FINANCIAL AND SECURITY IMPLICATIONS OF CLOUD COMPUTING AND OUTSOURCING OF IT SERVICES

Financial managers and business executives now have another variable added to the list of their worries. The quest to create IT value through IT investments has made organizations to continually embrace cloud computing and outsourcing of IT services. This new trend in the accomplishment of computing services opened up a new concern for business executives- financial and security implications.

CLOUD COMPUTING EXPLAINED

In common parlance, cloud computing is the process of performing computing operations through a computer network connection without having to own or control computing hardware and networking infrastructures. Cloud computing heavily relies on virtualization technology. Think of cloud computing as you having the ability to plug into a pool of computing power and getting your computer jobs done without you having to worry about how to get it done. Just like the way you switch on your power outlet and make use of electricity without having to own or control electricity generating gadgets.

BENEFITS OF CLOUD COMPUTING

The benefits of cloud computing includes: saving overhead costs that relates to; cooling of equipment, electricity, physical security of computers, real estate rent, softwares and computer operators salaries.

Apart from cost reduction benefits, other benefits of cloud computing includes:

  • Scalability
  • Speed of execution
  • Transparent cost drivers
  • Extended benefits of outsourcing

RISKS

  • Loss of control
  • Security
  • Integrity
  • Privacy
  • Availability
  • Financial loss

COUNTERMEASURES

  • Store non private data in the cloud
  • Use data-a-rest encryption when engaging the service of cloud computing vendor for database as a service (DaaS)
  • Retain high sensitive data in-house
  • Avoid establishing contact between data in house and data with cloud computer vendors
  • Secure network connections for cloud administration
  • Diversify i.e. use more than one
  • Audit and log administrative actions and key entry point

Companies can also contact the services of auditors during the contractual level of cloud computing. An auditor will help review the policy of the potential cloud computing vendor’s vulnerability policies. Again, auditors also help ensure that the cloud vendor strictly adhered to relevant legislations like: the Privacy Acts, Gramm-Leach-Bliley Act, etc

The impact of cloud computing on the finance of both companies and individuals as far as InfoTech is concerned. Companies that want to reap bountifully from the competitive advantage that cloud computing and IT service outsourcing have to offer will have to evaluate risks of cloud computing and take appropriate measures to mitigate its effect on the finance of businesses.

SECURITY AND RISK LANDSCAPE OF INTERNET BANKING IN NIGERIA

In the quest to satisfy the ever expanding and insatiable appetite of customers of banks to get an increased access to banking products, banks and other financial institutions continued to deploy sophisticated IT and Network infrastructures to meet their customers’ demands. Internet banking is a one stop option for banks to give online real-time banking access to her customers.

The advent of internet banking in Nigeria altered the risk and security landscape of Nigerian banks. Financial and economic fraud/ crime in the Nigerian banking sector almost tripled since the advent of internet banking in Nigeria. Cases of identity theft increased and a lot of families lost their means of livelihood just as a result of one click of the mouse made by one fraudster in one remote area. All these and many more puts more pressure on bank executives and other stakeholders in the banking sub-sector.

Users’ confidence on banking in Nigeria continues to erode as cases of fraud and economic crime eats deeper into Nigeria’s financial sector. People complain of receiving an SMS Alert by 1:00am that a debit transaction is taking place on their account. The customer may not have access to either internet or the bank at that point in time to stop the transaction from continuing. This situation will not only erode public confidence but will also affect the business of the companies that specializes on the development of internet applications.

INTERNET BANKING AUTHENTICATION AND AUTHORIZATION IN NIGERIA

The increase in the financial losses associated with increased security issues and risks in Nigerian internet banking can be put under control if internet banking authentication and authorization are improved. Most Nigerian banks use static password to authorize and authenticate access. This is a bad practice and needs to be re-evaluated. Multi-factor access control to internet banking is what every forward looking bank in Nigeria and their executives should consider. A multi factor access control is a combination of authentications.

One good practice I have helped a bank in Nigeria implement is the use of Token in combination with static password and user name (ID). The process is simple; every customer that must use internet banking application must be given a token device that will be configured with the accounts. The serial number of the token device would be inputted in the customer’s account. A user of internet banking facility is automatically taken to a token page where s/he is required to input a randomly generated number from the token. With this, the negative effects hackers, pharmers, phishers and other financial fraudsters will be minimized.

If you by chance disclose or expose your internet banking ID and password, the identity theft will still not have access to your internet banking platform except s/he gets hold of your token- which is very rare.

To your internet banking safety!

VALUE OF IT TO THE FINANCE OF OUR BUSINESS

The financial implications of IT on our business are always highly levered. It either pays off bountifully or seriously saps our business off huge financial resources. This situation has caused managers and business executives to take the issue of IT governance very serious. What positive impact is IT having on the finance of a business is a question that needs to be answered by all business executives whose businesses are principally driven by IT.?

Businesses are beginning to rely more on carrying out a VFM (value for money) audit on IT infrastructures. VFM audit of IT simply means taking an in-depth look into both immediately quantifiable and non quantifiable financial benefits that the deployment of IT has brought to our business and finance. It is best practice to carryout this VFM audit on IT before and during early deployment of IT infrastructures. The skill for this valuable assessment of value of IT to our business is what a lot of folks are lacking and that is what this article is all about. I will share my vast experience in the field of finance and information technology. So read on.

IT VALUE FOR MONEY (VFM) AUDIT

IT can enable initiatives, inhibit initiatives or destroy initiatives. The objective of every business is to invest in IT infrastructures that will enable her achieve her corporate objectives. Since the objectives of companies before investing in IT is to add value to the profit line of her business, IT value for money audit seeks to see that IT actually creates value to a business.

Standards need to be established before carrying out an audit on it. So, the first thing that needs to be done is to establish the objective of the company. Once this is successfully established, relationship between the company’s objectives and the features of the IT infrastructure should be established. If they are positively correlated, then the IT investment might be fruitful but if negatively correlated or lack correlation, then the probability of that IT investment seeing the light of the day is slim.

This is a very important first step to take as it gives insight to management as to what should be expected of the IT infrastructure investment. If a bank’s objective for instance is to meet her customers online real-time banking needs, investing in IT infrastructures that does not have such features will definitely yield no returns.

After the above initial analysis, the next thing that needs to be done is to carryout assets utilization analysis or return on investment analysis. This will help the company find out if the IT infrastructure is underutilized or fully utilized. Estimates should be made in cases where it is difficult to carryout a meaningful analysis. Surveys should be used to get an overview of what customers’ satisfaction level is. Else, basic ratio analysis should be used.

Another aspect of needs to be looked into is the know-how of the staff of the business. A company will want to make sure that it has the right kind of workforce with the right IT skills to take full advantage of the IT. A cost benefit analysis of hiring new IT staff and foregoing the benefit of IT should be critically considered.

The above steps should help a VFM IT audit be carried out on IT investments. If done well, the increase losses recorded by companies on IT investments would be reduced drastically. Businesses should no longer make IT budgets and forget about it. IT budgets should be closely monitored in order to arrest the increasing extravagant IT infrastructure expenditures.

Financial information- balancing; access, security, cost and benefit

Financial information on its own is worthless if it is not acted upon. Access to financial information has to be given to certain people without posing serious threat to its security and at a reasonable cost.

You will agree with me that financial information quickly become obsolete if not acted upon on time. Hence, managers and other stake holders need to have access remotely to financial information so that decisions can be made on time.

In this article are financial information security issues that need to be taken into consideration before giving remote access to our financial information database.

Note however that no amount of planning and implementation will give a perfect financial information security.

  • Benefits (benefit analysis). A company will probably not give access to its intranet to a customer that is not worth in financial terms. There are times a company will need to allow its trusted customers access to her database of inventory. How much loss will our company suffer if that important customer could not access our information on time?
  • Security of our components. For communication to take place, certain components must be present. Examples are; network devices, software, computer, etc. The question to ask before giving access to our financial information is ‘how secured are our components’. Question like; has our system been recently hacked? Could help solve this problem of knowing how secure our system is. If our system has been hacked in the recent past, then chances are that they could still easily be hacked from the end-point.
  • Security of end point device. Of what benefit will it be to us if we spend millions of Naira securing our system(s) only to give access to a manager who is somewhere accessing our network or database with a laptop that is not properly secured? He/she could easily download information into a system that is not properly pass-worded. Or lost the laptop containing our confidential financial information.
  • Company’s reputation. How will people see our company if we don’t give them access to real-time transaction. Bank’s customers for instance will definitely react if access is not given to them in this modern age.
  • Cost (short-term and long-term). The cost of doing anything is important and this will not be an exception. Both short and long term cost needs to be put into consideration. If we set out to achieve this objective of striking a balance between; access and security, what are potential costs that may not be clear now. Estimates should be made.
  • Availability of manpower. A company will obviously not get the full potential of technology acquired to meet with the characteristic of information (availability, confidentiality, reliability and accuracy) if the available manpower cannot fully utilize the asset.
  • Regulatory guideline. Ignorant of the law is not an excuse. The service of legal personnel should be engaged so as not to go against the law.
  • Our competitors’ action. There are times when we still need to ahead against all odd and strive to meet the characteristics on financial information need when the action of our competitors warrants it.

Working capital management, the best way to release tied-up capital

Working capital management is an attempt made by accountants and business owners to strike a balance between profitability and liquidity.

 

Many people (especially small business owners) either forget or are not aware of the fact that bad-debt has ‘double cost’ – the cost of writing them off and the cost of servicing associated to bad debts until it is been written off.

 

A lot of fund that would have been put to productive use have been tied up in working capital without being aware of it. Working capitals are those resources at the disposal of a business that are liquid. This is the function of; Receivables, Inventories and Payables.

 

The Approach I will follow in this article is to x-ray these components of working capital while bringing out the hidden treasure in them (which is the aim of this article).

TRADE RECEIVABLES (DEBTORS) MANAGEMENT

 

Trade receivables or trade debtors are liquid asset that is in form of promissory note. A customer buys goods and promise to pay in the future.

 

Good receivable management has four key stages VIZ:

  • Policy formulation stage. At this stage, a framework that will guide credit involvement of the business is drawn. Elements of the framework to be considered include; establishing the terms of trade such as the period of credit offered and early settlement discount to be given, whether to charge interest on overdue amount, credit access procedures, action to be taken in the case of defiance etc. in fact, this is the agreement stage if you permit me to use that word.
  • Credit worthiness assessment stage. Information relating to intending credit customer is analysed here. Information could be sourced from banks, or other credit rating agencies. The greater the amount to be granted as credit, the greater the need for proper reference from the right authority.
  • Credit control stage. Receivables record must be monitored continually. This primarily is the responsibility of sales ledger administration department. Smaller businesses are however not advised to have a separate department for this function. Companies can use anything to class customers. My company use ‘star’ (star1, star2,…star5) Star5 being the category of customers with the most privilege. People in this class are given the longest credit term. Note however that this is frequently reviewed so that customers can be re-classed according to their prevailing circumstances. A customer’s payment record and account receivable aging analysis is examined on a recurring basis.
  • Collection and action stage. This is the second most important stage after the policy formulation stage. A proper collection system should be used. A system that will not allow customers to play prangs on the company. Also, systematic steps should be followed to recover overdue amounts. The use of reminder, visits, phone calls, refusal to grant further credit, use of a specialist debt collecting agency or legal action- as a last resort. However the company chooses to go about this, the cost-benefit concept should always be borne in mind. I.e. the administrative costs and other costs incurred in debt collection should not exceed the benefits from incurring those costs. The financial and non-financial effects of contracting a factor should also be evaluated.

 

The over all aim of receivable management is to reduce the receivable days. What this will do for the business is that it will release funds for further production, save the finance cost that would have otherwise been paid to banks and allow the company to take advantage of early settlement discount from its suppliers.

 

INVENTORY MANAGEMENT

Inventories comprise of both; raw materials, WIP (work-in-progress) and finished goods. Depending on the company’s circumstance, inventory management techniques like JIT (just-in-time) and EOQ (economic order quantity) can be used. JIT for instance is an inventory management philosophy that advocates zero and defect-less inventory at all time.

 

This technique has some useful potential that can be used to release a sum of money but is not appropriate to all sectors. An example is the hospital. A stock-out that is a major drawback of JIT could prove disastrous in hospitals.

 

EOQ has some of its own drawback hinged on the assumptions upon which it is based. The aim of this exercise is to reduce inventory days (i.e. to reduce the number of days that cash is being tied down in stock). Again, this will release the cash for other productive uses. If you have to keep inventory, the best way to manage and track stock is by using a vertical storage carousel.

 

PAYABLES MANAGEMENT

Unlike the other components of working capital management, the aim of payables management is to increase the payables days. The primary legal and ethical means of doing this is to re-negotiate with your suppliers. This however, should be done with caution so as not to be enlisted in the black list of different suppliers.

 

In conclusion, proper working capital management is a goldmine that any business can easily tap into to release quantum cash. Working capital management is of three kinds, Aggressive, Conservative and Moderate (Modest) method. The one to choose is dependent on the circumstances of the business and the appetite of the company towards risk.

Eight simple steps to prevent credit card identity theft

Credit card identity theft is rising at an appalling rate and it is a significant problem across the country. Criminals can perform identity theft quite easily due to lenient credit industry norms, careless data management in the offices and the simplicity of getting Social Security Numbers. Most recently, a number of credit card processing companies have been noticed to commit identity theft. FIA Credit Services is one such company that has been in the news headlines for quite some time. 

If you become a victim of credit card identity theft, checking your credit report at regular intervals would help you detect it soon. However, you can prevent credit card identity theft by following some simple steps.

Eight steps to avoid credit card identity theft  

 

Step 1: Carry less number of credit cards

 

Cut down the number of credit cards you have in your wallet. Only carry one or two credit cards with you. If possible, carry an ATM or debit card. Use them carefully and make the most of the online accessibility to your bank account to keep tabs on account activity on a regular basis. If you detect any sign of fraud, inform this to the bank instantly.

 

Step 2: Be watchful

 

While using your credit card at a restaurant or a shopping mall, keep a close watch on how your card is swiped by the clerk or waiter. Unscrupulous employees have been identified to use portable gadgets known as skimmers to swipe the credit card fast and download the account number details onto a PC afterwards. The miscreant utilizes the account details for Internet shopping or generating fake credit cards.

Step 3: Write down all the card details

 

Maintain a list or xerox copies of all your credit cards. Write down the expiry dates, account numbers and phone numbers of fraud departments and customer services. Keep all the details in a safe place (not in your purse or wallet) so that you can promptly get in touch with the credit card company if your cards are stolen or your card accounts are being utilized illegally.

Step 4: Only provide your details to a reliable company

 

Don’t provide your credit card number, Social Security Number or any other personal details on the telephone, through e-mail or over the Internet if you don’t have a reliable business association with the company.

Step 5: Always carry the credit card receipts with you

 

Carry your credit card receipts with you all the time. Don’t throw them into a public trash bin. While shopping, keep receipts in your wallet and not in the shopping bag.

Step 6: Avoid writing your card number on your checks

 

Don’t allow your credit card number to be mentioned on your checks. It is a breach of California Law (Civil code section 1725) and statutes in a number of other states and exposes you to fraud.

Step 7: Check mail

 

See the mail if you hope to receive a reissued or new credit card. Talk to the issuer if the card does not reach you.

Step 8: Check your credit report

 

Request your credit report once every year as a minimum. If you have fallen prey to identity theft, your credit report would reflect discrepancies like inquiries not made by you or credit accounts not opened by you. The sooner you identify fraud, the faster you can rectify your credit report and get back on track.

Working capital funding for IT investment- key factors to be considered when formulating it

The objective of working capital management is to strike a balance between profitability and liquidity. Many high-tech firms that rely almost solely on IT infrastructures often find it difficult to make economically sound decisions when it comes to working capital funding for IT investment

IMG_20160807_191147In order to understand working capital requirement for IT infrastructures, an attempt will be made to divide assets into three types VIZ;

  • Non-current assets. These are long-term assets from which an organization expects to derive economic benefit from over a number of periods. For example, servers and other forms of database equipment.
  • Permanent current assets. These are the amounts required to meet long term minimum needs and sustain normal trading or servicing function of the company. For example, the average bandwidth or storage device to be maintained at all time.
  • Fluctuating current assets. These class of assets are those current assets which varies according to normal business activities. For example, due to seasonal variation, the computing power required to meet the demands of customers in a particular period of the year might either increase or decrease.

Fluctuating and Current assets together with permanent current assets form part of the working capital of an IT company, which may be financed by either long-term funding (including equity capital) or by current liabilities (short-term funding).

Approaches to working capital funding

There are basically three approaches to working capital funding VIZ;

  • Aggressive Approach. This method encourages managers to finance all fluctuating assets and part of permanent assets with short-term funds. This is a more risky but more profitable approach to working capital management.
  • Moderate Approach. As the name implies, fund are used according to the nature of the asset(s) being financed. A common practice is to finance all non-current assets with long-term funds, all fluctuating assets with short-term funds and to split permanent asset in such a way that long and short term funds will finance the assets equally.
  • Conservative Approach. This is a method that finances all non-current assets and permanent assets as well as part of the fluctuating current assets by long-term funds. This is a less risky approach. The down side of it is that it is equally less profitable.

Depending on the attitude of the company towards risk, the nature of the asset is supposed to go a long way in determining the method of funding that is required. Many of the failures experienced among the dot com companies in the past decade or so is largely due to the fact that these companies violates the matching principle, which suggest that long-term finance should be used for long-term assets or projects and vice versa without taking some risk benefit factors into consideration. Working capital management is arguably the best way to achieve a balance between risk and returns.

Factors to consider

For simplicity, the factors to be considered while making working capital funding decision will be listed in bulleted format below

  • The nature of the assets in question
  • The management’s attitude towards risk, return and safety
  • The company’s industry norm (those in sectors that require longer time to deliver result will obviously require more funding
  • Availability of cash
  • The previous working capital funding tradition of the company (experience plays significant role here)
  • Technological trend
  • Demand trend of the company’s service

My experience in the field of It and finance has made me conclude that tending towards what I call ‘the adjusted moderate approach’ will be the best policy to adopt. The reason for my opinion is the fact that the IT industry as a whole needs an average of eighteen (18) months only for changes that is capable of rendering so many assets obsolete to come.

Adjusted moderate approach is a tweak between moderate approach and aggressive approach. This is a method of financing fluctuating current assets purely by short-term loan (bank over-draft preferably) and outsourcing the provision of permanent current assets.

This is because the so-called permanent assets are not really permanent and it will not be wise to put in money in them as they are bound to change soon.

Applying adjusted moderate approach to working capital will help every IT company maximize returns from investments in IT infrastructures.