PROPOSED REPORTING PACK REQUIREMENTS (cont.) Key elements of Board pack likely to include: • Value of current purchases orders placed, not fulfilled • List of current projects and status (narrative) • Summary financial report for each project for current period (CP) and since inception versus budget. Latest expected financial outcome declared • Current headcount (permanent, secondees, agency, contractors) by department versus plan • Movement in time bank in current period and current year-to-date – Time in Lieu and Overtime • Summary of future operational capacity (labour/machine) versus requirement across future period (to be agreed) and issues arising (narrative)
PROPOSED REPORTING PACK REQUIREMENTS (cont.) Key elements of Board pack likely to include: • Current open positions and related recruitment process, new appointments, resources onboarded, resignations and exits (narrative) • Current long-term absences and status report (narrative) • Number of performance reviews conducted during the current period and current year-to-date and the number due which are outstanding • Current grievance/disciplinary cases and update re actions and status • Operational KPIs
PROPOSED REPORTING PACK REQUIREMENTS (cont.) Key elements of Management pack likely to include: • Detailed Income and Expenditure (I&E) account featuring current period (CP) and current year-to-date (CYTD) performance compared to budgeted period (BP) and budgeted year-to-date (BYTD) and prior year period (PP) and prior year-to-date (PYTD). Note budget may be augmented by reforecast • Detailed balance sheet • Detailed department performance for current year (CYTD) versus budget (BP and BYTD) • Summary of current cash position • Detailed projected cash flows across future X periods (to be defined) • Summary of capital expenditure for current year-to-date (CYTD) versus budget (BYTD)
PROPOSED REPORTING PACK REQUIREMENTS (cont.) Key elements of Management pack likely to include: • Summary of fixed asset disposals for CYTD • Summary of sales by top 20 customers for CYTD (% of total sales) • Summary of sales by top 20 products for CYTD (% of total sales) • Summary of current sales orders and projected backlog • Summary of current sales orders by top 10 customers (% of total orders) • Summary of current sales orders by top 10 products (% of total orders) • Average debtor days • Summary of aging of debt by month • Aged debtors listing and related provisions • Summary of stock holdings
PROPOSED REPORTING PACK REQUIREMENTS (cont.) Key elements of Management pack likely to include: • Aging of stock held and related provisions • Average creditor days • Aged creditors listing • Value of current purchases orders placed, not fulfilled • Aging of current purchase orders • Summary and aging of purchase requisitions (by approver) • List of current projects and status (narrative) • Detailed financial report for each project for current period (CP) and since inception versus budget. Latest expected financial outcome declared • Current headcount (permanent, agency, contractors) by department versus plan
PROPOSED REPORTING PACK REQUIREMENTS (cont.) Key elements of Management pack likely to include: • Movement in time bank, by person, in current period and current year-to-date – Time in Lieu and Overtime • Detailed analysis of future operational capacity (labour/machine) versus requirement across future period (to be agreed) and issues arising (narrative) • Current open positions and related recruitment process, new appointments, resources onboarded, resignations and exits (narrative) • Number of performance reviews conducted during the current period and current year-to-date and the number due which are outstanding (analysed by reviewer) • Operational KPIs
PROPOSED REPORTING PACK REQUIREMENTS (cont.) Key elements of Management pack likely to include: • Weekly reporting – Trading account and labour costs • Ad hoc reporting – dashboard reporting
THE ROLE OF DASHBOARDS
THE ROLE OF DASHBOARDS • In addition to being a venue for real-time KPIs to be reported, dashboards perform another important service to the user in allowing the identification of workflow- driven tasks requiring progression. • These may include, for example: – Timesheets awaiting approval – Invoices awaiting approval – Customer cases awaiting attention
QUESTIONS
THANK YOU FOR YOUR TIME AND ATTENTION
KPI Dashboards: Lessons from Experience Trevor Jobling Owner Dovetail Technologies Ltd
About me: Trevor Jobling
About me: Trevor Jobling
About me: Trevor Jobling
About Dovetail ● Custom software solutions ○ Business process tools ○ System integration ○ Creation of new products and services ● 16 years ● 20 staff, all in Dublin
Clients
Current status ● Biggest opportunity: growth market ● Biggest challenge: recruitment
Planning a KPI Dashboard Project
● What are the right KPIs? Preparatory ○ You can’t focus on everything ○ Beware the many voices Checklist ○ Deliver something useful ● Do you have the data? ○ Are you measuring it? ○ Are you recording it? ○ Can you access it… in a timely fashion? ○ Is it of suitable format/granularity/time period? ○ Can it be cross-referenced? ● Who may see the KPIs? ○ What user roles do you have? ○ Need multiple permission levels or views? ● Alerts ● Finally… Which tool?
Sample Dashboards
www.QuickDBD.com
www.QuickDBD.com
Four Tips
1. Do the Simplest Thing that Works
2. Beware of Magical Thinking ● Requirements ● Tools
3. Manual Work can have Value
Dovetail Internal Project Tracker
Dovetail Internal Project Tracker
4. Look at it!
Thank you. Contact us: Dovetail The GEC Taylors Lane Dublin 8 trevor.jobling@dovetail.ie www.dovetail.ie
STRICTLY PRIVATE AND CONFIDENTIAL FINANCE FOR GROWTH General Data Protection Regulation (GDPR) Awareness Sessions Date: 24.04.2018
Course agenda • What is data protection? • GDPR overview • The new changes brought by the GDPR • Implications • How to prepare for the upcoming GDPR • GDPR Roadmap to Compliance • The new Irish Data Protection Bill • Questions & answers 67
What is data protection?
What is data protection? As defined by the Data Protection Commissioner: “it is the safeguarding of the privacy rights of individuals in relation to the processing of their personal data.” You supply information about yourself to government bodies, banks, insurance companies, medical professionals and many others in order to avail of services or satisfy obligations. Organisations or individuals also obtain information about you from other sources. For the purpose of data protection such organisations or individuals who control the contents and use of personal data are know as data controllers These rights apply where the information is held: ✓ electronically, or ✓ in a manual form, as part of a filing system that facilitates ready access to a specific individual’s information Public/ Personal Compliant private data use of data bodies 69
Current governing Act Data Protection Act 1988 and 2003 At the moment, Irish data protection obligations are primarily governed by the Data Protection Act 1988 as amended by the 2003 Act. The act is governed by 8 principles: 1. Obtain and process the information fairly; 2. Keep it only for one or more specified and lawful purposes; 3. Process it only in ways compatible with the purposes for which it was given to you initially; 4. Keep it safe and secure; 5. Keep it accurate and up-to-date; 6. Ensure that it is adequate, relevant and not excessive; 7. Retain it no longer than is necessary for the specified purpose or purposes; and 8. Give a copy of his/ her personal data to an individual, on request. 70
GDPR overview 71
What is the GDPR? • The General Data Protection Regulation (GDPR) will come into force on the 25th May 2018, replacing the existing data protection framework under the EU Data Protection Directive. • The GDPR emphasises transparency, security and accountability by data controllers and processors, while at the same time standardising and strengthening the right of European citizens to data privacy. • Companies, government agencies and non-profit organisations who interact with personal identifiable data of EU citizens have until 25 May when GDPR comes into force to comply. 72
The GDPR terminology DATA PRIVACY DATA PERSONAL DATA CONTROLLER PROCESSING DATA PROCESSOR DATA SUBJECTS 73
Sensitive personal data Sensitive personal data Sensitive data Personal data Names Convictions Sensitive personal data is a special category of personal data. Medical condition Banking details These require a higher standard of care by the GDPR. Religion Addresses Prejudice Criminal activity 74
GDPR - scope 75
So who has to comply? An organisation has to comply if: They control or process the personal data of EU residents This applies irrespective of where the organisation is based. 76
The new changes brought by the GDPR 77
New concepts and key principles Explicit consent PIAs Contracts Incident register Individual rights Breach notice 78
Key changes - consent Consent must be Consent cannot be “fre ely given, specific, Consent may be inferred e.g. pre-ticked informed and withdrawn at any time boxes or inactivity unambiguous ” ACTION: Procedures to obtain and record consent should be reviewed to check they are in line with the new GDPR requirements. 79
Key changes – more information required Individuals can How long data will be Details of their purpose complain to local retained and any and legal basis for regulatory bodies if transfers outside the processing data they are dissatisfied EU with how their data is handled ACTION: Privacy/fair processing notices or other communications should be reviewed and amended to meet the new requirements. Information should be provided in concise, easy to understand and clear language. 80
Key changes – individual rights Right not to be Right to be forgotten Right to data portability subjected to (have personal data (have data provided automated data removed from systems electronically in profiling (where or online content) commonly used format) this would produce a legal effect) ACTION: Ensure that processes are in place to respond in a consistent and timely manner to customers who assert these enhanced rights. 81
Key changes – individual rights Right to request that businesses delete personal data without undue delay where: it is no longer necessary for the purpose it was collected the data subject withdraws consent and there is no other legal ground for processing the data subject exercises their right to object and there is no overriding legitimate ground for processing the processing is unlawful 82
Breach notifications • Organisations are now under legal obligation to notify local authorities within 72 hours if EU resident data is lost. – Only exception is if the data was encrypted. 72 Organisations have to inform – individuals if an “adver se impac t” is determined from the breach. • Service providers (data processors) now have obligations to data controllers. 83
Implications 84
Penalties for non-compliance If organisations do not comply , they face a maximum fine of: Other consequences – reputational damage, financial loss, litigation etc. 85
Examples of penalties • Uber • Admitted it paid hackers responsible for a data breach $100,000 (€84,790) not to disclose the data breach to authorities. • November 2017 • Carphone Warehouse • Fined £400,000 after serious failures placed customer and employee data at risk. 10 th January 2018 • • Department of Social Protection • A civil servant who sold personal data of citizens to private investigators working for insurance companies was jailed. 26 th January 2018 • 86
How to prepare for the upcoming GDPR 87
Key activities we are seeing (1) WHY? HOW? WHERE? Reviewing data-related service Carry out an information audit Update all policies and provider contracts to reflect and data flow mapping procedures impact of the GDPR on controller to reflect changes exercise and processor obligations 88
Key activities we are seeing (2) 72 Form a data governance group Implement / review breach Review impact of GDPR on data retention policies e.g. on archiving notification procedures and Incident Management Plans 89
Key activities we are seeing (3) Review IT development and Consider the position of the Consider and record lawful purchase procedures – ‘Privacy by bases for processing existing DPO within the Design’ management structure 90
Key activities we are seeing (4) Check how consent is Create and maintain an Check accountability for data obtained. Are changes to this information asset register governance is clear and precise process required? Retain records of consent 91
GDPR Roadmap to Compliance
Mobilisation • Critical first phase • Define scope • Expected outputs • Agree plan • Commit resources • Establish governance • Create PID or Charter 93
Discovery • Review documentation • Interviews • Review policies & procedures • Discuss functionality of systems to meet the GDPR requirements 94
Analysis • Analysis and evaluation • Processes and policies in place • Identification of missing policies and measures in order to comply • Assistance in implementing the processes, procedures and policies to comply 95
Reporting • Concise report • Finalised post-client feedback • Focus on key findings in gap analysis • Recommendations reflected in budgeted roadmap to compliance 96
GDPR ROADMAP TO COMPLIANCE 97
The new Irish Data Protection Bill
New Irish Data Protection BilI Ireland’s new Data Protection Bill was published on 1 st February 2018. • • The new bill transposes much of the GDPR text directly and addresses the powers of the Data Protection Authority. • The Bill will establish a Data Protection Commission in place of the current Office of the Data Protection Commissioner (ODPC) • A controversial inclusion in the Bill is the exemption of Public Bodies from the administrative fine regime, except where acting as an “undertaking”, (i.e. providing goods or services for gain) • The existing 1988 Act is not repealed but amended, meaning that three Data Protection Acts will then be in force – an amended 1988 Act, the 2003 Amendment Act and the 2018 Act 99
Questions & answers
Recommend
More recommend