finance for growth
play

FINANCE FOR GROWTH Implementing Meaningful KPIs and Dashboards - PowerPoint PPT Presentation

FINANCE FOR GROWTH Implementing Meaningful KPIs and Dashboards April 2018 Dublin Agenda Introductions A brief history of Key Performance Indicators (KPIs) KPIs are everywhere Why develop KPIs? Developing meaningful


  1. PROPOSED REPORTING PACK REQUIREMENTS (cont.) Key elements of Board pack likely to include: • Value of current purchases orders placed, not fulfilled • List of current projects and status (narrative) • Summary financial report for each project for current period (CP) and since inception versus budget. Latest expected financial outcome declared • Current headcount (permanent, secondees, agency, contractors) by department versus plan • Movement in time bank in current period and current year-to-date – Time in Lieu and Overtime • Summary of future operational capacity (labour/machine) versus requirement across future period (to be agreed) and issues arising (narrative)

  2. PROPOSED REPORTING PACK REQUIREMENTS (cont.) Key elements of Board pack likely to include: • Current open positions and related recruitment process, new appointments, resources onboarded, resignations and exits (narrative) • Current long-term absences and status report (narrative) • Number of performance reviews conducted during the current period and current year-to-date and the number due which are outstanding • Current grievance/disciplinary cases and update re actions and status • Operational KPIs

  3. PROPOSED REPORTING PACK REQUIREMENTS (cont.) Key elements of Management pack likely to include: • Detailed Income and Expenditure (I&E) account featuring current period (CP) and current year-to-date (CYTD) performance compared to budgeted period (BP) and budgeted year-to-date (BYTD) and prior year period (PP) and prior year-to-date (PYTD). Note budget may be augmented by reforecast • Detailed balance sheet • Detailed department performance for current year (CYTD) versus budget (BP and BYTD) • Summary of current cash position • Detailed projected cash flows across future X periods (to be defined) • Summary of capital expenditure for current year-to-date (CYTD) versus budget (BYTD)

  4. PROPOSED REPORTING PACK REQUIREMENTS (cont.) Key elements of Management pack likely to include: • Summary of fixed asset disposals for CYTD • Summary of sales by top 20 customers for CYTD (% of total sales) • Summary of sales by top 20 products for CYTD (% of total sales) • Summary of current sales orders and projected backlog • Summary of current sales orders by top 10 customers (% of total orders) • Summary of current sales orders by top 10 products (% of total orders) • Average debtor days • Summary of aging of debt by month • Aged debtors listing and related provisions • Summary of stock holdings

  5. PROPOSED REPORTING PACK REQUIREMENTS (cont.) Key elements of Management pack likely to include: • Aging of stock held and related provisions • Average creditor days • Aged creditors listing • Value of current purchases orders placed, not fulfilled • Aging of current purchase orders • Summary and aging of purchase requisitions (by approver) • List of current projects and status (narrative) • Detailed financial report for each project for current period (CP) and since inception versus budget. Latest expected financial outcome declared • Current headcount (permanent, agency, contractors) by department versus plan

  6. PROPOSED REPORTING PACK REQUIREMENTS (cont.) Key elements of Management pack likely to include: • Movement in time bank, by person, in current period and current year-to-date – Time in Lieu and Overtime • Detailed analysis of future operational capacity (labour/machine) versus requirement across future period (to be agreed) and issues arising (narrative) • Current open positions and related recruitment process, new appointments, resources onboarded, resignations and exits (narrative) • Number of performance reviews conducted during the current period and current year-to-date and the number due which are outstanding (analysed by reviewer) • Operational KPIs

  7. PROPOSED REPORTING PACK REQUIREMENTS (cont.) Key elements of Management pack likely to include: • Weekly reporting – Trading account and labour costs • Ad hoc reporting – dashboard reporting

  8. THE ROLE OF DASHBOARDS

  9. THE ROLE OF DASHBOARDS • In addition to being a venue for real-time KPIs to be reported, dashboards perform another important service to the user in allowing the identification of workflow- driven tasks requiring progression. • These may include, for example: – Timesheets awaiting approval – Invoices awaiting approval – Customer cases awaiting attention

  10. QUESTIONS

  11. THANK YOU FOR YOUR TIME AND ATTENTION

  12. KPI Dashboards: Lessons from Experience Trevor Jobling Owner Dovetail Technologies Ltd

  13. About me: Trevor Jobling

  14. About me: Trevor Jobling

  15. About me: Trevor Jobling

  16. About Dovetail ● Custom software solutions ○ Business process tools ○ System integration ○ Creation of new products and services ● 16 years ● 20 staff, all in Dublin

  17. Clients

  18. Current status ● Biggest opportunity: growth market ● Biggest challenge: recruitment

  19. Planning a KPI Dashboard Project

  20. ● What are the right KPIs? Preparatory ○ You can’t focus on everything ○ Beware the many voices Checklist ○ Deliver something useful ● Do you have the data? ○ Are you measuring it? ○ Are you recording it? ○ Can you access it… in a timely fashion? ○ Is it of suitable format/granularity/time period? ○ Can it be cross-referenced? ● Who may see the KPIs? ○ What user roles do you have? ○ Need multiple permission levels or views? ● Alerts ● Finally… Which tool?

  21. Sample Dashboards

  22. www.QuickDBD.com

  23. www.QuickDBD.com

  24. Four Tips

  25. 1. Do the Simplest Thing that Works

  26. 2. Beware of Magical Thinking ● Requirements ● Tools

  27. 3. Manual Work can have Value

  28. Dovetail Internal Project Tracker

  29. Dovetail Internal Project Tracker

  30. 4. Look at it!

  31. Thank you. Contact us: Dovetail The GEC Taylors Lane Dublin 8 trevor.jobling@dovetail.ie www.dovetail.ie

  32. STRICTLY PRIVATE AND CONFIDENTIAL FINANCE FOR GROWTH General Data Protection Regulation (GDPR) Awareness Sessions Date: 24.04.2018

  33. Course agenda • What is data protection? • GDPR overview • The new changes brought by the GDPR • Implications • How to prepare for the upcoming GDPR • GDPR Roadmap to Compliance • The new Irish Data Protection Bill • Questions & answers 67

  34. What is data protection?

  35. What is data protection? As defined by the Data Protection Commissioner: “it is the safeguarding of the privacy rights of individuals in relation to the processing of their personal data.” You supply information about yourself to government bodies, banks, insurance companies, medical professionals and many others in order to avail of services or satisfy obligations. Organisations or individuals also obtain information about you from other sources. For the purpose of data protection such organisations or individuals who control the contents and use of personal data are know as data controllers These rights apply where the information is held: ✓ electronically, or ✓ in a manual form, as part of a filing system that facilitates ready access to a specific individual’s information Public/ Personal Compliant private data use of data bodies 69

  36. Current governing Act Data Protection Act 1988 and 2003 At the moment, Irish data protection obligations are primarily governed by the Data Protection Act 1988 as amended by the 2003 Act. The act is governed by 8 principles: 1. Obtain and process the information fairly; 2. Keep it only for one or more specified and lawful purposes; 3. Process it only in ways compatible with the purposes for which it was given to you initially; 4. Keep it safe and secure; 5. Keep it accurate and up-to-date; 6. Ensure that it is adequate, relevant and not excessive; 7. Retain it no longer than is necessary for the specified purpose or purposes; and 8. Give a copy of his/ her personal data to an individual, on request. 70

  37. GDPR overview 71

  38. What is the GDPR? • The General Data Protection Regulation (GDPR) will come into force on the 25th May 2018, replacing the existing data protection framework under the EU Data Protection Directive. • The GDPR emphasises transparency, security and accountability by data controllers and processors, while at the same time standardising and strengthening the right of European citizens to data privacy. • Companies, government agencies and non-profit organisations who interact with personal identifiable data of EU citizens have until 25 May when GDPR comes into force to comply. 72

  39. The GDPR terminology DATA PRIVACY DATA PERSONAL DATA CONTROLLER PROCESSING DATA PROCESSOR DATA SUBJECTS 73

  40. Sensitive personal data Sensitive personal data Sensitive data Personal data Names Convictions Sensitive personal data is a special category of personal data. Medical condition Banking details These require a higher standard of care by the GDPR. Religion Addresses Prejudice Criminal activity 74

  41. GDPR - scope 75

  42. So who has to comply? An organisation has to comply if: They control or process the personal data of EU residents This applies irrespective of where the organisation is based. 76

  43. The new changes brought by the GDPR 77

  44. New concepts and key principles Explicit consent PIAs Contracts Incident register Individual rights Breach notice 78

  45. Key changes - consent Consent must be Consent cannot be “fre ely given, specific, Consent may be inferred e.g. pre-ticked informed and withdrawn at any time boxes or inactivity unambiguous ” ACTION: Procedures to obtain and record consent should be reviewed to check they are in line with the new GDPR requirements. 79

  46. Key changes – more information required Individuals can How long data will be Details of their purpose complain to local retained and any and legal basis for regulatory bodies if transfers outside the processing data they are dissatisfied EU with how their data is handled ACTION: Privacy/fair processing notices or other communications should be reviewed and amended to meet the new requirements. Information should be provided in concise, easy to understand and clear language. 80

  47. Key changes – individual rights Right not to be Right to be forgotten Right to data portability subjected to (have personal data (have data provided automated data removed from systems electronically in profiling (where or online content) commonly used format) this would produce a legal effect) ACTION: Ensure that processes are in place to respond in a consistent and timely manner to customers who assert these enhanced rights. 81

  48. Key changes – individual rights Right to request that businesses delete personal data without undue delay where: it is no longer necessary for the purpose it was collected the data subject withdraws consent and there is no other legal ground for processing the data subject exercises their right to object and there is no overriding legitimate ground for processing the processing is unlawful 82

  49. Breach notifications • Organisations are now under legal obligation to notify local authorities within 72 hours if EU resident data is lost. – Only exception is if the data was encrypted. 72 Organisations have to inform – individuals if an “adver se impac t” is determined from the breach. • Service providers (data processors) now have obligations to data controllers. 83

  50. Implications 84

  51. Penalties for non-compliance If organisations do not comply , they face a maximum fine of: Other consequences – reputational damage, financial loss, litigation etc. 85

  52. Examples of penalties • Uber • Admitted it paid hackers responsible for a data breach $100,000 (€84,790) not to disclose the data breach to authorities. • November 2017 • Carphone Warehouse • Fined £400,000 after serious failures placed customer and employee data at risk. 10 th January 2018 • • Department of Social Protection • A civil servant who sold personal data of citizens to private investigators working for insurance companies was jailed. 26 th January 2018 • 86

  53. How to prepare for the upcoming GDPR 87

  54. Key activities we are seeing (1) WHY? HOW? WHERE? Reviewing data-related service Carry out an information audit Update all policies and provider contracts to reflect and data flow mapping procedures impact of the GDPR on controller to reflect changes exercise and processor obligations 88

  55. Key activities we are seeing (2) 72 Form a data governance group Implement / review breach Review impact of GDPR on data retention policies e.g. on archiving notification procedures and Incident Management Plans 89

  56. Key activities we are seeing (3) Review IT development and Consider the position of the Consider and record lawful purchase procedures – ‘Privacy by bases for processing existing DPO within the Design’ management structure 90

  57. Key activities we are seeing (4) Check how consent is Create and maintain an Check accountability for data obtained. Are changes to this information asset register governance is clear and precise process required? Retain records of consent 91

  58. GDPR Roadmap to Compliance

  59. Mobilisation • Critical first phase • Define scope • Expected outputs • Agree plan • Commit resources • Establish governance • Create PID or Charter 93

  60. Discovery • Review documentation • Interviews • Review policies & procedures • Discuss functionality of systems to meet the GDPR requirements 94

  61. Analysis • Analysis and evaluation • Processes and policies in place • Identification of missing policies and measures in order to comply • Assistance in implementing the processes, procedures and policies to comply 95

  62. Reporting • Concise report • Finalised post-client feedback • Focus on key findings in gap analysis • Recommendations reflected in budgeted roadmap to compliance 96

  63. GDPR ROADMAP TO COMPLIANCE 97

  64. The new Irish Data Protection Bill

  65. New Irish Data Protection BilI Ireland’s new Data Protection Bill was published on 1 st February 2018. • • The new bill transposes much of the GDPR text directly and addresses the powers of the Data Protection Authority. • The Bill will establish a Data Protection Commission in place of the current Office of the Data Protection Commissioner (ODPC) • A controversial inclusion in the Bill is the exemption of Public Bodies from the administrative fine regime, except where acting as an “undertaking”, (i.e. providing goods or services for gain) • The existing 1988 Act is not repealed but amended, meaning that three Data Protection Acts will then be in force – an amended 1988 Act, the 2003 Amendment Act and the 2018 Act 99

  66. Questions & answers

Recommend


More recommend