Lastest news

Employers seeking qualified accountants should consider recruiting from outside the EEA through the Critical Skills Employment Permit, writes Emma Richmond With Ireland now at close to full employment, employers are increasingly facing challenges in recruiting suitably qualified staff to meet their needs. One area in which this challenge is becoming acute is in accountancy and finance.  However, it doesn’t have to be that hard! One solution to tackle this is to broaden the recruitment pool by availing of a work permit to bring in a non-EEA worker to meet the requirement. In recent times, there has been an increase in work permit applications from accountancy firms and, particularly those relating to suitably qualified audit staff. Figures published by the Department of Enterprise, Trade and Employment show that, so far this year, almost 700 work permits have been issued in the finance sector. Through the Critical Skills Work Permit, Irish government policy has strategically targeted the sectors most in need.  The Government is using this permit to attract highly skilled people into the labour market where there are identifiable skills shortages, and with the aim of the holders taking up permanent residence in the State.  The list of roles designated for a Critical Skills Work Permit is updated on a biannual basis following consultation with stakeholders with the aim of ensuring that the permit system is meeting the demands of the market at any given time. The Critical Skills Employment Permit is the ‘golden ticket’ of work permits. It is available to individuals for a role with a minimum salary of €64,000 or where the role is listed on the Critical Skills Employment List and there is a minimum salary of €32,000.  The advantage of this permit is that it offers a spousal permit to any spouse of the holder of the work permit. From the time of their arrival in Ireland, the holder will also begin gaining residency recognition for a future citizenship application. These elements make this type of permit very valuable and attractive to non-EEA nationals looking to relocate to Ireland on a permanent basis. The more common work permit applications processed for accountancy firms relate to the following roles:  qualified accountants with at least three years’ auditing experience; chartered and certified accountants and those specialising in regulation, solvency or financial management; and taxation experts specialising in tax compliance. These roles are all listed on the Critical Skills Employment List and, as such, these permits are granted with relative ease once all the necessary proofs and details have been provided in the application. The current processing time is two to three weeks from the date of application.  It is worth noting that, depending on nationality, prospective employees may still need to apply for a visa if they are coming from a visa-required country, and this should be factored into the lead time when recruiting by this means. The Critical Skills Work Permit provides a fast and effective way of bridging the gap between the demand for suitably qualified accountancy staff and the supply.  Emma Richmond is a Partner with Whitney Moore

Three new reporting requirements are pushing nature and biodiversity up the ESG agenda. Orla Delargy explains why Environmental, Social and Governance (ESG) topics are currently top of mind in business and finance. Climate change has dominated under the ‘E’ of ESG, but nature and biodiversity are catching up. Three developments have helped drive the momentum: the Taskforce on Nature-related Financial Disclosures, the EU’s Corporate Sustainability Reporting Directive and the new Global Biodiversity Framework. Taskforce on Nature-related Financial Disclosures    The latest Taskforce on Climate-related Financial Disclosures (TCFD) status report found that over 3,800 organisations support the TCFD and are working towards TCFD-aligned reporting. The question is whether the newer Taskforce on Nature-related Financial Disclosures (TNFD) will follow the same path, and whether nature-related disclosures will become mandatory in certain jurisdictions.  Like the TCFD framework, the TNFD proposes disclosures across four pillars: Governance – the organisation’s governance around nature-related dependencies, impacts, risks and opportunities; Strategy – the actual and potential impacts of nature-related risks and opportunities for the organisation’s businesses, strategy and financial planning where such information is material; Risk & impact management – how the organisation identifies, assesses and manages nature-related dependencies, impacts, risks and opportunities; and Metrics & targets – the metrics and targets used to assess and manage relevant nature-related dependencies, impacts, risks and opportunities where such information is material. Relatively few organisations have started incorporating biodiversity into their broader ESG governance and strategy. However, over 200 organisations are piloting the TNFD guidance and there is a public consultation currently open, with the first full version of the framework expected in September 2023.  Corporate Sustainability Reporting Directive  Where the TNFD is a global, voluntary framework, the Corporate Sustainability Reporting Directive (CSRD) is EU-specific and mandatory. The CSRD significantly expands the existing rules on non-financial reporting, with close to 50,000 companies across Europe likely to be affected in the coming years.  The CSRD disclosure requirements on biodiversity go much further than the previous reporting directive, requesting information on biodiversity metrics, policies and targets. Again, organisations are asked to identify and assess material impacts, risks and opportunities that relate to biodiversity, and the TNFD is explicitly referenced.  Crucially, organisations are asked to disclose whether they have a transition plan in line with the new Global Biodiversity Framework, agreed during the UN conference in Montreal in December 2022. Global Biodiversity Framework  The overarching vision of the Global Biodiversity Framework (GBF) is no net loss of biodiversity by 2030, net gain from 2030 and full recovery by 2050. The GBF sets out a plan for the next decade, with four long-term goals and 23 targets, spanning a wide range of topics including spatial planning, nature restoration, invasive alien species, agriculture and climate change. Although almost all the targets are relevant to the private sector, Target 15 stands out. It asks countries to take measures to ensure that organisations assess and disclose their risks, dependencies and impacts on biodiversity. The question is how national governments will interpret this and what measures they will take.  How organisations can use the frameworks Organisations will be encouraged to see the degree of alignment and overlap between emerging frameworks such as the TNFD, CSRD and GBF. The challenge is to get familiar with these frameworks and, crucially, get started now.  As many of the frameworks discussed above are still in development, it is tempting to adopt a ‘wait-and-see’ approach. However, organisations can progress training and capacity building now. This is a new topic for many people but getting informed is the prerequisite for taking the right actions. Orla Delargy is an Associate Director with KPMG

As cyber security comes increasingly under threat, Michael Rooney outlines how businesses can deal with a cyber attack  Accountancy firms are a rich target for hackers because of the types of documents they handle. Beyond the normal personally identifiable information (PII) that they store for clients and employees, accountancy firms also deal with sensitive information on financial transactions, payroll and business affairs. Without a good cyber security strategy, businesses affected by an attack can incur serious costs, including remediation of the security breach, reputation damage and data privacy compliance penalties.  The steps you take after a breach can either increase or reduce the impact. Not having a cyber security response plan can lead to you paying much higher costs due to a delayed reaction. In its Cost of a Data Breach Report 2022, IBM estimated the average global cost of these incidents at €4.43 million. But organisations with a tested incident response plan can reduce that by €2.71 million, a saving of 39 percent. Here are seven steps accountancy firms should take immediately following the discovery of a data breach, ransomware incident or another attack to minimise its impact. 1. Disconnect infected devices from your network Many types of malware are designed to spread throughout a network as fast as possible. This is especially true for ransomware, which locks users out of their files using encryption.  As soon as you discover that a breach has occurred, disconnect the infected device(s) from your network. This includes disconnecting the device from Wi-Fi and any hardwired ethernet connections. You shouldn’t necessarily shut off the device’s power until you’ve spoken to an IT professional. But you should isolate it from other systems, including any syncing cloud services. 2. Have a professional assess the damage Don’t try to deal with a cyber breach yourself or download a free virus scanning tool (it could actually be a malware trap). Instead, once your machine has been isolated, get a trusted IT provider to assess the damage and provide guidance.  3. Remediate the infection  Once the breach is assessed, your IT security expert will begin remediating the breach. This will secure your network so your client files or sensitive business information isn’t stolen while you’re dealing with the fallout.  4. Determine whether client data was breached Find out what type of data was compromised e.g. client database, sensitive cloud documents. It is important to determine the extent of the breach so you can notify impacted third parties (such as your clients) whose data might have been exposed. 5. Contact accountancy enforcement and the police Report the incident to accountancy enforcement and the police. This has several benefits: You have a record of the incident for any potential insurance claims. Accountancy enforcement can track the breach, which may connect to others that have been reported. Your police report can be referred to in data privacy compliance reports and this shows responsibility on the part of your organisation. 6. Carry out a notification plan according to data privacy requirements Review the data privacy regulations that your office is subject to, such as General Data Protection Regulation, and notify third parties in accordance with these guidelines. If notification isn’t made in a timely manner, it can lead to penalties, as well as a significant loss of trust in your business. 7. Improve defences to stop future breaches Reinforce your defences by having a cyber security assessment performed. This can help an IT provider pinpoint specific weaknesses in your network that need to be fortified to ensure this type of attack doesn’t happen again. Michael Rooney is Managing Director of FutureRange   

In a competitive business landscape, recruiting top talent is a strategic imperative for organisations. Paul O’Donnell unveils the three Cs to attracting and securing the best candidates for your organisation’s success Great talent makes great organisations, not just because of their higher productivity but also the influence they have on the commitment and standards of others. Great talent is scarce, and as we head into more uncertain economic times the “war for talent”, as framed by Steven Hankin of McKinsey back in the 1990s, has already kicked off. Whether you hire directly or work with a search partner, the process of winning great candidates demands real attention to the full hiring cycle. To attract really great talent, organisations need more than the basics of a good recruiting process. Here are three key questions to ask and steps to take to ensure the best candidates say yes to your organisation. 1. Communication: What can your target talent pool read about you online? If you have a talent acquisition team or marketing function, dedicate a resource to continuously evaluating how the outside world sees your firm. What compelling story will your target talent pool read about the difference your organisation makes to its customers and community? What messages can they see from current employees as advocates for working with you? Where does your target talent pool like to spend time online, and is your message strongest here? 2. Contribution: What problem exists in your organisation by not having this role filled? Role and organisational purpose are the top attractions for the best talent. Does the organisation’s purpose matter to the candidate, and is your organisation the right place to address it? What difference can their effort make for stakeholders? These are your key questions externally and during your hiring process. 3. Character: What traits in the candidate does your firm want for the whole organisation? Complementary culture and values between a high performer and your organisation are essential. Losing a high performer over a lack of values alignment is optically poor and will reverberate internally and externally. Conversely, great talent can be extremely influential in changing the behaviour of those around them, so mapping the characteristics you seek for the whole company before hiring anyone new is vital. In an excellent article in MIT Sloan Management Review, “Make Leader Character Your Competitive Edge”, Mary Crossan, Bill Furlong and Robert D. Austin describe how character, when valued equal to competence, can result in better decisions and outcomes. The next time you hire externally, consider communication, contribution and character to put your own organisation first in the candidate’s decision-making process. Paul O’Donnell is CEO of HRM Search Partners

As artificial intelligence increasingly becomes integral to business operations, establishing an effective AI policy is crucial for boards. Stephen Conmy delves into the key steps boards should take to create a comprehensive AI policy  Creating your company’s artificial intelligence (AI) policy involves carefully considering various ethical, legal and operational aspects. Here’s a 10-step guide to how a board of directors can develop an AI policy – and communicate it effectively to the executive management team and staff. 1. Establish a working group Form a working group of board members, executives and relevant stakeholders to lead the AI policy development process. This group will oversee policy creation, gather necessary expertise and ensure representation from various departments and stakeholders. 2. Educate the board All board members should have a foundational understanding of AI and its ethical implications. Board members should have training sessions or workshops to familiarise themselves with essential AI concepts, such as algorithmic bias, privacy concerns and AI’s potential impact on employment. 3. Define the policy’s objectives Identify your organisation’s primary objectives in adopting AI technology. These objectives will shape the overall direction of the policy. This may include improving your company’s efficiency, enhancing customer experience or promoting innovation. 4. Assess the ethical principles and values Determine the ethical principles and values that guide AI development and deployment within your organisation. It would help if you considered fairness, transparency, accountability and well-being concepts. These principles will help establish a solid ethical foundation for the AI policy. 5. Evaluate legal and regulatory compliance Understand the legal and regulatory landscape surrounding AI, including data protection laws, privacy regulations and industry-specific guidelines. Ensure the AI policy meets these requirements to avoid legal risks and uphold compliance. 6. Identify potential AI use cases and risks Identify the specific use cases and applications of AI within your organisation – where will it be used, by whom and for what purpose? Assess the associated risks, including potential biases, security vulnerabilities and unintended consequences. Next, develop guidelines and best practices to mitigate these risks. 7. Establish accountability and governance Who will be responsible for your AI policy? Define the roles and responsibilities of stakeholders involved in AI development, deployment and monitoring. Establish clear lines of accountability and governance mechanisms to ensure ethical decision-making and risk management throughout the AI life cycle. 8. Ensure transparency and explainability Promote transparency and explainability in AI systems by requiring clear documentation, responsible data practices and understandable algorithms. Ensure that stakeholders, including employees and customers, can comprehend the basis of AI decisions and raise concerns if necessary. 9. Encourage continuous monitoring and evaluation Implement mechanisms to monitor an AI system’s performance, impact and adherence to ethical standards over time. Regularly evaluate the policy’s effectiveness and make necessary adjustments based on feedback and emerging best practices. 10. Communicate the AI policy Craft a comprehensive AI policy document that encompasses all the elements above. The policy should be written in clear, accessible language and provide practical guidance. Communicate the policy approach to the executive team and staff through various channels, such as company-wide emails, town hall meetings and training sessions. Stephen Conmy is Head of Content at The Corporate Governance Institute

The Economic Crime and Corporate Transparency Bill 2022 aims to bolster corporate transparency and combat economic crime. Maeve Hunt explains the two key takeaways for entities registered at Companies House and their directors In the single biggest change to the role of the UK Register of Companies since it was created in 1844, the Economic Crime and Corporate Transparency Bill 2022 seeks to make a number of modifications to company law with the aim of enhancing corporate transparency and reducing economic crime. To facilitate this, the Bill seeks to make further provisions about companies, limited partnerships and other kinds of corporate entities, and around the registration of overseas entities. The legislation, on receiving Royal Assent, will affect all those who interact with Companies House, whether individuals (directors, secretaries and people with significant control of entities registered at Companies House) or entities, including companies, limited partnerships, limited liability partnerships and overseas businesses. There will also be an impact on agents of such entities, such as those who provide company secretarial services. At the time of writing, the Bill is in the reporting stage in the House of Lords, which gives all members of the Lords a further opportunity to examine and make amendments to the Bill. Once the Bill becomes legislation, there will be a period of transition to allow individuals and companies sufficient time to comply with the additional requirements. There are two key considerations for entities registered at Companies House and their directors: identity verification and increased filing on the Register.   Identity verification To enhance the transparency of controllers and owners of businesses on the Register, Companies House will introduce mandatory ID verification for directors, company secretaries, people with significant control and others associated with those entities, such as their agents. The ID verification process will use technology to verify the identity of the person in question by comparing their photograph with an official government ID, such as a UK-issued passport. A director, company secretary or person with significant control will not be considered legally appointed until the ID verification process is completed, and they will be unable to act in that capacity or make filings at Companies House. This will cover both UK-resident and non-UK-resident individuals. For newly appointed individuals, the process will need to be completed prior to appointment. For existing roles, there will be a transition process to allow ID verification to be completed. If the verification is not completed within this timeframe, the individual will be removed from their role in that entity. Separate provisions will cover those who do not hold UK-issued identification, such as overseas nationals, or those unable to use the web-based service. For corporate directorships, similar provisions will also apply. A UK company will only be able to be appointed as a corporate director when all its directors are natural persons, and those natural persons are subject to appropriate ID verification checks. Non-UK companies will no longer be permitted to act as corporate directors. These provisions also extend to directors of overseas companies registered at Companies House. Improving financial information on the Register Currently, 3.1 million sets of accounts are published on the Register each year, and access to these accounts is arguably the most valuable service that the Register provides. Companies House will require all financial statements submitted to be in Inline Extensible Business Reporting Language (iXBRL) format. These tags are machine-readable, which will make the data easier to interrogate, compare and check, aiding Companies House in carrying out its new responsibilities for maintaining the integrity of the data it holds, identifying and addressing errors, and sharing data under certain strict conditions with other bodies such as law enforcement. Companies House currently accepts accounts in iXBRL format, as well as in paper format and most companies will be required to include a set of accounts in a similar, but not identical, format when filing their corporation tax returns with HMRC. There are currently reduced filing options for some companies where they meet the ‘small’ or ‘micro’ criteria set out in the Companies Act 2006. Such entities currently have an exemption from filing their Profit & Loss Account, and, for small companies, a Directors’ Report. A micro company is exempt from having to prepare a Directors’ Report. These reduced filing options will be removed, meaning small and micro companies will file their full financial statements, including a Profit & Loss Account and Directors’ Report (where applicable), which will be publicly available. Maeve Hunt is a Director of Audit and Assurance at Grant Thornton NI