Marcia Passos Duffy
Most sensitive information — including files on products, customers, suppliers and employees — are now kept digitally. But keeping these files well protected from unauthorized eyes, yet allowing the information to be accessed by employees is a double-edged sword, says Sassan S. Hejazi, director of technology solutions for Kreischer Miller, an accounting and business advisory firm based in Horsham, PA.
Smart Business spoke with Hejazi about the importance of keeping information secure and the steps a business can take to ensure that its information does not end up in the wrong hands.
Why is IT security necessary?
Information is a competitive weapon that needs to be safeguarded. Companies invest heavily in gathering and managing the information. To be able to harness that information is a source of power. The technology available today allows for greater ease of accessing information, yet creates greater security risks as well.
For example, if a salesperson leaves your company, is there anything to stop him or her from buying a $20 memory stick and downloading all critical files from your company — equivalent to dozens of filing cabinets — and walking out the door? Companies must have a keen awareness of how information security can be breached and take steps to prevent it.
What kind of information needs to be protected and against whom?
What needs to be protected is any kind of word processing document, e-mails, financial information, business plans, employee information, earnings, payroll, customer files (such as what they buy and how much they spend) and supplier information.
Most IT problems happen within the boundaries of the organization. One drastic example of this is when gang members in Los Angeles obtained part-time jobs in telemarketing companies and had access to all kinds of lists and information. All the customer information — including social security and credit card numbers — (was) downloaded onto CDs and sold to third parties.
What steps can a business take to make sure its information systems are secure?
Your employees are on the computer every day where new viruses and threats are continually introduced to the Internet. The very first step is to make sure, from a technical standpoint, that all computers and software are up-to-date with the latest patches, virus management downloads, firewalls and spam management. Many subscriptions and services can do this automatically.
The second step is to educate employees about company policies and procedures in regard to IT security — that is, what is acceptable and not acceptable. For example, can they install applications? What Web sites are they not allowed to visit? What employees can — and can’t — download from the Internet? This needs to be in writing, with the ramifications of violating these policies clearly stated.
Next, you need to verify that the policies and procedures are being honored by your employees. There are services available to periodically monitor what users are doing — and alert you to potential security violations, such as anyone downloading or saving large files.
Larger companies, such as banks, monitor employees’ usage on a daily basis. But you don’t have to get carried away with this. Periodically, perhaps once a quarter, look at the scope of activities of your users ... but how often you look at this will depend on the type of company you run, since no one size fits all when it comes to monitoring.
What are the downsides of having a secure IT system?
With tighter IT security comes a level of user inconvenience. One example is requiring periodic password changes — periodic changes lesson the possibility of others discovering protected passwords. IT security always creates minor user inconvenience, but if users are aware of the implications if policies are not followed, and the business enforces its policies, IT security has a higher chance of success.
What can a company do if its IT security has been violated?
A company must have a disaster recovery plan of action in case information integrity has been violated. Business owners not only need a plan to retrieve the lost information but a strategy to communicate with employees and customers about what has happened.
Also, comprehensive backups, which are tested and stored somewhere off your site, are a necessity. This is all the responsibility of the business owner. Your best course of action is to talk to your IT adviser and make sure you have a plan of action for any worst-case scenarios.
Sassan S. Hejazi is the director of technology solutions for Kreischer Miller, an accounting and business advisory firm based in Horsham, PA. He is also on the faculty of Management Systems at Arcadia University of PA. Reach Hejazi at email@example.com or (215) 441-4600, ext. 200
If you don’t have a retirement plan available, you may lack the competitive edge needed to attract employees who will stay for the long haul. That said, how can a business owner begin to select from the plethora of retirement options available in the marketplace?
The answer lies in looking at the size of your company, determining whether you want to fund the plan with tax-deductible employer contributions and deciding which employees you want covered, says Michael J. Gheen, a CPA and associate director with SS&G Investment Services LLC of Akron, Ohio.
Smart Business spoke with Gheen about the advantages of offering a retirement plan to employees and the necessary steps a business owner needs to take to create the right retirement plan for a company.
What are the advantages of having a company retirement plan?
If you don’t have one, you will be considered behind the times and at a disadvantage from a recruiting standpoint. Employees are keenly aware that they may not be able to rely on Social Security for retirement so they are looking for employers to provide retirement plans.
How can a business owner choose a plan that best suits a company and its employees?
A lot is dependant on how much money the business owner is willing to spend and what the goals are. If the employer can’t afford to make contributions, the easiest way to set up a retirement plan is the Simplified Employee Pension Plan (SEP IRA). The SEP allows employers to set aside money in retirement accounts for everyone in the company (including the business owner).
Under the SEP, an employer contributes directly to traditional individual retirement accounts. The SEP is good for small businesses because it does not have the startup and operating costs of a traditional retirement plan. And it allows deductible contributions up to 25 percent of company payroll.
A better plan to start out with would be the Savings Incentive Match Plan for Employees (SIMPLE IRA) which allows employee contribution and it mandates that an employer match that contribution, which is a more desirable option for employees. The employee matches up to 3 percent of an employee’s salary.
The ongoing costs of keeping the SEP or SIMPLE plans in place are minimal. And, as the company grows, the business owner may want to move into more complex plans such as profit sharing or a 401(k) plan.
What kind of flexibility is available with profit sharing or 401(k) plans that are not with SEP or SIMPLE plans?
In traditional 401(k) or profit sharing, the employer can determine when the employee will be fully vested, whereas with the SIMPLE or SEP plans any money put into the plan is fully vested from day one. You can see why employers may not like this because the employees can pull the money out at any time for any reason, with penalties, of course.
What are some considerations a company needs to make when selecting a retirement plan?
Not only do you need to consider how much flexibility you want, but who you want to handle the investment and what kind of investment platform you want, such as mutual funds. Financial advisers can help the company owner pick a platform that makes the most sense for the business.
The business owner also has to decide who will be the trustee of the plan — and this is usually the business owner, CFO or director of human resources, or even a third party. Business owners also need to decide the eligibility requirements for the retirement plan; do they want the eligibility to begin day they are hired or a year later? If you are in a high-turnover industry you may want to consider a minimum service requirement.
Is it necessary to hire a financial or retirement plan professional to help set up and run the plan?
On the investment side, it’s strongly recommended that you hire a professional. The last thing you want to do is give advice about investments and open your company up to exposure in an industry that is heavily scrutinized by the IRS and the Department of Labor. The investment professional needs to be involved not only to setup the plan but monitor it on a ongoing basis with the business owners and the employees.
Michael J. Gheen, CPA, is an associate director of SS&G Investment Services LLC, a division of SS&G Financial Services Inc. Contact Gheen at MGheen@SSandG.com or (800) 871-0985. SS&G Investment Services LLC and SS&G Financial Services Inc. are not affiliated with Multi-Financial Securities Corp. or ING. Securities offered through Multi-Financial Securities Corp., member NASD, SIPC. .
When choosing from the array of accountants (or re-evaluating your current one) keep in mind that an accounting firm should not simply be part of your overhead, says Jack Kreischer, founder of Horsham, PA-based accounting firm, Kreischer Miller. “Your accounting firm should be an asset to your business...and certainly not a liability,” he says.
Smart Business spoke with Kreischer about how to select an accounting firm that will not only meet your needs and preferences, but will add value to your bottom line.
How can an accounting firm can be overhead to a business?
An accounting firm that just does a tax return or financial statement without providing perspective to the business owner about the results can be considered overhead; that is, it is not adding value to the operation of that business.
When does an accounting firm cross the line from overhead to liability?
Some accounting firms — although far and few between — will actually be red-flagged by the IRS as likely to push the envelope too far. So a tax return prepared by that firm has a high likelihood of being audited.
Another example would be if a firm sends a product late, such as financial statements, so it is stale and of little use to its client. Another less-obvious liability results when a firm observes actions a client could take to improve profitability but fails to communicate them, thereby foregoing an opportunity for profit improvement. Or, even worse, if the firm never notices anything at all.
How can an accounting firm be an asset to a business?
An accounting firm is an asset if it watches out for the protection of its client’s assets and for ways to improve the profitability of its business — and communicates its observations or suggestions. For example, an accountant can notice things that may not be obvious to the business owner, such as lack of a fire suppression system in the room housing a client’s network computers and data storage. This potential for disaster should be brought to a business owner’s attention immediately.
Another example is when an accountant observes...that 80 percent of a client’s profits are derived from 20 percent of its customers, but that customers generating 20 percent of the profit are consuming most of the client’s time and effort. A good accounting firm will alert you to potential opportunities for improving your profit and be willing to guide you through changes to capitalize on them.
How can a business owner select an accounting firm that will be an asset?
Talk to people in the business community and ask for recommendations. Make sure that the firm is respected in the financial community. Remember that years in business may have nothing to do with reputation — a very young firm may be highly respected.
Also talk to clients of the firm you are considering, particularly those who are in businesses like yours. Talk to lenders as well as other accountants. When you talk to other accountants they may be quick to point out weaknesses that may not be apparent to you — but listen carefully. Really good firms have the respect of their fellow practitioners.
What are the top qualities business owners should look for in an accounting firm?
When selecting a firm ask yourself the following questions:
- Does this accounting firm feel you are important to them? Are they on your side?
- Do the owners of the accounting firm devote sufficient time to your company and your needs?
- Is the accounting firm well-managed, and does its degree of business success match yours?
- Do you have good chemistry and similar corporate cultures?
- Will the services be provided on a timely basis so that tax returns and financial services will not be late?
- Will this firm be respected and liked by your employees?
- Will you get returned calls from this firm by the end of the same day?
- Is the accounting firm well-respected by its colleagues and the financial community?
Tuition can be expensive, and business owners have a right to expect that employees have learned something that they can take back to the company and apply in a tangible way, says Elden Monday, state vice president, Pennsylvania, for the University of Phoenix.
Smart Business spoke with Monday about ways businesses can ensure that the money spent on sending employees back to school is not wasted, and, most importantly, how to make certain that the education an employee gets is a win-win for both the employee and the business.
How can a business ensure that it gets a good return on investment from continuing education for employees?
The key is for the business owner or manager to become involved in the process and manage the outcome of this endeavor. Good managers will keep track of their employees’ educational pursuits.
To be clear, keeping track is not just asking employees whether they got a passing grade. More likely, it is a system that demonstrates the knowledge that employees gain from education, and the ways that knowledge will be applied to their jobs. The most successful measurement systems include an assessment before the employee begins attending class; an ongoing review process while the employee is in school; and an evaluation of the knowledge the employee gained at the end of the program.
A distinct advantage of continuing education is that it produces nearly immediate and ongoing return. It is reasonable to expect that long before an employee has a new degree in hand, he or she will begin implementing skills, approaching challenges in new ways and generally performing at a higher level.
What should a business owner or manager do before sending an employee to take a course or obtain a degree?
The first step is for the manager or CEO to take a close look at the curriculum the employee proposes to take and determine whether it fits with both company and employee needs. Many companies have succession plans in place and have a good idea what an employee needs to learn in order to move to the next level.
Does the employee need a degree in accounting in order to move up in the company? Does the employee need extra courses to beef up on new online marketing techniques?
Another way to protect the investment is to ask employees up front how they will apply their new knowledge to their jobs. Employees and managers share responsibility to determine how the course or degree will ultimately help the company.
How can a manager stay involved in the process once the employee has signed up?
Through performance reviews or regular coaching sessions, managers can have conversations with the employee about the course work and how new knowledge can be applied to the workplace. One opportunity for immediate ROI is to encourage the employee to identify workplace projects that can be introduced as a real-world challenge in the education setting. This scenario leverages the knowledge of students and faculty by using a real-life business problem as a classroom or an employee’s individual project.
Once an employee has completed a course or obtained a degree, how can a business owner assess whether the money was well spent?
There are several ways to assess the ROI. Is the employee utilizing his or her skills in the workplace? Are managers making better decisions because they have gone to a decision-making class? Are they better at critical thinking because of a critical thinking class — or are they still using their gut?
The question business owners need to ask themselves is this: Do you have a better department or company because of the money you spent on educating your employees? The difference — before and after — should be tangible and visible.
As a business owner, how can you ensure that employees don’t jump ship once you’ve invested in their education?
A nationwide work force survey showed that employees are more likely to remain loyal if they have paths for growth in both responsibility and salary. It’s true there is some risk that an employee will seek a higher-paying or more challenging job with a new degree in hand.
For this reason, business owners often incorporate clauses in their companies’ tuition reimbursement agreements, defining a minimum duration of employment after the degree or training is complete (usually at least six months).
Elden Monday is the state vice president for the Pennsylvania campuses of University of Phoenix, a national leader in higher education for working adults. Reach Monday at Elden.firstname.lastname@example.org (610) 989-0880, ext. 1131.