Financial Operations Magazine Summer 2014 by Lloydmedia Inc

Q2 SUMMER 2014 • Canada’s Independent Magazine

Data and Documents Key elements to document compliance in today’s physical, hybrid, and electronic environment

AML Compliance: Canada’s Budget Implementation Act

Take control of your VAT compliance

Four reasons to adopt the cloud PM40050803

Contents

SUMMER 2014

Volume 1 Number 2

8 4 News

14 Going green in accounts payable

to reduce risk, streamline invoice processing, and manage cash better

29 Events Features 8 Key elements to document

compliance in today’s physical, hybrid, and electronic environment Steps companies can follow to achieve records compliance through an effective records management program

12 Fighting fraud with big data

Support your sustainability, risk management, and cash management goals by going paperless

22 Company Profile

A look at Integrim – then and now

24 COMPLIANCE

Take control of your VAT compliance

16 Keep your eye on the ball

26 TEchnology SPECIAL REPORT

Achieving precision with highperformance analytics

18 The business case for unstructured data governance

Through using the new predictive analytics, banks can develop a more secure system

Implementation Act brings tightened regulations

Tips to follow to facilitate implementing and maintaining the principle of least privilege

20 Regulatory

Can you trust the data in your disclosures?

27 TEchnology Today

Four reasons managers should adopt accounting and finance in the cloud

30 Industry Update

Canadian businesses continue to be complacent about information security

AML Compliance: Canada’s Budget

Also Publishers of

Publisher and Editor-in-Chief Steve Lloyd steve@financialoperations.ca Editor Karen Treml karen@financialoperations.ca Creative Direction / Production Jennifer O’Neill jennifer@financialoperations.ca Photographer Gary Tannyan

Advertising Sales Mark Henry mark@financialoperations.ca Chantal Goudreau chantal@financialoperations.ca For subscription, circulation and change of address information, contact subscriptions@financialoperations.ca Subscriptions available for $40.00 year or $60.00 two years. 2014 Lloydmedia Inc. All rights reserved. The contents of this publication may not be reproduced by any means, in whole or in part, without the prior written consent of the publisher. Printed in Canada. Reprint permission requests to use materials published in Financial Operations should be directed to the publisher.

Publications Mail Agreement No. 40050803 Return undeliverable Canadian addresses to:

Circulation Department 302-137 Main Street North Markham ON L3P 1Y2 t: 905.201.6600 • f: 905.201.6601 info@financialoperations.ca www.financialoperations.ca Made possible with the support of the Ontario Media Development Corporation Ontario Interactive Digital Media Tax Credit

Canadian Equipment Finance

www.canadianequipmentfinance.com

Canadian Treasurer

www.canadiantreasurer.com

Payments Business

www.paymentsbusiness.ca

Direct Marketing www.dmn.ca

Contact Management

www.contactmanagement.ca

Financial Operations | SUMMER 2014 | www.financialoperations.ca

NEWS Kevin Deveau appointed head of FICO Canada FICO, a leading predictive analytics and decision management software company, has appointed Kevin Deveau to lead its Canadian operations. Deveau has more than 30 years of experience providing information technology solutions to clients in the financial services, insurance, health care, retail and government sectors. Since Deveau joined FICO in 2010, he has been one of the company’s top client partners, securing more than $50 million (CAD) in new business. In his new position, Deveau will lead the team responsible for growing FICO’s Canadian market share and strengthening relationships with FICO’s clients. Deveau will work with existing and potential clients to help them leverage FICO’s technologies and solutions, which utilize innovative analytic applications to provide a competitive advantage and enable better decision-making. “Kevin has achieved a tremendous amount of success during his four years at FICO, and his experience with clients in financial services, FICO’s core business sector, is invaluable,” says David Vonk, vice-president of client services at FICO. “In his new role, he will lead our team in providing advanced predictive analytics and decision management solutions that will help our clients thrive in an increasingly competitive marketplace.” “FICO is poised for dramatic growth in Canada as the adoption of Big Data analytics becomes more widespread,” says Deveau. “FICO works closely with a range of Canadian clients, from the major banks to insurers to leading retailers, helping them gain an analytic advantage over their competitors.” Prior to joining FICO, Deveau was the chief operating officer for ICOD Inc., a provider of cloud-based business and technology solutions to the global financial services industry. He was instrumental in growing the small company from less than $500,000 to $15 million in annual revenue. FICO has been operating in Canada for more than 20 years, providing decision management solutions, analytic tools and scores. The FICO® credit score, administered by Equifax and TransUnion, is the top scoring platform for Canadian lenders.

First Data, Trustwave bring new level of data security to small- and mid-sized businesses Trustwave with its cloud-based information security and compliance services and First Data, a payment technology and services solutions provider have joined to provide data security to small- and mid-sized businesses. Businesses that use First Data payment processing services will have access to a solution delivered through Trustwave’s cloud-based TrustKeeper platform that will deliver security through cost effective, purpose-built, endpoint security, and advanced e-commerce vulnerability monitoring while helping businesses achieve and maintain compliance with the Payment Card Industry Data Security Standard (PCI DSS). The core services will provide small businesses access to information security services designed to help protect them from malware and viruses, critical system changes, unauthorized devices, security misconfigurations, and non-compliant payment card storage. In addition to easy-to-use PCI DSS compliance tools, Trustwave and First Data plan to offer businesses: • Malware and Anti-Virus Protection - uses a combination of signatures and behavioral analysis to help protect systems from viruses and other malware. • File Integrity Monitoring - scans critical systems and components for changes that may be caused by a data breach or malware. • Unauthorized Device Alerting - informs businesses about unauthorized devices, workstations and servers connected to their network. • Payment Card Data Storage Scanning - verifies that payment card data is not being stored unencrypted. • Security Configuration Monitoring - verifies that basic security controls are configured properly. First Data customers can also access additional Trustwave Managed Security Services designed to help them address various information security threats while alleviating the pressures created by resource constraints, skills shortages, compliance requirements, and the rapid adoption of new technologies.

Incidence of corruption in Canadian organizations disturbingly high Twenty per cent of Canadian executives believe bribery or corrupt practices happen widely in business in this country, says the ‘Global Fraud Survey’ by EY. “That’s disturbingly high,” says Mike Savage, EY partner and Canadian fraud investigation and dispute services leader. “Corruption interferes with fair competition for business. To overcome that, companies really need to create a culture where ethical behaviour is at the core of their operations – not just at home in Canada, but also at their overseas operations. They also need to encourage people to speak up if they think something isn’t right.” The survey finds that while 74 per cent of Canadian organizations have whistleblowing hotlines in place, that number is still much lower than countries like the U.S. (96 per cent) and the UK (82 per cent). “The good news is that recent public enforcement action by Canadian authorities does appear to have raised awareness of bribery and corruption here,” says Savage. “A full 90 per cent of Canadian respondents said there are

Financial Operations | SUMMER 2014 | www.financialoperations.ca

NEWS clear penalties for breaking the antibribery/anti-corruption policies. That’s up from 78 per cent two years ago, and higher than the global average of 73 per cent.” Meanwhile, the survey finds 30 per cent of Canadian organizations see cybercrime as a significant risk. Still, 60 per cent say the threat of hackers concerns them. “The number of Canadian organizations that think cybercrime is a significant risk is

Prevent

Accounts Payables loss.

Protect

Revenues.

unexpectedly low,” says Savage. “In reality, the risk is real – and it’s growing.” While the pressure on companies for timely disclosure of breaches is rising in many jurisdictions, the survey found 74 per cent of businesses globally did not disclose a public breach of security. “High-profile cybercrime incidents are making headlines on a regular basis,” says Savage. “Companies need to have a robust incident response strategy in place, or risk significant reputational – and financial – damage. They can’t afford to ‘play it by ear’ when an incident arises.” The report identifies the following strategies for companies to address fraud in their organizations: • Board engagement. Boards need to appropriately challenge management and request regular updates regarding fraud, bribery and corruption risk assessments. • Big data. Mining big data using forensic data analytics tools can improve compliance and investigation outcomes and can help management provide useful summary information to the board. • Anti-corruption due diligence. Specialized due diligence should be the

norm, not the exception. • Escalation procedures. Companies should have clearly defined escalation procedures, whether to respond to a whistleblower or a cyber incident, to minimize the damage being done. • Training. Companies should have tailored ABAC training programs; business unit leaders should be evaluated on participation levels, and C-suite executives need to lead from the front. • Budget support for internal audit and compliance functions. These play essential roles in both improving standards of business conduct and in keeping the company out of trouble. Most importantly, however, the report urges companies to reinforce their commitment to ethical growth. “Organizations need to set the tone from the top that fraud and corruption are serious issues that won’t be tolerated,” says Savage. “Boards should be demanding that their organizations go beyond the basic building blocks. Without a company culture that demands transparency to minimize fraud and help prevent cybercrime, companies are putting their entire business on the line.”

New penalties for illegal electronic sales suppression software CaseWare Continuous Monitoring Solutions n 24/7 monitoring for all transactions n Resolve issues immediately n Discover Root Causes

n Gain Insights & Improve AP Process

Learn more at www.casewareanalytics.com call 1-800-265-4332 Ext 2803 salesidea@caseware.com CaseWare™ is a registered trademark of CaseWare International Inc.

The Canada Revenue Agency (CRA) is aware that electronic sales suppression (ESS) software is being marketed and sold to Canadian businesses. As part of its efforts to combat the underground economy, it has introduced new measures to address this problem. ESS software (commonly known as zapper software) is illegal. Designed to work with point-of-sale systems and electronic cash registers, businesses use this software to knowingly delete part of their sales from their computer records to reduce their GST/HST and income tax obligations. Using ESS software offers an unfair advantage to those who use it to circumvent Canada’s tax laws, which in turn undermines the competitiveness of businesses that follow the rules. The Government of Canada is committed to protecting the integrity of Canada’s tax system. New measures took effect on January 1, 2014 that allow the CRA to impose civil and criminal penalties for designing, using, possessing, acquiring, manufacturing, developing, selling, possessing for sale, offering for sale, or otherwise making available ESS software. Individuals and businesses who possess or use ESS software now face monetary penalties, court fines, and possibly even jail time. The penalties for using ESS software can be up to $50,000 and jail time up to two years. Anyone who manufactures,

Financial Operations | SUMMER 2014 | www.financialoperations.ca

develops, sells, possesses for sale, offers for sale, or otherwise makes available ESS software faces up to $100,000 in penalties and up to five years in jail. The CRA is working hard to detect and deter those who choose not to comply with tax laws, so that all income is reported, the proper amount of taxes is paid, and the tax system is fair for everyone. This includes working to identify those who design, use, possess, acquire, manufacture, develop, sell, possess for sale, offer for sale, or otherwise make available ESS software. By discouraging the use of ESS software and penalizing those who continue to use it, the CRA is helping to ensure a level playing field for all businesses and taxpayers. Although customers may not notice if a business is using ESS software, they can still do their part by always asking for a copy of their receipt. If you know of any taxpayer who is not complying with the tax laws, let us know. We will review the information and, when warranted, take appropriate action.

If you have been using ESS software and want a second chance to correct your tax affairs, you can make things right through the CRA’s Voluntary Disclosures Program (VDP). The VDP allows taxpayers to correct inaccurate or incomplete information or disclose information they have not previously reported to the CRA. If they make a valid disclosure before they become aware that the CRA is taking action against them, they may only have to pay the taxes owing plus interest. If your business has been contacted about ESS software or if you have information that could help the CRA identify someone who develops, sells, or uses the software, you are encouraged to contact the CRA Informant Leads Program for information on how to report suspected tax evasion. For more information on the new measures to combat the use of ESS software, read the questions and answers or visit Electronic suppression of sales.

For breaking news and in depth news features, visit our website at www.financialoperations.ca

AUTOMATE

Accounts Payable • Accounts Receivable • Purchase Orders

See an average of 30% to 50% ROI in less than 6 months.

eliminate manual data entry. Match invoices and POs. eRP ready.

INTEGRIM.COM

For 21 years we have removed paper from business processes using imaging technologies. We offer reliable solutions like SenSaaS in the Cloud, On Premise, or Hybrid.

TOROnTO • MOnTReAl• QuebeC Financial Operations | SUMMER 2014 | www.financialoperations.ca

Data & Documents

Key elements to document compliance in today’s physical, hybrid, and electronic environment Steps to achieving records compliance with an effective management program

By Warren McDougall and Alex Stojkovic

ith today’s rapid and constant changes, today’s organizations are continually being challenged in the struggle to manage physical and electronic records. Appropriately named by the records management industry, the merging of these two types of records is being referred to as a ‘hybrid record’. A hybrid record would consist of both an electronic file and a physical counterpart. In attempting to address the root of this problem, one must consider how today’s organizations implement a compliant records management program. How do organizations become compliant when a single record could be shared across various types of media and are located in various different physical or electronic locations?

Developed in 2001, ISO 15489-1 is a set of standards created as guidelines for the records management industry. These guidelines provide an efficient and systematic approach to managing physical and electronic records. Policies and procedures set out within the ISO 15489-1 govern the creation, receipt, maintenance, use, and proper disposal of records from both public and private organizations. This ISO standard governs all records across all formats of media, created or received. The standardization of records management policies and procedures ensures that all records are given the appropriate attention and protection. Through these policies and procedures, the information contained within these records can be retrieved more effectively and efficiently. When looking to create and implement a

Financial Operations | SUMMER 2014 | www.financialoperations.ca

records management compliant program, what are some of the required elements needed? Five elements to consider within your organization are:

1. Organizational policies and procedures As today’s organizations are progressing toward a compliant records management environment, it should be supported by an organizational policies and procedures document. This would be an internal document that addresses each component in accordance with the operational and legal requirements. Organizations should begin their initial records management implementation by conducting thorough research, determining which laws are applicable to their respective industry. Do you have provincial, federal,

Data & Documents

or industry imposed regulations? This may include laws and regulations such as The Privacy Act, PIPEDA, HIPPA, and the Sarbanes-Oxley Act (Canada: Bill-198). An additional consideration when developing an organization’s policies and procedures is to define the roles and responsibilities for all individuals who are accountable for the records management process. This organizational-wide endeavor will allow resources to support all areas in collaboration, such as Information technology, information security, and document management.

2. Records retention A compliant records management program needs to also include a records retention policy. A retention schedule is created to provide a guideline for all information within

the organization. A functional classification organizes records according to the business’s activity for which they provide legal evidence. By consolidating records into a centralized location, this eliminates the duplication of records in other parts of the organization. Regardless of their format, records are treated equally and have one of three designations – electronic, hybrid, or physical. All records should contain the same attributes and functional classification; a physical file should have the same retention as its electronic counter-part.

3. Access of records The process of requesting a physical record needs to be an efficient and affordable process for the end-user. Imagine for a second trying to retrieve a physical record from a risk management records centre that houses

35,000 records. Depending on the location of this record, this could prove to be an extremely time-consuming and an inefficient endeavour. If this is a popular physical record, the inefficiency could be compounded by having to retrieve this record multiple times. Now imagine, a record that is not available when being sought after added to this already labour-intensive situation. As an alternative to physical record storage, there are electronic records that can easily be retrieved and viewed from a desktop, tablet, or hand-held device. An end-user at the same records centre can make a request for a physical document, get it scanned, indexed, and converted into an electronic document for easy retrieval and transmission. This request can be deemed as a hybrid record. Clearly, the advantage of having a physical document electronically scanned is the

Financial Operations | SUMMER 2014 | www.financialoperations.ca

Data & Documents unlimited availability of this record; without ever having to make a future request from the records centre. To implement a successful records management program, an organization’s system must have the ability to match the physical records with its digital counterpart. If integrated successfully, a proper hybrid environment could reduce risks and costs associated with litigation and discovery.

4. Disposal of records As physical and electronic records come to the end of their useful lifecycle they need to be properly disposed of in accordance to their policies and procedures. If managed properly and in a consistent manner, an organization’s adherence to a records retention program will assist in reducing long-term costs and potential legal exposure. In a physical world, this disposal of records is easily managed through a comprehensive document-shredding program created from a NAID certified service provider. In an electronic world, however, disposal of records can prove to be more challenging. How does an organization dispose of all electronic records that could be in video, sound, and various file formats? These electronic records in various formats must be destroyed in a secure manner and simply deleting files from a hard drive is neither a sufficient nor a recommended method of disposal. This difficult and challenging endeavor is currently faced by today’s organizations and the success of achieving a proper electronic compliant program should be an effort left to the chief compliance and technology officers.

5. Records audit and accountability Organizations need to be made aware that to achieve proper document compliance; this is a company-wide endeavour and not that of a single entity within an organization. From front-line employees to management, it is the responsibility of the entire organization to integrate all Policies and Procedures. In order to ensure the success of a records management program, all employees need to be made accountable for the consistent execution of the program. As today’s organizations struggle to work with both physical and electronic records, technology can provide the necessary solution. Technology in the form of an electronic records management system

(ERMS) can assist in bridging physical and electronic records management. As previously mentioned, ideally, an organization has a central repository for electronic and physical records. An ERMS will allow organizations to easily register physical records in structured classifications similar to those of electronic records. The registration of these two types of records under an ERMS allows for easy and efficient management of these ‘hybrid’ files. To understand in further detail, here are five considerations required when managing hybrid records in a corporate environment: 1. Classifications and taxonomy scheme In the world of physical records the term classification is used to categorize records according to business function. An example of a physical classification would be accounting, governance, human resources, environmental, etc. The alternative term for electronic records is taxonomy. An example of an electronic taxonomy scheme would be similar to a physical records classification. The ERMS allows corporations to organize the relationship and location of electronic and physical records. As a function of ISO 15489-1, it allows records managers to perform functions such as categorizing, segmenting, grouping of records, and tagging to support the various organizational needs and business functions. 2. Controls and security As records could be in various formats, organizations must be able to control who is permitted to access these records, as they could contain personal, commercial, and/or sensitive data. Security measures and procedures must be put in place to guarantee the information will be available in case of a system failure or a disaster resulting in a loss of information. 3. Retention and disposal A strong component to a compliant records management program is how you govern the removal of records from operational systems. The defined records retention periods must meet all minimal requirements while managing risks associated with keeping records too long. This will also identify the appropriate methods of final disposal and/or storage.

Financial Operations | SUMMER 2014 | www.financialoperations.ca

4. Searching and retrieval An ERMS must also allow users to efficiently and effectively locate and extract any electronic or physical record entered into the system. The ERMS should offer a robustly featured navigation tool that locates records based on search criteria like date, time, location, subject, content etc. Search results will include both physical and electronic records. The ERMS will render electronic records in the proprietary format and physical records will be delivered based on service level agreements. 5. Storage of physical and electronic records Just as physical records deteriorate over time, electronic records can suffer the same fate. The long-term risks for electronic records include media degradation, hardware obsolescence, and format obsolescence. One fact still remains, the longer the life span of a physical record, the more risk and expense it is to maintain. The above elements provide highlights to the important aspects and issues faced by organizations when implementing a records management program. With the integration of an ISO 15489-1 records standard and an electronic records management system (ERMS), today’s organizations can integrate policies and procedures that can better assist them with managing both physical and electronic records. The combination of the ISO 15489-1 and ERMS will ensure an efficient and cost effective records management solution for an organization. Warren McDougall is the business development manager at Blue-Pencil Information Security. He brings a wealth of experience both in the information management and data protection business sector. Warren has a diverse background which includes records management, imaging services, consulting, disaster recovery, risk analysis and business development. Alex Stojkovic is the marketing and communications manager at Blue-Pencil Information Security. With a keen eye on the big picture, Alex is a customer-centric, modern marketer who brings over 14 years of marketing and brand development experience to Blue-Pencil Information Security. Passionate about marketing, he has a diverse background that spans across both online and offline.

Data & Documents

Fighting fraud with big data How banks can use new predictive analytics to make a more secure system By Cheryl Woodburn

ore than three billion dollars are lost to online fraud every year while one in six consumers has experienced some form of credit fraud in 2012. Technology advances such as mobile banking and social networking create great opportunities to better serve customers, but these new technologies also open the door for new fraud threats. As a response, the banking industry must create a more flexible and agile approach to enterprise fraud management. If approached the right way, the promise of Big Data can help banks gain competitive advantages and tighten the defenses against fraud.

The growing fraud threat Banks are facing many different threats today including money laundering, first party and third party fraud on applications for mortgages and payment cards, as well as fraudulent electronic and mobile payments. The traditional fraud defenses look at the issues in silos which can make them largely blind to the increasing number of new maneuvers.

Mobile banking is an important and growing trend that capitalizes on the increasing number of smartphones, tablets, and other mobile devices. The number of connected devices is expected to grow from nine billion in 2011 to 24 billion in 2020. To stay competitive, banks may launch new online and mobile services under time-tomarket pressure without adequate defenses against the new opportunities for exploitation that these services bring with them. The newness of the services, and the unknowns about how fraudulent and legitimate users will behave, make it difficult to extend protection with traditional fraud detection methods alone. Banks have been discussing enterprise fraud management for more than a decade. We are now seeing the leaders embrace a new approach that uses a combination of traditional and new analytics-based systems that address specific fraud management needs, thus linking and potentially replacing legacy systems as needed to provide centralized insight and control. The new approach comes with a new philosophy that integrates the promise of Big Data in smart ways.

Financial Operations | SUMMER 2014 | www.financialoperations.ca

Approaching big data with the right mindset Big Data will make banking more secure, just not in the way many people might think about it. Big Data is not only about access to vast amounts of data or having the right predictive analytics technology. It is, as Kenneth Cukier, data editor at The Economist, recently observed, about having the right mindset – the ability to think differently about data, to see its possibilities. Here is an example about this new type of approach; in fraud detection, traditionally a big focus has been on negative data in credit scoring. However, FICO research has shown that in many regions, positive credit data makes credit bureau scores like the FICO® Score much more predictive than negativeonly data. The inclusion of both positive and negative data, like that which Australia’s credit bureau is planning for 2014, shows that thinking differently about data is as important as the amount of data used. Any increase in data has the potential to be valuable; but Big Data in banking is about an intelligent approach to all data rather than just a focus on new data that’s not already in use. Much has been written about the vast

Data & Documents amounts of Big Data ‘out there’ because the sheer size is amazing – almost three trillion gigabytes of data was created or replicated in 2012, and 2.5 quintillion bytes of data are created every day. The total amount of data doubles every two years. But banks already have a lot of Big Data in-house. While external data, for example from social networking, is extremely helpful too, a first step should be the Big Data that is already collected by banks – attrition triggers, salary deposit patterns, actual income, and repayment percentages.

The right approach with the right technology innovations New fraud detection technologies can bring the available data together in new and meaningful ways and make connections between internal and external data. This includes innovations like application fraud prevention technology that covers advanced analytics for addressing both third-party and first-party fraud types. By turning to these types of more flexible and less costly approaches, banks can rapidly deploy fraud solutions focused on specific customer interaction channels or customer asset classes, and then link them as needed for higher-level customer protection. And while it is often difficult to replace proven channel-specific defenses, these new technologies provide the means to connect these systems with new capabilities and with each other. With the integration of new software capabilities into the fraud management process, financial services companies are also now able to use comprehensive social link analysis to examine personal profiles

across different databases, including social networks like Facebook, Twitter, or LinkedIn. This method identifies connections between people with shared attributes, helps gain greater insight into criminal networks, and significantly mitigates current and future losses from fraudulent activities. Thousands of banks now use predictive analytics software that looks at transactions in real time as they ‘fly by’ in a stream. The software records certain characteristic information about transactions – things like velocity, different spending types, and favorites in terms of where you shop and spend. The inherent neural network models that work almost like a nervous system allow it to predict if a particular transaction is fraudulent. It also looks for activities that are out of character for a customer. Another example of an integrated solution is linking application fraud management with ongoing transactional fraud management. A bank might use rules and a custom application first-party fraud model to make decisions about new account applications. When applications are rejected because of high fraud scores, the application data, score, and decision can then be shared with other areas within the bank to determine if the fraudulent applicant has any linkages, such as common phone numbers or addresses, with accounts already on the bank’s books. Some of these linked accounts may already be in the collections process; by identifying them, banks can treat them appropriately, preventing further waste of collections resources that are spending time trying to collect on fraudsters. Other accounts may still be transacting, without giving signs of the

Highest user adoption

Lowest cost of ownership

true risk they represent. By identifying these signs early, banks can act in time to prevent balance build up and bust-out fraud schemes from succeeding.

From big data to big value Innovation has elevated decision management and predictive analytics to new levels. Current advanced technology systems make it possible to include and combine both in-house and external data – including the analysis of social media profiles and activities – and provide banks with more and better insights for better decision management and, ultimately, more security. Banks need to realize that there is tremendous opportunity in the way Big Data is changing the analytics paradigm and upping the ante on fraud detection and prevention. But they need to look inside the organization as much as they need to look outside. As Big Data grows bigger, the response is to make analytics and fraud detection smarter. This way banks can extend the three ‘Vs’ of Big Data – volume, variety, and velocity – by adding a fourth ‘V’ that is critical for success – value. The technology for Big Data-based predictive analytics and decision management is here today and it will help create a more secure system. ABOUT THE AUTHOR: Cheryl Woodburn is Senior Director of Client Services at FICO Canada, a global leader in predictive analytics and decision management technology. FICO’s innovative solutions include the FICO® Score, along with industry-leading solutions for managing credit accounts, identifying and minimizing the impact of fraud, and customizing consumer offers with pinpoint accuracy. Most of the world’s top banks, as well as leading insurers, retailers, pharmaceutical businesses and government agencies rely on FICO solutions to accelerate growth, control risk, boost profits, and meet regulatory and competitive demands.

Highest rate of standardization

Award-winning customer service

Why us? We make software

solutions that empower all your decision-makers…because everyone makes decisions.

Business Intelligence and Analytics | Integration | Data Integrity informationbuilders.com WebFOCUS

iWay Software

Get Social

Omni

Financial Operations | SUMMER 2014 | www.financialoperations.ca

Data & Documents

Going green in accounts payable to reduce risk, streamline invoice processing, and manage cash better Eliminating paper invoices can support your sustainability, risk management, and cash management goals By Chris Rauen

veryone talks about the environmental benefits of going green. While the planet will certainly thank us one day for the changes we make today, you can also expect a certain degree of gratitude from your accounts payable department. Major companies today, especially those that operate on an international scale, take on a considerable amount of risk in the management of their financial supply chain. That’s evident in the many traps and hazards that can complicate and delay the processing of paper invoices. It’s no surprise, then, that more organizations are looking to eliminate paper invoices to reduce risk and, in the process, ‘go green’. To achieve both objectives, more organizations are turning to business

networks to improve the way accounts payable handles invoice processing and manages cash, transforming the accounts payable function from a cost center to a profit center. Many AP organizations have considered scanning and optical character recognition (OCR) as a first step to invoice automation. But the larger opportunity comes from eliminating the invoice errors that scanning and OCR can’t address, such as enforcing compliance to purchase orders and contracts, and expanding early payment discounts to increase the returns on cash. Business networks provide an ideal platform for doing this. Just as consumers have tapped into personal networks like Facebook, Twitter, and Amazon to connect and collaborate in new ways, now leading companies are leveraging business networks to connect and collaborate around core business processes such as the

Financial Operations | SUMMER 2014 | www.financialoperations.ca

management of purchase orders, invoices, and payments.

The ‘Smart Invoice’ network Invoice processing is an area ripe for business process improvement and business networks today have responded with ‘smart invoicing’ capabilities. To more effectively handle the many invoice errors that plague the accounts payable function, network-based electronic invoicing offers user-configurable business rules that can address just about any invoice processing requirement. These include applying line item unit price tolerances to order confirmations, setting or ignoring country-specific invoice rules, allowing suppliers to send invoice attachments, making the requester responsible for ensuring the appropriate accounting on non-PO invoices, and much more.

Data & Documents Once you set the rules, all invoices must conform to them. Invoices that don’t are automatically flagged before they reach AP, and returned to suppliers for correction and re-submission. What results is a ‘smart’, largely touchless invoice process that drives productivity through the roof. Business networks also provide the ability to deliver electronic purchase orders, making it possible to generate an electronic invoice from the data on the PO and ensure that invoices comply with preferred suppliers and negotiated prices. While the ability to support compliance is not something that accountants typically pay close attention, it is essential to the business, as it ensures that negotiated savings actually reach the bottom line. What about management of non-PO invoices, which are often the most difficult and costly invoices to process? Here again, business networks can provide valuable support by allowing you to match the invoice against – or create an invoice from – a contract.

New approach to managing cash Beyond simplifying their day-to-day routine, business networks can also help accountants

assume a more strategic role by helping to manage cash better. To an organization that takes weeks to process an invoice, an early payment discount is the exception, not the rule. By streamlining invoice processing over a business network, however, organizations can capture virtually all available early payment discounts. In addition, business networks enable a new form of dynamic discounts, where pro-rated, sliding-scale discounts can be taken up to the due date of the invoice. Top performers following best practices are achieving $2 million to $3 million in early payment discounts for every $1 billion of spend, and providing suppliers with needed liquidity to help with their cash flow. Here’s how it works: In return for a discount, you accelerate payments for approved invoices to key suppliers. You earn an immediate – and better – return on your cash than you would by simply parking it in traditional, low-return liquidity vehicles. Your trading partners, in turn, can use the cash to fund their daily business needs and ensure they can meet your ongoing demands. To make this happen, accountants can be the catalysts, providing valuable

counsel to their treasury colleagues on the new opportunities to manage cash. Many treasurers are obsessed with delaying payments to preserve float, but today the earnings on cash balances are dismal. You can educate them, and others in the finance organization, on how early payment discounts can deliver double-digit cash returns, with no risk. How did we get from a discussion of risk and going green to cash management? Welcome to the new world of collaborative finance, where you and your suppliers can leverage the power of a business network to reduce risk, manage cash better, and give new meaning to the term ‘going green’. ABOUT THE AUTHOR: Chris Rauen is responsible for marketing programs at Ariba, Inc. that educate finance, procurement, supply chain, and other business professionals on the transformational potential of the Ariba Network and Ariba Financial solutions. Before joining Ariba, Chris spent more than 15 years in business-to-business marketing for technology innovators OpenVision, Documentum, and Xign Corporation. His published works have appeared in a variety of technology, trade, and business press, including Business Week, Fortune, Nation’s Business, Dow Jones Capital Markets Report, Enterprise Systems Journal, PC World, and Portable Office.

It’s not easy to stay on course. We can keep you in the right direction.

The technology and experience it takes to op mize your financial processes.

aocsolutions.com Financial Operations | SUMMER 2014 | www.financialoperations.ca

Data & Documents

Keep your eye on the ball Get laser-sharp precision with high-performance analytics By Ellen Joyner-Roberson

eep your eye on the ball; in this case, the ball is your data. There is so much data today – and coming from so many places – that it’s no longer feasible for you to keep that information in multiple places across your organization. Those silos are risky because what starts as a cyber-attack can often lead to fraud or money laundering, which is difficult to detect when data is scattered everywhere. Today, many institutions across a variety of industries are starting to look at cyber, fraud, and money laundering as a more holistic operational risk. Traditional security and fraud systems are not capable of keeping up with the behavior beyond each system layer to tell if it is different in some other part of the organization. Collaboration on the decision-making process is critical to understanding what constitutes normal behavior versus abnormal behavior so you can take action before it is too late. The next generation of fraud and security systems shares insights between applications – in real time – to enable better decisions, more efficiently. Each application should be carefully assessed for security, so you can decide if a replacement is necessary. The White House recently announced Executive Order 13636 – Improving Critical Infrastructure Cybersecurity. “A key objective of the framework is to encourage organizations to consider cybersecurity risk as a priority similar to financial, safety and operational risk while factoring in larger systemic risks inherent to critical infrastructure.” This new framework, while not mandated, is one step in influencing global organizations to reassess their processes,

Financial Operations | SUMMER 2014 | www.financialoperations.ca

technologies, and people skills required to tackle this issue up front. Advanced analytics and big data management bring the power of situational awareness to help you mitigate risk. There are two key ways you can keep your eye on the ball: 1. Operationalizing real-time analytics

ensures that you see the abnormalities in your environment as they happen. For example, real-time analytics will map internal data with external threat feeds and ingest that information in an event stream that looks for changes in behavior with lightning-fast speed. This will put your organization in a better position to proactively defend and guard against the bad actors. 2. Conducting post-event analysis

allows you to visually analyze large amounts of data to look for trends that explain what happened. It also provides useful insights into what leads to these types of attacks – their motives, tactics, techniques, and procedures. This type of investigation requires visual exploration tools that are capable of working with large amounts of data. It is a delicate balancing act to effectively manage risk without losing the faith of your customers. Think about the next generation of technologies for laser-sharp tuning and the right level of protection. Make the most of your data and don’t forget to keep your eye on the ball. ABOUT THE AUTHOR: Ellen Joyner-Roberson serves as the Security Intelligence Principal Marketing Manager for Worldwide Alliances and Solutions for SAS. She is a veteran of 26 years with the institute and provides expertise with technology and marketing strategies based on industry objectives and market trends. Ellen leverages her knowledge and extensive experience in order to develop highly effective and targeted marketing strategies to promote SAS as the leader in security intelligence analytics.

Are you responsible for your firmâ&#x20AC;&#x2122;s compliance requirements? Do you manage risk? Is your department responsible for ecommerce? Accounts payable?

Sign up NOW for a free subscription to Financial Operations magazine. Visit our website at www.financialoperations.ca and learn more about the magazine Financial Operations is a Lloydmedia, Inc publication. Lloydmedia also publishes Payments Business magazine, Canadian Treasurer magazine, Canadian Equipment Finance magazine, Direct Marketing magazine and Contact Management magazine.

Data & Documents

The business case for unstructured data governance Implementing and maintaining the principle of least privilege requires knowing who is accessing what data, and where, when, and how they are doing it By Maor Goldberg

oday’s fast-paced businessenvironments require employees to have access to information, where and when they need it. Yet, when it comes to organizational data, it is good management to maintain the principle of least privilege, whereby employees only have required access and certainly not more. This can present some challenges. More than 80 per cent of the organizational data is unstructured and most of it resides within file-servers, NAS devices, portals, and mailboxes. The most common form of unstructured data is files. The challenge is to find a solution to manage and protect this vast data across an enterprise’s unstructured data stores. Any such solution needs to address – where the sensitive data resides; who accesses which resources; when are they accessed and where from; and who should not have access. The following are some of the most common reasons organizations should implement unstructured data governance:

Track sensitive data Inarguably, every organization should be aware of its sensitive information – what it looks like; where it is located; who can access

it; and who has accessed it. Organizational data stores, such as fileservers, NAS devices, and SharePoint portals store high volumes of information. The information is comprised of tens of millions of files, most of which are documents that contain various information types. The organizational data stores are live organisms into which information is constantly being added, duplicated, edited, and deleted. Being aware of the different types of sensitive information that exist across the organizational data stores, where are they located, and their accessibility, is fairly complicated but can be accomplished with a classification engine that documents data based on such things as keywords or wildcards and allows for new classification rules to be added.

Identify data owners and delegate responsibilities As the organizational unstructured data stores grow bigger, the need for locating data owners for shares and folders grows many times more, mainly for two reasons — the IT departments struggle to manage the exponentially increasing amounts of data, and delegation of some aspects of the management processes is requested; and the security departments, all of a sudden, have no clue as to who should have access to folders as there are hundreds

Financial Operations | SUMMER 2014 | www.financialoperations.ca

of thousands of folders. Data owners usually are the creators of the information; they have knowledge as to who should have access to their information, and also the intent to take active part in protecting it. Owners’ identification and allocation can be accomplished with usage statistics, entitlement statistics, or manually. Owners get full independence and visibility to their data.

Streamline compliance: access requests management The IT department of an average small- or medium-sized organization typically carries out hundreds of access requests on daily basis. Usually, access requests are processed by email or over the phone. The amount and unstructured nature of service requests (email, phone) make the process impossible to oversee and investigate. This is why access requests management is a high-profile demand in many organizations and emanates from security, compliance, and operational concerns. It takes large volumes of work off the help-desk and structures the access request process to enable faster response times, compliance, and enhanced security.

Streamline compliance: access reviews and compliance controls Regulated organizations are required to

Data & Documents execute and document dozens of periodic compliance controls. For example, access reviews are a common requirement. Access reviews (access certification) is the process of reviewing granted entitlements across the organizational applications and platforms. The process is performed to make sure the granted entitlements are actually needed and to remove excess entitlements. Collecting and analyzing millions of entitlements across many platforms and managing the review is a challenge faced by most organizations today. However, the effort is certainly worthwhile as studies have shown a dramatic decrease of nearly 30 per cent in the number of entitlements after the first review.

Reduce capital and operational costs High-end enterprise storage is a major IT expense in every organization. Despite the decrease in the cost per GB, the sheer increase in the consumption of the organizational storage makes it a real concern for many CIOs. The everlasting increase of storage also increases the manpower needed for management. Effective management will provide ROI through reduced capital and operational costs.

ABOUT THE AUTHOR: Maor Goldberg is CEO at Whitebox Security. He founded Whitebox Security after recognizing access governance as a critical tool to secure organizations’ petabytes of data over which they previously had little control. Maor cultivated his significant security experience as a member of the Israel Defense Forces, where he served as head of security and networking section, among other roles. Whitebox Security is a leader in the field of identity and access governance. The company pioneered ‘intelligent access governance,’ which combines identity intelligence and identity and access governance in WhiteOPS™, its access governance solution. www.whiteboxsecurity.com

Get visibility: who is doing what, where, when and how? As most of the organizational data is unstructured, gaining visibility into who is doing what with the information is crucial to understanding how users are using the information, who is accessing sensitive information, and who is deviating from the organizational policies. Having this information is a step towards securing the organizational data stores and responding to violations. Looking at the big picture of granted entitlements across the enterprise is vital to accurately estimating potential exposure and risk factors to sensitive data. Having entitlements information from millions of files, folders, mailboxes, and sites centralized and analyzed can indicate such things as who has accessibility to sensitive information (HR, medical, financial, etc.). It can also indicate what types of information are accessible to what audiences (IT department, domain admins, etc.). This information, when combined with knowledge about the actual activities can provide information about who is using their entitlements, who is not, and what permissions are stale.

EVERY DAY IS AN OPPORTUNITY.

Where do you go from here? It’s a new era for payment options in Canada, bringing both opportunity and uncertainty. MNP’s Payments Team helps you understand and manage the risks, so you can focus on growing your business. Doug Macdonald, Payments Strategy T: 416.515.5087 E: doug.macdonald@mnp.ca Matt McGuire, AML & Compliance T: 416.263.6959 E: matthew.mcguire@mnp.ca

Achieve real-time protection With the number of security breaches and information thefts constantly on the rise, just knowing who is doing what is not enough anymore. Organizations need to know and treat violations as they happen; otherwise the information is as good as lost. Defining realtime policies based on various user, machine, and information attributes dramatically increases the odds of preventing information leaks and the damages that come with it. Financial Operations | SUMMER 2014 | www.financialoperations.ca

Canada’s budget implementation act tightens the reins on AML compliance By Matthew McGuire

anada’s Budget Implementation Act introduced in an omnibus bill on March 28, 2014 will introduce significant changes to our country’s antimoney laundering (AML) program once passed. More businesses will have AML responsibilities, including bitcoin dealers and foreign companies offering services to Canadians. Entities that already have AML responsibilities, such as banks and securities dealers, will see their burden escalate. They will be required to conduct enhanced screening of politically connected people, report large international wire transfers to the Canada Revenue Agency (CRA), follow ad-hoc Ministerial directives and share money laundering intelligence and risk management amongst their international affiliates. Some

of the Financial Transactions and Reports Analysis Centre of Canada’s (FINTRAC’s) powers and responsibilities will change too, permitting them to disclose money laundering convictions they supported; but requiring them to delete information in their databases that shouldn’t be there.

Real requirements for virtual currencies and companies The bill extends all anti-money laundering requirements to dealers in virtual currency (presumably including bitcoins – the actual definition of virtual currency will be contained in the regulations) and all money services businesses operating outside of the country that serve customers in Canada. Those businesses will be required to register with FINTRAC and will be required to identify their clients, keep records, file

Financial Operations | SUMMER 2014 | www.financialoperations.ca

Bill O’Neill

Regulatory

reports and detect, prevent and deter money laundering and terrorist financing. This will create greater alignment between Canadian and U.S. standards. Virtual currency exchanges are already regulated in the United States and Canadian companies that operate there are covered by U.S. law. Additionally, financial institutions in Canada will be banned from providing financial services to foreign money services businesses which are not registered with FINTRAC.

Politicians expose reporting entities to additional burden One of the tools available in the battle against corruption is mandatory bank scrutiny of people with political connections. Currently, Canadian financial institutions must investigate their client lists for signs of foreign Politically Exposed Persons (PEPs);

Regulatory those who hold or have ever held a defined foreign position of political power, as well as their family members. Institutions are required to look into PEPs’ sources of wealth, obtain approval to keep accounts open and conduct enhanced scrutiny of their ongoing activities if accounts remain open. Some are critical of this method, given there is no comprehensive list of all foreign PEPs and self-declaration is a generally accepted method of determination. In this bill, the definition of a foreign PEP is expanded to include close personal and business associates of the individual (based on connections the financial institution knows or should reasonably know). Such broad definition and the knowledge standard required will surely complicate compliance and enforcement. Additionally, the bill will require financial institutions to screen for domestic PEPs, those who hold or have ever held defined positions of political power within Canada, as well as their family members and close personal and business associates. In the case of a confirmed domestic PEP, financial institutions in Canada must conduct the same type of diligence as with foreign PEPs (looking into source of funds and obtaining approval for continuance), but there must be latitude about the depth and frequency of activity scrutiny. The same measures are prescribed for the heads of international state-sponsored organizations, their family members and close personal and business associates, if detected through mandatory screening.

Reporting large international wire transfers Financial institutions are now required to report international wire transfers with a value of CAD $10,000 or more to FINTRAC. The bill will amend the Income Tax Act to include parallel provisions requiring those same reports to be filed with the CRA. Related amendments give FINTRAC authority to share information with the CRA related to compliance with that obligation, which suggests that the government will adopt single stream reporting. Remarkably, Income Tax Act amendments written into the bill provide the CRA with powers to directly communicate apparently crime-related tax information with law enforcement. This usurps the role of FINTRAC as an administrative financial

intelligence unit and undermines its role as a privacy guardian.

Share and share alike When the new bill is passed, affiliated reporting entities will be required to develop and apply policies and procedures for the exchange of information among them, for the purpose of assessing risk and detecting or deterring money laundering / terrorist financing. Affiliated entities are those in a wholly-owned parent / subsidiary relationship, or one where both companies are wholly-owned by the same parent company. Combined with regulations which came into effect on February 1, 2014, this may require a system that permits a business relationship risk view incorporating all its countries and lines of business. Accordingly, risk mitigation could conceivably be shared and coordinated across geographies and business lines.

Ministerial directives

FINTRAC. When regulations are released, it will become clear how reporting entities will have to evolve to meet the embedded timelines and possible range of mandated sanction activities.

What to do now? The budget omnibus bill is expected to pass swiftly. Regulations must follow to give practical effect to the amendments. Some requirements, such as international large wire reporting to the CRA, are slated to come into force as early as January 2015. At this stage, we suggest advising boards and senior management about expected changes and their timing. Advance warning about additional laws and regulations expected in the coming months is also advisable. ABOUT THE AUTHOR: Matthew McGuire, CA, is the National Leader of MNP’s AML Services line, part of the firm’s Investigative and Forensic Services practice. To learn more about FINTRAC compliance requirements, contact Matt McGuire at 416.263.6959 or matt.mcguire@mnp.ca, or your local MNP Advisor.

Introduced as a proposal in December 2011, Ministerial Directives (Directives) will become law and provide the Minister of Finance with powers to compel prescribed activities by reporting entities in respect of activities and transactions involving designated countries with little notice. In effect, Procure to Pay, Identify and Directives will Resolve Control Failures Immediately give the Minister alternate and Overpayments, false invoicing and theft of inventory parallel sanctions remain as major sources of fraud. It takes an average powers to those of 342 days to detect a fraud, at which point 89% of all proceeds are unrecoverable. now provided for by the United A must-attend if you want to optimize P2P and have Nations Act a consolidated view of all financial controls across and Economic SPEAKER: multiple systems and prevent revenue leakage or lost. Andrew Simpson, Sanctions Act. The Chief Operating Officer, range of possible CaseWare Analytics EVENT DETAILS: measures includes Presented by Oct 1, 2014 • 7:30-10am mandatory The National Club, 303 Bay St, Toronto M5H 2R1 enhanced due diligence, BRING YOUR TEAM. SIGN UP AS MANY AS 3 INDIVIDUALS AT NO CHARGE. transaction limits and delays, as For more information and to register visit our website: well as mandatory www.ﬁnancialoperations.ca • Seating is limited. reporting to

Financial Operation invites you to a

FREE breakfast briefing in October Register now to reserve your seat at www.financialoperations.ca

Financial Operations | SUMMER 2014 | www.financialoperations.ca

Company Profile

Integration + Imaging =

Integrim With the early tools, knowledge, and concepts of yesteryear, Integrim grew and evolved to a cloud solution provider By Karen Treml

ntegrim is a company that has been developing and integrating ECM solutions for more than 20 years. Initially, it arose from a combination of two core elements – ‘integration’ and ‘imaging’. André Denis, general manager at Integrim, explains that the company emerged from the desire to bring unstructured photo based images back to a structured transaction or data source that would make some meaningful relationships and links for all transactional content.

Early beginnings In the early days, says Denis, the company provided services to help people to use the technology for document capture in the transactional processing of information inside of existing structured data. Transactions, content, contracts, and anything that would be somehow structured in a system, would use the bias of getting unstructured content linked automatically to that information. That’s where Integrim started to elaborate, architect, and put together some turnkey solutions that included some best of breed approaches, he adds. “We essentially picked what we believed to be the best OCR and the best technology to do the scanning and the recognition of handwritten information or barcode information, to bring out the information content to then link that content back to structured information – thus making transactional document management a

reality. This was initially focused toward medium- and large-sized business. The government and insurance sectors were essentially our first customers to take on this type of technology and to really reap the benefits and understand how the electronic version of content could streamline processes and reduce the efforts linked to the sharing, archiving, and managing lifecycles of that content.” So that was the inception, explains Denis, who adds that Integrim evolved from Wang Laboratories, which was instrumental in providing the tools, knowledge, and concepts of providing solutions around electronic document management. “In 1992, Wang was in a tight spot and had to file for Chapter 11 in the U.S. to protect itself from its creditors, says Denis. “At that point in time, it took about twenty-five days to organize and create

Financial Operations | SUMMER 2014 | www.financialoperations.ca

a spinoff company – and that was the start of Integrim.” Basically, Integrim was created by two of the people that had been involved with Wang in promoting, architecting, and putting together solutions that revolved around electronic document management ideas and concepts, and solutions that Wang was providing at the time. That was in September 1992 and they essentially carried on along the same venue and thus were able to propose services for performing analysis and review.

Company Profile Early document imaging Denis explains that at that time it was very early days for companies and organizations to gear up in document imaging. “At the time, we were going around to companies to promote and to ensure everyone had the necessary insight as to how this technology could be useful and beneficial. And in fact, we landed some large implementation work for government agencies,” he says. The first job he reflects on entailed working with the vital stats in Quebec, where marriage, death, and birth certificates needed to be organized, structured, recognized, and indexed, and put into a comprehensive system for retrieval. “Today if you require proof of marriage, death or birth, the query would go against the imaging system that now supports that content throughout the province. That was one of the larger projects we started with in 1994 and this led into also doing the same for the land titles registry where we’ve converted a mass of close to 185 million pages of documents that spans about four years of production that migrated it to a meaningful electronic system (as a sub-contractors for Bell, Fujitsu Consulting and Iron Mountain).” Subsequently, the company made the decision to identify and select different technology vendors and verticals from which it expanded its marketing and its efforts to promote those solutions. The transportation and insurance sectors were the big customers at that time. They bought into the Integrim imaging solutions to reduce their paper trail. After extensively covering those areas, the company began looping into different verticals such as pharmaceuticals and higher education sectors, covering various aspects that enabled it to take the technology and put it to work in different sectors.

Technology in finance About seven or eight years ago the company looked into different capabilities and what technology was providing in the financial world. This was very promising, says Denis, because technology had evolved to extract content regardless of the shape or the layout of the information that needed to be recognized. The semi-structured OCR technology that came about around ten years

André Denis,

general manager at Integrim

ago enabled the company to provide some solutions whereby it didn’t need to tell the system where to look for the information but to let it find the information itself to provide a very readable document that contained a high degree of accuracy. This allowed for advances in the invoice processing world. The company became involved in the AP world from a technology standpoint using electronic document management. The most important factor of what actually led it into the business, says Denis, was that they came into it from deploying and mastering the semi-structured OCR engines and that’s more or less where all the benefits are, as the benefits lie in extracting unstructured information and turning it into structured data at a very reasonable cost.

Send in the clouds Initially, the company was able to offer this solution as a brick-and-mortar approach, to pick and choose the technologies, implement them in-house, and train people to operate and fine tune the system. However, with the advent of the cloud, says Denis, it is now able to offer the same technology in a cloud-based environment, in the form of its SenSaaS solution – a data processing system that allows customers more flexibility and cost-efficiency and enables smaller companies to take advantage of the technology that involves extraction of intelligent data and workflow on a pay-per-use business model. SenSaaS is a game changer, according to Denis, as it allows the company to market the solution on a broader geographic representation because it is not necessary to be on-site for implementation. It can easily be remotely implemented which opens the solution up to any shop or organization with smaller volume that nevertheless wants to get

away from paper and achieve a streamlined operation. “The evolution came naturally because we had the technology on our hands. Once we had the raw potential in our hands, we were able to work with our customer and put things into place for them. The solution provides for consistency and integrity in the processing with a high level of accuracy.” It is very important to have a system that is adaptable and that is flexible to various systems, he adds. “In the past 20 years, we have been very active in integrating systems and technologies together to bring out the value of our expertise – we are able to tie in and bridge gaps between email, fax systems, paper, and various devices so that invoices will make it through the system in a streamlined and simplified manner.” In discussing today’s challenges, Denis says the challenges are no longer really about the technology but instead they lie in getting people to adapt how they actually work. Change management is a vital topic these days and there is a need to get people to change how they are doing things both today and going forward because with the new technology, they will be working on a computer screen. Achieving this adaptation requires ensuring that people have the right insight as to how their jobs will function. “Our job is not only our product offering, but it is also to facilitate the change management required in the new technological environment. In the end, our solutions need to simplify how information is captured and delivered within an organization’s business process, regardless of origin or format.”

Looking forward As a company, Integrim has achieved technology with the SenSaaS model that, as a platform, provides a solution for frontend processing to any type of company that needs to process the information they receive. Going forward, the company says it will play a huge role in helping companies understand what they can truly do with the information they receive through document capture, classification, identification, and extraction, using a platform that facilitates moving unstructured content to structured form. Looking ahead, into the future there will be ongoing evolution of that capability and greater integration with evolving technology.

Financial Operations | SUMMER 2014 | www.financialoperations.ca

COMPLIANCE

Take control of your VAT compliance Determining applicable VAT on sales and purchases is a very complex matter

ith more than 150 countries operating Value Added Tax (VAT) or similar consumption taxes, VAT compliance represents a compelling issue for any company conducting business across international borders. VAT compliance requires special emphasis, as the amount involved is far greater than any other taxation system. In addition to these challenges, regulatory pressures, such as the Sarbanes-Oxley Act in the U.S. and similar legislation elsewhere, are forcing companies to review their VAT processes and related accounting. The following discussion is a high level overview of the VAT system and demonstrates the complexity of VAT compliance when operating in a global market while illustrating ways to stay in control.

The VAT system VAT is levied at every stage of the supply chain, on both goods and services. If a company is allowed full input VAT deduction, it can offset VAT paid to suppliers against VAT on sales to be paid to the government.

Effectively, only VAT is paid to the government for the value that is added in each step of the supply chain (see figure 1). This settlement is made in a VAT return showing how much VAT is due on sales (output VAT) and how much VAT can be reclaimed on purchases (input VAT) for a given period. Businesses need to submit returns in countries where they supply goods or services subject to domestic VAT (i.e., taxable supplies). Domestic VAT applies even if the business is domiciled and established outside of the country of discussion. Besides VAT returns, businesses often are also required to submit listings, statistical returns, reclaim requests, etc.

The complexity of VAT compliance An end-to-end VAT compliance process basically looks like figure 2. There are many complex rules regarding the determination of the applicable VAT on your sales and purchases. These rules and the interpretation thereof vary from country to country, even in the European Union (EU) where the VAT system is harmonized

Figure 1

24â&#x20AC;&#x192;

Financial Operations | SUMMER 2014 | www.financialoperations.ca

for the 28 Member States. These rules and interpretations also frequently change, so itâ&#x20AC;&#x2122;s often difficult to determine how cross-border VAT should be treated. It is even more challenging to achieve and ensure an accurate and efficient processing and reporting of VAT. Each country basically has its own set of requirements for administrating and reporting it. This varies from the frequency with which VAT returns are required (monthly/bi-monthly/quarterly/ semi-annually, annually etc.), the type of returns to be submitted, the number of information boxes to be completed, and the submission and payment deadlines. Within the EU, some Member States currently require up to 100 information boxes to be completed. Some deadlines are very tight, so executing all steps of the process in a controlled way within the given deadline can be very challenging. The EU Commission has recognized this red tape for businesses. Therefore, they are proposing a new standard VAT return. The proposal creates a uniform set of requirements for businesses when filing their

COMPLIANCE Figure 2

VAT returns, regardless of the Member State in which they are remitted. The standard VAT return, which will replace national VAT returns, will ensure that businesses are asked for the same basic information within the same deadlines across the EU. The proposed standard return will have only five compulsory boxes for taxpayers to fill in. Member States are given leeway to request a number of additional standardized elements, up to a maximum of 26 information boxes. If accepted, this proposal may ease the completion of VAT returns in the EU to some extent. However, the underlying process with all the required controls will still be the same. Additionally, by allowing Member States to add 26 information boxes to the five compulsory boxes, differences will remain regarding the completion of returns. Given the complexity of VAT and the local differences in rules and interpretations, the potential for error is very high. VAT errors may lead to regulatory issues, financial penalties, or substantial losses of purchase VAT and last but not least, reputational damages. When multiplied across a large number of transactions in multiple jurisdictions with multiple differing rules, even small errors may result in significant exposures.

Ways to control your VAT compliance process Ensuring VAT compliance across multiple jurisdictions requires a firm understanding of the ever-changing rules and a VAT compliance process with strong internal controls. International businesses are becoming more aware of this challenge and are seeking ways to control their VAT compliance processes.

Manual Some international businesses try to get around this problem by defining internal controls with the assistance of external advisors or internal expertise. This is, of course, a viable option. However, you often

see that the defined controls work well on paper but are never fully executed in practice. Moreover, the procedures are often executed with the use of desktop spreadsheet applications – which do not provide a framework for sufficient controls and audit trails for changes made. This manual method also increases the risk for human errors and inconsistencies in the execution. In the end, the quality of the returns highly depends upon the quality and expertise of the person(s) preparing and remitting the return.

Outsourcing An alternative way is to outsource the execution of the VAT compliance process to specialized VAT compliance outsourcing firms. This may resolve issues around understanding the requirements for the completion and submission of various types of returns in numerous jurisdictions, but does not necessarily improve the quality of VAT returns. The quality of the returns remains dependent upon the quality of the data in the company’s information system. In the event that an outsourced partner receives or obtains sufficient detailed transactional information, the outsourced partner should be in a position to improve the quality of the data entered in the returns by performing proper checks. Unfortunately, most standard VAT reports available within information systems such as ERPs do not contain sufficient detailed transactional information. Therefore, outsourcing can only add value to the control over a company’s VAT process when extraction of detailed VAT data is possible.

Technology More and more international businesses are using technological solutions. The technological solutions in this respect basically fall into two categories: tax determination solutions (tax engines) and reporting and analyzing solutions (compliance tools). Tax engines are designed to integrate with ERP systems and make accurate tax decisions on the purchase and sales transactions

processes within the ERP system. Tax engines are constantly updated for changes in rules, rates, and invoicing. With this solution, businesses no longer need to keep track of VAT rules and changes across the multiple countries in which it operates; they are automatically updated and maintained by the tax engine. Compliance tools are designed to automatically complete and submit various VAT forms to taxing authorities or other governmental bodies with the data it receives directly from the ERP or through manual imports. Some of these solutions have sophisticated analysis functionality that a client can use to pre-define all the checks they want preformed on their data and apply the checks to a high volume of data simultaneously. Any findings can then be corrected and any changes are logged in the audit file. When compared to manual checks performed in Excel spreadsheets, businesses can tremendously improve on efficiency, consistency, and accuracy. The combination of a tax engine (VAT determination and calculation) and a compliance tool proves to be a very powerful solution for staying in control of your VAT compliance process. In an increasingly complex indirect tax world, there is a need for a controlled and visible end-to-end VAT compliance process for internationally operating companies. Technological solutions are key to achieving this goal. ABOUT THE AUTHOR: Casper Winkelman is co-founder and managing director of VAT Resource, a company recently acquired by Taxware. Casper is a tax lawyer with more than 17 years of experience in VAT. Casper has gained international VAT experience as a consultant at Arthur Andersen in Amsterdam, NL, and in the industry as VAT Director at KPNQwest in the Netherlands, a Pan-European telecommunications company. Since 2002, Casper has assisted many international clients in streamlining and managing their VAT compliance processes. In this respect, Casper has gained unique practical expertise by working with various types of organizations and financial systems and has been involved in several VAT technology solution projects.

Financial Operations | SUMMER 2014 | www.financialoperations.ca

Technology Special Report

Can you trust the data in your disclosures? You need to know where your data is coming from By Mike Sellberg

retty close isn’t good enough when it comes to the data in the footnotes of disclosures or other reports – they have to be absolutely accurate. In financial reporting, collected numbers are used not only in regulatory filings, but many other internal and external reports. Financial reporting teams often rely on software that wasn’t built to manage the collaborative data-request and compilation process. These tools can’t sufficiently integrate data into the reports that drive critical business decisions – which often results in manually copying and pasting tables, data, charts, and content among documents. Because of these inefficiencies, 72 per cent of CFOs don’t trust their numbers.1

do you collect this data? Are you prepared to handle an exponential amount of it?

Data request

This distrust comes from the lack of controls and accuracy around gathering unstructured data. Companies struggle with the main areas of the data collection process: the request process, the compilation process, and data management.

The request process starts with one spreadsheet template sent to multiple users. A standard template is created and individuals from business units or departments need to fill it with critical data. Within this request process, it’s difficult to ensure the data provider will fill out and send back data in the same exact format. You can’t restrict users from making unwanted changes, creating headaches when comparing and aggregating the spreadsheets. Communication around input requirements for Excel® spreadsheets, using colour-coding and instructions, becomes confusing for the providers. And if the template needs a change or an update, the process must begin all over again. This creates multiple versions of a template, resulting in version control issues and increasing the risk of outdated submissions. It’s shocking that these numbers end up in quarterly financial disclosures or reports that are delivered to key stakeholders.

The process

Data compilation

Step one is gathering structured data from an ERP system or a general ledger and then collecting unstructured data – such as information from a team member’s ad hoc reports or an email with embedded numbers. Companies may have a series of systems in place to gather some types of data, but the majority of useful data lives in an unstructured work space, such as in an Excel® template, invoice, email, or on a user’s hard drive. Collecting, validating, and aggregating these values can be a time-consuming task. And the need to integrate unstructured data into financial and management reports will only grow, with predictions that unstructured data will grow exponentially over the next decade. Take a look at your process, and follow the numbers back to their source. How

Completed templates have been collected, but it is now up to the template manager to combine and consolidate all of the information. According to finance professionals, 81 per cent say they have to combine data from multiple spreadsheets.2 This process is often manual, opening each spreadsheet from the different departments or business units to get the information needed. Risk of error increases each time a number is rekeyed or copied and pasted from multiple documents and versions. This manual aggregation process is inefficient and lacks an effective audit trail.

Is your CFO part of the 72 per cent?

Data management Template managers effectively act as babysitters of collected data, spending

Financial Operations | SUMMER 2014 | www.financialoperations.ca

valuable time figuring out if the spreadsheets are trustworthy. They waste time on non value-added tasks, reducing their efficiency. Knowledge workers waste up to 50 per cent of time hunting for data, identifying and correcting errors, and seeking confirmatory sources for data they do not trust.3 The process is also insecure. Templates sent back and forth between emails and shared drives lack user permission controls. This process forces template managers to decide between split templates dependent on the user and collection process or increasing risk by allowing all users to access each other’s sections.

Technology is taking the market by storm These antiquated data collection processes are being left behind as companies regain control. There is a growing understanding that traditional data systems and document sharing websites aren’t enough. Technology is making it possible for users to supplement the data found in their ERP systems with easily collected, ad-hoc information. It’s a race to get the best insights as fast as possible. But the first step is ensuring that you are seeing the entire picture. You need all your data, and you need it now. Don’t let your CFO be part of the 72 per cent who don’t trust their numbers. Follow your numbers, and see what improvements can be made. ABOUT THE AUTHOR: Mike Sellberg is Managing Director of Workiva, formerly WebFilings, a provider of complex business reporting solutions. It is used by more than 60 per cent of the Fortune 500. The company’s Wdesk cloud-based product platform brings ease and control to compliance, management, risk, and sustainability reporting. Visit workiva.com. 1 “Financial Close Benchmark Report.” (2013). ADRA Match. Retrieved from http://info.adramatch.com/rs/adramatch/images/ Financial%20Close%20Benchmark%20Report.pdf 2 “Spreadsheets in Today’s Enterprise.” (2013). Ventana Research. Retrieved from http://ww2.ventanaresearch.com/SS212012_ SS21BRESRegistration.html 3 Redman, T. “Data’s Credibility Problem.” (2013). Harvard Business Review. Retrieved from http://hbr.org/2013/12/datas-credibilityproblem/ar/1 Excel is a registered trademark of Microsoft.

Technology Today

Four reasons managers should adopt accounting and finance in the cloud From cost consideration to security concerns, moving to the cloud carries strong benefits.

o keep up with everchanging laws and regulations, streamline processes, and cut costs, more and more global accounting and finance firms are using cloudbased systems. In fact, 57 per cent of North American finance and IT leaders surveyed by Saugatuck Technology expect the cloud to replace traditional solutions within the next two years. And a 2014 Dell security report found that 73 per cent of businesses in the top 10 global markets already use the cloud to host their data or apps. Some Canadian experts bemoan the finding that companies lag behind their U.S. counterparts when it comes to cloud adoption – by as much as 10 per cent according the 2013 IDC Canada and Telus Corp. ‘Enterprise Cloud Study’. However, Canadian business and IT leaders are slowly becoming converts, with experts predicting that traditional hosting and outsourcing will fall in the next two years as the cloud takes their place. Canada is on the cusp of a major shift in financial data technology. Has your company made the switch? If not, here are four reasons cloud-based systems could be right for your business.

1. Cost One of the key reasons executives are moving data to the cloud is to save money. The cloud can help cut costs in areas such as software maintenance, updates, security, and customization. It also reduces the need to purchase

expensive hardware and maintain and upgrade in-house servers. The main cost of cloud hosting is the subscription fee. Because of its lower up-front cost and reduced need for IT staff, cloud computing is especially attractive for small and mediumsized businesses.

or time zone. According to the Saugatuck report, executives who have moved to cloud-based accounting and finance systems report that they’ve shaved off as much as 95 per cent of the time that it used to take to just close the books.

2. Productivity

Security breaches are a major concern when it comes to storing sensitive financial data. Most cloud providers offer 24/7 security and several forms of backup. Additionally, security is sometimes included in the subscription cost, adding economic value.

Besides reduced expenses for hardware, software, and personnel, cloud computing also saves money by helping companies become more efficient and productive. “It could take eight to 12 weeks to get a server installed and configured. With some cloud solutions, it could take eight to 12 minutes,” says David Brassor, a cloud consultant from Deloitte Canada. When multiple users manually enter information, mistakes happen. Cloud-based services offer the same interface to all users, thereby standardizing the data entry process and making sure it’s complete. They also aggregate and integrate the data more easily and efficiently than traditional systems. Combining these functionalities with regular updates reduces the risk of noncompliance.

3. Agility Cloud-based systems are flexible Cloud-based systems are flexible and efficient. They are a boon to companies undergoing expansion (or contraction) and help reduce paperwork. And because the cloud does not reside on one platform, data is easily shared regardless of location

4. Security

provides, it’s easy to see why the majority of finance and IT leaders expect it to dominate the accounting and finance world in the future. Before purchasing a subscription, sit down with the head of your accounting and finance, IT, and legal departments to consider bids and select the service that’s right for your company’s needs. This article is provided courtesy of Robert Half Canada, parent company of Accountemps, Robert Half Finance & Accounting and Robert Half Management Resources.

As long as the company follows the numerous regulations and policies protecting consumer rights, they can transfer data to private cloud servers. Canada’s ‘Personal Information Protection and Electronic Documents Act’ (PIPEDA) does not forbid cloud computing or even most cross-border data transfers. This last point is important because the U.S. serves more than half of Canada’s IaaS (Infrastructure as a Service) needs, though this percentage is decreasing as more Canadian cloud vendors step up. With all the convenience and efficiency that the cloud Financial Operations | SUMMER 2014 | www.financialoperations.ca

Reach marketers & financial executives Our magazines are must-reads for key executives in core corporate competencies.

Can you help our readers: • Create a strong financial structure and healthy economic ecosystem to ensure capital and cash flow keep their engines running? • Determine who their customers should be, how they can reach them most effectively, and how they can turn data-driven marketing into profitable sales? • Build efficient and effective financial systems to enhance payments and billings between their companies and their customers and vendors? • Convert all the data and information they collect from every contact point into tangible benefits that increase revenue and reduce costs? • Equip their companies with the tools, technology, systems and hardware needed to manage their operations, to create new services or products, and deliver them to their market? • Manage their customers with smoothly functioning support departments that are properly staffed and equipped to solve problems, foster loyalty and retain customers? • Make any or every step in that chain better, faster, cheaper, and more profitable?

We can help you tap into the ecosystem at the points that will drive your campaigns. To advertise or get more information and media kits:

905-201-6600 | 1-800-668-1838 | 302-137 Main Street North, Markham ON L3P 1Y2 Visit our websites:

Direct Marketing magazine, www.dmn.ca Contact Management magazine, www.contactmanagement.ca Payments Business magazine, www.paymentsbusiness.ca

Canadian Treasurer magazine, www.canadiantreasurer.com Canadian Equipment Finance magazine, www.canadianequipmentfinance.com Financial Operations magazine, www.financialoperations.ca.

Vendor classified We've got your risk, management, compliance, and sustainability reports covered.

Guarantee your liquidity

905.670.4838 1.888.503.4528

See why over 60% of the Fortune 500 trust Wdesk.

becoMe THe beST In claSS for your accounts Payables, accounts receivables and Pos.

FINANCIAL OPERATIONS readers are executives and managers with whom you can build profitable long-term relationships.

INTEGRIM.COM

To advertise in Financial Operations Vendors Directory

For 21 years we have removed paper from business processes using imaging technologies. We offer reliable solutions like SenSaaS in the Cloud, On Premise, or Hybrid.

ToronTo • MonTreal• Quebec

Contact: Chantal Goudreau

chantal@financialoperations.ca

Get your ad on this page for as little as $248 per issue

Vendor Classified advertising call Chantal Goudreau at 905-201-6600 x 224 or email chantal@financialoperations.ca

EVENTS AUGUST August 3-6 Retail Solutions Providers Association RetailNOW 2014 Orlando, FL www.gorspa.org August 18-20 tppEXPO 2014 The Pre Paid Press Expo Las Vegas, NV www.prepaidpressexpo.com

SEPTEMBER September 14-16 IFO Canada 4th Annual Canadian Financial Operations Symposium Vancouver, BC www.financialops.org/ canada2014

September 29-Oct 2 Sibos Annual Conference 2014 Boston, MA www.sibos.com

OCTOBER October 19-22 Sourcemedia ATM, Debit & Prepaid Forum 2014 Phoenix, AZ www.sourcemedia.com

NOVEMBER November 2-5 Association of Financial Professionals AFP Annual Conference 2014 Washington, DC www.afpconference.org

November 4-6 Comexposium CARTES & Identification Exhibition 2014 Paris, FR www.cartes.com November 12-14 BAI BAI Retail Delivery Conference 2014 Chicago, IL www.BAI.org

JANUARY 2015 January 14-15 2015 NAPCP Canadian Commercial Card and Payment Conference Toronto, ON www.napcp.org/2015Canada

FEBRUARY February 3-5 2015 Payments Summit Smart Card Alliance Salt Lake City, UT www.smartcardalliance.org

DECEMBER December 7-9 Members Meeting Smart Card Alliance Coral Gables, FL www.smartcardalliance.org

Visit us online www.financialoperations.ca/events.html Financial Operations | SUMMER 2014 | www.financialoperations.ca

industry Update

Canadian businesses continue to be complacent about information security

place whatsoever. Further, only 12 per cent of those surveyed admit to having both a locked container and a professional shredding service. C-suite respondents share similar views to small business owners as it relates to information security. Only 42 per cent of c-suite executives admit to having a protocol in place for storing and disposing of confidential data that is strictly adhered to by all employees, and only half concede to having a locked container and a professional shredding service. The study also found that 10 per cent of c-suite respondents admit to throwing out sensitive documents without shredding them, a number which has risen significantly since last year. “Organizations need to do more to ensure the safety of their confidential physical documents and digital data. Prioritizing information security by implementing policies and protocols that address all types of confidential information will decrease business risk,” says Bruce Andrew, executive vicepresident at Shred-it. “When you factor in the cost of recouping Register now to reserve your seat at damages from a security breach, www.dmn.ca not to mention the Interactive eStatements: reputational damage Raising Your Customer Experience Game they can cause, it is increasingly necessary that business leaders educate themselves Learn how eStatements can enhance the customer experience, providing information and analytics in an and action on enhanced self-service environment that also drives best practices in adoption and reduces call centre and printing costs. information security.” SPEAKER: A must-attend if you want to increase customer loyalty, The security Peter O’Grady better promote, target and sell your services and help Director, Business Intelligence tracker also revealed Product Marketing, your organization save money. Information Builders that 63 per cent of small business owners Presented by EVENT DETAILS: have no cyber security Sept 10, 2014 • 8-10am policy in place for The National Club, destroying digital 303 Bay St, Toronto M5H 2R1 assets, and almost BRING YOUR TEAM. half of small business SIGN UP AS MANY AS 3 INDIVIDUALS AT NO CHARGE. owners surveyed have never disposed of hardware containing confidential For more information and to register visit our website: www.dmn.ca information. When Seating is limited.

usiness leaders are becoming increasingly complacent, says Shred-it’s ‘4th Annual Security Tracker’. While Canadians are more aware of information security risks than ever before, business leaders have taken little to no action to decrease risk of reputational damage or disruption to their business operations. The study indicates that organizations need to do more to ensure the safety of their confidential physical documents and digital data. Prioritizing information security by implementing policies and protocols that address all types of confidential information will decrease business risk. As well, small business owners are more aware today than they were in 2013 of the legal requirements concerning confidential data in their industry. Yet, for the second year in a row, only 46 per cent acknowledge having a protocol for storing and disposing of confidential data that is strictly adhered to by all employees, and 31 per cent admit to having no protocol in

FREE BREAKFAST BRIEFING

Financial Operations | SUMMER 2014 | www.financialoperations.ca

compared to the 33 per cent of c-suite executives who acknowledged having no cyber-security policy in place, it is clear there is plenty of room for improvement. Canadian organizations are not alone in their battle to protect information and safeguard against digital data breaches. The Privacy Commissioner and Industry Canada have implemented legislation to govern how the private sector collects, uses and discloses personal information. That said, when grading the government’s response to information security, only 55 per cent of c-suite executives give the Canadian government a passing mark, suggesting the other half of respondents would like to see improvements. “At Shred-it we assist businesses and federal government agencies in meeting compliance requirements brought forth by the Privacy Commissioner. We believe the government has done an excellent job focusing on the safety and security of individuals as part of its national security agenda,” says Andrew. “The secure destruction of confidential information is our top priority and we will continue to advocate for compliance education in Canada.” Shred-it offers the following suggestions to help business leaders protect confidential information and begin establishing a culture of security: • Demonstrate a top-down commitment from management to the total security of your business and customer information • Implement formal information security policies; train your employees to know the policies well and follow them strictly • Eliminate potential risk by introducing a “shred-all” policy; remove the decisionmaking process regarding what is and isn’t confidential • Conduct a periodic information security audit • Introduce special locked containers instead of traditional recycling bins for disposing of confidential documents • Don’t overlook hard drives on computers or photocopiers. Erasing hard drives does not mean data is destroyed. Physical hard drive destruction is proven to be the only 100 per cent secure way to destroy data from hard drives

Complex reports are hard. We make them easy. Compliance

| Risk | Management | Sustainability

Over 60% of Fortune 500 companies use Wdesk.

workiva.com | info@workiva.com | +1.888.275.3125