by John McCarthy Consulting Ltd. | Jan 3, 2019 | News
PAYE Modernisation Template Letter of Engagement
It is mandatory for businesses across Ireland to start complying with PAYE Modernisation (PMOD) from 1 January 2019.
This is the single biggest change to the administration of the PAYE system since it was first introduced in October 1960. There will be no change to the way that PAYE is calculated, only the way that this information is reported to Revenue.
It will be important for accountants and payroll bureau administrators to get the communication of this major change right. This template engagement letter will help achieve that goal.
The template retails for €50+VAT and is downloadable in Word. The letter comes complete with the latest text for the 2018 GDPR Data Protection legislation and the latest references to the November 2018 AML laws.
The template is available here.
by John McCarthy Consulting Ltd. | Oct 4, 2018 | News
The questions in this free checklist are intended to help you assess how well your data security and usage controls compare to the GDPR requirements and help identify areas for improvement.
by John McCarthy Consulting Ltd. | Sep 20, 2018 | News
Every entity that is a designated body must carry out and document an annual Anti-Money Laundering (AML) Compliance Review. The review usually results in an Action Plan to remedy any defects or weaknesses in AML compliance that identified in the review.
From time to time, we have seen the following points arise when firms are recording the AML risk assessment of their clients:
- The risk assessment often asks, ‘are there transactions in excess of €15,000?’.
- It also asks, ‘Does the entity transact business overseas?’
These types of risk assessment question are slightly inaccurate. The answers could result in the client being assessed at a much higher risk rating than would normally be appropriate. This often leads to a much more detailed level of client due diligence, thereby resulting in wasted non-chargeable time.
If you want to hear the answers to these questions and learn how to more accurately assess your client for AML risk purposes, please come to our next AML Update course on Tuesday 25 September 2018 in the Talbot Hotel Stillorgan, County Dublin, from 2pm until 5pm.
All delegates will receive a link to a vault of free online AML support materials. More information and booking details here
Free delegate parking on-site.
by John McCarthy Consulting Ltd. | Sep 20, 2018 | News
Just as we reported in our recent blog about the 154% increase in complaints to the Irish Data Protection Commission, there has been an increase of 160 per cent in complaints received by the UK equivalent office, the Information Commissioner’s Office (ICO). The ICO received 6,281 complaints between 25 May and 3 July 2018, a 160% rise compared to the same period in 2017.
Under the General Data Protection Regulation (GDPR), companies can be fined €20 million or 4 per cent of their worldwide turnover.
Greater media attention and government advertising have boosted public awareness of their data rights and there is now a more media focus on the accountability of organisations in this area.
Accountants need to pay attention as the figures show that firms holding sensitive personal information, including financial services, education and health were the most complained about, accounting for more than a quarter of the total. The regulations have also made it easier for people to access data that organisations hold about them, leading to an increased volume of requests known as ‘data subject’ or ‘data access’ requests.
To hear more about the ongoing requirement of the GDPR, come to our next CPD course, GDPR for Accountants, on Tuesday 25 September 2018 in Talbot Hotel Stillorgan, Dublin.
All delegates will receive a GDPR ‘Get Started Checklist’, the GDPR law itself, as well as other support materials. More information and booking details:here.
by John McCarthy Consulting Ltd. | Sep 17, 2018 | News
When you consider the volume of data that an accountancy firm or an individual practitioner possesses, you can understand why they have become an attractive target for hackers.
Accountants are regarded as custodians of people’s most sensitive information. It’s everything about them and their family. And there’s an expectation that every appropriate measure is being taken to safeguard that information according to best practice.
One tax return alone includes the name and PPS numbers of a taxpayer, spouse, and dependent children. Clients’ files include addresses, phone numbers, and bank account numbers.
Banks may have a lot of similar information, but they often have sophisticated cybersecurity controls because they are so heavily regulated. And many times, an accountancy firm’s valuable data are held by small firms or solo practitioners who may lack resources or expertise for setting up and maintaining the latest cyber controls However, size alone does not absolve them from the responsibility to put substantial effort into guarding their systems and data.
An increased risk factor is that the Accountancy Regulatory bodies do not currently include data protection in their inspection visits to firms, leaving it up to the Data Protection Commission, so firm’s may be severely lacking an up to date means of benchmarking themselves against best practice.
It may be helpful to understand the types of scams that hackers are perpetrating which include:
- Ransomware. Hackers can install software that blocks access to your system, crippling your firm’s ability to do work for clients. Upon payment of a ransom in bitcoin, the hacker will restore your system’s capabilities. Ransomware has grown in popularity with hackers because each successful individual attack can force payment of a large sum. Perpetrators with limited technological knowledge can even purchase “ransomware-as-a- service” and unleash it on potential victims. It’s obviously of extreme importance that firms have a stringently enforced habit of backing up their servers daily, which in the case of at least one US firm, helped ward off two ransomware attacks.
- ACH (Automated Clearing House) fraud. Thieves who manage to steal a current account number and a client’s banking details can use this information to steal money directly from victims’ bank accounts, or to route money in various other ways. This information also can be used to commit other crimes.
- Credit card theft. Hackers can use a stolen credit card number to make purchases, or they can use an identity that they have stolen to open new credit cards to be used for purchases. Sophisticated detection systems used by credit card companies have limited the effectiveness of these schemes in recent years.
To hear more about the ongoing requirement of the GDPR, come to our next CPD course, GDPR for Accountants, on Tuesday 25 September 2018 in Talbot Hotel Stillorgan, Dublin.
All delegates will receive a GDPR ‘Get Started Checklist’, the GDPR law itself, as well as other support materials. More information and booking details: here.
by John McCarthy Consulting Ltd. | Sep 9, 2018 | News
Just as we reported in a recent blog about the 154% increase in complaints to the Irish Data Protection Commission, there has been a similar but slightly larger increase of 160 per cent in complaints received by the UK Information Commissioner’s Office (ICO). The ICO received 6,281 complaints between 25 May and 3 July 2018, a 160% rise compared to the same period in 2017.
Under the General Data Protection Regulation (GDPR), companies can be fined €20 million or 4 per cent of their worldwide turnover.
Greater media attention and government advertising have boosted public awareness of their data rights and there is now a more media focus on the accountability of organisations in this area.
Accountants need to pay attention as the figures show that firms holding sensitive personal information, including financial services, education and health were the most complained about, accounting for more than a quarter of the total. The regulations have also made it easier for people to access data that organisations hold about them, leading to an increased volume of requests known as ‘data subject’ or ‘data access’ requests.
This is the first indication of the impact of the new GDPR regulation which introduced mandatory reporting of data breaches in certain cases.
To hear more about the ongoing requirements of the GDPR, come to our next CPD course, GDPR for Accountants on Tuesday 25 September 2018 in the Talbot Hotel Stillorgan, Dublin, at 9:30am until 12.30pm.
All delegates will receive a GDPR ‘Get Started Checklist’, the GDPR law itself, along with other support materials. More information and booking details: here
