|
|
Dr. Bob Spencer - Advisory Consulting Services |
|
Dr. Bob Spencer has more than four decades of experience and knowledge related to business technology. Not only was he an early to recognize the benefits of technology, but has implemented solutions in nearly every industry imaginable. His background includes Accounting, Finance and Banking, Health Care, Manufacturing, Distribution, and Point of Sale. He has consulted to some of the large accounting firms in the United States as well as many of the larger and respected businesses in industry. From a two billion dollar company to a $125 million dollar company his range and scope of services is well known. The following describes some of his most sought after services, however, Dr. Spencer's practice is very flexible and he commonly customizes engagements under an Agreed Upon Procedures scope of engagement. |
 |
Software Assessment, Selection and Implementation
Implementing and Managing a Paperless Environment
Information Technology Security Review
The Technology Assessment is typically performed as part of each of the engagements we do. It lays the foundation for what is to come, and allows us to quantify and qualify the current technology infrastructure of an organization. While documenting our findings, we also include recommendations for action. The process provides the institution with a good understanding of the current level of technology in their organization. The Assessment is often the first step to developing a Strategic Technology Plan. The Technology Assessment may also be done on its own merit where a company or firm simply want a state-of-business report with findings and recommendations. We often visit clients annually or bi-annually to review their plans and update the report as needed.
The Strategic Technology Plan defines the organization's technology objectives and how to achieve them. The Plan allows the organization to prepare for the future at a comfortable and affordable pace. Once the plan is completed and approved, we will continue assisting the organization in the implementation phases and with annual updates as required. The Strategic Technology Plan is a three-year rolling plan which is updated annually with a review of the prior year actions, planned changes for the next three years, and the addition of a third year at each annual review. The plan document should closely follow the business plan and leverage technology to help a business meet its objectives.
Software Assessment, Selection and Implementation
Ever wanted an independent advisor to help you through the software assessment, selection and implementation process? Whatever your industry, there is a good possibility that Dr. Spencer has the experience to help you. From governmental to banking and finance, manufacturing and distribution Dr. Spencer, over his professional career, has been responsible for hundreds of installs at a hands-on level. He is the author of nearly a dozen books on the subject of accounting software selection and implementation, has written dozens of articles and hundreds of reviews. Dr. Spencer moderates the very popular Accounting Software World web site and has meet with nearly every leading provider of accounting software in the United States over the past two decades.
You should know what features and functions to look for and know the products abilities before you commit! What about hardware upgrades, new infrastructure, and what technologies are now available to help you manage you business better? Dr. Spencer is co-author of Accounting Software Selection, published by K2 Enterprises and presents dozens of seminars annually on accounting software.
Independent! Dr. Spencer does not represent any vendor, nor does he sale any product. He is completely independent and unbiased. The focus is on what product will come closes to meeting your needs, and how to best manage the changes in your business that new software often causes. Use his experience to define areas for improvement and prepare an education program that will ensure that you get the most out of your investment. Many companies invest in new software only every 10 years or so. For others, it may be a once in a lifetime experience.
Implementing and Managing a Paperless Environment
The technical terms are Enterprise Content Management, Document Management and the more current term given by the Government and Federal Court System is Electronically Stored Information (ESI.) Whatever term you choose, most organizations are attempting to move as much of their previously hardcopy printed documentation, forms, and paperwork to an electronic format as quickly as possible. Dr. Spencer has nearly three decades of experience, and developed several core seminars and conference sessions on the topic since 2003. No matter if it helping you select the right scanning and document management solution, or working with your staff to clean up and organize your electronic files, you will find that our experience and understanding of business processes will be beneficial to your business. If independence is important, and it should be, Dr. Spencer does not represent any vendor, nor do we implement product. We assist you in preparing to go paperless, the review and evaluation process, and the selection and implementation.
Information Technology Security Review
Information Gathering and Active Exploration – This phase attempts to gather any publicly available information from external third-party sources. Examples of public information queries can include: DNS entries, domain registration information, published email addresses, operating system identification, application identification, or online telephone directories. This is followed with a proactive examination of any systems found during the first step.
Target Identification and External Vulnerability Assessment – This phase identifies potential services and vulnerabilities that may be exploited in the next phase, including the determination of a presumed network topology. The scope of this assessment is limited to specific IP addresses to be scanned. This phase may include a modem detection attempt to determine if the site can be penetrated by dial-up connectivity.
Vulnerability Verification – Once the vulnerabilities are identified in the previous phases, the security professional will attempt to verify the validity of their test by intruding and exploring your systems. These tests are not intended to be disruptive to your operations, but be aware that disruptions can occur. For larger merchant sites, Denial of Service (DOS) attacks should be performed to determine if your systems are fully protected.
Establishment and Extraction – Taking the testing to its final evolution means that the testers will attempt to access files and move or copy files. They will attempt to establish a valid user id on your servers, and finally, they will provide you with the evidence of their penetration.
System Hardening is another security process that is provided to help you understand additional potential threats from which you must protect your network. Whether your information system is based on a Microsoft network, Unix, Linux, or another operating system, the default "out of the box" configuration is inherently insecure. Your network and servers will be evaluated to insure the most current technical patches and upgrades are installed. This process helps to identify system weaknesses, and optimizes your system configuration to improve network security. Through System Hardening, we will determine the level of security that is appropriate for your institution and make recommendations for you to implement the changes to achieve that level of security.
The Information Technology (IT) Audit more closely represents the processes of the traditional accounting audit in terms of the expertise and resources required. After the interviews are completed, the firm then validates the information provided to the degree possible. All facets of operations are reviewed and observed. In conducting the IT Audit, or the less expensive Information Technology Review, the firm follows guidelines established by the Federal Financial Institutions Examination Council, which is recognized for conducting qualified technology reviews and audits for financial institutions. For non-financial institutions, the questionnaires and procedures are adapted to the client's specific industry and needs.