Is Cloud a passing trend?

Although there has been a trend towards cloud services over the past years both locally and internationally; there is a part of me that wonders if it is just a fad we are caught up in or if it is really here to stay.

It is easy to suppose that it may be a fad in South Africa as we lag behind the rest of the world for a number of reasons. Although we are making constant strides in the right direction, we still have a lack of infrastructure to support the high speed connectivity needed to make cloud a fully viable option; even in urban areas and office parks you can struggle along with only EDGE access.

POPI legislation has made cloud services even more complicated by not passing direct responsibility for data onto service providers, throwing up yet another barrier to South African businesses catching up. Obviously, all businesses endeavour to do everything they can to protect the information entrusted to them, but putting the information into the cloud does not relieve the business owner of direct responsibility for the security of that information.

With hugely topical international stories of naked celeb photos appearing online after iCloud personal accounts were hacked earlier this year and companies as big as Google being hacked and having almost 5 million passwords stolen and leaked, how do you as a small business convince a client that it is safe to store their financial information in the cloud?

On the flip side of the coin, cloud services hold a myriad of positives for businesses of all sizes. First and foremost is the security aspect itself; in most instances, regardless of the feeling that you can better protect your own data, in reality a business that specialises in storing data is going to have better security in place than the average business can afford. Yes, they hacked into Google, but it most likely took the hackers far more effort to breach the security's layers there than it would to penetrate your own local servers.

Cloud also essentially fully replaces the high costs of infrastructure, both hardware and software, in terms of acquisition, maintenance and upgrades. The savings of this alone might make cloud a self sustaining system. Replacing the infrastructure has also meant largely replacing the need for internal IT specialists, allowing you to put your money and focus into the resources that you need to optimise your actual business.

So while a part of me can see the possibility that people might once again begin bringing their data back in-house where they feel it is safer and easier to protect, in the long run I believe the cloud is here to stay.

*As published in Accountancy South Africa magazine in December 2014

Your questions answered on the implementation process

So you’ve made the decision to move from spreadsheets to specialised software. We gave you a few tips on what to consider when choosing financial software and some things to look out for when selecting a vendor. 

Another important aspect of this transition is the implementation process; so we thought we would answer a few of the questions you might have. 

Where would we start?

The first step should be a detailed "scoping" workshop, where the vendor tries to get a deeper understanding of your business and your specific needs. The result of this workshop is a document that specifies exactly what is in scope for your project and, just as importantly, what isn't, and a clear detailed project plan. 

How long will the implementation take?

An average implementation should take between 4 and 8 weeks, depending on the complexity of the project. This would be established and outlined in your project plan. A lot happens in this timeframe, some of it remotely and some of it on site at your offices.

What will it entail?

It will all begin with the installation of the new software and the vendor creating the integration package, to ensure everything is ready to go. This would be followed by the initial  database setup. 

Your vendor’s staff come to you and set everything up on site, working with the person you select to be your administrator. They would begin with the standard setup and then begin to add the details of your financial needs, for example configuring the budget types specific to you, and the additional items that you came up with together in your scoping workshop. The staff would be on-site with you for two to three weeks.

Will it affect my business?

Yes, to some degree it will. You will need to balance your “business as usual” tasks with what is required from you when they do the implementation. 

What will they need from us?

Initially, your IT person will need to provide access to your online environment. Your finance person, or the person you select as the administrator of the system, will need to be on hand throughout the process. Your project sponsor will need to attend the weekly project meetings along with the core team. By including the key members of your team, they are being trained so that you are self sufficient once the implementation wraps up.

Will further training be needed?

As mentioned above, there should be “on the job” training for the administrator at least during the implementation. A good vendor should offer you the option for them to be involved in end user training and they should recommend that you are in the end user sessions as well, as the majority of questions are process related rather than system related. 

That’s a wrap

The project should finish up in the agreed timeframe and there should be support on hand for an agreed upon period after the system goes live. 

Do you have any questions that we haven’t thought of? Let us know in the comments.

POPI: SMEs into coffee shops

The new Protection of Personal Information Act is an excellent piece of legislation when considered from a consumer point of view; and since we are all consumers, it is easy to miss the big picture ramifications for small businesses. 

The issue arises because high level laws are created to be followed by large organisations, but their typical response is to mandate their compliance requirements directly onto their suppliers, who are usually small businesses. So irrespective of the intention of the legislative with respect to SMEs, it is lost through the application of the legislation by the large corporates; particularly in the case where it doesn't stipulate how the rules need to be followed. 

To oversimplify it, it's as if the legislature has said businesses have to provide their clients with coffee. Large organisations, unsure what parameters to follow in order to meet the law, have gone all out, sparing no expense - buying fancy coffee machines, using imported beans, bottled spring water, full cream milk and brown sugar cubes to be served silver service.

Here is where it gets complicated. There is a single item under the security section of the Act that says the responsible party (the big business) must ensure that the operator (vendor) maintain the security rules established by the responsible party; the equivalent of saying they too need to make the client coffee.

Because the legislation hasn’t clearly defined how this coffee should be made, big businesses are going to their vendors and telling them that they can't just provide their clients with instant coffee, low fat milk and grains of sugar; they have to provide the exact same coffee in the exact same way as the large corporate. And if they won't sign the contracts that agree to do so, they will be removed from the vendor list. 

The small businesses can't necessarily afford to invest to the same level as large businesses in big coffee machines, imported coffee and bottled water, but at the same time they can't afford to lose the big corporate business either. And if the multiple businesses that use the small business as a vendor all have different ways of making different brands of coffee, the small business would essentially turn into a coffee shop. 

So what is the answer? There needs to be clarity on what exactly compliance looks like, with clear guidelines, taking into account all levels of business that this Act will affect. There also needs to be clear rules as to what the operators can be expected to provide. Until then, large corporations will be able to affect the course of SME development by forcing their vendors to comply with whatever they consider to be reasonable. 

*As published in Accountancy South Africa magazine in November 2014