out where to begin.
As a CFO (or CEO) Where Do I Start?
You can get through a risk assessment and shore up your risk management gaps quickly. And unlike legacy on-premises enterprise system implementations, which frequently took six months to a year or even longer, cloud-based accounting software implementations average about 90 days. Many of the best-in-class cloud point solutions can be implemented much more quickly. Re-assessing and shoring up your supply chains or moving to a recurring revenue model will obviously take more thoughtful planning and time to implement.
Weeks 1 and 2
|Perform a gap analysis on your risk management practices (are they documented?) and your progress on the digital transformation journey. Identify opportunities to implement improvements such as updating insurance policies, documenting disaster recovery and business continuity plans, replacing manual and paper-based accounting processes with modern, digital solutions, etc. Prioritize gaps that are causing the most pain or vulnerability, and those that can benefit from quick wins that can be easily and quickly implemented.|
Weeks 3 and 4
|Evaluate solutions to fill identified gaps, such as new insurance policies, accounting process automation, and modernization of systems. Technology vendors should be evaluated and selected during this time. Finalize a plan for what actions you are going to take, and which technology vendors and solutions you are going to implement.|
Weeks 5 to 17
|Implement solutions that will make your business more modern, more digital, and more resilient by better managing identified risks and being nimbler and more flexible to change. Most small to midsized businesses should be able to achieve this timeline with adequate focus and resources applied. Larger businesses will take longer.|
Weeks 1 to 17
|Evaluate supply chains and revenue streams for opportunities to create redundancy, virtual/digital delivery models, and recurring revenue with subscription-based contracts. This part of your journey will take longer and require more thought. And the implementation of any recommended changes could take additional months, if not years. But it’s worth doing if you can.|
Digital Transformation: Optional to Urgent
The most important thing is to fight off any inertia or resistance to change and get started now. Due to COVID-19, digital transformation and proactive planning have gone from optional to urgent.
I recently asked AcctTwo’s Chief Delivery Officer, Debra Ellis, to create a business risk assessment. Debra has unparalleled experience in helping CFOs, Finance Directors, and Accounting Teams select and implement best-in-class finance and accounting software.
AcctTwo’s Risk Assessment Plan
Your organization’s risk assessment will be unique to your business needs; however, the following outline can help start you on your journey.
- Create Risk Calculation Worksheet with measurements including department effected, dependencies and potential impact (financial or otherwise)
- Create Risk Mitigation Worksheet with recommended controls
- Define the levels of risk i.e. low, moderate, high
- Define impacts i.e. Loss of confidentiality, loss of integrity, loss of availability
Sample Risk Management Questions to Ask Yourself:
- Have you done a formal risk assessment for the business? When was it done?
- Have you documented the risks?
- When was the last time reviewed security?
- Do you have recurring revenue models?
- How flexible are your supply chains?
- How many times a year do you budget?
- Have you adopted digital transformation? Are you able to work in the cloud, or are you still tied to on-premise systems?
- Is there a written disaster recovery plan?
- by department
- by function?
- Are your processes documented?
- Are there any exceptions i.e. owner or other team members to process?
- Are electronic approvals setup for:
- journal entries
- purchase orders
- expense reports
- time sheets
- monthly close (reopen)
- Has electronic processing been setup for:
- Is artificial intelligence used to provide guard rails around data validation?
- Are there integrations from other applications?
- Has your vendor selection process been documented to include their digital readiness?
- Are records stored electronically:
- Customer contracts
- billing contacts
- vendor contracts
- purchase orders
- monthly close documents
- payment history
- employee data and contact information
- fixed assets
- What documents are stored in paper format?
- Have backup delivery/vendor arrangements been put in place?
- What reporting is required each month/quarter/year? Does that reporting require manual intervention?
- Is there a written disaster recovery plan?
- Have you identified where you have manual processes ie. must come to office to sign checks, deposits as checks?
- Pockets of analog?
- What are the critical business systems, and have you identified what employee roles that need access in the event of pandemic?
- What equipment is needed for remote?
- expand on data risk - spreadsheets residing on laptop or in cloud (SharePoint, OneDrive). Where is confidential data stored and what is process documented?
- How much cross training has been done? Even though documented have people been training
- Have once a year stress tested the disaster recovery?
Sample Security Concerns to Address:
- Do your team members use the devices for work and personal?
- Is your IT outsourced, what backups and documentation do they have in place?
- Where is your data stored, Cloud or on-premise?
- Have SLA's been established for data recovery?
- Has a dry run been performed for:
- Remote access for full company
- data restore
- use of alternate team members for critical functions (delivery, billing)?
- Are their guidelines for data storage including naming convention, sharing etc.?
- Are strong passwords required for all applications?
- Is two-step authentication in place for apps?
- Do you team members use a password manager?
- Have fraud risks been identified and mitigation policies been developed?
- Is Positive Pay setup with your bank to secure check payments?
- Are check signatures digital and how are they secured?
- Are banking trojans used to secure banking transactions?
- What remote conference tools are used? What is backup if not available?
- Have revenue risks been identified?
- How have revenue risks been incorporated in forecast process?
- How often do you revise forecast?
- What tool is used for forecasting? Is it collaborative?
- What new revenue offerings are being considered, are they recurring revenue models?
- Are the forecast KPI's compared each month to actuals?
- Are dashboards in place for all departments for their individual KPI's and tasks?
- Are dashboards in use for visibility into KPI's
- Are your actuals tracked to budget weekly, monthly, quarterly? How automated is the process?
- Do you have a specialized FP & A app or using Excel?
- Do you have the ability to do multiple scenario planning?
Sample Personnel Risks:
- Are the job descriptions for each role in each department?
- Does security setup match your associated job description?
- Has training been provided and documented for each position?
- Is there a backup for each role?
- What community tools are in place for remote employees to foster engagement?
- Is the employee (HR) protected and is access limited?
After evaluating your systems, you’ll start to be able to take the next steps needed in your organization’s next chapter.