In Black & White

Freeing Finance & Budget Departments from Drudgery One Article at a Time

Frederick County, MD Unifies and Automates the Budget Book

Frederick County, MD Unifies and Automates the Budget Book

  • Rachel Raymond
  • Success Stories
  • minute(s)Frederick County Unifies All The Pieces Of The Budget Book Under A Comprehensive Solution Project: Budget Book Automation Organization: Frederick County, MD Population: 271,717 (2020 Census) Total Budgeted  Revenues: $905 million Solution: Questica Budget Book powered by CaseWare Budget Book: Adopted Operating & Capital Budgets Success Story: Frederick County The Challenge Frederick County's, Budget Department faced a challenge common to Public Sector organizations when preparing the Budget Book. They spent countless hours gathering and reconciling pieces of their Budget Book across multiple applications. They had pieces in Questica Budget, pieces in Excel, pieces in Word, and they presented it in Adobe. To ensure confidence in the data, every change or update would require a time-consuming review.   "Budget Book pieces were coming from every direction, that's what we had to solve" Tanya Kauffman, Budget Analyst III at Frederick County Government   The Solution Replace Microsoft & Adobe with CaseWare and integrate it with Questica Budget. CaseWare hosts the Budget Book template and pulls balances and narratives directly from Questica. Any changes applied to the budget are made in Questica and flow straight through to all applicable locations in the book, facilitating greater confidence in the data and reducing the requirement for constant review and reconciliation. In addition, CaseWare's document management functionality allowed contributions from all parties to be stored and managed in a single location.  The Project F.H. Black & Company Inc. assisted the team at Frederick County to implement the solution with the FHB method.   Discovery - What are the County's wants and needs. Scope - Defining the parameters of the project. Planning - Working backward from the project goal to define a timeline and assign tasks. Configuration  - Configure the selected solution to meet the County's needs. Training - Provide training to the County's budget team in the use of their new tools. Management - Weekly meetings and communication to ensure the project stays on track. Completion - Mutual agreement that the scope of the project has been completed. Ongoing Support - FHB continues to support and work with the County to improve and refine their processes.  The Result The County has unified its piecemeal budget book under a single comprehensive solution resulting in increased confidence in the data and an estimated 25% reduction in the time it takes to complete budget book preparation processes. We asked Tanya if she has anything to add about the project. Here's what she had to say...   For more on this project, read the full story. 
Frederick County unifies and automates the budget book with a comprehensive solution for outstanding results.
READ MORE
City of Garland Modernizes its Budget Processes

City of Garland Modernizes its Budget Processes

  • Rachel Raymond
  • Success Stories
  • minute(s)The Forward-Thinking City of Garland Overcomes 3 Budget Challenges With 1 Project   Project: Budget & Budget Book Preparation   Organization: City of Garland, Texas   Population: 239,928 (2019 Census)   Annual Budget: $1.1 billion (Operating + CIP)   Solution: CaseWare Operating & CIP Budget Books   Budget Book: Annual Operating Budget   CIP: Capital Improvement Program   Success Story: City of Garland   The Challenge The city of Garland's Budget Department faced a trio of challenges that shared the same root cause: antiquated software solutions, and the business processes required to make them work. The city relied on legacy budget software to prepare the budget and a combination of Word, Excel, and Adobe to prepare the Capital & Operating Budget Books. The processes were slow, disjointed, and error-prone. The Solution After extensive research, the city's Budget Director, Allyson Bell Steadman decided on Questica Budget to prepare the budget, CaseWare to prepare the budget book, and F.H. Black & Company Inc. to integrate the two and ensure the budget book solution was optimally implemented to maximize their benefits and guarantee project success. The Project The implementation process was managed and guided by consultants from FHB. It started with a planning meeting, introduction to FHB's online project management tool, allocation of deliverables, and scheduling of software training. Once trained in the use of their new tools, the FHB team built the Capital Improvement Program budget book template based on the City's specifications. Once complete, a similar process was carried out for the Operating Budget Book.  The Result By the end of the sixteen week implementation, the City was able to produce and publish both the proposed and adopted 2020-21 CIP & Operating Budget Books. The City now has a robust, documented, repeatable, and largely automated process for preparing their budget book. "The Budget & Research Department is in a much better position to produce and distribute budget documents. Our most recent success was having our 2021 Adopted CIP document finalized for publication on the City’s website and distribution to City Council two weeks after adoption". For more on this project, read the full success story here.
The City of Garland modernizes its Budget, Capital Improvement Program, and Annual Operating Budget Book preparation processes with a single project.
READ MORE
City of Greensboro Budget Book Automation Project

City of Greensboro Budget Book Automation Project

  • Jamie Black
  • Success Stories
  • minute(s)With a population of nearly 300,000 and growing, the City of Greensboro is the third-most populous in North Carolina. The City's 2020-21 adopted budget of $602 million spans 169 pages and was awarded the GFOA Distinguished Budget Presentation Award. Long-time Questica Budget users, the City is extremely happy with their processes for preparing the budget. The Budget Book however was another story. Like many finance departments, the City used Microsoft Excel, Word, and Publisher to prepare the book. The process was time-consuming, repetitive, resource-heavy, and disjointed; it was time to make a change. The team at Greensboro had heard about F.H. Black & Company Incorporated at a Questica conference and reached out for help to improve their budget book. Once the project was complete, we gave the City a little time to bask in their achievement before interviewing them about their journey. Here are the highlights of that interview with the City's Budget Database Specialist, Leah Price.   The Old Way "We used a combination of Microsoft Excel, Word, and Publisher, and it was very time consuming for all staff members. The Budget Analysts had to manually enter all of their departments’ numbers line by line twice: once for the Manager Recommended version and again for the Final Adopted version. The Budget Database Specialist also had to make sure all of the formatting was correct in Publisher, and finally work with our internal print shop to make sure every page had the perfect amount of space between the text and the hole punches. When we heard there was a software that we could use to import the numbers from Questica directly into the budget document, we jumped on it."   The Project "We sent our FHB consultants a copy of our former budget document and a copy of our budget data from Questica. The consultants built a template for us that was similar to the old format, and then worked closely with our staff to make sure that the budget data was going to the right places in the document. We have over 25 operating funds and many tricky aspects to our budget rules overall, so assigning the budget numbers and FTEs where they needed to go was the biggest struggle. However, it all came together in the end."   The Benefits "The process is more streamlined and controlled. It probably saves the analysts a couple of weeks’ worth of time because they no longer have to do any manual data entry." "The budget analysts are an important resource to our departments, and their new found availability during the budget development process allows them to help out more with current year concerns."   The Relationship "Our (FHB) consultants have always helped us meet our deadlines and make sure to work us into their schedule if we have last minute issues." "I have mainly worked with Joy, and I am so grateful to her for all of her help and expertise! I really appreciated that she wanted to make sure that I was learning how to do (almost) everything we needed her help with. It was my first year being responsible for the budget book and I had very little knowledge of CaseWare. I truly could not have done it without her." Considering a reporting automation project? Schedule a meeting with one of our experts to explore your options.
The City of Greensboro implemented an automated budget book solution that pulled data directly from their Questica Budget software resulting in a better book in less time.
READ MORE
Engaging residents to address the impact of COVID-19 on the Budget

Engaging residents to address the impact of COVID-19 on the Budget

  • Jamie Black
  • Budget Book
  • minute(s)Public sector organizations across North America are facing considerable budget pressures as a result of the COVID-19 pandemic. This may necessitate slashing funding to programs and/or increasing tax rates. That is likely to be very unpopular with your stakeholders (council, board, and/or residents). Working through these options will require careful planning, making trade-offs, and effectively communicating new realities to stakeholders to get their buy-in and earn/maintain their trust.  If you've read our Style & Substance blog articles before or attended our webinar series on best practices for communicating financial information, you know we have strong opinions on effective communication. In a time of massive budget challenges, your team's ability to communicate your message clearly and effectively is more important than ever. Over and above what we have laid out in our articles and presentations, what can your finance or budget department do to help stakeholders understand the complex issues you are facing?  Too Much or Too Little Detail Stakeholder engagement is nothing new. Publication of large budget documents, public meetings to discuss these documents, focus groups, and advisory committees have been utilized for decades to engage with residents to educate them and receive their feedback. These approaches are often challenged by the complexity of the topic and the time investment required to execute them. Who wants to read even a 200+ page budget book? If they do read it, the result may not be what you expect:   An implication for government transparency is that transparency initiatives that expect citizens to make sense of technical and abstract information, especially in large amounts, (such as the many line items and millions of dollars described in a typical public budget) probably face a much greater hurdle to increasing trust than their well-meaning originators thought. In fact, at worst, too much information could actually decrease trust. Transparency: A Means to Improving Citizen Trust in Government -  Government Finance Officers Association As an alternative, local governments can utilize surveys or online budget tools to broaden the public meeting's reach. A classic example of this approach is the "digital budget book."  These tend to be more approachable and, therefore, attractive to a typical stakeholder. This comes at the cost of the depth of detail and nuance necessary to truly educate the audience about the organization's constraints.  Further, the act of merely putting a budget book online does not tackle the underlying barrier presented by large volumes of complex technical information noted by the GFOA. What you need then is: the ability to reach as many stakeholders as possible, in a way that encourages their participation, focuses on educating them on the context, constraints, and challenges we face and solicits their feedback. Engage Stakeholders with Budget Simulations This is where simulations come in. As technology has evolved, simulations have proven themselves to be the best of both worlds: broad reach and accessibility to maximize participation combined with the right amount of detail and nuance. Participants are invited to investigate the budget initially at a highly summarized level. This has the advantage of minimizing initial complexity and enabling understanding of the budget's overall state (e.g., surplus, deficit). They can drill down into more and more detail to understand the composition of the budget. Finally and most importantly, stakeholders are asked to increase or decrease budgeted amounts by department, service area, or program based on their own priorities and preferences. You can present them with a series of options to choose between that will impact the budget. Participants attempt to craft the budget they would like to see but will regularly bump into problems. Want to triple the budget on policing? Sure! But that puts us into a major deficit. How will you fund this increase? Participants can add comments explaining their rationale. All this data is collected for the hosting finance/budget department to analyze and leverage in refining the budget. Not having learned it is not as good as having learned it; having learned it is not as good as having seen it carried out; having seen it is not as good as understanding it; understanding it is not as good as doing it. ..He who carries it out, knows it thoroughly. The Works of Hsüntze Bringing your stakeholders into the budget process with simulations will allow them to understand the challenges you are facing and provide the feedback necessary to ensure you are optimally meeting their expectations. 
COVID-19 has hit some public sector budgets hard! See why some organizations are choosing to educate and engage residents with budget simulations for stakeholder buy-in.
READ MORE
Career Opportunity: Technical Consultant

Career Opportunity: Technical Consultant

  • Elaine Kolenosky
  • Job Opening
  • minute(s)We need a TECHNICAL CONSULTANT to join our REMOTE TEAM We are looking for a motivated, creative, highly technically skilled individual with excellent time management skills. The successful candidate will be capable of working as a technical consultant with minimal supervision and must be excited about challenges and working remotely. About Us: For over 25 years, our firm has implemented, integrated, and optimized industry-leading tools and best practices to improve our clients' finance function. Our mission is to enable finance to do more with less, do it better than it was done before, and do it faster. Our clients are governments, universities, corporations, and public practice accounting firms across Canada and the United States. We are proud to be an Equal Opportunity Employer. About You: Do you: Thrive on challenges?  Like to work outside your comfort zone, doing difficult & interesting things? Often find yourself saying, "There has to be a better way of doing this"?  Need to be continuously learning and evolving?  Achieve great satisfaction in helping others and providing creative solutions to difficult problems?  Want to be led, not micro-managed?  Value flexibility? Flexibility to live anywhere in the world and the freedom to relocate whenever it suits you?  Loath commuting and being stuck in traffic, wasting your time?  If you answered yes to all the above, you are an excellent fit for our firm's culture and should read on.  Still here? Now, how about your technical attributes? You possess: 3 to 5 years of experience working in public practice accounting, or public sector or corporate finance, A minimum of 3 years of work experience with CaseWare Working Papers, 2+ years experience building custom CaseView documents, A proven ability to learn and master technology, The capacity to solve complex challenges within a defined framework and timeline, Outstanding verbal, written, and presentation skills. You are a regular, clear, concise, and professional communicator, The ability to effectively use the entire MS Office Suite including Outlook, Excel, Word & PowerPoint, A knack for building solid relationships; people want to work with you, Impeccable attention to detail and high standards for quality and creativity, Solid time management skills: we don’t believe in micro-managing our people, Sensitivity to confidential matters. The perfect candidate will also possess: Significant experience with: CaseWare’s Financial & Audit templates, CaseWare Connector, Workiva Wdesk & Wdata Experience programming with Jscript, Experience with HTML & CSS, Familiarity with other finance department tools such as PowerBi, Blackline, Gravity, etc, Bonus Points: Fluency in French – written and oral. Job Duties: As a technical consultant, you will work on a team to improve our clients’ financial reporting. Specifically, you will be responsible for implementation and support for industry-leading tools: Caseware Working Papers, Financials, Connector, Idea, Monitor, and certain add-ons. Development and delivery of standard and customized training. Diverse, ongoing technical consulting services. Benefits: Competitive salary Work remotely - from home or with a laptop and Wi-Fi from wherever you can take a VOIP call!  Generous Vacation Policy Comprehensive benefits package including medical, dental and vision care coverage  Fitness and professional development reimbursement Contact Us Please submit a cover letter stating salary range requirements and resume to: hr@fhblackinc.com
We are looking for a motivated, creative, highly technically skilled individual with excellent time management skills to join our growing team.
READ MORE
Career Opportunity: Principal Consultant

Career Opportunity: Principal Consultant

  • Jamie Black
  • Job Opening
  • minute(s)We need another world-class professional to join our team We are looking for a motivated, creative, highly technically-skilled individual with excellent time-management skills capable of working in a principal consultant role with minimal supervision who is excited about a challenge and wants to work remotely. About Us: For over 25 years, our firm has implemented, integrated, and optimized industry-leading tools and best practices to improve our clients' finance function. Our mission is to enable finance to do more with less, do it better than it was done before, and do it faster. Our clients are governments, universities, corporations, and public practice accounting firms across Canada and the United States. About You: Do you: Thrive on challenges? Dislike "the same-old-same-old"? Like to work outside your comfort zone, doing interesting and difficult things? Often find yourself saying, "There has to be a better way of doing this"? Need to be continuously learning and evolving?  Achieve great satisfaction in helping others and providing creative solutions to challenging problems? Want to be led, not micro-managed? Value flexibility? Flexibility to live anywhere in the world and the freedom to relocate whenever it suits you? Loath commuting and being stuck in traffic, wasting your time? If you answered yes to all the above, you are a great fit for our firm's culture and should read on.  Still here? Now, how about your technical attributes? You possess: A CPA designation, 3 to 5 years of experience working in public sector or corporate finance, A proven ability to learn and master technology, A minimum of 3 years of work experience with one or more of the following: CaseWare Working Papers, Financials & Connector Workiva Wdesk & Wdata IGM Gravity Project management experience,  The capacity to solve complex challenges, within a defined framework and timeline, Outstanding verbal, written and presentation skills. You are a regular, clear, concise and professional communicator, The ability to effectively use the entire MS Office Suite including Outlook, Excel, Word & PowerPoint, A knack for building solid relationships; people want to work with you, Impeccable attention to detail and high standards for quality and creativity, Solid time management skills, we don’t believe in micro-managing our people, Sensitivity to confidential matters. The perfect candidate will also possess: Significant experience with one or more of the following: CaseWare Idea, Blackline's Continuous Accounting platform, Balancing Act budget simulations platform, Questica Budget, Accreditation as a Project Management Professional (PMP)  Experience programming  Job Duties: As a principal consultant, you will work on a team to improve our client's finance and budget office business processes. Specifically, you will be responsible for: Implementation and support respecting industry-leading tools from CaseWare, Workiva, IGM, Blackline & BalancingAct. Development and delivery of standard and customized training Diverse, ongoing consulting services Benefits: Competitive salary Work remotely - from home or with a laptop & WiFi from wherever you can take a VOIP call! Comprehensive benefits package including medical, dental and vision care coverage Fitness and professional development reimbursement
To meet increased demand, we are adding another principal consultant to our team to help deliver massive improvements to finance & budget departments.
READ MORE
City of Iqaluit keeps calm and carries on

City of Iqaluit keeps calm and carries on

  • Jamie Black
  • Success Stories
  • minute(s)The City of Iqaluit is the capital of the Canadian Territory of Nunavut and is an ecological wonderland. Famed for an abundance of natural landscapes and wildlife, it attracts visitors from around the globe.  The Challenge Located on beautiful Baffin Island in the Canadian Arctic with a population of just 7,740 (2016 census), the City's finance department has experienced some difficulty attracting qualified staff due to a remote location, housing shortage, high cost of living, and limited infrastructure to facilitate travel. When the City required urgent Payroll support, CAO Amy Elgersma was certain that employing an experienced, qualified Payroll Administrator could not happen before the next payroll run. Elgersma needed a quick, temporary solution so the organization's 150 employees would continue to be paid on time. With time of the essence, the City turned to F.H. Black & Company Incorporated to fill the gap until a suitable replacement could be on-boarded. She knew of FHB from a presentation they provided at a recent conference, and the work they had done with the Government of Nunavut previously.  The Response After a few brief conversations, FHB assigned several members of their team to support the City: Michael Switzer, CPA, CA, was formerly the Town of Collingwood’s Deputy Treasurer with responsibilities including preparation of both the year-end financial statements and the annual Town budget as well as managing the town's receivables, payables, and payroll. Joy Richardson, CPA, was formerly the Chief Financial Officer of Thomasville, Georgia where her primary responsibilities included managing both the budget and year-end financial reporting processes as well as overseeing receivables, payables, payroll and all the other day to day activities of the finance department. Tina Steliga rounded out the team. Utilizing 16 years of experience managing the receivables, payables, and payroll processes for numerous clients of all sizes. Michael, Joy & Tina's decades of experience working in government finance made them an ideal addition to immediately and completely meet the City's needs. Within a week of the request,  consultants Michael & Joy were onsite working with the team to transfer responsibilities and document processes. They were followed shortly thereafter by Tina, who assisted in administering payroll onsite before commencing remote support. FHB’s response time was exceptional. Their CPA's had the knowledge, skills, and experience needed to learn, document, and process the payroll system efficiently. They also had excellent interpersonal skills and were able to understand processes quickly. Once FHB was on board and started working with us, we were confident that payroll would be completed by the deadline. Disaster Averted The first step in the project was developing complete process documentation. Extensive interviews with City staff allowed FHB to build extremely detailed process documentation. The decision was made to put the documentation into a project management software to allow for the ongoing assignment of tasks and monitoring of the process by both FHB management and the City. This ensured FHB would not miss any steps and resulted in the proper execution of payroll each and every time. As the City's search for a Payroll Administrator was underway, FHB continued to process the payroll remotely. From mid-October to the end of February. We were able to arrange to have the payroll done via distance, this saved us time and money. The entire process was documented using a project management software tool. Ultimately the City successfully recruited a Payroll Administrator to take on the role. FHB transitioned to provide assistance getting the new Payroll Administrator up to speed and support them through the first few payroll runs. I would absolutely recommend FHB to other finance departments. They were able to process payroll with very little notice and continued via distance. They had a strong knowledge of the payroll and finance systems and could adapt to our processes easily.
The City of Iqaluit required urgent support to keep its payroll on track. They turned to FHB's team of experienced CPAs for assistance.
READ MORE
Postponed effective dates of certain GASB Pronouncements

Postponed effective dates of certain GASB Pronouncements

  • Jamie Black
  • What's New
  • minute(s)The Governmental Accounting Standards Board (GASB) is taking steps to reduce the stress on government finance departments imposed by the COVID-19 pandemic. On April 15th, the Organization proposed to postpone the effective dates of some Pronouncements by one year. The Exposure Draft has a comment deadline of April 30th and is slated for a final statement of issuance on May 8th. The proposal will affect the following Pronouncements: Statement No. 83, Certain Asset Retirement Obligations Statement No. 84, Fiduciary Activities Statement No. 87, Leases Statement No. 88, Certain Disclosures Related to Debt, including Direct Borrowings and Direct Placements Statement No. 89, Accounting for Interest Cost Incurred before the End of a Construction Period Statement No. 90, Majority Equity Interests Statement No. 91, Conduit Debt Obligations Statement No. 92, Omnibus 2020, paragraphs 6–10 and 12 Statement No. 93, Replacement of Interbank Offered Rates, paragraphs 13 and 14 Implementation Guide No. 2017-3, Accounting and Financial Reporting for Postemployment Benefits Other Than Pensions (and Certain Issues Related to OPEB Plan Reporting), Questions 4.85, 4.103, 4.108, 4.109, 4.225, 4.239, 4.244, 4.245, 4.484, 4.491, and 5.1–5.4 Implementation Guide No. 2018-1, Implementation Guidance Update—2018 Implementation Guide No. 2019-1, Implementation Guidance Update—2019 Implementation Guide No. 2019-2, Fiduciary Activities Implementation Guide No. 2019-3, Leases. GASB has also posted several resources for Stakeholders to a dedicated GASB Response to COVID-19 web page, including a GASB Emergency Toolbox.  Subscribe to our blog for the latest developments impacting government finance departments.
Some good news! The Government Accounting Standards Board (GASB) is working to relieve some of the additional workload imposed by the COVID-19 pandemic.
READ MORE
How to avoid phishing scams while working from home

How to avoid phishing scams while working from home

  • Waldo Nell
  • Tech for Execs
  • minute(s)Working from home, especially for the first time, may seem a bit like leaving home as a young adult. You enter a brave new world, free of the protections your parents' home provided to discover yourself. In this case, the office is the secure home you are leaving, at least from an IT security perspective. One of the security issues to consider when working remotely is phishing. This article defines the problem, provides a real-world example and eight steps to avoid phishing attempts. Phishing The definition of a phishing attack: A fraudulent attempt by an adversary posing as a legitimate entity to steal sensitive information from someone. The problem Chances are you have seen emails from someone familiar asking you to click on a link or download an attached file.  With some review, you realized the person who sent it is not the person they claimed to be. The idea behind this attack is to gain your trust by posing as someone you know.  The basic process is shown below: The adversary's phishing email causes the user to connect to the malicious site (red connection) controlled by the adversary, instead of the legitimate web site (green connection). This allows the adversary to intercept the login credentials of the user. Below is a real-world scenario that we will be analyzing.  All the suspicious elements visible to a non-technical user have been highlighted in green.  It purports to be from our phone system, informing me that I have a new voicemail. We analyze it below. The email has a file attached. Carefully reviewing that attachment shows it to be an HTML file. If this were a real voicemail attachment, it would be a WAV or Mp3 file.  Another approach, not used in this message, includes a link the user is asked to click to perform some action.  This link might look like the one below: If the user hovers their mouse cursor over the link "Release Message", the actual URL that would be opened is displayed (as highlighted above). Often it is clear that this URL points to a domain  that is not related to the sender of the email.  The FROM address is not from any known domain and does not match the name of the sender. The subject is suspicious. What does a "protected recording" mean? Misuse of the Importance flag. Identifying an email as High Importance is a common tactic among phishing attacks. Font substitution is also a common technique used to try and bypass spam filters.  It works by randomizing some letters to look like valid English letters. Since the Greek ε is not the same as the Latin e, it could fool anti-spam algorithms. What happens if the user doesn't notice any of the above warning signs? In this example, the following occurs: If the user double clicks on the attachment named _NewAudioMessageFile_000.htm. their browser loads the contents of that HTML file locally.  A page is loaded that redirects to a new website (owned by Mary Jean Suarez in the Philippines)  that looks like this: Note this is not a Microsoft URL but was made to looks like a Microsoft page to appear even more legitimate. If the user stops here, the adversary knows the email address that received the email is active and that the link was clicked. No compromise of any account has occurred yet. If the user enters their password (correct or incorrect) and clicks Sign In, the password, together with the email address, is sent to the adversary's server (called credential harvesting).  The following  page is displayed: As the adversary does not know if the supplied password is valid or not, the best they can do is to forward the user to the real portal.  The page then redirects to this legitimate Microsoft web page: Most users would not think twice about having to log in again, assuming perhaps they mistyped something. This time, the user is logging in to the real Microsoft web site. The scam is completed. If the user entered their correct password in step 4 above, their account has been compromised, and the adversary now has full access to the account.  You should immediately change your password and monitor your account for suspicious activity. The mitigation Phishing attacks are nothing new.  But they have increased 350% during the pandemic and are now more dangerous than ever because: Your computer is no longer offered all the protections of the office network, You have no direct access to IT to question suspicious emails/activities, If you are using your home computer, it is likely un-patched, making it easier for phishing attempts to work successfully, Because we are working in unprecedented times and are likely working remotely, requests that would have stood out as unusual two months ago might slip by unnoticed today.  What can you do to protect yourselves? Below are eight recommended steps to take to increase your protection: Realize that it is inevitable that you will receive many phishing attempts, and you have a responsibility to be vigilant. Know how to spot a phishing attempt. This can be very complex and technical; however, there are several markers you can watch out for to identify most phishing attempts: Email FROM addresses can be easily faked. Just like in our example above, phishing attempts will get the name in the FROM field of an email to reflect someone you know but not the email address. This is not universally true, but it is a good first warning sign. If the email asks you to click on a link, pause for 10 seconds, and carefully consider whether the email was expected. If not, contact your IT department to verify the validity before clicking any links. An additional safety measure you can take is to hover your mouse over the link in the email.  Make sure the domain in the link (i.e. the site it is pointing to) seems familiar.   If the email asks you to perform any sensitive operations like releasing payment etc., it is best to call the sender via a known number and verify the request. Disable automatic loading of images. Most email applications allow you to turn off automatic loading of images in emails. This is recommended as many phishing attempts work by including a link to an image that lets the attacker know your email is legitimate. Another useful trick is not to click the link given in the email, but rather open a new browser window and go to the site in question yourself.  For instance, if you get an email about a Microsoft Office 365 account needing updated payment details, don't click the link in the email. Instead, open a new browser window and type in https://portal.office.com and go to the billing section yourself.  This will thwart the phishing attempt.  Sometimes this is not possible, such as when the email contains a link to a file you need to view. Enable Two Factor Authentication (2FA) on all critical systems. If this was enabled in our example above, the adversary would only have your password but would be unable to log in.   Be sure your computer is set to download and apply patches automatically.  Applications are often adding features to detect and warn users about suspect emails automatically. Finally, never allow someone to connect remotely to your computer unless you know them. While there is no single thing you can do to prevent a phishing attempt from succeeding, these basic guidelines can greatly mitigate the risk of falling prey to a phishing attempt.
Working remotely exposes us to increased security risks and the pandemic has seen a 350% increase in phishing attempts. These eight steps can protect you.
READ MORE
The remote finance team - why, how and how better

The remote finance team - why, how and how better

  • Jamie Black
  • Tech for Execs
  • minute(s)Over the past decade, remote work has emerged as an increasingly attractive option for employers and employees. With the COVID-19 pandemic, remote work has become an immediate, unplanned necessity that finance departments the world over are scrambling to enable. This sudden, forced change does beg some questions: Why did it take this crisis to get finance to adopt remote work?  How can finance utilize tools and techniques already at the organization's disposal to enable working remotely? How can finance bolster remote work environments and use this as an opportunity to make their business processes more efficient, effective, and reliable? In this blog series, we'll explore these questions in depth. We start with understanding the barriers to remote work as addressing them head-on will be essential if we are to make the most of our remote work environments in the weeks and months ahead. Public sector finance, in particular, has been slow to provide staff with remote work options. Sure they can take their laptop home occasionally, but they are not encouraging working outside of the office. This reluctance is despite organizations often having access to advanced applications that facilitate remote work. So why the hesitation? 1) Workload First and foremost, I suspect that the initial reaction to any discussion of setting up finance to take advantage of remote work is, "We have too much to do right now to even think about a luxury like remote work." When you are dashing day in and out to get ready for the audit, get the budget approved, and 900 other things in between, it can seem like an easy decision to defer. The current crisis has forced remote enablement to the top of the priority list. To a large degree, this barrier has been toppled out of pure necessity.  2) The Bias of Senior Management Often the heads of finance are the most experienced team members, with decades of experience. In short, these highly qualified, skilled, and experienced individuals often predate the remote work movement. For much of their career, the technological advancements required to facilitate efficient remote work were not available. If these senior managers were early adopters, experimenting with remote work environments before the technology was truly ready, they would have been left skeptical. Finally, those with decades of success in traditional office environments may not have seen a need for change, 'if it's not broken, why fix it?'. Once again, current events have interceded to illustrate the need clearly . 3) Paper Dependence Many organizations drive all their business processes via paper. Every form must be physically signed, routed, approved, and then filed. Processing payroll involves physical time cards, reconciling bank accounts, and physical statements. So paper-dependent are these environments that remote work does not seem like an option. Paper dependence is still a significant hurdle to effective and efficient remote work and one that needs to be tackled head-on. If there is a ray of light to the scramble into remote work, it is that we anticipate it will provide an opportunity (if you elect to seize it) to improve business processes to the ultimate and considerable long-term benefit of the organization. We will provide suggestions for this in our subsequent articles. 4) Security  Working remotely definitely adds additional security concerns that have to be addressed. The workstations/laptops that are fully managed and locked down at the office are now connected to users’ home networks that are insecure and have not seen any security best practices applied. This naturally makes IT very nervous. For those organizations that rarely if ever work remotely, chances are that no VPN has been configured thereby further complicating remote work. All these issues are real, however they are not insurmountable hurdles. Assuming your organization’s IT department is currently following security best practices, working remotely can be done securely if a couple of additional measures are taken. If you are uncertain about your readiness for remote work, here is a list of 10 items (plus one bonus!) to begin your conversations with IT: Ensure a secure VPN is configured both on the network edge as well as remote user’s laptops, and that they are trained on how to use it. We wrote an article for finance officers who need to learn more about the basics of VPNs.  Ensure strong passwords are used, and ensure passwords are set to never expire. We wrote an article for finance officers who need to learn more about the basics of passwords too!  Make sure RDP (Remote Desktop Protocol) is not passed through on the edge network – either use VPN or make use of remote desktop gateway. Ensure all computers are set to automatically download and install software patches daily. Perform full disk encryption on all computers (using BitLocker). Enable the built-in Windows Firewall on all computers (or deploy the IT recommended firewall) and ensure proper rules are configured.  Make sure only office traffic flows through the VPN and all other traffic flows through the end user’s network (split DNS configuration on the VPN). We discuss this in some depth in the article for finance officers who need to learn more about the basics of VPNs.  Ensure all work sites accessed by users are using HTTPS. Enable anti virus on all computers and make sure they are set to auto-update. Ensure VPN connections only have access to subnets required for the user to perform their functions. Make sure important documents are either stored on the office network, or on a cloud storage provided by the organization as computers are certainly not being backed-up when remote. 5) Productivity Concerns If your organization does not support remote work typically, a significant concern may be, "How do I know if my team is working?" In recent weeks we have even seen articles of managers deploying spyware to monitor staff while they work remotely. In our nearly decade of working in a 100% remote work environment, this has never been a problem. Our experience is the opposite, and the major benefits easily justify the investment. The flexibility for our team to work remotely means that we're never late and have increased capacity to work through minor illness or meet constrained deadlines. We will continue to share best practices on how to proactively encourage good habits and monitor productivity as we progress in our subsequent articles.  What's Next? Having explored the common barriers to remote work in public sector finance, our next article will discuss the second question, how to utilize tools you have today to enable remote work. We'll examine the tools already available to many public sector finance departments and analyze how they can be used to implement a secure and functional remote work environment. 
The first article in a series on remote work, this blog explores the reasons why public sector finance has not adopted remote work historically.
READ MORE