In Black & White

Freeing Finance & Budget Departments from Drudgery One Article at a Time

Career Opportunity: Technical Consultant

Career Opportunity: Technical Consultant

  • Elaine Kolenosky
  • Job Opening
  • minute(s)We need a TECHNICAL CONSULTANT to join our REMOTE TEAM We are looking for a motivated, creative, highly technically skilled individual with excellent time management skills. The successful candidate will be capable of working as a technical consultant with minimal supervision and must be excited about challenges and working remotely. About Us: For over 25 years, our firm has implemented, integrated, and optimized industry-leading tools and best practices to improve our clients' finance function. Our mission is to enable finance to do more with less, do it better than it was done before, and do it faster. Our clients are governments, universities, corporations, and public practice accounting firms across Canada and the United States. We are proud to be an Equal Opportunity Employer. About You: Do you: Thrive on challenges?  Like to work outside your comfort zone, doing difficult & interesting things? Often find yourself saying, "There has to be a better way of doing this"?  Need to be continuously learning and evolving?  Achieve great satisfaction in helping others and providing creative solutions to difficult problems?  Want to be led, not micro-managed?  Value flexibility? Flexibility to live anywhere in the world and the freedom to relocate whenever it suits you?  Loath commuting and being stuck in traffic, wasting your time?  If you answered yes to all the above, you are an excellent fit for our firm's culture and should read on.  Still here? Now, how about your technical attributes? You possess: 3 to 5 years of experience working in public practice accounting, or public sector or corporate finance, A minimum of 3 years of work experience with CaseWare Working Papers, 2+ years experience building custom CaseView documents, A proven ability to learn and master technology, The capacity to solve complex challenges within a defined framework and timeline, Outstanding verbal, written, and presentation skills. You are a regular, clear, concise, and professional communicator, The ability to effectively use the entire MS Office Suite including Outlook, Excel, Word & PowerPoint, A knack for building solid relationships; people want to work with you, Impeccable attention to detail and high standards for quality and creativity, Solid time management skills: we don’t believe in micro-managing our people, Sensitivity to confidential matters. The perfect candidate will also possess: Significant experience with: CaseWare’s Financial & Audit templates, CaseWare Connector, Workiva Wdesk & Wdata Experience programming with Jscript, Experience with HTML & CSS, Familiarity with other finance department tools such as PowerBi, Blackline, Gravity, etc, Bonus Points: Fluency in French – written and oral. Job Duties: As a technical consultant, you will work on a team to improve our clients’ financial reporting. Specifically, you will be responsible for implementation and support for industry-leading tools: Caseware Working Papers, Financials, Connector, Idea, Monitor, and certain add-ons. Development and delivery of standard and customized training. Diverse, ongoing technical consulting services. Benefits: Competitive salary Work remotely - from home or with a laptop and Wi-Fi from wherever you can take a VOIP call!  Generous Vacation Policy Comprehensive benefits package including medical, dental and vision care coverage  Fitness and professional development reimbursement Contact Us Please submit a cover letter stating salary range requirements and resume to: hr@fhblackinc.com
We are looking for a motivated, creative, highly technically skilled individual with excellent time management skills to join our growing team.
READ MORE
Career Opportunity: Senior Project Manager

Career Opportunity: Senior Project Manager

  • Elaine Kolenosky
  • Job Opening
  • minute(s)We need another world-class professional to join our team As we continue to grow, adding more clients, projects, and team members, superior project management is essential to maintaining our high standards. We are looking for a motivated, creative, highly technical skilled Senior Project Manager capable of working with minimal supervision who is excited about a challenge, and wants to work remotely. About Us: For over 25 years, we have helped finance & budget departments across North America improve and automate their most time consuming, monotonous, and dreaded business processes. We implement, integrate, and optimize industry-leading tools to improve our clients' finance function. Our mission is to enable finance to do more with less, do it better than it was done before, and do it faster. Our clients are governments, universities, corporations, and public practice accounting firms across Canada and the United States. About You: Do you: Thrive on challenges?  Dislike  "the same-old, same-old"?  Like to work outside your comfort zone, doing difficult & interesting things? Often find yourself saying, "There has to be a better way of doing this"?  Need to be continuously learning and evolving?  Achieve great satisfaction in helping others and providing creative solutions to difficult problems?  Want to be led, not micro-managed?  Value flexibility? Flexibility to live anywhere in the world and the freedom to relocate whenever it suits you?  Loath commuting and being stuck in traffic, wasting your time?  If you answered yes to all the above, you are an excellent fit for our firm's culture and should read on.  Still here? Now, how about your technical attributes? You possess: Accreditation as a Project Management Professional (PMP), Working knowledge of Asana or other project management software, A proven ability to manage people in a team environment and meet deadlines, The capacity to solve complex challenges, within a defined framework and timeline, Outstanding verbal, written and presentation skills. You are a regular, clear, concise and professional communicator, The ability to effectively use the entire MS Office Suite including Outlook, Excel, Word & PowerPoint, A knack for building solid relationships; people want to work with you, Impeccable attention to detail and high standards for quality and creativity, Solid time management skills, we don’t believe in micro-managing our people, Sensitivity to confidential matters. The perfect candidate will also possess: 3 to 5 years of experience managing projects in or with the public sector and/or corporate finance, Experience working in or with an accounting/finance department Duties & Responsibilities: As a project manager, you will work with our clients and team of professionals to ensure projects are completed to a high standard, on time, and within budget. You will: direct all project management phases, set and manage project expectations with external and internal stakeholders, coordinate and track various projects through an entire project life-cycle, develop a detailed project management plan to track the progress of each project, create and continuously update project documentation, mentor, motivate, and supervise project team members, be responsible for managing numerous projects simultaneously, report and escalate issues to management when necessary. Benefits: Competitive salary Work remotely - from home or with a laptop and Wi-Fi from wherever you can take a VOIP call!  Comprehensive benefits package including medical, dental and vision care coverage  Fitness and professional development reimbursement Contact Us: Please send your resume with cover letter to: careers@fhblackinc.com 
We are looking for an experienced, creative, and technically skilled Senior Project Manager to join our growing team.
READ MORE
Career Opportunity: Principal Consultant

Career Opportunity: Principal Consultant

  • Jamie Black
  • About FHB
  • minute(s)We need another world-class professional to join our team We are looking for a motivated, creative, highly technically-skilled individual with excellent time-management skills capable of working in a principal consultant role with minimal supervision who is excited about a challenge and wants to work remotely. About Us: For over 25 years, our firm has implemented, integrated, and optimized industry-leading tools and best practices to improve our clients' finance function. Our mission is to enable finance to do more with less, do it better than it was done before, and do it faster. Our clients are governments, universities, corporations, and public practice accounting firms across Canada and the United States. About You: Do you: Thrive on challenges? Dislike "the same-old-same-old"? Like to work outside your comfort zone, doing interesting and difficult things? Often find yourself saying, "There has to be a better way of doing this"? Need to be continuously learning and evolving?  Achieve great satisfaction in helping others and providing creative solutions to challenging problems? Want to be led, not micro-managed? Value flexibility? Flexibility to live anywhere in the world and the freedom to relocate whenever it suits you? Loath commuting and being stuck in traffic, wasting your time? If you answered yes to all the above, you are a great fit for our firm's culture and should read on.  Still here? Now, how about your technical attributes? You possess: A CPA designation, 3 to 5 years of experience working in public sector or corporate finance, A proven ability to learn and master technology, A minimum of 3 years of work experience with one or more of the following: CaseWare Working Papers, Financials & Connector Workiva Wdesk & Wdata IGM Gravity Project management experience,  The capacity to solve complex challenges, within a defined framework and timeline, Outstanding verbal, written and presentation skills. You are a regular, clear, concise and professional communicator, The ability to effectively use the entire MS Office Suite including Outlook, Excel, Word & PowerPoint, A knack for building solid relationships; people want to work with you, Impeccable attention to detail and high standards for quality and creativity, Solid time management skills, we don’t believe in micro-managing our people, Sensitivity to confidential matters. The perfect candidate will also possess: Significant experience with one or more of the following: CaseWare Idea, Blackline's Continuous Accounting platform, Balancing Act budget simulations platform, Questica Budget, Accreditation as a Project Management Professional (PMP)  Experience programming  Job Duties: As a principal consultant, you will work on a team to improve our client's finance and budget office business processes. Specifically, you will be responsible for: Implementation and support respecting industry-leading tools from CaseWare, Workiva, IGM, Blackline & BalancingAct. Development and delivery of standard and customized training Diverse, ongoing consulting services Benefits: Competitive salary Work remotely - from home or with a laptop & WiFi from wherever you can take a VOIP call! Comprehensive benefits package including medical, dental and vision care coverage Fitness and professional development reimbursement
To meet increased demand, we are adding another principal consultant to our team to help deliver massive improvements to finance & budget departments.
READ MORE
Career Opportunity: Account Executive

Career Opportunity: Account Executive

  • Jamie Black
  • Job Opening
  • minute(s)We need another world-class professional to join our team We are looking for an experienced, motivated, and technically skilled Account Executive with excellent time-management who is capable of working with minimal supervision and wants to work remotely. About Us: For over 25 years, our firm has implemented, integrated, and optimized industry-leading tools and best practices to improve our clients' finance function. Our mission is to enable finance to do more with less, do it better than it was done before, and do it faster. Our clients are governments, universities, corporations, and public practice accounting firms across Canada and the United States. About You: Do you: Thrive on challenges?  Dislike  "the same-old same-old"?  Like to work outside your comfort zone, doing difficult & interesting things? Often find yourself saying, "There has to be a better way of doing this"?  Need to be continuously learning and evolving?  Achieve great satisfaction in helping others and providing creative solutions to difficult problems?  Want to be led, not micro-managed?  Value flexibility? Flexibility to live anywhere in the world and the freedom to relocate whenever it suits you?  Loath commuting and being stuck in traffic, wasting your time?  If you answered yes to all the above, you are an excellent fit for our firm's culture and should read on.  Still here? Now, how about your technical attributes? You possess: A minimum of 2-5 years experience working in strategic sales A bachelor's degree in a related field A track record of excellence and career growth Experience preparing RFP's The ability to solve complex challenges, within a defined framework and timeline  Outstanding verbal, written and presentation skills. You are a regular, clear, concise and professional communicator  Strong IT skills A knack for building solid relationships; people want to work with you  Impeccable attention to detail and high standards for quality control Solid time management skills, we don’t believe in micromanaging our people Sensitivity to confidential matters The perfect candidate will also possess: Experience selling software solutions Experience in the finance industry Experience working in, or selling to, the Public Sector in either Canada or the United States Duties & Responsibilities: Prospect and close new clients Review and cross-sell existing clients Manage the sales cycle and pipeline Build strong relationships with our existing and prospective clients Develop a well-rounded understanding of our organization, services, partners and target industries Work closely with our team to improve services, communications and customer interactions Attend conferences and other industrial events Provide live product demonstrations    Benefits: Competitive salary Work remotely - from home or with a laptop and Wi-Fi from wherever you can take a VOIP call!  Comprehensive benefits package including medical, dental and vision care coverage  Fitness and professional development reimbursement Contact Us: Please send your resume with cover letter to: careers@fhblackinc.com 
We are looking for an experienced, motivated, and technically skilled Account Executive with excellent time management who wants to work remotely.
READ MORE
City of Iqaluit keeps calm and carries on

City of Iqaluit keeps calm and carries on

  • Jamie Black
  • Success Stories
  • minute(s)The City of Iqaluit is the capital of the Canadian Territory of Nunavut and is an ecological wonderland. Famed for an abundance of natural landscapes and wildlife, it attracts visitors from around the globe.  The Challenge Located on beautiful Baffin Island in the Canadian Arctic with a population of just 7,740 (2016 census), the City's finance department has experienced some difficulty attracting qualified staff due to a remote location, housing shortage, high cost of living, and limited infrastructure to facilitate travel. When the City required urgent Payroll support, CAO Amy Elgersma was certain that employing an experienced, qualified Payroll Administrator could not happen before the next payroll run. Elgersma needed a quick, temporary solution so the organization's 150 employees would continue to be paid on time. With time of the essence, the City turned to F.H. Black & Company Incorporated to fill the gap until a suitable replacement could be on-boarded. She knew of FHB from a presentation they provided at a recent conference, and the work they had done with the Government of Nunavut previously.  The Response After a few brief conversations, FHB assigned several members of their team to support the City: Michael Switzer, CPA, CA, was formerly the Town of Collingwood’s Deputy Treasurer with responsibilities including preparation of both the year-end financial statements and the annual Town budget as well as managing the town's receivables, payables, and payroll. Joy Richardson, CPA, was formerly the Chief Financial Officer of Thomasville, Georgia where her primary responsibilities included managing both the budget and year-end financial reporting processes as well as overseeing receivables, payables, payroll and all the other day to day activities of the finance department. Tina Steliga rounded out the team. Utilizing 16 years of experience managing the receivables, payables, and payroll processes for numerous clients of all sizes. Michael, Joy & Tina's decades of experience working in government finance made them an ideal addition to immediately and completely meet the City's needs. Within a week of the request,  consultants Michael & Joy were onsite working with the team to transfer responsibilities and document processes. They were followed shortly thereafter by Tina, who assisted in administering payroll onsite before commencing remote support. FHB’s response time was exceptional. Their CPA's had the knowledge, skills, and experience needed to learn, document, and process the payroll system efficiently. They also had excellent interpersonal skills and were able to understand processes quickly. Once FHB was on board and started working with us, we were confident that payroll would be completed by the deadline. Disaster Averted The first step in the project was developing complete process documentation. Extensive interviews with City staff allowed FHB to build extremely detailed process documentation. The decision was made to put the documentation into a project management software to allow for the ongoing assignment of tasks and monitoring of the process by both FHB management and the City. This ensured FHB would not miss any steps and resulted in the proper execution of payroll each and every time. As the City's search for a Payroll Administrator was underway, FHB continued to process the payroll remotely. From mid-October to the end of February. We were able to arrange to have the payroll done via distance, this saved us time and money. The entire process was documented using a project management software tool. Ultimately the City successfully recruited a Payroll Administrator to take on the role. FHB transitioned to provide assistance getting the new Payroll Administrator up to speed and support them through the first few payroll runs. I would absolutely recommend FHB to other finance departments. They were able to process payroll with very little notice and continued via distance. They had a strong knowledge of the payroll and finance systems and could adapt to our processes easily.
The City of Iqaluit required urgent support to keep its payroll on track. They turned to FHB's team of experienced CPAs for assistance.
READ MORE
Postponed effective dates of certain GASB Pronouncements

Postponed effective dates of certain GASB Pronouncements

  • Jamie Black
  • What's New
  • minute(s)The Governmental Accounting Standards Board (GASB) is taking steps to reduce the stress on government finance departments imposed by the COVID-19 pandemic. On April 15th, the Organization proposed to postpone the effective dates of some Pronouncements by one year. The Exposure Draft has a comment deadline of April 30th and is slated for a final statement of issuance on May 8th. The proposal will affect the following Pronouncements: Statement No. 83, Certain Asset Retirement Obligations Statement No. 84, Fiduciary Activities Statement No. 87, Leases Statement No. 88, Certain Disclosures Related to Debt, including Direct Borrowings and Direct Placements Statement No. 89, Accounting for Interest Cost Incurred before the End of a Construction Period Statement No. 90, Majority Equity Interests Statement No. 91, Conduit Debt Obligations Statement No. 92, Omnibus 2020, paragraphs 6–10 and 12 Statement No. 93, Replacement of Interbank Offered Rates, paragraphs 13 and 14 Implementation Guide No. 2017-3, Accounting and Financial Reporting for Postemployment Benefits Other Than Pensions (and Certain Issues Related to OPEB Plan Reporting), Questions 4.85, 4.103, 4.108, 4.109, 4.225, 4.239, 4.244, 4.245, 4.484, 4.491, and 5.1–5.4 Implementation Guide No. 2018-1, Implementation Guidance Update—2018 Implementation Guide No. 2019-1, Implementation Guidance Update—2019 Implementation Guide No. 2019-2, Fiduciary Activities Implementation Guide No. 2019-3, Leases. GASB has also posted several resources for Stakeholders to a dedicated GASB Response to COVID-19 web page, including a GASB Emergency Toolbox.  Subscribe to our blog for the latest developments impacting government finance departments.
Some good news! The Government Accounting Standards Board (GASB) is working to relieve some of the additional workload imposed by the COVID-19 pandemic.
READ MORE
How to avoid phishing scams while working from home

How to avoid phishing scams while working from home

  • Waldo Nell
  • Tech for Execs
  • minute(s)Working from home, especially for the first time, may seem a bit like leaving home as a young adult. You enter a brave new world, free of the protections your parents' home provided to discover yourself. In this case, the office is the secure home you are leaving, at least from an IT security perspective. One of the security issues to consider when working remotely is phishing. This article defines the problem, provides a real-world example and eight steps to avoid phishing attempts. Phishing The definition of a phishing attack: A fraudulent attempt by an adversary posing as a legitimate entity to steal sensitive information from someone. The problem Chances are you have seen emails from someone familiar asking you to click on a link or download an attached file.  With some review, you realized the person who sent it is not the person they claimed to be. The idea behind this attack is to gain your trust by posing as someone you know.  The basic process is shown below: The adversary's phishing email causes the user to connect to the malicious site (red connection) controlled by the adversary, instead of the legitimate web site (green connection). This allows the adversary to intercept the login credentials of the user. Below is a real-world scenario that we will be analyzing.  All the suspicious elements visible to a non-technical user have been highlighted in green.  It purports to be from our phone system, informing me that I have a new voicemail. We analyze it below. The email has a file attached. Carefully reviewing that attachment shows it to be an HTML file. If this were a real voicemail attachment, it would be a WAV or Mp3 file.  Another approach, not used in this message, includes a link the user is asked to click to perform some action.  This link might look like the one below: If the user hovers their mouse cursor over the link "Release Message", the actual URL that would be opened is displayed (as highlighted above). Often it is clear that this URL points to a domain  that is not related to the sender of the email.  The FROM address is not from any known domain and does not match the name of the sender. The subject is suspicious. What does a "protected recording" mean? Misuse of the Importance flag. Identifying an email as High Importance is a common tactic among phishing attacks. Font substitution is also a common technique used to try and bypass spam filters.  It works by randomizing some letters to look like valid English letters. Since the Greek ε is not the same as the Latin e, it could fool anti-spam algorithms. What happens if the user doesn't notice any of the above warning signs? In this example, the following occurs: If the user double clicks on the attachment named _NewAudioMessageFile_000.htm. their browser loads the contents of that HTML file locally.  A page is loaded that redirects to a new website (owned by Mary Jean Suarez in the Philippines)  that looks like this: Note this is not a Microsoft URL but was made to looks like a Microsoft page to appear even more legitimate. If the user stops here, the adversary knows the email address that received the email is active and that the link was clicked. No compromise of any account has occurred yet. If the user enters their password (correct or incorrect) and clicks Sign In, the password, together with the email address, is sent to the adversary's server (called credential harvesting).  The following  page is displayed: As the adversary does not know if the supplied password is valid or not, the best they can do is to forward the user to the real portal.  The page then redirects to this legitimate Microsoft web page: Most users would not think twice about having to log in again, assuming perhaps they mistyped something. This time, the user is logging in to the real Microsoft web site. The scam is completed. If the user entered their correct password in step 4 above, their account has been compromised, and the adversary now has full access to the account.  You should immediately change your password and monitor your account for suspicious activity. The mitigation Phishing attacks are nothing new.  But they have increased 350% during the pandemic and are now more dangerous than ever because: Your computer is no longer offered all the protections of the office network, You have no direct access to IT to question suspicious emails/activities, If you are using your home computer, it is likely un-patched, making it easier for phishing attempts to work successfully, Because we are working in unprecedented times and are likely working remotely, requests that would have stood out as unusual two months ago might slip by unnoticed today.  What can you do to protect yourselves? Below are eight recommended steps to take to increase your protection: Realize that it is inevitable that you will receive many phishing attempts, and you have a responsibility to be vigilant. Know how to spot a phishing attempt. This can be very complex and technical; however, there are several markers you can watch out for to identify most phishing attempts: Email FROM addresses can be easily faked. Just like in our example above, phishing attempts will get the name in the FROM field of an email to reflect someone you know but not the email address. This is not universally true, but it is a good first warning sign. If the email asks you to click on a link, pause for 10 seconds, and carefully consider whether the email was expected. If not, contact your IT department to verify the validity before clicking any links. An additional safety measure you can take is to hover your mouse over the link in the email.  Make sure the domain in the link (i.e. the site it is pointing to) seems familiar.   If the email asks you to perform any sensitive operations like releasing payment etc., it is best to call the sender via a known number and verify the request. Disable automatic loading of images. Most email applications allow you to turn off automatic loading of images in emails. This is recommended as many phishing attempts work by including a link to an image that lets the attacker know your email is legitimate. Another useful trick is not to click the link given in the email, but rather open a new browser window and go to the site in question yourself.  For instance, if you get an email about a Microsoft Office 365 account needing updated payment details, don't click the link in the email. Instead, open a new browser window and type in https://portal.office.com and go to the billing section yourself.  This will thwart the phishing attempt.  Sometimes this is not possible, such as when the email contains a link to a file you need to view. Enable Two Factor Authentication (2FA) on all critical systems. If this was enabled in our example above, the adversary would only have your password but would be unable to log in.   Be sure your computer is set to download and apply patches automatically.  Applications are often adding features to detect and warn users about suspect emails automatically. Finally, never allow someone to connect remotely to your computer unless you know them. While there is no single thing you can do to prevent a phishing attempt from succeeding, these basic guidelines can greatly mitigate the risk of falling prey to a phishing attempt.
Working remotely exposes us to increased security risks and the pandemic has seen a 350% increase in phishing attempts. These eight steps can protect you.
READ MORE
The remote finance team - why, how and how better

The remote finance team - why, how and how better

  • Jamie Black
  • Tech for Execs
  • minute(s)Over the past decade, remote work has emerged as an increasingly attractive option for employers and employees. With the COVID-19 pandemic, remote work has become an immediate, unplanned necessity that finance departments the world over are scrambling to enable. This sudden, forced change does beg some questions: Why did it take this crisis to get finance to adopt remote work?  How can finance utilize tools and techniques already at the organization's disposal to enable working remotely? How can finance bolster remote work environments and use this as an opportunity to make their business processes more efficient, effective, and reliable? In this blog series, we'll explore these questions in depth. We start with understanding the barriers to remote work as addressing them head-on will be essential if we are to make the most of our remote work environments in the weeks and months ahead. Public sector finance, in particular, has been slow to provide staff with remote work options. Sure they can take their laptop home occasionally, but they are not encouraging working outside of the office. This reluctance is despite organizations often having access to advanced applications that facilitate remote work. So why the hesitation? 1) Workload First and foremost, I suspect that the initial reaction to any discussion of setting up finance to take advantage of remote work is, "We have too much to do right now to even think about a luxury like remote work." When you are dashing day in and out to get ready for the audit, get the budget approved, and 900 other things in between, it can seem like an easy decision to defer. The current crisis has forced remote enablement to the top of the priority list. To a large degree, this barrier has been toppled out of pure necessity.  2) The Bias of Senior Management Often the heads of finance are the most experienced team members, with decades of experience. In short, these highly qualified, skilled, and experienced individuals often predate the remote work movement. For much of their career, the technological advancements required to facilitate efficient remote work were not available. If these senior managers were early adopters, experimenting with remote work environments before the technology was truly ready, they would have been left skeptical. Finally, those with decades of success in traditional office environments may not have seen a need for change, 'if it's not broken, why fix it?'. Once again, current events have interceded to illustrate the need clearly . 3) Paper Dependence Many organizations drive all their business processes via paper. Every form must be physically signed, routed, approved, and then filed. Processing payroll involves physical time cards, reconciling bank accounts, and physical statements. So paper-dependent are these environments that remote work does not seem like an option. Paper dependence is still a significant hurdle to effective and efficient remote work and one that needs to be tackled head-on. If there is a ray of light to the scramble into remote work, it is that we anticipate it will provide an opportunity (if you elect to seize it) to improve business processes to the ultimate and considerable long-term benefit of the organization. We will provide suggestions for this in our subsequent articles. 4) Security  Working remotely definitely adds additional security concerns that have to be addressed. The workstations/laptops that are fully managed and locked down at the office are now connected to users’ home networks that are insecure and have not seen any security best practices applied. This naturally makes IT very nervous. For those organizations that rarely if ever work remotely, chances are that no VPN has been configured thereby further complicating remote work. All these issues are real, however they are not insurmountable hurdles. Assuming your organization’s IT department is currently following security best practices, working remotely can be done securely if a couple of additional measures are taken. If you are uncertain about your readiness for remote work, here is a list of 10 items (plus one bonus!) to begin your conversations with IT: Ensure a secure VPN is configured both on the network edge as well as remote user’s laptops, and that they are trained on how to use it. We wrote an article for finance officers who need to learn more about the basics of VPNs.  Ensure strong passwords are used, and ensure passwords are set to never expire. We wrote an article for finance officers who need to learn more about the basics of passwords too!  Make sure RDP (Remote Desktop Protocol) is not passed through on the edge network – either use VPN or make use of remote desktop gateway. Ensure all computers are set to automatically download and install software patches daily. Perform full disk encryption on all computers (using BitLocker). Enable the built-in Windows Firewall on all computers (or deploy the IT recommended firewall) and ensure proper rules are configured.  Make sure only office traffic flows through the VPN and all other traffic flows through the end user’s network (split DNS configuration on the VPN). We discuss this in some depth in the article for finance officers who need to learn more about the basics of VPNs.  Ensure all work sites accessed by users are using HTTPS. Enable anti virus on all computers and make sure they are set to auto-update. Ensure VPN connections only have access to subnets required for the user to perform their functions. Make sure important documents are either stored on the office network, or on a cloud storage provided by the organization as computers are certainly not being backed-up when remote. 5) Productivity Concerns If your organization does not support remote work typically, a significant concern may be, "How do I know if my team is working?" In recent weeks we have even seen articles of managers deploying spyware to monitor staff while they work remotely. In our nearly decade of working in a 100% remote work environment, this has never been a problem. Our experience is the opposite, and the major benefits easily justify the investment. The flexibility for our team to work remotely means that we're never late and have increased capacity to work through minor illness or meet constrained deadlines. We will continue to share best practices on how to proactively encourage good habits and monitor productivity as we progress in our subsequent articles.  What's Next? Having explored the common barriers to remote work in public sector finance, our next article will discuss the second question, how to utilize tools you have today to enable remote work. We'll examine the tools already available to many public sector finance departments and analyze how they can be used to implement a secure and functional remote work environment. 
The first article in a series on remote work, this blog explores the reasons why public sector finance has not adopted remote work historically.
READ MORE
Improve your ability to work remotely: Understanding VPNs

Improve your ability to work remotely: Understanding VPNs

  • Waldo Nell
  • Tech for Execs
  • minute(s)Given the explosion in demand for remote work, we wanted to explain a technology that many of us use, but few in finance understand well. If you are working from home and connect to the office, you likely use a VPN. VPN stands for Virtual Private Network and is a technology that is as old as the internet itself. While working from home you may have experienced applications running slowly or not at all. This can be frustrating, to say the least. As we have said elsewhere, a little technological insight can improve your ability to discuss your problems with IT and ultimately yield better performance and improve your ability to mitigate risk. That is our goal for this article. Overview To understand how a VPN works at a high level, one needs to have a basic understanding of networks. When you are at your corporate office, you will most likely be connecting to the corporate LAN (Local Area Network). The LAN is just a name for a network that is not accessible directly from the internet and connects a limited number of computers and other resources located in close physical proximity to one another, together (such as those at your office location). Each organization will have at least one LAN of its own to which its computers are connected. Each LAN connects to the internet, which is in itself a type of network (WAN - Wide Area Network). Generally speaking, one LAN cannot talk to another LAN, even though both LANs can (usually) connect to the internet. This is intentional, to isolate traffic and to help protect your resources. Consequently, when you are at home (the network at your home is also considered a LAN) and you need to access resources from your office network, such as a Remote Desktop server, network drives, etc. you need tools to first connect to the office LAN. This is where a VPN comes to the rescue. Assuming your IT department allows remote connections,  IT would typically: install some software on the corporate network that will listen for VPN connections and install some VPN client software on your laptop/home computer (depending on the type of VPN). With this work complete, the client software can connect to the server software at the office and create a virtual, encrypted tunnel. All traffic destined for your office that would previously fail to move between the two LANs now flows through this virtual tunnel network. It is important to understand that traffic flows from your LAN over the public internet to the office LAN and back again. That is why it is crucial that VPN has the P in its abbreviation - all data is encrypted so that nobody on the internet can intercept and decode the traffic. The diagram below shows the basic configuration of a typical VPN:   Finally, this VPN is temporary. The moment you disconnect, the tunnel closes, and the two LANs are decoupled again. Performance Although working remotely via a VPN is very similar to working locally at the office from a practical point of view, some major differences are important to understand to maximize your effectiveness and minimize frustration as it relates to performance and security.  We understand that many of you reading this only need a cursory overview. To really participate in a discussion with IT, however, you will need to know more. For those who just need high-level, we provide that first. Then for those with the patience and interest, we provide much more detail further on. In Summary  If you are working from home over a VPN and experience poor "performance" there are 5 main items to consider: Throughput - the speed (both download and upload speeds) of your home network are likely to be slower than your office LAN. To test your speed, visit www.speedtest.net and note both the download and upload speeds. This is the variable people tend to focus on, but it is only a part of the story. Having said that, if you can get faster throughput inexpensively, and depending on the kind of remote work you will be doing, it might be worth considering. Learn more... Latency - given you are physically further from your office computers & servers, there is additional delay in communication. There is not a lot IT can do to fix this problem but it varies based on your actual location and the path the data travels to & from your office. Learn more... Congestion - what else is competing for use of your home bandwidth? Eliminate unnecessary uses of the internet (kids streaming Netflix etc.) and see if that improves your performance. Learn more... Routing - how much of your laptop's traffic goes over the VPN? Discuss this with IT as ideally when you are out of the office only your requests for data residing in the office should go over the VPN, not all your web traffic too. Learn more... Application Design - some applications assume immediate, direct connection to their required data. When that is not available, delays ensue. Be careful to advise IT if your poor performance is application specific or general. Learn more... In Detail (click to expand) There are five major attributes (simplified) that determine a network's performance: Throughput You are probably most familiar with this attribute, usually measured in Mbps or Gbps (Mega or Giga bits per second, respectively). It refers to your network’s ability to move data around. The higher the number, the faster the data will travel between devices, and generally, the better the performance. Most corporate LANs have at least 1Gbps networks, however, some client devices might still connect to the server infrastructure at 100Mbps speeds. Your home office might make use of a connection 10 to 50 times slower. Typical DSL or cable speeds are anywhere from 5 Mbps in rural areas to 500Mbps in cities. Also, consider that most residential internet plans are asymmetric. This means the throughput for download (like watching a Netflix movie or browsing the internet) is sometimes ten times higher than the throughput for upload (like sending an email). Therefore even though you may have a connection supporting 50Mbps download, it may only support 5Mbps upload. This can impact VPN performance significantly as you need to both download and upload data to and from the corporate LAN. Latency Latency is a more obscure attribute but, in some ways, more important than throughput. A computer uses lots of transistors to switch electromagnetic waves on and off at great speeds (typically 1 - 4 billion times per second). The binary digits, or bits, your computer uses for communication is carried via these electromagnetic waves. As you might recall from high school physics, light (which is an electromagnetic wave) propagates at the maximum speed of approximately 300 000 km/s in a vacuum. The electromagnetic waves in network cables, optic fibres, and other equipment propagate typically at about 66% the speed of light, or 200 000 km/s. This is important to know because it allows us to determine how long it will take for a packet of data to be sent from your computer to the server and getting a response back, also known as the round trip time (RTT). On a LAN, the physical distance between your computer and the server might be less than 100m. A quick calculation shows that: \begin{align*} RTT &= \frac{100}{200000000}*2 \\ &= 1\mu s \end{align*} So for each packet of data your computer and server exchanges, it will take at least 1µs for the packet to make the round trip. Considering most communication requires a large number of small packets (due to the design of TCP/IP), this quickly accumulates. Simplifying a lot, to transfer a single 2MB document will require approximately 1400 packets of data. Ignoring throughput, latency would introduce an additional 1.4ms of delay. That does not sound like much, and therefore working locally on a LAN generally produces great performance. However, if you are working from home, things change a lot. Your office might now be 200km away (not physically, but the route your packets travel through the internet via the VPN). Consider copying that same file: \begin{align*} RTT &= \frac{200000}{200000000}*2 \\ &= 2000 \mu s \\ &= 2 ms \end{align*} Each packet now takes 2 ms to travel between your computer and the server, 2000 times slower. So that 2MB file will now have an additional 2.8 seconds of latency above, and beyond the time it takes to transfer the actual contents. This is certainly observable and can become highly problematic with certain applications. Congestion When most staff are sent home like we are currently experiencing with COVID-19, a large number of people are concurrently connected via VPN. The corporate network might not be optimized for this amount of traffic, causing a degraded experience for all. Additionally, your partner or family member might be watching Netflix from home while you are trying to do some remote work, reducing the throughput, and possibly affecting your experience. Most home networks do not have traffic shaping enabled - something many corporate offices have implemented that allows certain traffic to have higher priority and not be impacted by someone else downloading a file or watching a movie. Another cause of congestion is WiFi. Most people use WiFi to connect their home computers to the internet due to the convenience it offers. Due to the way WiFi is designed, when a client computer tries to send data to the internet via WiFi, that WiFi Access Point can only talk to that client at that point in time. Any other clients need to wait until the WiFi access point has finished transmitting data. This happens at a low level so it is not always apparent, and some modern WiFi access point support something called MU-MIMO, which allows the access point to talk to more than one device at a time. This becomes a problem when more than one person tries to access the internet, and the signal is not very strong. The effect is to amplify the congestion. Routing There are two ways your VPN could be configured (usually by your IT department) when it comes to routing of traffic. When you connect via VPN, your VPN could: route only the traffic intended for the office network through the VPN and all other traffic goes through your ISP’s modem (the ideal configuration), or it could be configured so that once your VPN is connected, ALL your traffic gets routed through the VPN tunnel. That implies if you are watching a Youtube video or Netflix, all that traffic will flow through the much slower VPN tunnel. The end result is a very poor end-user experience and potential privacy issues since the organization will be able to see your personal traffic patterns. It is therefore highly recommended that your IT department configure your VPN to only route traffic intended for the office through the VPN and all other traffic through your own modem. This will reduce the load on the corporate network, improve your privacy, and general remote working experience. Application Design Applications are designed with certain assumptions in mind. Many applications assume the application is used on a LAN. Have you ever used Office 365 and opened a Word document in your local Word application from the online portal? It takes several times longer to open the document as it has to download the document first. Some other applications experience the same problems. CaseWare, for example, assumes it has a fast LAN connection between itself and the CaseWare file. If you use CaseWare on your local home computer and try to access a CaseWare file on your office network via VPN, the latency will have a dramatic impact on the performance. It is generally best to access the CaseWare application via Remote Desktop over VPN. That way, the CaseWare application is running on a server with Remote Desktop and is local to the network share. We discussed remote desktop in more depth here. Security There are some additional complications when users work remotely via a VPN. Usually, in the traditional corporate setting, IT has full control over all the devices that access network resources and protect them adequately. However, the moment a user connects to the server via VPN, the user’s home computer is connected directly to the corporate network as if the user took their PC and placed it directly on the LAN at the office (this is an oversimplification). That means, if the user’s PC is infected with malware, or is compromised, the attacker/malware now has access to the corporate network as well. It is therefore paramount that users either: patch their home PCs, install anti-virus software, and handle their PC as if it is a corporate PC. Each active VPN connection extends the corporate LAN and therefore increases the risk of exposure. Considering this fact, it is recommended not to leave VPN connected all the time unless your home network is secure. Or Bring your work laptop home and use it to connect to your corporate LAN provided your IT department supports this decision. A little bit of knowledge... If you have further questions about your remote performance, be sure to discuss with your IT department. With your new-found understanding of the variables involved, you should be able to better answer their questions and participate in resolving your concerns. 
A little technical knowledge of VPN connections is essential for finance teams to diagnose issues, & involve IT to provide a better remote work experience.
READ MORE
Here to help despite COVID-19

Here to help despite COVID-19

  • Jamie Black
  • What's New
  • minute(s)Hello folks, This is a bit of a different article. More of a letter really. I wanted to update all of our clients, partners, and friends on how we are dealing with COVID-19 and our plans for the next few weeks. You should have received an email from us on this directly, but in case you missed it, we will update you via our blog too. As a 100% remote work organization, we are lucky to be ideally constructed to: 1. Avoid getting sick and 2. Avoid passing on any sickness we do get Consequently, although difficult to be certain when dealing with global phenomena, we anticipate minimal interruption to our business. You may hear our children running amok in the background due to school closures, but hopefully that will be the extent of the impact. We are committed to communicate promptly and proactively with you directly in the unlikely event that there will be any interruptions or delays in our projects or response times when you are looking for support. So feel free to contact us as you always have. Also, do not forget we have a support site (https://support.fhblackinc.com) where you can log support requests, and we will process ASAP. If you have questions about setting your teams up for remote work, feel free to contact us. We have been doing this for the better part of a decade and would be happy to share our advice and strategies. Finally, if you are impacted by the virus and find it will disrupt your work, please let us know immediately: If we are in the middle of a project with you, we may be able to take on more of the workload to keep things on schedule. At minimum, we can work together to develop a strategy to reduce the impact of any delays or changes. If we are not working on a project with you, you may find you need help getting through the day-to-day or year-end processes due to staff absence/sickness. We have a team of CPAs, IT experts, and graphic designers who are eager to help. We are not interested in profiting from this work and will do everything in our power to render this emergency support for as low a cost as possible. We wish everyone the best of luck and good health during the next few weeks. We will all get through this together. Stay safe. Your friends at FHB.
Many businesses will face significant disruption due to COVID-19. We are well situated to continue supporting our clients. Learn more...
READ MORE