Accounting, Financial, Taxation

Three months back, since my idea to provide a free accounting software tutorial, it is not easy to gather the materials. Even when it is prepared, still, I had to consider about how to merge this site with the tutorial section. Making them in one place (here) is really my dream, but I have to be realistic with the content in whole. Putting them here will make it even harder to be found. So I am confident with my decision to put the tutorial as a sub-domain (for easier content management), and put a clear link in here (on the sidebar), so that you can check what is new with the tutorial out from here.

What Accounting Software Tutorial Will be Available?

I am preparing for there major accounting software which is considered to be the most used by users, i.e.: QuickBooks ™, MYOB Accounting ™, and MAS90/200 (Sage Software ™).

As of today, I have started posting QuickBooks tutorial, it is now still on the “Getting Started with Your QuickBooks” topic. And will keep adding more and more topic up the most out of it. You may want to go around and check how it looks, how the tutorial presented, you can go check it now (Accounting Software Tutorial).

Go and be at the front seat

Is It a Free Tutorial?

Yes, it is, no obligation, you can access it for free (not even a registration is required). I want to be cool, as you wish to keep not charging anything from the visitor. Of course, I hate spam as much as you do. Check this out [go here].

Security and internal controls are not technological issues; they are business issues. The security architecture for any organization begins with a clear plan of action: If you do not know what you are supposed to protect and from whom, the latest technological gizmos are of little use. Security procedures and internal controls must embody strategic, cultural, political and technological aspects of an organization.

Security policy is the place where these factors are integrated to develop a comprehensive framework for security. Security policy contains goals and objectives of the security system, defines overall purpose of the security system and provides direction for implementation of the security system. Security policy is generally designed for the entire information system, not only the online component. However, the ensuing discussion focuses on the online component. Questions addressed by the security policy can be simplistically stated as follows:

1. Who will use the system?
2. What will be the rights and responsibilities of the users?
3. How will remote and local users access the system?
4. When the system can be accessed?
5. Who will decide and grant user rights?
6. How is user activity tracked and recorded?
7. What disciplinary actions will be taken for errant users?
8. What are the procedures for responding to security breaches?

Designing a security policy is a multi-disciplinary process. As the COSO report states, involvement of top management is crucial. Senior management knowledge, operational management knowledge, information technology knowledge and financial knowledge is required to complete the assessment necessary to design a security policy. The process is interdisciplinary and iterative. The designed policy is not set in stone, but changes as the organization changes, and it needs constant updating and maintenance.

The steps in development of the security policy are outlined below:

Identify and classify organizational assets: Information assets of the organization may include hardware, software, network infrastructure, data and information, people, documentation and supplies. These assets should be classified according to importance, more important assets being more stringently protected; for example, the resulting asset protection categories may be public use, confidential, restricted or administration use only.

Assess the risk: Risk refers to probability of loss. Online examples of risk are unauthorized access to the network, stealing of data and information, denial of service, damage to hardware and loss of reputation. In mathematical terms, risk can be defined as the cost of damage to an asset multiplied by probability of an event that can damage the asset. Asset values are generally identified in the identification and classification phase. Then, probability of the undesired events for these assets must be identified. Risk analysis should answer questions such as: what should be protected? From whom? and By what?

Determine acceptable use: Permissible business uses of information assets are identified in the acceptable use policy. These policies will tell users what they can and cannot do, what might be construed as an abuse of privileges, and privacy and confidentiality positions of the organization. In specific terms, these policies may tell the user how to set a password and how often to change it, what kind of backups are the user’s responsibility, which content can and cannot be downloaded from the Internet, and whether e-mail is property of the organization.

Create security awareness: Having a security policy document will not in itself create security awareness among stakeholders of a corporation. These policies should be communicated to new and continuing employees, suppliers, customers and trading partners. Training and education activities should be outlined and provided.

Monitoring and auditing: Security policies are worthless unless monitored for execution and performance. Fortunately, security policies in the networked environment can be monitored using in-built tools or automated auditing tools available in the market. Monitoring and auditing activities are designed to spot intentional and unintentional misuse of the system by users. Such a misuse needs to be detected, preferably in real time, and corrected. The collected information, at least a summary, needs to be forwarded to appropriate managers.

Security breach policies: In a security-related incident, perpetrators can be insiders or outsiders. Security breach policies prescribe actions in case of a discovered security breach. The conduct of the investigation to determine the nature and causes of breach should be outlined. If the perpetrators are identified, then the question is whether to contact authorities and proceed with prosecution or simply fire the employee and plug security loopholes. A large percentage of security violations are not reported to authorities, since prosecution of offenders, collection of evidence, possibility of copycat attacks and loss of reputation are considered too costly. In any case, whatever the course of action, the system must be restored to a safe state by correcting security flaws.

Development and implementation of security policies do not have to start from scratch. Many automated tools can be used to customize canned security policies for an organization. The Security Policy Automation (SPA) market consists of scores of vendors providing SPA solutions. The entire security policy cycle, from development to deployment, monitoring and change can be managed using these tools. As is the trend in the last decade, these tools have a graphical interface and do not need a deep programming knowledge.

Traditionally, the credit approval process is reactive; that is, a sales order arrives and the credit department evaluates credit worthiness of the customer. The credit process can be classified in three phases:

1. Assessing quantum of and collecting information about the customer
2. Evaluating the information
3. Deciding credit worthiness of the customer

Credit approval decisions encompass trade credit, consumer credit or equipment financing. The time and expense involved in credit decisions depends on whether the customer is new or established, availability of current information, whether an order is above or below the credit limit, algorithms applied to evaluate the credit worthiness of the customer, and other factors deemed important by the credit manager. This approach has worked fairly well in established traditional commerce.

However, in the new e-environment, this approach can be costly, delay credit approval and cause inconsistency in decision-making, and result in lost sales or un-collectibles. Now, incoming orders are automated, 24/7 and customers are geographically scattered. This environment forces corporations to respond to routine and non-routine credit approvals in real time. The traditional credit approval process may become a bottleneck in the revenue-generation process, since alternate suppliers are only a click away.

Historically, corporations have attempted a variety of techniques to accelerate the credit approval process; for example, reengineering, automation and artificial intelligence techniques. Internet resources provide other options to manage the credit approval process. Internet-based resources and services can be used to collect information on the customer, can provide standard and customized decision mechanisms, or can be used to automate the entire credit approval process.

The Internet has numerous resources to collect general information regarding new or prospective customers. The illustrative list of resources is provided in below exhibit.

Note: The above lists merely give some examples, but are not meant to be an exhaustive list of either resources or services. Additionally, nature of the services provided changes rapidly.

The resources listed provide the following types of information:

1. Financials, standard filings.
2. Address of the company, incorporation information, product lines and top management information
3. Current and historical stock quotes and movements
4. News and current events such as mergers, acquisitions, new products and new personnel
5. Industry and sector news

These services provide a good starting point in the credit approval process. Costs vary based on the brand name of the service, depth of the information desired and extent of the required information. However, information concerning small businesses or international businesses can be hard to obtain.

Specific information regarding the customer can also be obtained using the resources listed in below. These Web-based companies collect information from various sources and compile a comprehensive information portfolio. Available information is as follows:

1. Name, address and contact information
2. History of the business
3. Financials, financial summary, key financial indicators and graphics
4. Credit lines
5. Credit score based on proprietary models
6. Telephone, fax and Web address
7. Names and information of the top managers
8. Lines of business, product lines and Standard Industry Codes (SIC)
9. Public filings concerning tax liens, judgments and liens, and UCC filings
10. Competitors
11. Country risk analysis

The information provided is quite comprehensive and, according to vendors, updated constantly. These services are cost effective even for ad-hoc queries and accessible by a browser; search and retrieval of this information is available in real time.

For example: prices can vary from $X per query to thousands of dollars for an annual contract. Information on small businesses, privately held businesses and international businesses is also available. The disadvantages of these services are difficulty in verifying accuracy and integrity of the information, continuing need for cost-benefit analysis and stability of the service.

Internet-based services also provide tools to aggregate the information to derive credit rankings. Illustrative sites that provide these tools are shown in below exhibit.

The risk assessment tools use proprietary algorithms but also allow customization based on criteria specified by the customer.

For example: a vendor can tailor the program to a specific company’s needs, design rules and criteria based on that company’s input, offer standardized decision engines, interpret results and push the results to the credit manager’s desktop. The decision engines employ a variety of algorithms; for example, advanced statistical methods, expert systems and artificial intelligence techniques. The users need not understand technical intricacies of the program, but should have a general understanding of the strengths and weaknesses of various algorithms. The outputs of the system can include a credit risk score, comparison of risk level of the business with other businesses, background information regarding the business and other items specified by the user. These services can be tailored to small businesses, international businesses or large businesses.

The primary advantages of these decision tools are: minimized manual intervention, reduced cycle time for decisions, consistency in credit policy enforcement and reduced operating costs. However, the tool needs to be chosen carefully, and there are upfront and recurring costs, such as software and hardware investment, programming and validating the tool, continuing maintenance or monthly payments to Web-based services.

The traditional, off-line credit grantors will benefit from the resources listed so far. However, in the case of Web orders, the credit decision must be delivered in minutes or seconds. This calls for automation of the entire credit approval process. The credit approval decision can be completed in a matter of minutes. Web-based services that provide such support are listed in blow exhibit.

The process flow can be described as follows:

1. Business installs the automated credit decision-making system. The system needs to be integrated with a legacy accounting or ERP system, connected with approved credit bureaus, able to access designated public information sources and be embedded with the required decision expertise.
2. Customer information is forwarded to the credit system once the sales order arrives. The credit system pools data from the accounting system, credit bureaus and public information sources.
3. The collected information is filtered through the decision engine to arrive at a credit score and the consequent decision. The decision engine is provided by the vendor and is generally customized by the business.
4. If the decision is yes, then the system can generate the necessary documentation or can forward the decision to the approved personnel or machine.
5. Exceptions are handled on basis of the rules programmed in the system.

The costs and successes of such services are based on a variety of factors; for example, transaction volume; difficulty in integrating a credit system with accounting systems; types and number of credit bureaus used; and intangible costs, such as process redesign or reengineering, and resistance from the credit personnel, among other things.

A number of factors should be considered before using the Internet. An illustrative list follows:

1. The speed with which credit needs to be approved.
2. The frequency of routine vs. non-routine (such as exceptions, high-dollar value items or risky customers) credit approval decisions. The higher the frequency of non-routine decisions, the lesser the use of the credit approval system.
3. Accuracy and integrity of the information available on the vendor’s Web site.
4. The decision tool should be evaluated for accuracy, customization capabilities, expertise and training required for using the tool, updating routines and data import/export capabilities.
5. Ability of the automated service to integrate with existing legacy or ERP systems.
6. Relative costs involved in in-house vs. outsourced credit approval decision. For example, costs saved — such as redeployment of credit personnel, no investment in software and hardware, no recurring maintenance expense; against costs incurred — such as lost expertise, treatment of exceptional cases, monthly payments, cost of dedicated connections and stability of the service provider.

The Internet has opened new ways to approach credit approvals. The Internet-based resources can speed up the credit approval process and support various degrees of automation. Various levels of services are offered by such Internet-based companies. Acquiring information about the customers from proprietary and public databases, feeding customer information into decision tools available on the Web or customizing the entire credit approval process; whatever the requirement, the Internet can be profitably leveraged to improve the credit approval process.