What is ISO 27001:2022?

ISO 27001 sets the standard and defines the requirements that an organization’s ISMS must meet. This standard provides businesses of all sizes, from all sectors, with guidelines for establishing, implementing, maintaining, and continually improving the ISMS. Compliance with the ISO 27001 standard means that there is a system in place to manage risks related to the security of data owned or data handled by the organization. Organizations will use this standard as guidance for tailoring their ISMS as appropriate by following guidelines for selecting and implementing appropriate information security controls. These controls are listed in Annex A of the ISO 27001 standard.

The 2022 updates to the ISO 27001 standard included some major and minor changes to the structure, wording, and alignment of the guidelines provided to organizations. Some of the notable adjustments in Annex A include:

1. The structure of Annex A has been consolidated into four principal areas: Organizational, People, Physical, and Technological.
2. The number of controls in Annex A has decreased from 114 controls to 93 controls overall. Some controls from this list have been merged, removed completely, new controls have been introduced, and others have been updated as practices and technologies evolve.

The 2022 update is in response to the constant changes in the global digital landscape and the evolution of organizational procedures and technology. With organizations developing new business practices, employees working from home, and “bring your own device” practices being implemented, core business practices are becoming increasingly cloud-based and reliant on technology. The updates to the ISO 27001 standards aim to provide more well-rounded controls which will, in turn, allow organizations to address increasingly sophisticated security risks, ensure business continuity, and create a competitive advantage within their industries.

Why is ISO 27001 Important?

As technology becomes more sophisticated, the threats and risks that businesses face become more sophisticated. As a result, along with these new risks and threats, cybercrime continues to rise.

The ISO 27001 standard aims to help organizations become aware of risks and be proactive in their identification of organizational weaknesses. This standard encourages organizations to take a well-rounded approach to information security by vetting all aspects of the organization, such as the people, policies, and technologies in place. An ISMS that is implemented in conjunction with the ISO 27001 standard is a tool that organizations use for risk management, cyber resilience, and operational excellence. As the digital world evolves and businesses are subjected to new threats, the ISO 27001 standard has become increasingly important for organizations to implement.

Who Needs ISO 27001?

These days, data theft, cybercrime, and increased liability for privacy leaks are all threats that organizations must address. All businesses should think strategically about information security needs, how those needs relate to the organization’s goals, processes and procedures, and organizational structure.

Establishing an ISMS that conforms to this standard allows organizations to apply a risk management process that is appropriate for their size and needs, as well as adjust that process as distinct factors evolve.

How Can It Benefit Your Organization?

Since compliance with the ISO 27001 standard can benefit all organizations, it is important to understand what benefits are possible when implementing and maintaining a compliant ISMS. Some of those benefits include helping organizations with:

• Resilience to cyberattacks.
• Preparedness for new risks and threats.
• Data integrity, confidentiality, and availability.
• Security across all supporting areas.
• Organization-wide protections and cost savings.
• Support digitization strategies.

Adopting the approach described in the ISO 27001 standard means that organizations will make sure that information security is built into organizational processes, information systems, and management controls. As a result, organizations can gain a new efficiency and could emerge as leaders in their respective industries.

For more information regarding our internal audit experience, be sure to visit our Internal Audit Services page and don’t hesitate to reach out to Elaine Nissley if you would like more information on our internal audit, readiness, and consulting services for the ISO 27001 standard.

The post Internal Audit for ISO 27001:2022 appeared first on McKonly & Asbury.

Get Energized with Inspiring Keynote Speakers

Prepare to be inspired by our lineup of dynamic keynote speakers who are poised to transform your leadership approach. With their thought-provoking insights and actionable strategies, they’ll ignite your team, propelling you towards unparalleled success.

Deep Dive into Specialized Breakout Sessions

Our specialized breakout sessions cater to leaders across all areas of your organization. Whether you’re in executive leadership, finance, HR, IT, or legal, you’ll uncover invaluable insights to drive innovation and stay ahead of industry trends.

Collaborate for Success

As the conference nears its conclusion, you’ll emerge with a renewed sense of purpose and a toolkit filled with fresh perspectives. Get ready to collaborate in exciting new ways, unlocking the potential for unprecedented organizational success.

Special Group Discounts and Continuing Education Opportunities

Don’t let budget constraints hold you back. Take advantage of our special group discounts for teams attending COLLABORATE! 2024 together. Plus, earn valuable continuing education credits to enhance your professional journey.

Don’t let this final opportunity slip away. Reserve your spot today at COLLABORATE! 2024 and the spark that will drive your team towards greatness. Registration closes this Friday, April 26.

REGISTER TODAY!

If you have any questions, please contact events@macpas.com or call Hillary Daecher, Marketing Coordinator with McKonly & Asbury at (717) 972-5786.

The post Final Call: Secure Your Spot at COLLABORATE! 2024 appeared first on McKonly & Asbury.

Alumni Networks

Alumni networks are groups of former employees (retired or otherwise) who remain connected to the company and other former employees through formal and informal channels. Fortune 500 companies have been leveraging their alumni to assist with various aspects of the business. According to an Alumni Enterprise 2019 research report, 98% of Fortune 500 Companies have some kind of alumni program. The Harvard Business Review found that alumni networks served as a resource for new business opportunities, enhanced branding and reputation, created opportunities for referrals and rehires, along with other benefits. The benefits in the hiring and talent side are clear; rehiring former employees can save 50% of the cost of recruiting, hiring, and training due to the employees’ prior knowledge. These networks vary in costs due to the age and complexity of the programs, as some have taken on these projects internally, while others have looked externally to develop these networks. The Harvard Business review found that of those surveyed 36% had a budget of under $60k, while 20% have budgets over $300k. The large swings can be attributed to the level of complexity in the technology provided along with the age of the alumni program in place.

Leveraging and Working with Schools

A 2021 study found that the skills gap in the U.S. could result in 2.1 million unfilled jobs by 2030. A different study found the average age of the manufacturing work force is 44 years old and approximately 8% of the workforce is under the age of 25. With the workforce aging, manufacturers are turning towards local schools to cultivate and develop partnerships. Manufacturers have developed programs such as America’s Cutting Edge, Operation Next, NextFlex, and MEP National Network. One study found that of the students participating in Manufacturing Institute’s MFG days 84% stated that manufacturing provided careers that are interesting and rewarding and 64% said that they were more motivated to pursue a career in manufacturing. The overall impact of these programs is still unknown; however, the number of programs such as the above are growing, showing the importance the industry has placed on growing its pipeline and garnering interest in the industry.

Technology

A study was conducted in 2023 on the manufacturing industry’s application of the metaverse. The metaverse is defined in the study as the convergence of individual technologies that, when used in combination, can create an immersive three-dimensional virtual or virtual/physical industrial environment. In the study, it was found that 92% of the executives surveyed noted that their companies were experimenting with or implementing at least one metaverse-related use case. The survey broke down investment into the metaverse into four major categories: production, customer interaction, supply chain, and talent. Taking it another step forward, of the respondents implementing, 17% noted that they were in the process of integrating talent technology. This technology included examples of augmented and virtual reality aiding in immersive, on-the-job training, virtual plant tours for potential candidates, and a virtual onboarding process. The study does point out that the cost of implementation is a key hindrance for a wide scale adoption by the industry, as 51% of the respondents called out the cost to implement. Despite implementation costs, many of the executives in the study found that metaverse technology is critical in upskilling employees and, to some degree, benefits employee engagement, productivity, and attracting and retaining talent.

Recruiting and retention is not a one-size-fits-all solution. The industry has certainly found a multitude of options to help develop and attract talent, whether that is with existing resources or the implementation and development of new and advanced solutions.

Please reach out to a member of our Manufacturing & Distribution team for more information on the topic outlined above. For more information regarding our Manufacturing & Distribution experience, visit our Manufacturing & Distribution industry page.

The post Manufacturing’s Talent Search appeared first on McKonly & Asbury.

Financial assets that are impacted by this change are those that are measured on an amortized costs basis, such as trade receivables, loan commitments and receivables, and net investments in sales-type and direct financing leases. Examples of financial assets that are not impacted by this change include contribution receivables, available-for sale debt securities, and operating lease receivables.

As noted above, trade receivables are included within this scope, which for healthcare organizations means that net patient receivables would be impacted. However, healthcare organizations are already applying implicit price concessions against the patient accounts receivable balance, so how does this new standard impact net patient service accounts receivable balances? The answer – self-pay patient service accounts receivable balances; more specifically, the self-pay patient service accounts receivable in which the healthcare organizations perform credit checks over the patient’s ability to pay. Therefore, this mostly impacts those healthcare organizations that provide elective procedures.

The difference between implicit price concessions and provision for credit losses are that implicit price concessions reduce both patient service revenue and receivables, whereas the provision for credit losses is recognized as an expense and an allowance against the patient service receivable.

For healthcare organizations that do not perform credit checks on self-pay patients, there will not be a material impact to how net patient service receivables are being accounted for. The only significant change that will be seen is language updates in the financial statement disclosures relating to patient service accounts receivable.

For those that do provide elective procedures, CECL does not require any specific approach to estimating an allowance for expected credit losses. Therefore, the current methods that many healthcare organizations are performing, such as utilizing aging schedules or basing allowances on historical trends in credit quality indicators, will continue to be appropriate. The significant change from this standard is the balance sheet presentation of the allowance for expected credit losses. This allowance on financial assets measured at amortized cost must be presented on the balance sheet separately from the financial asset’s cost balance and there will be additional disclosures added to the financial statements.

If you have questions about the information outlined above, McKonly & Asbury’s experienced professionals are here to help. Learn more about our Healthcare practice by visiting our Healthcare industry page or by contacting the director of our Healthcare practice, Janice Snyder, Partner.

The post Impact of Credit Losses (CECL) on Healthcare Organizations appeared first on McKonly & Asbury.

The implications of a high interest rate environment have changed the landscape of M&A. Alternative deal structures are expected to be utilized in place of the high-leverage buyout models which were a staple in the PE industry while borrowing costs were low. These alternative structures include financing through non-bank lending institutions, joint venture and strategic partnerships, and 100% equity funding. One point is clear about the 2024 outlook for M&A, firms do not expect deal structuring to be as straightforward as it was during the 15 years of quantitative easing that followed the Global Financial Crisis.

How Banks Play a Role in the M&A Outlook

Much of the necessity for change can be attributed to tighter lending standards required by banks. Banks in the U.S. are severely underwater on bond positions acquired prior to 2022. Further, many are beginning to question the resilience of commercial real estate, as office building vacancy rates have continued to increase since the pandemic and many loans underwritten in 2019 are going to be reset at much higher rates this year. Clearly, increasing debt service paired with increasing vacancy means that this sector is vulnerable, and banks have had to tighten lending standards to remain liquid in response to potential defaults and collateral devaluation. The most recent Senior Loan Officer Opinion Survey published by the Federal Reserve states that “significant or moderate net shares of banks reported expecting a deterioration in credit quality across most loan types over 2024.”

M&A is expected to rebound this year, but banks are expected to remain selective with financing. This implies that business owners will have to be dexterous and adapt to the new environment with creative solutions to transfer or acquire ownership interests. For this reason, effective planning is more critical than ever for a successful transaction. Two years ago, transferring ownership interests was relatively easy because most transactions could be funded with cheap debt that could be serviced over many years with distributions from the company. Now, bank lending rates have doubled, durations are shorter, and collateral requirements are often higher; this is making it harder and harder for traditional M&A deals to cash flow.

Finding M&A Success in 2024

Where there is change, there is always opportunity. Many business owners are recognizing the advantages of seller financing while rates remain high. Seller financing is a vehicle often utilized when selling to employee stock ownership trusts and related parties. With interest rates high and capital difficult to access, seller financing is certainly a worthwhile consideration for any transaction in 2024. This is not only an effective tool used to receive fixed income for several years after selling, but many owners find that the tax implications are more desirable than those of receiving a lump sum. Joint ventures and strategic partnerships are also rising in popularity as a way of diversifying income streams with less need for high-yield debt. Of course, these methods do not always work for every company. Successful M&A in 2024 will require innovative, creative solutions to bridge the gap between sellers’ expectations and buyers’ access to capital.

At McKonly & Asbury, we understand that there are many factors involved in exiting or acquiring a company. We offer a wide array of valuation, estate planning, and transaction advisory services for our clients’ specific needs. Please reach out to T. Eric Blocher, Partner and Director of Business Valuation Services, if you have any questions.

The post Buying and Selling Companies in a High Interest Rate Environment appeared first on McKonly & Asbury.