In Black & White

Freeing Finance & Budget Departments from Drudgery One Article at a Time

Postponed effective dates of certain GASB Pronouncements

Postponed effective dates of certain GASB Pronouncements
  • Jamie Black
  • What's New
  • minute(s)The Governmental Accounting Standards Board (GASB) is taking steps to reduce the stress on government finance departments imposed by the COVID-19 pandemic. On April 15th, the Organization proposed to postpone the effective dates of some Pronouncements by one year. The Exposure Draft has a comment deadline of April 30th and is slated for a final statement of issuance on May 8th. The proposal will affect the following Pronouncements: Statement No. 83, Certain Asset Retirement Obligations Statement No. 84, Fiduciary Activities Statement No. 87, Leases Statement No. 88, Certain Disclosures Related to Debt, including Direct Borrowings and Direct Placements Statement No. 89, Accounting for Interest Cost Incurred before the End of a Construction Period Statement No. 90, Majority Equity Interests Statement No. 91, Conduit Debt Obligations Statement No. 92, Omnibus 2020, paragraphs 6–10 and 12 Statement No. 93, Replacement of Interbank Offered Rates, paragraphs 13 and 14 Implementation Guide No. 2017-3, Accounting and Financial Reporting for Postemployment Benefits Other Than Pensions (and Certain Issues Related to OPEB Plan Reporting), Questions 4.85, 4.103, 4.108, 4.109, 4.225, 4.239, 4.244, 4.245, 4.484, 4.491, and 5.1–5.4 Implementation Guide No. 2018-1, Implementation Guidance Update—2018 Implementation Guide No. 2019-1, Implementation Guidance Update—2019 Implementation Guide No. 2019-2, Fiduciary Activities Implementation Guide No. 2019-3, Leases. GASB has also posted several resources for Stakeholders to a dedicated GASB Response to COVID-19 web page, including a GASB Emergency Toolbox. Subscribe to our blog for the latest developments impacting government finance departments.
Some good news! The Government Accounting Standards Board (GASB) is working to relieve some of the additional workload imposed by the COVID-19 pandemic.
READ MORE
How to avoid phishing scams while working from home

How to avoid phishing scams while working from home
  • Waldo Nell
  • Tech for Execs
  • minute(s)Working from home, especially for the first time, may seem a bit like leaving home as a young adult. You enter a brave new world, free of the protections your parents' home provided to discover yourself. In this case, the office is the secure home you are leaving, at least from an IT security perspective. One of the security issues to consider when working remotely is phishing. This article defines the problem, provides a real-world example and eight steps to avoid phishing attempts. Phishing The definition of a phishing attack: A fraudulent attempt by an adversary posing as a legitimate entity to steal sensitive information from someone. The problem Chances are you have seen emails from someone familiar asking you to click on a link or download an attached file. With some review, you realized the person who sent it is not the person they claimed to be. The idea behind this attack is to gain your trust by posing as someone you know. The basic process is shown below: The adversary's phishing email causes the user to connect to the malicious site (red connection) controlled by the adversary, instead of the legitimate web site (green connection). This allows the adversary to intercept the login credentials of the user. Below is a real-world scenario that we will be analyzing. All the suspicious elements visible to a non-technical user have been highlighted in green. It purports to be from our phone system, informing me that I have a new voicemail. We analyze it below. The email has a file attached. Carefully reviewing that attachment shows it to be an HTML file. If this were a real voicemail attachment, it would be a WAV or Mp3 file. Another approach, not used in this message, includes a link the user is asked to click to perform some action. This link might look like the one below: If the user hovers their mouse cursor over the link "Release Message", the actual URL that would be opened is displayed (as highlighted above). Often it is clear that this URL points to a domain that is not related to the sender of the email. The FROM address is not from any known domain and does not match the name of the sender. The subject is suspicious. What does a "protected recording" mean? Misuse of the Importance flag. Identifying an email as High Importance is a common tactic among phishing attacks. Font substitution is also a common technique used to try and bypass spam filters. It works by randomizing some letters to look like valid English letters. Since the Greek ε is not the same as the Latin e, it could fool anti-spam algorithms. What happens if the user doesn't notice any of the above warning signs? In this example, the following occurs: If the user double clicks on the attachment named _NewAudioMessageFile_000.htm. their browser loads the contents of that HTML file locally. A page is loaded that redirects to a new website (owned by Mary Jean Suarez in the Philippines) that looks like this: Note this is not a Microsoft URL but was made to looks like a Microsoft page to appear even more legitimate. If the user stops here, the adversary knows the email address that received the email is active and that the link was clicked. No compromise of any account has occurred yet. If the user enters their password (correct or incorrect) and clicks Sign In, the password, together with the email address, is sent to the adversary's server (called credential harvesting). The following page is displayed: As the adversary does not know if the supplied password is valid or not, the best they can do is to forward the user to the real portal. The page then redirects to this legitimate Microsoft web page: Most users would not think twice about having to log in again, assuming perhaps they mistyped something. This time, the user is logging in to the real Microsoft web site. The scam is completed. If the user entered their correct password in step 4 above, their account has been compromised, and the adversary now has full access to the account. You should immediately change your password and monitor your account for suspicious activity. The mitigation Phishing attacks are nothing new. But they have increased 350% during the pandemic and are now more dangerous than ever because: Your computer is no longer offered all the protections of the office network, You have no direct access to IT to question suspicious emails/activities, If you are using your home computer, it is likely un-patched, making it easier for phishing attempts to work successfully, Because we are working in unprecedented times and are likely working remotely, requests that would have stood out as unusual two months ago might slip by unnoticed today. What can you do to protect yourselves? Below are eight recommended steps to take to increase your protection: Realize that it is inevitable that you will receive many phishing attempts, and you have a responsibility to be vigilant. Know how to spot a phishing attempt. This can be very complex and technical; however, there are several markers you can watch out for to identify most phishing attempts: Email FROM addresses can be easily faked. Just like in our example above, phishing attempts will get the name in the FROM field of an email to reflect someone you know but not the email address. This is not universally true, but it is a good first warning sign. If the email asks you to click on a link, pause for 10 seconds, and carefully consider whether the email was expected. If not, contact your IT department to verify the validity before clicking any links. An additional safety measure you can take is to hover your mouse over the link in the email. Make sure the domain in the link (i.e. the site it is pointing to) seems familiar. If the email asks you to perform any sensitive operations like releasing payment etc., it is best to call the sender via a known number and verify the request. Disable automatic loading of images. Most email applications allow you to turn off automatic loading of images in emails. This is recommended as many phishing attempts work by including a link to an image that lets the attacker know your email is legitimate. Another useful trick is not to click the link given in the email, but rather open a new browser window and go to the site in question yourself. For instance, if you get an email about a Microsoft Office 365 account needing updated payment details, don't click the link in the email. Instead, open a new browser window and type in https://portal.office.com and go to the billing section yourself. This will thwart the phishing attempt. Sometimes this is not possible, such as when the email contains a link to a file you need to view. Enable Two Factor Authentication (2FA) on all critical systems. If this was enabled in our example above, the adversary would only have your password but would be unable to log in. Be sure your computer is set to download and apply patches automatically. Applications are often adding features to detect and warn users about suspect emails automatically. Finally, never allow someone to connect remotely to your computer unless you know them. While there is no single thing you can do to prevent a phishing attempt from succeeding, these basic guidelines can greatly mitigate the risk of falling prey to a phishing attempt.
Working remotely exposes us to increased security risks and the pandemic has seen a 350% increase in phishing attempts. These eight steps can protect you.
READ MORE
The remote finance team - why, how and how better

The remote finance team - why, how and how better
  • Jamie Black
  • Tech for Execs
  • minute(s)Over the past decade, remote work has emerged as an increasingly attractive option for employers and employees. With the COVID-19 pandemic, remote work has become an immediate, unplanned necessity that finance departments the world over are scrambling to enable. This sudden, forced change does beg some questions: Why did it take this crisis to get finance to adopt remote work? How can finance utilize tools and techniques already at the organization's disposal to enable working remotely? How can finance bolster remote work environments and use this as an opportunity to make their business processes more efficient, effective, and reliable? In this blog series, we'll explore these questions in depth. We start with understanding the barriers to remote work as addressing them head-on will be essential if we are to make the most of our remote work environments in the weeks and months ahead. Public sector finance, in particular, has been slow to provide staff with remote work options. Sure they can take their laptop home occasionally, but they are not encouraging working outside of the office. This reluctance is despite organizations often having access to advanced applications that facilitate remote work. So why the hesitation? 1) Workload First and foremost, I suspect that the initial reaction to any discussion of setting up finance to take advantage of remote work is, "We have too much to do right now to even think about a luxury like remote work." When you are dashing day in and out to get ready for the audit, get the budget approved, and 900 other things in between, it can seem like an easy decision to defer. The current crisis has forced remote enablement to the top of the priority list. To a large degree, this barrier has been toppled out of pure necessity. 2) The Bias of Senior Management Often the heads of finance are the most experienced team members, with decades of experience. In short, these highly qualified, skilled, and experienced individuals often predate the remote work movement. For much of their career, the technological advancements required to facilitate efficient remote work were not available. If these senior managers were early adopters, experimenting with remote work environments before the technology was truly ready, they would have been left skeptical. Finally, those with decades of success in traditional office environments may not have seen a need for change, 'if it's not broken, why fix it?'. Once again, current events have interceded to illustrate the need clearly . 3) Paper Dependence Many organizations drive all their business processes via paper. Every form must be physically signed, routed, approved, and then filed. Processing payroll involves physical time cards, reconciling bank accounts, and physical statements. So paper-dependent are these environments that remote work does not seem like an option. Paper dependence is still a significant hurdle to effective and efficient remote work and one that needs to be tackled head-on. If there is a ray of light to the scramble into remote work, it is that we anticipate it will provide an opportunity (if you elect to seize it) to improve business processes to the ultimate and considerable long-term benefit of the organization. We will provide suggestions for this in our subsequent articles. 4) Security Working remotely definitely adds additional security concerns that have to be addressed. The workstations/laptops that are fully managed and locked down at the office are now connected to users’ home networks that are insecure and have not seen any security best practices applied. This naturally makes IT very nervous. For those organizations that rarely if ever work remotely, chances are that no VPN has been configured thereby further complicating remote work. All these issues are real, however they are not insurmountable hurdles. Assuming your organization’s IT department is currently following security best practices, working remotely can be done securely if a couple of additional measures are taken. If you are uncertain about your readiness for remote work, here is a list of 10 items (plus one bonus!) to begin your conversations with IT: Ensure a secure VPN is configured both on the network edge as well as remote user’s laptops, and that they are trained on how to use it. We wrote an article for finance officers who need to learn more about the basics of VPNs. Ensure strong passwords are used, and ensure passwords are set to never expire. We wrote an article for finance officers who need to learn more about the basics of passwords too! Make sure RDP (Remote Desktop Protocol) is not passed through on the edge network – either use VPN or make use of remote desktop gateway. Ensure all computers are set to automatically download and install software patches daily. Perform full disk encryption on all computers (using BitLocker). Enable the built-in Windows Firewall on all computers (or deploy the IT recommended firewall) and ensure proper rules are configured. Make sure only office traffic flows through the VPN and all other traffic flows through the end user’s network (split DNS configuration on the VPN). We discuss this in some depth in the article for finance officers who need to learn more about the basics of VPNs. Ensure all work sites accessed by users are using HTTPS. Enable anti virus on all computers and make sure they are set to auto-update. Ensure VPN connections only have access to subnets required for the user to perform their functions. Make sure important documents are either stored on the office network, or on a cloud storage provided by the organization as computers are certainly not being backed-up when remote. 5) Productivity Concerns If your organization does not support remote work typically, a significant concern may be, "How do I know if my team is working?" In recent weeks we have even seen articles of managers deploying spyware to monitor staff while they work remotely. In our nearly decade of working in a 100% remote work environment, this has never been a problem. Our experience is the opposite, and the major benefits easily justify the investment. The flexibility for our team to work remotely means that we're never late and have increased capacity to work through minor illness or meet constrained deadlines. We will continue to share best practices on how to proactively encourage good habits and monitor productivity as we progress in our subsequent articles. What's Next? Having explored the common barriers to remote work in public sector finance, our next article will discuss the second question, how to utilize tools you have today to enable remote work. We'll examine the tools already available to many public sector finance departments and analyze how they can be used to implement a secure and functional remote work environment.
The first article in a series on remote work, this blog explores the reasons why public sector finance has not adopted remote work historically.
READ MORE
Improve your ability to work remotely: Understanding VPNs

Improve your ability to work remotely: Understanding VPNs
  • Waldo Nell
  • Tech for Execs
  • minute(s)Given the explosion in demand for remote work, we wanted to explain a technology that many of us use, but few in finance understand well. If you are working from home and connect to the office, you likely use a VPN. VPN stands for Virtual Private Network and is a technology that is as old as the internet itself. While working from home you may have experienced applications running slowly or not at all. This can be frustrating, to say the least. As we have said elsewhere, a little technological insight can improve your ability to discuss your problems with IT and ultimately yield better performance and improve your ability to mitigate risk. That is our goal for this article. Overview To understand how a VPN works at a high level, one needs to have a basic understanding of networks. When you are at your corporate office, you will most likely be connecting to the corporate LAN (Local Area Network). The LAN is just a name for a network that is not accessible directly from the internet and connects a limited number of computers and other resources located in close physical proximity to one another, together (such as those at your office location). Each organization will have at least one LAN of its own to which its computers are connected. Each LAN connects to the internet, which is in itself a type of network (WAN - Wide Area Network). Generally speaking, one LAN cannot talk to another LAN, even though both LANs can (usually) connect to the internet. This is intentional, to isolate traffic and to help protect your resources. Consequently, when you are at home (the network at your home is also considered a LAN) and you need to access resources from your office network, such as a Remote Desktop server, network drives, etc. you need tools to first connect to the office LAN. This is where a VPN comes to the rescue. Assuming your IT department allows remote connections, IT would typically: install some software on the corporate network that will listen for VPN connections and install some VPN client software on your laptop/home computer (depending on the type of VPN). With this work complete, the client software can connect to the server software at the office and create a virtual, encrypted tunnel. All traffic destined for your office that would previously fail to move between the two LANs now flows through this virtual tunnel network. It is important to understand that traffic flows from your LAN over the public internet to the office LAN and back again. That is why it is crucial that VPN has the P in its abbreviation - all data is encrypted so that nobody on the internet can intercept and decode the traffic. The diagram below shows the basic configuration of a typical VPN: Finally, this VPN is temporary. The moment you disconnect, the tunnel closes, and the two LANs are decoupled again. Performance Although working remotely via a VPN is very similar to working locally at the office from a practical point of view, some major differences are important to understand to maximize your effectiveness and minimize frustration as it relates to performance and security. We understand that many of you reading this only need a cursory overview. To really participate in a discussion with IT, however, you will need to know more. For those who just need high-level, we provide that first. Then for those with the patience and interest, we provide much more detail further on. In Summary If you are working from home over a VPN and experience poor "performance" there are 5 main items to consider: Throughput - the speed (both download and upload speeds) of your home network are likely to be slower than your office LAN. To test your speed, visit www.speedtest.net and note both the download and upload speeds. This is the variable people tend to focus on, but it is only a part of the story. Having said that, if you can get faster throughput inexpensively, and depending on the kind of remote work you will be doing, it might be worth considering. Learn more... Latency - given you are physically further from your office computers & servers, there is additional delay in communication. There is not a lot IT can do to fix this problem but it varies based on your actual location and the path the data travels to & from your office. Learn more... Congestion - what else is competing for use of your home bandwidth? Eliminate unnecessary uses of the internet (kids streaming Netflix etc.) and see if that improves your performance. Learn more... Routing - how much of your laptop's traffic goes over the VPN? Discuss this with IT as ideally when you are out of the office only your requests for data residing in the office should go over the VPN, not all your web traffic too. Learn more... Application Design - some applications assume immediate, direct connection to their required data. When that is not available, delays ensue. Be careful to advise IT if your poor performance is application specific or general. Learn more... In Detail (click to expand) There are five major attributes (simplified) that determine a network's performance: Throughput You are probably most familiar with this attribute, usually measured in Mbps or Gbps (Mega or Giga bits per second, respectively). It refers to your network’s ability to move data around. The higher the number, the faster the data will travel between devices, and generally, the better the performance. Most corporate LANs have at least 1Gbps networks, however, some client devices might still connect to the server infrastructure at 100Mbps speeds. Your home office might make use of a connection 10 to 50 times slower. Typical DSL or cable speeds are anywhere from 5 Mbps in rural areas to 500Mbps in cities. Also, consider that most residential internet plans are asymmetric. This means the throughput for download (like watching a Netflix movie or browsing the internet) is sometimes ten times higher than the throughput for upload (like sending an email). Therefore even though you may have a connection supporting 50Mbps download, it may only support 5Mbps upload. This can impact VPN performance significantly as you need to both download and upload data to and from the corporate LAN. Latency Latency is a more obscure attribute but, in some ways, more important than throughput. A computer uses lots of transistors to switch electromagnetic waves on and off at great speeds (typically 1 - 4 billion times per second). The binary digits, or bits, your computer uses for communication is carried via these electromagnetic waves. As you might recall from high school physics, light (which is an electromagnetic wave) propagates at the maximum speed of approximately 300 000 km/s in a vacuum. The electromagnetic waves in network cables, optic fibres, and other equipment propagate typically at about 66% the speed of light, or 200 000 km/s. This is important to know because it allows us to determine how long it will take for a packet of data to be sent from your computer to the server and getting a response back, also known as the round trip time (RTT). On a LAN, the physical distance between your computer and the server might be less than 100m. A quick calculation shows that: \begin{align*} RTT &= \frac{100}{200000000}*2 \\ &= 1\mu s \end{align*} So for each packet of data your computer and server exchanges, it will take at least 1µs for the packet to make the round trip. Considering most communication requires a large number of small packets (due to the design of TCP/IP), this quickly accumulates. Simplifying a lot, to transfer a single 2MB document will require approximately 1400 packets of data. Ignoring throughput, latency would introduce an additional 1.4ms of delay. That does not sound like much, and therefore working locally on a LAN generally produces great performance. However, if you are working from home, things change a lot. Your office might now be 200km away (not physically, but the route your packets travel through the internet via the VPN). Consider copying that same file: \begin{align*} RTT &= \frac{200000}{200000000}*2 \\ &= 2000 \mu s \\ &= 2 ms \end{align*} Each packet now takes 2 ms to travel between your computer and the server, 2000 times slower. So that 2MB file will now have an additional 2.8 seconds of latency above, and beyond the time it takes to transfer the actual contents. This is certainly observable and can become highly problematic with certain applications. Congestion When most staff are sent home like we are currently experiencing with COVID-19, a large number of people are concurrently connected via VPN. The corporate network might not be optimized for this amount of traffic, causing a degraded experience for all. Additionally, your partner or family member might be watching Netflix from home while you are trying to do some remote work, reducing the throughput, and possibly affecting your experience. Most home networks do not have traffic shaping enabled - something many corporate offices have implemented that allows certain traffic to have higher priority and not be impacted by someone else downloading a file or watching a movie. Another cause of congestion is WiFi. Most people use WiFi to connect their home computers to the internet due to the convenience it offers. Due to the way WiFi is designed, when a client computer tries to send data to the internet via WiFi, that WiFi Access Point can only talk to that client at that point in time. Any other clients need to wait until the WiFi access point has finished transmitting data. This happens at a low level so it is not always apparent, and some modern WiFi access point support something called MU-MIMO, which allows the access point to talk to more than one device at a time. This becomes a problem when more than one person tries to access the internet, and the signal is not very strong. The effect is to amplify the congestion. Routing There are two ways your VPN could be configured (usually by your IT department) when it comes to routing of traffic. When you connect via VPN, your VPN could: route only the traffic intended for the office network through the VPN and all other traffic goes through your ISP’s modem (the ideal configuration), or it could be configured so that once your VPN is connected, ALL your traffic gets routed through the VPN tunnel. That implies if you are watching a Youtube video or Netflix, all that traffic will flow through the much slower VPN tunnel. The end result is a very poor end-user experience and potential privacy issues since the organization will be able to see your personal traffic patterns. It is therefore highly recommended that your IT department configure your VPN to only route traffic intended for the office through the VPN and all other traffic through your own modem. This will reduce the load on the corporate network, improve your privacy, and general remote working experience. Application Design Applications are designed with certain assumptions in mind. Many applications assume the application is used on a LAN. Have you ever used Office 365 and opened a Word document in your local Word application from the online portal? It takes several times longer to open the document as it has to download the document first. Some other applications experience the same problems. CaseWare, for example, assumes it has a fast LAN connection between itself and the CaseWare file. If you use CaseWare on your local home computer and try to access a CaseWare file on your office network via VPN, the latency will have a dramatic impact on the performance. It is generally best to access the CaseWare application via Remote Desktop over VPN. That way, the CaseWare application is running on a server with Remote Desktop and is local to the network share. We discussed remote desktop in more depth here. Security There are some additional complications when users work remotely via a VPN. Usually, in the traditional corporate setting, IT has full control over all the devices that access network resources and protect them adequately. However, the moment a user connects to the server via VPN, the user’s home computer is connected directly to the corporate network as if the user took their PC and placed it directly on the LAN at the office (this is an oversimplification). That means, if the user’s PC is infected with malware, or is compromised, the attacker/malware now has access to the corporate network as well. It is therefore paramount that users either: patch their home PCs, install anti-virus software, and handle their PC as if it is a corporate PC. Each active VPN connection extends the corporate LAN and therefore increases the risk of exposure. Considering this fact, it is recommended not to leave VPN connected all the time unless your home network is secure. Or Bring your work laptop home and use it to connect to your corporate LAN provided your IT department supports this decision. A little bit of knowledge... If you have further questions about your remote performance, be sure to discuss with your IT department. With your new-found understanding of the variables involved, you should be able to better answer their questions and participate in resolving your concerns.
A little technical knowledge of VPN connections is essential for finance teams to diagnose issues, & involve IT to provide a better remote work experience.
READ MORE
Here to help despite COVID-19

Here to help despite COVID-19
  • Jamie Black
  • What's New
  • minute(s)Hello folks, This is a bit of a different article. More of a letter really. I wanted to update all of our clients, partners, and friends on how we are dealing with COVID-19 and our plans for the next few weeks. You should have received an email from us on this directly, but in case you missed it, we will update you via our blog too. As a 100% remote work organization, we are lucky to be ideally constructed to: 1. Avoid getting sick and 2. Avoid passing on any sickness we do get Consequently, although difficult to be certain when dealing with global phenomena, we anticipate minimal interruption to our business. You may hear our children running amok in the background due to school closures, but hopefully that will be the extent of the impact. We are committed to communicate promptly and proactively with you directly in the unlikely event that there will be any interruptions or delays in our projects or response times when you are looking for support. So feel free to contact us as you always have. Also, do not forget we have a support site (https://support.fhblackinc.com) where you can log support requests, and we will process ASAP. If you have questions about setting your teams up for remote work, feel free to contact us. We have been doing this for the better part of a decade and would be happy to share our advice and strategies. Finally, if you are impacted by the virus and find it will disrupt your work, please let us know immediately: If we are in the middle of a project with you, we may be able to take on more of the workload to keep things on schedule. At minimum, we can work together to develop a strategy to reduce the impact of any delays or changes. If we are not working on a project with you, you may find you need help getting through the day-to-day or year-end processes due to staff absence/sickness. We have a team of CPAs, IT experts, and graphic designers who are eager to help. We are not interested in profiting from this work and will do everything in our power to render this emergency support for as low a cost as possible. We wish everyone the best of luck and good health during the next few weeks. We will all get through this together. Stay safe. Your friends at FHB.
Many businesses will face significant disruption due to COVID-19. We are well situated to continue supporting our clients. Learn more...
READ MORE
The ADA & US Government: What you need to know in 6 minutes

The ADA & US Government: What you need to know in 6 minutes
  • Jamie Black
  • Financial Reporting
  • minute(s)While many have heard of the Americans with Disability Act (ADA), few truly understand its importance: Why should a finance or budget professional care about it? What do the laws (there are three) specifically require? How must I comply with the laws? This article answers these questions. 1) Finance & Budget Departments Should Care Designing documents that are easily understood by your audience is challenging. When some of your audience have visual impairments, there is an additional set of considerations. There are three primary reasons you should care about this topic: As a public sector organization, you want your message available to everyone. Approximately 5.5 million people have visual impairment in North America today. This is expected to double by 2050. To “read” your Comprehensive Annual Financial Report or Budget Book, visually impaired individuals must use assistive technology. These tools read the PDF to them electronically. Unless specifically designed for accessibility however, your PDFs will not be readable by assistive technology. Your organization is legally required to ensure all public documents are accessible (readable by assistive technology). Accessibility for your documents is legally mandated if: you work in a local government, a federal agency, or, a place of "public accommodation" (privately-owned, leased or operated facilities like hotels, restaurants, retail merchants, doctor’s offices, golf courses, private schools, daycare centers, health clubs, sports stadiums, movie theaters, and so on), and you are located in the United States, and you publish content to a publicly accessible website. Numerous lawsuits have been launched for failure to ensure accessibility both for businesses and local governments. As identified by Seyfarth Shaw LLP, these lawsuits are becoming more and more prevalent. 2) The Laws Mandate Accessibility Section 508 of the Rehabilitation Act of 1973 In 1998, Congress amended the Rehabilitation Act of 1973 to require Federal agencies to make their Electronic and Information Technology (EIT) accessible to people with disabilities. The law (29 U.S.C § 794 (d)) applies to all Federal agencies when they develop, procure, maintain, or use electronic and information technology. Under Section 508, agencies must give disabled employees and members of the public access to information comparable to the access available to others. On January 18, 2017, the U.S. Access Board published a final rule updating accessibility requirements for Information and Communication Technology (ICT) covered by Section 508 of the Rehabilitation Act and Section 255 of the Communications Act. E205.4 of this final rule stipulates the accessibility standard mandated by Section 508: Electronic content shall conform to Level A and Level AA Success Criteria and Conformance Requirements in Web Content Accessibility Guidelines ( WCAG 2.0) (incorporated by reference, see 702.10.1). Americans with Disabilities Act (ADA) It was signed into law on July 26, 1990, by President George H.W. Bush. The ADA is one of America's most comprehensive pieces of civil rights legislation that prohibits discrimination and guarantees that people with disabilities have the same opportunities as everyone else. The ADA has three "Titles" (think sections), and it is Title II that applies to the programs and activities of state and local government (title I is employment practices and title III covers private entities that are considered public accommodations). While the ADA does not explicitly reference requirements for web content, the Department of Justice (DOJ) Civil Rights division has confirmed their opinion that the ADA does in fact cover content on web sites. Unfortunately, there is no technical definition for ensuring your web content complies with the ADA. Congress sought clarification from the DOJ in 2018, but their response was noncommittal as to the standard required: Absent the adoption of specific technical requirements for websites through rulemaking, public accommodations have flexibility in how to comply with the ADA's general requirements of nondiscrimination and effective communication. In late July 2019, a series of questions were again raised to the DOJ from several senators looking for clarification. In particular, the senators attempted to learn if the DOJ "consider WCAG 2.0 an acceptable compliance standard". No response from the DOJ has been received as of this writing. California Assembly Bill No. 434 This legislation states that by July 1, 2019 all web content of the state agency or entity must meet... the Web Content Accessibility Guidelines 2.0, or a subsequent version, published by the Web Accessibility Initiative of the World Wide Web Consortium at a minimum Level AA success criteria. 3) Standards Determine Compliance Web Content Accessibility Guidelines (WCAG) Two of the three pieces of legislation above specifically reference Web Content Accessibility Guidelines 2.0 as the relevant standard that our documents must conform to. These guidelines were developed by the World Wide Web Consortium (W3C), an international community that develops open standards for the Web. WCAG 2.0 contains 12 guidelines designed to make content published on the web more accessible for those with impairment. Testable criteria are also provided to allow for the assessment of your content. Any piece of content can be assessed into one of three levels of conformance : A (lowest), AA, and AAA (highest). Note that the legislation mentioned above specify the level that your content must achieve. PDF/Universal Accessibility (PDF U/A) We mention this standard here as you may hear it and be confused by it. PDF/UA is the informal name for ISO 14289, the International Standard for accessible PDF technology. A technical specification intended for developers implementing PDF writing and processing software, PDF/UA provides definitive terms and requirements for accessibility in PDF documents and applications. PDF/UA defines the technical specifications to enable PDF documents to meet WCAG 2.0, but WCAG 2.0 has additional requirements that call for an author’s attention. For these and other additional requirements, the W3C’s technique documents (both general and PDF-specific techniques) guide authors interested in complying with WCAG 2.0. In short, if you are a state or local government in the United States and want to be confident that you comply with the various pieces of legislation, all content you publish to the web must conform to WCAG 2.0 level AA standard. Watch this space for our next article on the technical requirements of WCAG 2.0 and a methodology to employ to make your published documents fully compliant with the standards mandated by the ADA, Section 508, and California Bill 434.
Accessibility - Why should finance & budget professionals care? What do the laws (3!) require? How can you comply? This article provides the answers.
READ MORE
What do you mean? How to be sure your readers understand you

What do you mean? How to be sure your readers understand you
  • Jamie Black
  • Financial Reporting
  • minute(s)Communicating is difficult at the best of times. When our topic is complex and, let's be honest, boring, the job is even harder. In this article, we will tackle one very useful technique for ensuring the readers of your financial reports and budget books understand what you are attempting to convey. The single biggest problem in communication is the illusion that it has taken place. George Bernard Shaw As we have discussed in previous posts, text is one of the three essential tools at your disposal when trying to communicate non-verbally. Recall, the purpose of text is to: introduce a topic, a problem, a business process, or other item that the reader might not be fully conversant in, explain a graph or the table so the reader does not miss any nuances, highlight or call out a particular point in a table or graph, label a specific data point in a graph or columns or rows in a table, recommend appropriate next steps or actions. When using text, however, not all words or the sentences they create are equal. Readability Readability is the degree that the prose you write can be understood. Readability is influenced by: word length, use of conventional or unique words, sentence length, number of clauses in each sentence, number of syllables in each sentence, A common but bad habit for writers is to prefer longer, wordier, and more complex text. In almost all cases, this is a mistake. When trying to communicate complex information, as is often the case for finance and budget officers, focus on simplicity. Simplicity makes understanding easier and faster for your reader. After all, who has not abandoned reading an article because it was too long or too hard to follow? Some tips to consider to improve the readability of your text: avoid jargon and acronyms, omit unnecessary words, use shorter sentences, consider the reading level of your audience. Testing Readability If you want to improve readability, test your text. There are numerous readability-formulas & tools you can use. One popular formula is the Flesch-Kincaid Grade Level. It attempts to measure the approximate grade level required to understand the text. There are numerous tools that will use this and other formulas on your text. From tools that only test the Flesch-Kincaid Grade Level (ReadabilityFormulas.com) to broader tools that also asses grammar more generally (Grammarly & Readable) there are many options to choose from. The results of testing your text can be surprising. An Example Imagine you are drafting an introduction to your budget book. Your goal is to explain to the reader some of the high-level goals of the organization. You want them to understand the principals that lead to designing the budget council adopted. Here is the first paragraph you initially write: The City's annual budget is created to reflect the Mayor's priorities and address community needs each year. The budget process takes place over a five-month period, during which agencies propose new or expanded programs and investments to better serve the public and meet the goals set out by the City. The Budget & Management Office staff assess proposals for their merits across a collection of considerations, with the first among them being the Mayor's Strategic Framework. This framework, shown in the graphic below, illustrates Mayor Smyth's dynamic priorities as it relates to creating a world class city where everyone has access to a home, a job, and a content future. The following pages outline key strategies and investments for priority areas and the metrics used to calibrate success. The score of this text: 128 words Average word length is 5.2 characters 5 sentences Average sentence length is 25.6 words Reading time: 30 seconds Flesch-Kincaid Grade Level: 14 (college level) This scoring may not immediately cause you concern. If you consider the average level of education in your community, however, you will see the problem. First, only 61.8% of Canadians and 49.8% of Americans aged 25 to 34 had either college or university qualifications. Secondly, most people prefer to read a few levels below their absolute maximum comprehension level. A second draft of the paragraph revised to improve readability: The City's annual budget reflects the Mayor's priorities and addresses community needs. First, agencies propose new/expanded programs. Budget & Management Office staff then assess these proposals for their merits. This process takes five months. The graphic below illustrates Mayor Smyth's priorities to create a world-class city where everyone has access to a home, a job, and a future. The following pages outline strategies for priority areas. They also provide the measures used to determine success. The score of the revised text: 75 words (decreased 53 words) Average word length of 5.6 characters (increased slightly) 7 sentences (increased by 2) Average sentence length is 10.7 words (decreased by approximately 15) Reading time: 18 seconds (decreased by 12 seconds) Flesch-Kincaid Grade Level: 9 This second version of the text reduced reading time by 40% and made the content understandable to more of our potential audience. Evaluate the readability of your text and make it as easily comprehensible as possible. Improving readability is one essential and easy step to improving your communication.
Communicating complex information is a challenge faced everyday by finance & budget departments. This article explores one key to success - readability.
READ MORE
An Interview with Queens University

An Interview with Queens University
  • Jamie Black
  • Success Stories
  • minute(s)For more than 175 years Queens University in Kingston, Ontario has gained and maintained a reputation for excellence. Educating thousands of scholars and researchers including 2015 Nobel Prize winner Arthur B. McDonald. The University services more than 25,000 students and as of April 30th, 2019 its endowment was valued at more than $1 billion. The Challenge Queen's University wanted to reduce the time it took to prepare their annual financial statements while increasing their confidence in the data. We interviewed Peter Viveiros, the Associate Director of Financial Analysis and Reporting in Financial Services, to discuss their experiences in overcoming these challenges. The Interview 1 What was your business process to tackle the Annual Financial Statements previously, and how much time did it take? What product were you using before and why did you want to switch? Our previous business process was done through the use of Microsoft Excel and Word after pulling a trial balance from our accounting system. We had a set of multiple spreadsheets to allow us to map our accounting system trial balance into various financial reports like the statement of financial position, statement of operations, statement of operations by fund, statement of operations by consolidated entities and various tables to feed the notes to the financial statements. We also had spreadsheets to produce tax related financial reports. This mapping adventure took us approximately a week, and was usually delayed until we had confirmation that the numbers were close to final to avoid the risk of having to update the spreadsheets several times over. In addition to the time spent updating these spreadsheets, numerous hours were also spent in the review process to ensure that the numbers tied in and that subtotal and totals added correctly; not to mention rounding! A few members of our Financial Reporting team had previously used CaseWare, so that switch was a no brainer to eliminate the amount of time spent on updating spreadsheets and reviewing the numbers over and over again. 2What other solutions did you consider? How did you hear about FHB, and what was the key factor(s) in choosing our solution? As mentioned, a few members of our Financial Reporting team had previously used CaseWare, so we did not bother seeking other solutions. In addition, our auditors confirmed with us that CaseWare would definitely compliment their audit process. We first heard of FHB at a Canada-wide conference that our Controller attended. The key factors in selecting FHB was the ability to contract out the implementation process as opposed to self-implementation; and FHB’s experience in implementing CaseWare for other higher education institutions. 3 Were you concerned about working with someone other than the software vendor for implementation? Or working remotely? We were not concerned about working with a consultant. We had expectations of what we were looking for with implementing CaseWare, and FHB was able to demonstrate from the very beginning that they were more than able to meet our expectations and did so throughout the entire process. We had no concerns with working remotely. In fact, working remotely was key in us gaining approval to proceed with implementing CaseWare as it kept the implementation costs down. 4 What process did you follow to implement CaseWare? We chose to outsource the implementation to FHB as oppose to self-implement. They reconciled our numbers, which allowed us to continue with our day to day responsibilities while FHB was in the background setting up our account structure in Caseware, including the financial statements. With the exception of touch base meetings to discuss the progress and questions from the FHB team during the implementation, the process was very hands-free for our team. I would recommend to anyone considering implementing CaseWare to really consider the delegated implementation route. Our decision was based on the fact that we had limited internal resources to commit to a successful self-implementation and felt that we would be better served by having FHB perform the implementation given the size and complexity of our financial reporting requirements. The implementation process consisted of regular meetings with our FHB consultants to ensure that we were on the same page, which included hands-on illustrations of our file as the implementation progressed. There was also review steps throughout the process to ensure that the end product met our expectations. Our staff attended formal training provided by FHB to ensure that we were well equipped to take on the software once it was ready to be moved into production. 5 From your perspective, how is the University in a better position now as compared to with your old solution? Is the process faster? Could you estimate the time savings, or provide any examples? CaseWare has tremendously enhanced the University’s ability to produce its set of financial statements for both annual and interim requirements as well as tax filing requirements. We are now rolling into our third year of using CaseWare and have definitely gained efficiencies in our financial and tax reporting processes. We have also gained comfort on the accuracy of mapping our figures from one financial report to another; not to mention a decrease in the number of hours committed to reviewing the figures. Our week long process in moving from our accounting system’s trial balance to our financial statements now takes a few hours to complete, and we can also begin this process the minute we import the numbers into Caseware (we used to wait until the numbers were close to final!). If we had to put a number to it, I would say we saved a week or so (down from six weeks to five) in regards to the direct switch from the manual process of mapping the numbers to the automation provided by CaseWare. 6 What are the biggest benefits of the CaseWare Tool vs. your old system? For all the reasons that have been stated in the answers above, but one of the biggest benefits is the automation that takes place once the trial balance is imported…we have a set of financial statements shortly after that! 7 What was your experience with FHB like? In our opinion, FHB is an expert on the use and capabilities of CaseWare. We were impressed with their ability to setup the software to meet our reporting needs with minimal intervention required from our team. 8What is our client service like? Did you feel that we carefully managed your project? Did you feel like you were well taken care of by your consultants, that your concerns were heard, and your questions answered? The client service received by FHB was super. The implementation deadline was met; allowing us to use it for our fiscal 2018 year-end process as planned. Our consultants, Tricia Fraser and Noreen Vavrek, were extremely helpful throughout the process and did a great job in keeping us on schedule while ensuring that all our questions and concerns were adequately addressed. 9 Is there anything you wish you knew at the beginning of this process that you know now? Advice for others considering a similar automation project? Have a clear understanding of what other types of reports you might want to prepare using the automation capabilities that CaseWare offers; so that the initial implementation incorporates these needs upfront as opposed to revisiting it afterwards. Although not a deal breaker, but something that would have saved us time during the implementation. 10 Would you recommend FHB and specifically the CaseWare solution to other finance departments and why? Yes, we would definitely recommend FHB and the CaseWare solution to others. The time savings that are gained from the automation capabilities more than outweigh the annual costs associated with maintaining the software. Not to mention the inherent comfort that it provides knowing that it reduces the risk of errors and increases the consistency of the financial reports.
The University of Queens automated their annual financial statements to reduce the time it took to prepare and increase their confidence in the data.
READ MORE
Important Notice: CaseWare Financials Template Version 17

Important Notice: CaseWare Financials Template Version 17
  • James Goligher
  • What's New
  • minute(s)We have learned of a bug affecting version 17 of CaseWare's Financials Template. Versions Impacted: Version 17 of Financials ASPE, IFRS, US GAAP & GASB. Recommendation: If you are not on version 17 of the Financials Template, do not update your template until this bug is resolved. If you are on version 17 of the Financials Template: Consider restoring your version 16 template backup if no significant work has been done since that backup was taken or Apply the work around identified below prior to editing a DIY table column. Status: CaseWare International is aware of and is actively assessing this issue. A resolution is forthcoming. How do I know if I am on version 17? Check your template version by launching CaseWare Working Papers, without opening any files: navigate to File - Templates - Select your Financials Template - Properties. Note: if you do not see a financials template listed, you do not have this product and are not affected by the issue. What's the issue? Do It Yourself (DIY) Table column subtotal formulas are modified and potentially broken. Specifically, if a user accesses the 'Edit Column' dialog and clicks the "OK" button (regardless of any changes being made to column specifications) all subtotal formulas in the edited column will be set to group subtotals without user request or confirmation. This may result in the wrong sub-totals in most, if not all, scenarios. Workaround: If you have already updated to Version 17, it is important that you take these steps before modifying table column properties to ensure your tables subtotals are not lost. You can work around this bug by applying the attribute "Keep cell properties" to each and every subtotals for the column you wish to edit. To apply this attribute to a subtotal row: Select a subtotal row Choose the Table Tools ribbon Click on the Attributes button Select Row Properties Check the "Keep cell properties" option. Our clients are invited to book a support call with one of our consultants who will be happy to discuss the issue and assist in taking the appropriate steps to ensure that your content is protected. WATCH THIS SPACE FOR UPDATES CONCERNING THIS BUG.
We have learned of a bug affecting version 17 of CaseWare's Financials Template.
READ MORE
GASB Statement No. 87 – Leases

GASB Statement No. 87 – Leases
  • Amy Manthey
  • Automating Financial Reporting
  • minute(s)Did you miss the recent GFOA webinar on GASB 87 Implementation Guide? Here are the highlights… Effective Dates: The reporting requirements are effective for reporting periods beginning after June 15, 2021 and should be applied retroactively with prior periods restated as appropriate. GASB 87 will be effective for year ends of December 31, 2022, June 30, 2022, etc. Terminology: Previously, there were operating and capital leases. Now, there are “Leases” or “Leases under 87”. Under GASB 87, leases are considered a financing activity for the right to use another entity’s asset(s). GASB 87 defines specific reporting requirements for short-term leases and contracts that transfer ownership of the underlying non-financial asset. The definition of “short-term” remains as an initial term of 12 months or less, including any options to extend. Contracts that transfer ownership are identified by the transfer of ownership of the underlying asset at the end of the lease contract. The standard defines specific exclusions for leases for: Intangible assets Biological assets Inventory Service concession arrangement as defined in GASB 60 Paragraph 4 Underlying assets that are financed with outstanding conduit debt – unless both the asset and debt are reported by the lessor Supply contracts, such as power purchase agreements Lessee and Lessor value calculations are similar to each other as well as how the value was calculated for “capital leases." Lessee – recognize a lease liability and an intangible (right-to-use lease) asset at present value. Liability reporting is similar to how debt/financing is accounted for – which is different for full accrual versus modified accrual Lease asset value starts as the lease liability value, plus any payments made prior to the contract, less any lease incentives, plus any initial direct costs Lease asset amortization should be calculated based on the shorter of the life of lease or the underlying asset Re-measurement of lease only needed in specific circumstances Lessor – recognize lease receivable and deferred inflow of resources at present value (generally the same as the lessee amount). Deferred inflow is calculated at the beginning of the lease as the present value of lease payments less provision for estimated noncollectable amounts Subsequently, recognize deferred inflow of resourced and inflows of resources (revenue) over the term of the lease Subsequent periods amortization of the discount on the lease receivable and inflow of resources (interest revenue) is recorded Payments should first be allocated to accrued interest receivable and then to the lease receivable Lessor should keep underlying asset on the books Exception for leases of assets that are investments as defined in S72 and for leases that are subject to external laws, regulations or legal rulings (like Federal Aviation Administration) Note Disclosures: Lessee - The notes to financial statements should include a description of leasing arrangements, the amount of lease assets recognized, and a schedule of future lease payments to be made. Lessor – The notes to financial statements should include a description of leasing arrangements and the total amount of inflows of resources recognized from leases. Other items covered in GASB 87: Lease incentives Contracts with multiple components Contract combinations Lease modifications and terminations Sale-leaseback transactions Lease-leaseback transactions Intra-entity leases The Implementation Guide No. 2019-3, Leases is now available from GASB. Register for our Implementing and Automating GASB 87 Disclosures Webinar
Effective for reporting periods beginning after December 15, 2019; the GASB 87 pronouncement changes the way leases are calculated and reported.
READ MORE
New Call-to-action

Get in Touch 

F. H. Black & Company Incorporated
Mailing Address: Unit #1 – 1596 Regent Avenue West, Suite 303, Winnipeg, MB, R2C 4H4, Canada
Email: admin@fhblackinc.com
Phone: +1 844 852 5225 (Toll Free)

Quick Links

RSS Feed
Copyright © 2022 F. H. Black & Company Incorporated. All Rights Reserved.
Privacy policy