Areas of Focus for CFMs
Like most CFMs in nonpublic companies, my focus right now is on the upcoming deadline to implement Accounting Standards Update (ASU) No. 2016-10, Revenue from Contracts with Customers (Topic 606).
We have done our best to identify contractual performance obligations and the process of how we plan to allocate the associated transaction price. While overwhelming at times, looking internally at all of our processes and procedures while ensuring compliance has proven valuable. We are also able to learn from our public company peers since they had to implement changes at the beginning of the year.
If you are not very far along on implementing the new standard, you are not alone. What can you do? Your CPA is a great resource and can help guide you through the changes, and reach out to your CFMA peers to find out what they are doing.
Also, check out CFMA’s Connec-tion Café or the Revenue Recog-nition Hub at www.cfma.org where you can find the latest resources, including CFMA’s Revenue Recognition Implementation Guide.
Revenue recognition is not the only concern in 2018. Awareness of cyberattacks is an absolute must for today’s CFMs. In addition to stealing personal, banking, and financial information, construction companies are a target for proprietary assets, drawings, and BIM models.
As our industry undergoes digital transformation with the internet of things (IoT), robotics, and artificial intelligence (AI), there are extensive opportunities for hackers to launch attacks and cause severe damage to our businesses. These attacks occur 24 hours a day, seven days a week; you may not even be aware they are occurring if they are sitting dormant within your network.
Cybersecurity should be part of your Enterprise Risk Management (ERM) in identifying, quantifying, and remediating business risks, and consider a continuous evaluation of your IT system and processes.
The National Institute of Standards and Technology (NIST) provides guidance on how organizations can improve their ability to prevent, detect, and respond to cyberattacks. The NIST Framework (www.nist. gov/cyberframework) breaks its analysis of cybersecurity into five categories: Identify, Protect, Detect, Respond, and Recover.
How would your company fair in an evaluation of these areas of cybersecurity?
- Identify the risks by understanding organizational awareness. Any employee with access to the internet can expose your organization to danger. Do your employees understand the risks of a cyberattack? Providing consistent and open communication, training, and easy-to-follow procedures goes a long way toward protecting your organization.
- Protect by safeguarding IT infrastructure, firewalls, and services to preserve sensitive data. Obtaining cyber insurance and establishing a retainer for forensic services is also highly recommended.
- Detect by adopting a service to proactively monitor who is trying to get into your network and how often.
- Respond with a step-by-step plan for a potential cyber-attack. Involve all business stakeholders in such critical decisions.
- Recover with a robust disaster recovery plan for all critical business applications that is annually tested for efficient recovery time.
I also highly recommend that you attend CFMA’s Webinar in early October on how hackers easily target our habits and tendencies, and how to prevent it.
Although it is considered to be an introductory-to-intermediate program, the Webinar is planned to cover cyber threat trends, the types of information at risk, the future of cyber-security, and real case studies. Preparedness, monitoring, and response strategies will also be covered.
It’s good to know that CFMA consistently provides effective, timely, and relatable material for CFMs.
Copyright © 2018 by the Construction Financial Management Association (CFMA). All rights reserved. This article first appeared in CFMA Building Profits and is reprinted with permission. CFMA Building Profits is a member-only benefit; join CFMA to receive the magazine.
Contact firstname.lastname@example.org for reprinting information. You can also download a PDF of this article.