I get calls every day from small business owners who say they need a CFO. And every day I have to tell them “well, no, you probably don’t.”
What is the CFO job description a small business… and do you need one?Do you really need a CFO … or is a controller the right choice? Maybe a fractional team of both would be best. Find out more.
Here’s how to decide for yourself.
What Problem are you Trying to Solve?
Let’s be clear. A true CFO brings skills and experiences that cross multiple finance disciplines, including:
business strategy
capital formation (raising money) and banking
budgeting and forecasting
data analytics and trend spotting
treasury & risk management
M&A, etc.
Controllers, on the other hand, spend their day in the accounting function and are expert at solving problems like:
cash flow projections
financial statement design & reporting
collections issues
vendor negotiations, etc.
balance sheet review (and clean up!)
month-end journal entries
It’s not the CFO but the controller role that provides the most day-to-day value for a small business.
If you can correctly identify the problem in your business, you’ll make a better decision about who can solve it. On the other hand… if you can’t define the problem, perhaps a CFO is exactly who you’re looking for!
Cost and Use: CFO vs Controller
Because the salary for a CFO is roughly twice that of a controller, it’s important to assign the right tasks to the right person. In general, we see businesses of less than $25 million in revenue make use of a “Fractional” or part-time CFO — meeting with them on a monthly basis to review results and plan strategy. A controller’s duties, however, tend to be weekly or daily, even in a business with as little as $1 million in revenue.
The Controller will ensure that things are done right, while the CFO will be making sure the company is doing the right things.
Both fulfill an important role. But it’s unusual to find one person who has both skill sets.
CFO Job Description
Need a little more detail on the relative job descriptions?
CONTROLLER. The controller is the brains of the day-to-day accounting functions. This typically manages all the Accountants and Clerks, assigning duties and balancing workloads. In addition, the Controller is the guardian of the balance sheet and takes responsibility for month-end General Journal entries that will keep everything in check. When they are not keeping the wheels turning, they should be forecasting cash flows, managing the budgeting process, and monitoring credit balances.
CFO. The CFO’s duties are as varied as the companies that hire them. In general, CFOs focus on all forward-looking tasks from planning strategy to modeling mergers. In smaller companies, CFOs take on direct management control of multiple functions that might include HR, IT, and Operations. As the company grows, the CFO tends to be the strategic member of the executive team, and often serves as the chief “explainer” for complex operational and financial issues, market trends, competitive concerns, compliance issues, and more.
Choose Wisely
It would be unusual to find one person who will happily — and effectively — perform both CFO and Controller duties.
Sure, there are skills that overlap, but…
The Controller role demands extreme attention to detail, knowledge of accounting theory, and the ability to wade through a large volume of transactions to fix accounting problems.
CFOs, meanwhile, ought not to be buried in accounting detail. Instead, they should be worried about the big picture — about ratios and trends and whether the company is meeting its obligations to banks, vendors, investors, and employees.
Of course I’m biased. But only a team can efficiently provide both CFO and Controller (and accountant and clerk!) roles for a small business.
So rather than hiring EITHER a CFO or Controller… consider a fractional team approach, like that offered by FuseCFO.
There are NO current trade agreements between the US and UK. So long as the UK is of the EU, they cannot have separate agreements. On Oct 31, one way or another, the two countries are starting over from scratch.
Quick Review: The Brexit Situation Today
Britain is currently a member of the European Union’s single
market. This enables all 28 member states to trade with no border or traffic
checks… along with any number of shared regulation and policies that make doing
business in the UK simple and smooth.
But it won’t be for long.
By referendum, the UK people voted to leave the European Union. Ever since that 2016 decision, the UK and the European government have been negotiating how goods, services and people will cross the borders between the UK and the rest of Europe.
There are two possible outcomes: a withdrawal agreement or a
separation without an agreement (called the hard break or “no-deal”
Brexit). One of those two outcomes is
set to happen on or before October 31, 2019.
How will Brexit affect my USA-based business?
After October 31, 2019, the UK will have to re-evaluate nearly every aspect of its international trade, including how it handles imports and exports with the USA. Since the USA currently trades with the United Kingdom under EU rules, there will be a scramble for all new policies and procedures.
In particular, companies dealing with partners in the UK will
struggle with:
Transportation logistics
Patents, copyright, and trademarks
Transfer of personal data between UK and the
rest of the world
Licenses and relevant qualifications
Import and export of goods and services to and
from the European countries
Employment of European citizens in the UK and
vice versa
State aid, block exemptions, and grants
How long will it take to adapt to Brexit?
According to a survey conducted by YouGov and Sage, businesses in the UK are bracing for an adjustment period of 15 months. (On the EU side, the estimate was 9 months). Keep in mind that the separation is now just days away, so the adjustment period is sure to be rocky.
If you haven’t already, it is important to start planning and
putting in place measures that will help you through the situation.
How will my UK partners be affected by Brexit?
All businesses in the UK – and those American companies dealing
with the UK — will be affected by Brexit. For instance:
Blockages at European ports will affect the flow
of goods to and from the UK. Expect delays of up to two days or more for goods
leaving the UK. Perhaps even more for good going into the UK.
Tariffs and duties are likely to change, causing
increased costs within the UK for raw materials. If you import finished goods from the UK,
expect those costs to be passed along.
If you export goods to the UK, your customers may end up paying higher
fees (and ordering less!)
Some of the financial services at the border
will be affected.
The flow of financial and personal data, some of
which is protected by the GDRP, may be affected.
The prices for energy, including gas, and
electricity, may increase sharply
Business travel will slow down as UK customs and
immigration services suddenly has to handle visitors from across the EU.
UK citizens working in other EU countries may
lose their healthcare coverage or other rights
What about the General Data Protection Regulation (GDRP)?
The UK independently adopted GDRP as part of the Data Protection
Act 2018, so the same protection and requirements will apply even after the UK
leaves the European Union. In other words, if you have correctly been
implementing the GDRP within your process, your US or UK business won’t have to
change how it handles personal data.
If the UK becomes a “favored nation” through an
“adequacy decision” on behalf of the European Union, there will be a
free transfer of data hence eliminating the need for additional safeguards.
Conclusion
There is no doubt that the process of preparing your business for
Brexit continues to get complicated due to the uncertainty of the outcome.
If there is a no-deal Brexit and the UK leaves the European Union
as planned, businesses will face their worst fear and encounter painful periods
for decades. Even in the best case – a clear agreement for exit – any company
dealing with the UK is in for a long period of adjustment.
Guest Author : John Russell is the Managing Partner of Russell & Co, a prominent accountancy practice in Ireland, and Founder of My Start Up. Both companies specialise in startups and small business.
If you’ve reached the point where you’re thinking about selling your business, you’ve probably done more than a few things right. Starting a small business and getting it ready to be sold is an achievement itself — but now the challenge is how to maximize the value you’ll get from selling it.
What matters in a sale is often quite different than what matters in a growing company.
Let’s take a look at 5 steps you should follow before you sell your business.
1. Get Your Business Appraised
Before you sell your business, you should have a crystal clear idea of how much it’s worth. This will help you set the asking price and assess offers.
You can get a valuation from many sources including local CPA firms or fractional CFO firms. These appraisals should be based on a deep analysis of your financial statements and should include a comparison to other similar sold businesses. This comparison is available from national sales databases like PeerComps.com and is crucial to performing an accurate valuation.
Not all appraisals are the same, however. A certified appraisal, performed by a Certified Business Appraiser is the gold standard… but generally comes with a higher price.
If the business has a great deal of hard assets — machinery, fleet vehicles, even inventory — an appraisal from a Certified Business Appraiser is probably necessary. This does two things: it provides a rock solid starting point for your price, and it also gives the buyer a better borrowing base. (A buyers’ loan may rely on the value of the business assets as collateral — and that value can only be set by an independent appraisal.)
Do you need a certified appraisal? Maybe not. A business broker is going to offer you a “broker’s opinion of value” (BOV) before you start the sale process, which is usually good enough. In some cases, however, a certified appraiser can add significant value to your sale process.
2. Meet With Your Financial Advisers
Selling your company may be the largest single transaction you do in your life — and will likely result in the largest single tax bill of your life! So before discussing any offer with any perspective buyer, you better know what the best after-tax outcome is for you, and how to structure the deal appropriately.
Meet with your personal financial adviser and CPA well in advance to avoid financial surprises once the sale is complete.
And if your current advisers are not giving you hard hitting advice, keep asking. New laws are creating new strategies for sellers. Be sure your tax adviser explores Opportunity Zone investments, Installment Sales, 1031 Exchanges and other tax-advantaged structures for your transaction.
Only when you know the best deal structure for you will you be able to judge offers from buyers.
3. Get Your Books in Order
Perhaps the most important step to take before selling your business is to have bullet-proof accounting records. Buyers are more likely to buy if your books are clean, logical and well presented. Three years of previous financial data is typically required by any buyer (and by the buyer’s bank).
Too many sellers let their tax adviser or CPA review the books and believe that is “good enough”. In fact, a discriminating buyer will look much more deeply at your statements than most tax-focused CPAs care to do. So if your accounting records have not been reviewed by a CFO or corporate finance expert, start there.
Remember that you want to show the maximum profit but that your internal books must also match the tax returns. Putting together books that do both may require you to comb through your records and pull out personal or “one time” expenses that you had previously included in the company’s income statement.
And don’t forget about your balance sheet. Even if you are anticipating a asset sale, a diligent buyer will want to know that you accounted for your balance sheet items accurately and truthfully. They will also want to see the listing of assets, and probably even bank statements (which will prove whether you’ve been making profits or not)!
4. Plan for New Management
One of the hardest things about buying a business is merging and transitioning management teams. Not everybody likes to go through that much change, and managers who are sticking around may not be motivated to help you exit the business.
As a seller, you can make things much easier on the buyer (and yourself) by creating a clear and obvious plan for new ownership. Remember to avoid causing alarm to current employees — keep the deal completely confidential and do not inform them about the transition until the deal is complete. This will help create a seamless transition experience by reducing the amount of employee exits and diminishing concern.
How else can you make the transition smooth? Plan to stick around for a while — many buyers ask for your help for 3 months or more. And share the wealth — be prepared to bonus key employees for helping you get through the sale.
5. Understand Your Own Reasons for Selling
Buyers want to know why you are selling your business, especially if everything appears to have been going smoothly for you. By clearly articulating your reasons for selling, you can put any concerns that potential buyers may have about unforeseen problems to rest. This step reduces the likelihood of your buyer backing out at the last minute. Help them understand your real reasons and they won’t dream up their own!
Being clear about your personal reasons for exiting a business is not just for the buyer. If you are not 110% certain of your desire to exit the business, be prepared for a bad case of sellers remorse — or worse. Once a sale is complete, sellers often go from being the boss to being bored. Giving up your business has been described as losing a limb, or grieving the death of a loved one. Be sure you are prepared for life-after-business well before you start contemplating the sale.
Invest in the Pre-Selling Process to Get the Most Out of Your Business
By following the steps listed above and taking the time and effort to properly carry out your pre-selling checklist, you can not only make the sale of your business a nearly painless endeavor, but you can also obtain as much value for it as possible.
Marla DiCarlo is an accomplished business consultant with more than 28 years of professional accounting experience. As co-owner and CEO of Raincatcher, she helps business owners learn how to sell a business quickly so they can get paid the maximum value for their company.
Employees are the weakest link in your cyber defense. Training is key for password management, avoiding viruses, and keeping your corporate secrets safe.
Your company may have invested in hacker-resistant firewalls, two-factor authentication, and strong anti-virus software. But even the most secure computer network in the world, will not protect you from the weakest link: the human employees who sit in front of a PC.
Hackers know that employees can be manipulated to give up company information, login credentials, and even cash. You should know it too!
WHY YOU SHOULD CARE: According to the 2018 Verizon Data Breach Investigations Report, 58% of cyber attack victims were small businesses (fewer than 250 employees). Worse, about 60% of SMBs forced to suspend operations after a cyber attack never reopen for business.
In fact, over 80% of cyber security breaches at SMBs are due to employee negligence, like clicking on links they shouldn’t, using weak passwords or giving their credentials to someone else. So, cyber security education and awareness of the various “social engineering” threats they may face, like phishing and spoofing, goes a long way. This is why companies are now training their IT departments on pre- and post-cyberattack plans to help mitigate losses.
Know the Scams
Phishing attacks are a rampant problem for organizations and the most common way of obtaining restricted data. The problem stems from unsecured business email solutions, where criminals use impersonation and other social engineering tactics to get employees to click on compromising links or unwittingly provide information. Other scams include Business Email Compromise (BEC), which target companies who use wire transfers to send money, particularly to international suppliers.
What is a phishing attack?
Phishing and spoofing attacks are a common way for hackers to obtain access by masquerading as a trusted entity, like a bank or even someone from your company. CSO explains that the purpose of these attacks is to trick users to hand over sensitive information or infect the network with malware. When the email recipient clicks on the compromised link it directs them to a spoofed website that looks almost like the real thing, and then pushes them to enter their credentials. If the scam works, the attacker now has your user credentials to access the real website – which could be a bank, an email account, or even your own business network.
Credentials or financial information should never be given to someone who contacts your employees and asks to update, validate or confirm any information. Goldman Sachs warns that financial information should only be given to another party when you have initiated the contact.
The New Cybersecurity Threat: Business Email Compromise (BEC)
The FBI reports a 60% increase last year in fake email schemes to steal information or money. BEC attacks typically rely on impersonating executives or high-level employees involved with wire transfers. Attackers often pretend to be the CEO or company attorney requesting a money transfer to a bank account they control.
A good attacker can mimic an authorized users email, right down to the signature block.
Employee carelessness and lack of training causes 80% of small business cyber attacks.
Because BEC scams do not have malicious links or websites like traditional phishing attacks, they are more difficult to distinguish from the real thing and can evade both technological and human solutions.
The only way to combat these kinds of attacks is to teach employees how to spot them and how to avoid being fooled. Every company needs a fail-safe mechanism with which employees are able to verify the authenticity of the emails they receive. One easy step is to require employees to confirm all financial transfers by calling or visiting the person who is requesting the change.
How to Spot a Cybersecurity Threat
There are still a few ways to tell, however, if an email is from a malicious source or a website is spoofed. Be on the lookout for these signs:
Spoofed websites are easy to spot when you know how. The domain name in the browser’s address bar is the first thing to look at. Many hackers utilize a very subtle typo in the domain address. So instead of ‘www.microsoft.com’ it may look like ‘www.micr0soft.com’, or something similar.
For email scams, the same is true. The originating email address may look similar to the actual company’s address, but upon inspection, it is not correct. The email header may look like it’s coming from PayPal, for example, but a the email address shows, for example, [email protected] or [email protected]. Tricky, right?
Bad spelling and grammar. Not everyone writes perfect emails, but hackers are known for their lack of skills in English. If there’s even one typo or incorrect verb tense (like, “You should sends this wire”) be extra cautious. Hacked emails are often made in bulk, so often the content will not match the context perfectly. Stay sharp!
Check the CC line. Sloppy hackers will often send their emails to multiple people at once. If you don’t recognize the people in the CC, drop it like a hot rock.
Hover over links – without clicking! In both emails and websites, the destination of a link can be seen in the lower left corner of your browser window when you
Cyber Training = Preparation
Of course your network should deploy email authentication over a secure email gateway so that only authorized users can send email messages with your domain. And a good firewall can also help stop inbound messages with suspicious content. But most importantly, train your employees to be smart about phishing and BEC messages that may make it through your digital security layers and refresh that training every few months.
Unless they are specifically trained, most employees will be unaware of the various cyber threats out there. Security Magazine describes how 75% of employees leave their systems unsecure, by not locking them when they leave their desk or not using strong enough passwords. At the same time, only 15% of employees say that they are knowledgeable about persistent threats and how to mitigate them.
A good cyber threat policy starts during the on-boarding process where you indoctrinate your employees to be security-savvy when it comes to company information, digital technologies, passwords and so on.
When it comes to employee negligence, weak passwords are a major problem in high-profile cyber incidents and many data breaches are due to poor passwords. While no password is 100% secure, the longer and more varied the characters in a password, the harder it is for someone to crack it. Advise your employees to create abstract passwords, which use a minimum of 8 to 12 characters, including numbers and symbols, and to change them every 3 months.
Think that sounds too arduous? Use a password management software like LastPass to automatically create and remember stronger passwords. Or a more complete “Secrets Management” platform like Akeyless. Password software adds an extra layer of security and convenience.
Restricting employees from using their personal devices for work is another step to mitigate cyber security risks. It only works, though, if you provide the education that explains the security implications of accessing work on unsecured devices. This should include clear definitions of what unsecured networks are, and where they are commonly found (coffee shops, hotels or any public Wi-Fi). Even with secure email servers, if a hacker gains access to an employee’s personal device, over an unsecured Wi-Fi network, they could, in turn, use that device as a gateway to your company network when the employee returns to work.
Create a Cyber Security Team…and a Plan
To mitigate many of these threats every business needs a dedicated cyber security team and an advance plan for the company’s response if an attack occurs. This team – it might be just 2 or 3 people – should be knowledgeable in social engineering tactics and should conduct training to make employees aware of scams and phishing methodologies, as well as teach basic cyber hygiene.
There’s a lot to
do to stay safe online these days. But
there is also a lot at stake. Most small companies that suffer a major cyber
attack never recover. The loss of business data, customer data, or cash (like a
wire from the bank), can be an overwhelming blow to your operations.
If you can’t
imagine how you would survive after losing everything on your company
computers… now is the time to start preparing.
Guest Blogger Lily Jackson is a freelance writer who specializes in corporate cyber security. She hopes her articles help businesses of all sizes better protect themselves. And Lily reminds you that October is National Cybersecurity Month!
