1) To smooth the transition to the cloud, consider the finance and accounting implications Kevin Surovcik, Business Advisory Services Managing Director 4 strategies can help companies consider the holistic impact of their cloud purchases on the organization Imagine you are the head of a business unit that needs to replace an on-premise legacy platform. Drawn by the lure of a new cloud solution with features developed specifically for your function as well as the pay-as-you-go fee model, you jump at the chance to transition to the cloud. As you’re congratulating yourself on the big win, you bump into the CFO, who responds by asking if you had considered how the solution aligns with finance and accounting needs. Perform thorough due diligence on cloud solutions providers Involve the C-suite in IT decisions This scenario is an increasingly common occurrence. In the past several years, cloud solutions, particularly software as a service (SaaS) products, have hastened the decentralization of IT. The rise of the cloud means that managers can — and frequently do — make decisions for their department without having to consider the potential impact on the entire enterprise. Since nearly every cloud solution — from customer relationship management to enterprise resource planning and supply chain management — houses information that finance and accounting will need to complete analysis and regular reporting, it’s crucial that managers take systems integration and reporting into account. Even when the chief operating officer and CIO make software purchasing decisions about the cloud, they often don’t consider the tax implications. Data security, regulatory compliance and risk management can add further complexity. Commit to ongoing risk management and monitoring of cloud vendors Invest in change management 

2) To smooth the transition to the cloud, consider the finance and accounting implications As many companies have recognized, cloud solutions can transform the organization by delivering significant advantages, including greater agility and access to data. At the same time, companies need to approach the cloud as they would any capital investment — with a holistic understanding of how it will affect the business. The key is to understand relevant finance and accounting issues and include them in the equation when conducting a thorough analysis of cloud products and vendors. The goal should be to capture the full value of the cloud while minimizing the risks. Aligning cloud investments with finance and accounting needs Integrating a cloud solution into operations can have a far-reaching impact on the organization. Many implications only become clear over the course of the year, when certain reports or filings are prepared. Companies can align investments in the cloud with their finance and accounting departments by implementing four strategies. 1. Perform thorough due diligence on cloud solutions providers. Given the potential risks of storing sensitive data and customer information in the cloud, a company must go beyond a superficial vetting of solutions providers. These partnerships can affect the entire company, so managers should apply a heightened level of scrutiny to providers — on par with the due diligence conducted in an acquisition. As part of this process, companies should verify a vendor’s financial stability to make certain that it can support its products over the short and medium term. Gartner predicts that one-quarter of the top 100 IT service providers will go out of business or be acquired in 2015, so getting a better sense of a provider’s financial health can help companies having to transition to another solution unexpectedly.1 2. Involve the C-suite in IT decisions. The CFO will have the most complete perspective on the company’s risk management and regulatory compliance needs, so getting this input early in the process can flag problems and even rule out certain products. Additionally, in consideration of the possible reputational damage from system breaches — particularly when dealing with financial or customer data — executives must address cybersecurity risk at the outset.2 Making security an integral part of the conversation — from selection and implementation to rollout — can resolve potential issues proactively. Further, to gain visibility into the needs of individual business units, executives should institute a review and approval process for all IT purchases. 3. Commit to ongoing risk management and monitoring of cloud vendors. Since significant portions of the computing environment are under the control of the cloud provider, assessing and managing risk in cloud computing systems can be a challenge. Companies that take a holistic perspective — one that includes not just a cost-benefit analysis but also tax and security considerations, among other areas — can mitigate the risk of unforeseen issues that could emerge down the road. Companies must also evaluate and confirm that a vendor’s security and privacy controls are implemented correctly, operate as intended, and meet organizational requirements. Above and beyond maintaining a high standard of operation, cloud providers must be prepared to respond to evolving regulations. For these reasons, companies should engage in annual or biannual reviews to confirm that a vendor has all necessary processes and safeguards in place. 1 T  hibodeau, Patrick. “One in four cloud providers will be gone by 2015,” Computer World, Dec. 11, 2013. 2 H  igh-profile targets of successful cyberattacks in the past year include Home Depot, JPMorgan Chase and Target. For more information, see: Braithwaite, Tom. “JPMorgan cyberattack hits 76 million households,” Financial Times, Oct. 2, 2014. 2  

3) To smooth the transition to the cloud, consider the finance and accounting implications 4. Invest in change management. Beyond the technical considerations of the cloud, companies must also prioritize the human component. For users, a new system may mean evolving functions, different business processes, learning new skills or increased governance. Change management needs to be handled effectively by the business leaders for the solution to take hold. Companies should engage employees through training, regular communication, reviews and measurements of progress, and clear expectations. When approached correctly, the change management effort will extend to multiple parts of the organization, including IT, accounting, HR and sales, among others.3 How finance and accounting issues can impede a transition to the cloud platform The breadth of available cloud products and ease of implementation for discrete functions such as sales and HR have spurred adoption — but in many cases the full implications for the enterprise only become apparent post-purchase. Several steps and considerations are often overlooked in the rush to gain functionality. Comprehensive cost-benefit analysis. While conventional wisdom has focused on the top-line cost of on-premise and cloud solutions (purchase price compared with monthly subscriptions) as well as implementation and maintenance costs, in reality companies can face additional unforeseen costs. For example, SaaS can be subject to both sales and income tax: many states tax SaaS fees on an annual basis, which can add up to a significant expense over a number of years.4 In addition, the concept of nexus — a physical connection between an out-of-state company and taxing jurisdiction — can create a far more complicated cost calculation for companies doing business in numerous states. Data security and privacy. Understanding where information resides and the safeguards that a cloud provider has in place provides assurance that sensitive data is secure. Today, the proliferation of cyberattacks and data breaches reinforces the importance of verifying protocols. Cloud solutions must be assessed not only on their capabilities and underlying technology, but also on the infrastructure that vendors are using to supply the product. In practice, companies often fail to conduct due diligence on cloud vendors and how they are delivering services. Industry-specific regulations. Businesses in certain industries, such as health care and financial services, must comply with regulations pertaining to data security. Health care companies that collect and hold patient data, for example, must have an employee designated to security in order to comply with HIPAA guidelines. For public companies, SOX stipulates that the CFO and CEO share joint responsibility for financial data. Governance and internal controls. One of the cloud’s marquee benefits is its ability to provide employees throughout an organization with real-time access to information. Although many companies have adopted role-based access and security measures, this task can be more complex with cloud solutions. Moreover, an increasingly mobile workforce and the prevalence of “bring your own device” policies can create additional privacy challenges. For these reasons, companies that adopt cloud solutions often need to enhance their governance and internal controls. 3 F  or more information on successful change management, see our report with APQC, Transformational change: Making it last. See www.grantthornton.com/issues/library/whitepapers/advisory/2014/APQC-transformational-change.aspx for more details. 4 C  urrently, 21 states and the District of Columbia tax SaaS in one form or another, while five other states have the potential to tax a form of SaaS based upon existing tax law. Rates range from 4.35 percent in Hawaii to 9.45 percent in Tennessee. 3  

4) To smooth the transition to the cloud, consider the finance and accounting implications Whenever a new technology such as the cloud emerges, companies and department managers sometimes rush to adopt it without fully understanding all of the ways it can affect the organization. In moving to the cloud, companies shouldn’t overlook the finance and accounting implications, which influence efforts from risk management and security to regulatory compliance. Companies can reap the full benefits of an enterprisewide cloud deployment by taking the necessary time and resources to understand the impact of cloud solutions, conduct due diligence on providers, and develop a framework to review security, compliance, and internal processes on a regular basis. Contact Kevin Surovcik Managing Director Business Advisory Services Grant Thornton LLP T +1 215 814 4040 E kevin.surovcik@us.gt.com grantthornton.com/silverlining Content in this publication is not intended to answer specific questions or suggest suitability of action in a particular case. For additional information about the issues discussed, consult a Grant Thornton LLP client service partner or another qualified professional. Connect with us grantthornton.com @grantthorntonus linkd.in/grantthorntonus “Grant Thornton” refers to Grant Thornton LLP, the U.S. member firm of Grant Thornton International Ltd (GTIL). GTIL and the member firms are not a worldwide partnership. Services are delivered by the member firms. GTIL and its member firms are not agents of, and do not obligate, one another and are not liable for one another’s acts or omissions. Please see grantthornton.com for further details. © 2014 Grant Thornton LLP  |  All rights reserved  |  U.S. member firm of Grant Thornton International Ltd