by John McCarthy Consulting Ltd. | Feb 27, 2018 | News
Data protection is a core principle of what accountants do (i.e. client confidentiality) and always needs to be taken seriously. As part of our series of blogs setting the scene for the new data protection rules coming into effect on 25 May 2018 we suggest here some tips and ideas for accountancy firms to implement so as to make their data more secure.
Meeting the reasonable expectations of clients and employees
Do your staff know:
- To collect only the personal information, they need for a particular business purpose?
- To explain new or changed business processes to clients and fellow employees or contractors, and to obtain consent or provide an opt-out where appropriate?
- To update records promptly – for example, changes of address, marketing preferences?
- To delete personal information the business no longer requires?
- That they commit an offence if they release client / employee records without their employer’s consent?
- About any workplace monitoring that may be in operation?
For more practical hints and tips on data protection and to get you started on your preparations for 25 May, please come to one of our series of courses on the ‘General Data Protection Regulation – What Accountants Need to Know’ at the Talbot Hotel, Stillorgan, County Dublin on one of the following dates:
Wednesday 21 March 2018 10am to 1pm
Wednesday 18 April 2018 2pm to 5pm
Wednesday 30 May 10am to 1pm
For more information on our other upcoming courses click here
by John McCarthy Consulting Ltd. | Feb 21, 2018 | News
It is vital that all accountants and their clients have at least a basic understanding of the new Data Protection Regulation (GDPR) that will come into effect from 25 May 2018.
However, it’s not as if data protection only becomes an issue on 25 May – it’s a live issue today!
Statistics tell us that some 80% of security incidents or data breaches involve employees. When such a breach occurs, it can raise client concerns about the handling of their personal information (e.g. the security of their tax information).
Keeping personal information secure
Do your staff know:
- To keep passwords secure – change them regularly, no sharing?
- Make passwords from a phrase, with a mixture of at least eight characters, upper and lower case and some numbers and symbols?
- To lock / log off computers when away from their desks?
- To dispose of confidential paper waste securely by shredding?
- To prevent virus attacks by taking care when opening emails and attachments or visiting new websites?
- About working on a ‘clear desk’ basis – by securely storing hard copy personal information when it is not being used?
- That visitors should be signed in and out of the premises or restricted in areas normally accessible to staff?
- About positioning computer screens away from windows and at reception to prevent accidental disclosures of personal information?
- To encrypt personal information that is being taken out of the office if it would cause damage or distress if lost or stolen?
- To keep regular back-ups of information?
For more practical hints and tips on data protection and to get you started on your preparations for 25 May, please come to one of our series of courses on the ‘General Data Protection Regulation – What Accountants Need to Know’ at the Talbot Hotel, Stillorgan, County Dublin on one of the following dates:
Wednesday 21 March 2018 10am to 1pm
Wednesday 18 April 2018 2pm to 5pm
Wednesday 30 May 10am to 1pm
For more information on our other upcoming courses click here
by John McCarthy Consulting Ltd. | Jan 24, 2018 | News
A lot of generic information has been written about the GDPR and the fact that it comes into effect across the EU on Friday 25 May 2018.
According to the Economist newspaper website ‘GDPR is not a matter of fix it and forget it. The new regulations mandate organisation-wide personal data awareness from data protection officers down to database administrators. GDPR will require ongoing governance of data as organisations migrate to new systems or apply their consumer data to new markets and consumer trends. Initial compliance is the first heavy lift. Ongoing governance is the long-term reality.’ Elsewhere Ludwig Siegele, IT Technology Editor of the Economist writes that the GDPR ‘will be one of the most important pieces of legislation brought into force in 2018’.
It’s important to recognise that the legislation applies only to personal data of living EU citizens (living anywhere in the world) and not to data about non-EU citizens, EU corporate entities or other types of non-human EU entity, like trusts.
What about GDPR for accountants? We are busy preparing checklists and updates to typical required terms and conditions in client letters of engagement and these will be available later on this website.
In the meantime, as Step 1 to help in your preparation, you need to analyse the types of personal data that your accounting firm handles, as it is to this type of data that the GDPR rules will apply.
There are probably fifteen categories of people for whom accountants may hold personal data:
1. Business Partners/Directors in the firm who are living natural persons
2. Current clients and their family members who are living natural persons including their Anti- Money Laundering data
3. Employees of clients for whom we may process payroll etc.
4. Former -clients and their former employees for whom we may have processed payroll etc. in the past
5. Prospective clients (on a mailing list for example)
6. Prospects not yet on a mailing list – perhaps on business cards, sitting in the drawer of your desk
7. Introducers of potential clients e.g. local law firm/estate agent
8. Suppliers such as recruitment agencies
9. Outsourced providers of services to your business e.g. payroll, bookkeeping businesses with which we may share client data
10. Associates e.g. through accounting and other Networks like BNI
11. Sub-Contractors
12. Existing staff
13. Former staff
14. Job applicants
15. Other ‘Contacts’ not already included on the above lists including complainants, correspondents, enquirers.
Once the above list is complete, the next step will be to identify the location(s) where that data is held, whether in paper or electronic format, and how secure that location is.
by John McCarthy Consulting Ltd. | Nov 22, 2017 | News
The new Companies (Accounting) Act, 2017 came into effect from 9 June 2017. It has brought with it, some strange consequences for micro-companies, in particular.
The Act brings into law a new accounting standard for measurement and presentation called FRS 105.
This essentially new accounting framework, among other things, will mean that certain qualifying ‘micro’ companies will not have to disclose details of directors’ remuneration, profit and loss account or include a director’s report in their filed financial accounts. Importantly the standard is not available to charities and not for profit entities and regulated entities. It cannot be used by groups and cannot be used if the micro-entity is being consolidated.
Another issue that arises, is that financial statements prepared under FRS 105 are deemed to automatically give a ‘true and fair view’ without the addition of further explanatory notes beyond those set out in company law, under the Companies (Accounting) Act, 2017. FRS 105 is therefore deemed to be a ‘compliance framework’ and not a ‘fair presentation’ framework (as FRS 102 is). Letters of engagement and representation with clients, using FRS 105, will need amended to make this point clear. Amended letters are available by contacting us here.
Let’s explain these two types of accounting framework:
A ‘fair presentation’ framework (e.g. FRS 102) is one that requires compliance with the provisions of the framework but in addition that it acknowledges that in achieving fair presentation, management might have to make additional disclosures that are not specifically required by the framework and, in extremely rare circumstances, it might be necessary to depart from the requirements of the framework to achieve fair presentation of the entity’s financial position and performance in the financial statements.
A ‘compliance framework’, on the other hand, requires compliance with the provisions of the framework i.e. strict adherence to certain rules is required and the preparers of the financial statements have no choice but to follow the requirements of the framework.
To hear more about this and the latest Accounting Update, come to our next CPD course on Monday 27 November 2017 at the Talbot Hotel Stillorgan.
Click here for details and booking on all November courses.
by John McCarthy Consulting Ltd. | Nov 21, 2017 | News
In our last blog about preparing the reporting accountants report under the ROI Law Society Solicitors Accounts Regulations, 2014, we mentioned that the work involved is a quite onerous and responsible task, and carries with it the requirement for compulsory professional indemnity insurance at a minimum of €500,000.
Many accountants ask themselves the question – would the quality of my work be good enough to allow me to be alert to the following types of scenario that have occurred in legal firms?
- A partner in a law firm stole more than €750,000 from client’s accounts to finance the purchase of land, another payment was for a car worth €5,000, more was used to pay off credit card debts and pay a horse trainer. The sums taken ranged from €400 to more than €250,000, between 2002 and 2008.
- Another solicitor ran up a deficit of €2.4m on Clients’ funds by using money from the estate of a deceased person, along with a loan of €1.5 million from AIB against four properties and used the funds to gamble on ‘contracts for difference’.
To find out more about how watch for these and similar situations, come along to our next seminar on the Solicitors Accounts Regulations on Wednesday 29 November 2017 at 9am to 12.30pm. We will be joined by Seamus McGrath, FCA, Head of Financial Regulation at the Law Society of Ireland.
Wednesday 27 November 2017 9am to 12.30pm (Registration from 8.30am)
Location: Talbot Hotel Stillorgan (old Stillorgan Park Hotel), County Dublin
Price: €105 per person or €280 for three from the same office.
Delegate materials provided. Free parking at hotel.
Booking and further details at this link
by John McCarthy Consulting Ltd. | Nov 15, 2017 | News
Not paying attention to the UK’s AML legislation has cost a UK accountant at least £8,000.
In a decision published in December 2016 an ICAEW member, in practice for 26 years, who was earlier fined £5,000 by Leeds Crown Court, was severely reprimanded by his Institute and ordered to pay costs of over £3,278 and pay for training in the operation of the Money Laundering Regulations.
In late 2013 the accountant’s client (Ms A) disclosed to him that she had falsely inflated expense claims to her client, the NHS. She said she was asking a new firm of tax specialists to negotiate a settlement with HMRC on her behalf. The accountant resigned as her agent, but did nothing to notify the authorities of any money laundering suspicions. What he did not know was that there was a lot more to the story than his former client, Ms A, was telling him.
In July 2014, the accountant was interviewed by the Police under criminal caution. It was disclosed to him that Ms ‘A’ had been involved in a large fraud against the NHS utilising her company to generate fake orders for training provided by her husband, who worked within the NHS. There was no evidence the defendant had any involvement or knowledge of the fraud, but he was charged with failing to disclose to the authorities his knowledge of the over-claim for expenses which Ms ‘A’ had disclosed in November 2013.
The Judge indicated his view that the defendant ought to have been aware of his professional obligations concerning disclosures of this type and thus a belief that those disclosures would be taken up by the newly instructed tax specialists for Ms ‘A’ was not a meaningful excuse.
The Judge stated that at the point when the knowledge came to the accountant another firm of accountants was instructed to deal with HMRC in respect of the mileage claims. The accountant therefore, having recognised that this information should be notified, considered that this information would reach the HMRC through the newly instructed firm of accountants. That did happen, but it may have been the case that earlier notification might have enabled a larger fraud to have been discovered sooner.
This case is a lesson to us all and a reminder if one was needed that the Money Laundering legislation needs to be followed to the letter.
To hear more about the latest in AML legislation and procedures and to benefit from our up to date training, come to our next CPD Seminar on Anti-Money Laundering at the Talbot Hotel Stillorgan, County Dublin on Tuesday 28 November 2017.
More details of all our courses are on Ticket Tailor here.