Read our insights

During conversations we have with businesses about risk, it’s eye-opening to see how many aren’t really making it a priority.

Did Budget 2024 give Kiwi business owners the certainty they need so they can plan for the future with confidence? Greg Thompson provides expert analysis.

You know you can’t work forever – and you certainly aren’t immortal. But plenty of business owners are living as though they’re completely infallible.

Too few New Zealand businesses are making good use of advisory boards. Used effectively and with the right people involved, an advisory board can solve problems, fill knowledge gaps and help to maximise growth and profits. In a complex and volatile business environment, advisory boards can help steer your business through choppy waters. Executive teams are increasingly faced with problems that fall outside their day-to-day areas of expertise, and advisory boards provide independent advice about how to navigate tricky times. What makes an advisory board unique? Many large businesses have a full constitutional board, which has decision-making power for the company. The members of a traditional constitutional board have fiduciary responsibilities, and their role tends to focus on compliance, risk management, and monitoring business performance. If they work on problem solving or growth strategies, it’s typically from a top-level strategic perspective. Risk minimisation is a priority. In contrast, an advisory board has no decision-making power and the members don’t have the same duties as the full board members. Its focus tends to be on maximising profits and growth, solving problems, and acting as a sounding board – sometimes down to quite detailed levels of execution. Advisory board members often identify market opportunities and provide network links that can support the company’s expansion. The priority is capitalising on opportunities and how to iron out problems. An advisory board provides suggestions, observations and ideas to those making the day-to-day decisions about the company. Those decision-makers can then decide whether or not to act on that advice. The advisory board is both an alternative to the traditional constitutional board and a complement, so you can have one without the other or both. We know advisory boards can be effective Research about advisory boards demonstrates their effectiveness: A survey of businesses leaders found 95.7% believed their advisory board added “real value” to their business, according to The Alternative Board. Advisory boards help businesses avoid costly mistakes; broaden knowledge and skills; and provide a sounding board; among other benefits, according to research by the Business Development Bank of Canada. A Columbia University study revealed advisory boards help organisations “remain innovative and at the forefront of their industry”, and found although board members’ experiences of past failures didn’t prevent all failures, it did minimise the probability of failure. Another US study found an inter-professional advisory board can broaden perspectives within an organisation and lead to new insights. Does your company need an advisory board? An advisory board certainly isn’t a requirement for every business. First, the company needs to have reached a certain size. Beyond that, your business could benefit from an advisory board if: your it is growing or looking to grow you want to raise funds you’re aiming to build strategic partnerships the business is facing a major change of direction, with new products or expansion into new markets the owners of the business are in the process of succession planning the business is, or soon will be, for sale. An advisory board will raise the level of strategic conversation, and it can be the difference between business as usual and an extremely valuable, highly saleable organisation. Building an advisory board You don’t need to launch an advisory board in a single push. It can begin with a single advisor – perhaps your lawyer or accountant. Alternatively it might be someone who knows the market you’re considering moving into for instance, or a person who understands the specific staffing challenges you’re facing. From there, you can build an alternative advisory board. It might include a key person from within the business, possibly the managing director, chief executive or owner. Ideally you want an independent chair with two or three external advisors. Members of your advisory board should be carefully selected to ensure they have the right skills. Identify areas where your company lacks knowledge – for example, it might be insights into a particular country, marketing campaigns, or recruitment. As the company grows, the informal advisory board can move to a more formal set-up. This means having a board charter, rules for the board members and a code of conduct. It’s vital members clearly understand their own role, and everyone else’s roles on the board and within the business. Ultimately, depending on the size and complexity of the business, you may need to establish a constitutional board in time, to ensure the company meets its regulatory and compliance requirements. Even then, having an advisory board means you can continue to have those valuable conversations about how to grow the business and solve thorny issues. Advisory boards are an investment in your company Maintaining an advisory board isn’t free, but it’s a genuine investment in the business. With independent advice, the leadership team can gain a different perspective on an issue. For example, one of our clients owned a company that had been highly successful and grown rapidly, before hitting head winds. It was clear some difficult decisions had to be made but downsizing can feel like you are failing. The process was nerve-wracking for the owners. It was with the support of the advisory board the client was able to make a long-term plan, put the downsizing into perspective, and make the tough choices. Now the business is well set up to survive the tough times and will be ready to grow again when the market picks up. Usually, though, it’s not during a quantum shift that an advisory board proves its worth. It’s an accumulation of small changes. One client is currently leveraging their advisory board to help develop their management team’s effectiveness; to clarify their purpose and vision; and to identify strengths within the business. An advisory board is the ideal forum to explore opportunities, problem solve, and seek counsel. It’s a way for a business to invest in its future and improve accountability of the management team.. It can bring in knowledge, experience and capability where and when it’s needed. In a time of high volatility, an advisory board has never been more valuable. This is an ideal time to establish an effective advisory board to help you navigate your business through these uncertain times and into a successful future.

Here comes the new year, and it would be lovely to think 2024 will be smooth sailing compared to the past three years. Unfortunately, that’s almost certainly not going to be the case. Instead, volatility will continue to reign as the pace of change only speeds up. Reflecting on 2023, most would agree it was a tough year, and those challenges are not going to disappear over the Christmas holidays. Businesses will continue to face cost pressures, high interest rates and staff issues in 2024. The world has fundamentally changed since the pandemic; buying patterns, financing, and technology have all been transformed. As a business decision-maker, not only do you need to get your head around our new economy, you need to do it while also tackling whatever new hurdles are thrown in your path. How can you help your business survive and thrive in 2024? The answer is simple: you must be ruthless. Start by building resilience When the economic landscape is in permacrisis, it’s essential to make your business as resilient as possible. To make sure you can ride the wave in 2024, you need to ensure your cashflow is reliable and predictable, and you must manage your costs. Look ruthlessly at your spending and outgoings to find efficiencies, while tightening your terms, invoicing and debt management processes to improve cashflow. The key is knowing what your cashflow is. Let go of underperforming products and services Cost-benefit analysis is valuable here as you decide what to let go. Crunch the numbers and identify parts of the business that aren’t providing strong and reliable profits, both historically and into the future. Ask yourself tough questions about those underperforming strands: ‘Why am I continuing to sell this product or service? Is it dying and do I just need to cut it out? Am I continuing to serve legacy customers because it’s in my comfort zone or I feel an allegiance to the past? Will I get a better return by investing the same amount of time and energy on something else?’ Cut out your D clients The Pareto principle, aka the 80-20 rule, says that 80% of your profits will come from 20% of your clients. Most businesses find this principle applies. This is an old exercise but an effective one: look at your client list and grade each one from A to D. Your A clients are the most profitable ones who are the best to deal with, and your D clients are the lowest-value, most headache-inducing to work with. It’s time to cut out your D clients and focus your energy on keeping, growing, and finding new A grade clients. Jettison outdated stock After the inventory rollercoaster of 2020 and 2021, some businesses are still sitting on outdated stock. Sell it if you can, provided you don’t cannibalise your own clients. In other words, don’t sell a cheap old item to a client who might otherwise buy a profitable new item. Instead, try to sell it to a market you’re not involved with. One of my clients was able to shift a huge amount of product to a dollar store, preventing the business from undermining itself. Otherwise, look for a way to give the stock away, or even better - recycle it if you can. Take legacy technology off life support Legacy technology is a drag on any business. We see it in government departments and large businesses, where slow, patchwork systems take hours to complete tasks that could happen almost instantly with up-to-date tech. Getting rid of desktops and landlines, and moving to the cloud, makes your business more resilient and cuts ongoing maintenance costs. Get the experts in to help your business transition to the cloud in a way that will work for your organisation – you should be able to find some significant efficiencies. Embrace AI The point of making all these cuts and cost savings is not only to boost your profitability and resilience. It will also free up funds so your business can be ready for the future, because any company not embracing AI will be left behind. As the pace of change increases, firms that embrace change, and have the knowledge and information to handle it, will accelerate their growth. Firms that keep doing what they’ve always done will start to fall behind. Eventually the gap between non-adopters and their AI-savvy competitors will become too wide to bridge, and the non-adopters will drop away. There will be some high-profile receiverships, but in general these failures won’t happen with a big bang. It will be death by a thousand cuts as small operators decide they’re too tired to keep fighting fires, decline to renew their leases, and let their companies wither away. Open that window of opportunity Skills shortages are already on the horizon for many industries, including accounting where the number of graduates is down by 40%. Overall university enrolment in New Zealand fell in 2022, in line with Australia and the USA which have also seen lower post-pandemic enrolment levels. When there are too few people to do the work, technology is filling the gap. We’ve seen this in our own horticulture industry, for example, where automation is being developed to pick fruit so we don’t need to rely on itinerant workers. And automation is much easier to apply to repetitive data-driven tasks – it will take over many of the drudgework elements of traditional roles undertaken by accountants, lawyers, managers or human resources. With the dreariest parts of the job outsourced, your business will be more efficient, and you and your team can concentrate on the kind of problem solving that needs a human brain - unlock that potential! Find accelerator opportunities The opportunities for innovative accelerators will be massive. Right now, as we head into 2024, we have a window of opportunity. This is the time to make change and prepare for a fast-changing future. By being ruthless now, you can set up your business to seize these opportunities when they appear. You can redivert resources to allow you to invest in technology so you’re better prepared for change and more resilient to challenges. The choice is stark when considering the outcomes. If you do nothing, your business will suffer and potentially dwindle away. But by changing the way you operate, you can become one of the accelerators, dominating in your niche and leaving your competitors behind. There is no middle ground.

If you only make one security tweak to your business, it should be this: turn on multifactor or two factor authentication. Multifactor authentication (MFA) is a simple change that can massively improve data protection. Without it enabled, your business or Not for Profit organisation could be in breach of the Privacy Act depending on the type of information you hold. What is multifactor authentication? Multifactor authentication means accessing a particular app or system requires more than one method of identification. Without MFA, you log on via one device, with a single set of credentials. MFA requires more from users based on three factors: Something you have, like a smartphone or a secure USB key Something you are, like a fingerprint or facial recognition. Something you know, like a password or PIN. For example, to log into Xero online, you enter your email and password. With MFA, you then need to confirm your identity another way – such as on your phone via the Xero app. If MFA is enabled for Microsoft Outlook and you log on using a device that isn’t trusted, you will also need to enter a security code that has been sent to a trusted email account or phone number. Whether it’s a text code, a fingerprint or a phone confirmation, MFA ensures more than one ID method is required to get into your important data. Most platforms and applications give you the option to switch it on through your security settings. It seems inconvenient – why would you bother? Single-factor authentication can make it much easier for a cybercriminal to compromise your bank accounts, accounting software, or business systems from anywhere in the world. All they need is your email address and password, which might have been stolen or leaked, or gained through phishing. With two-factor authentication, it becomes exponentially more difficult for malicious users to get access to your systems. According to Microsoft, there are more than 300 million fraudulent sign-in attempts on its cloud services daily: “All it takes is one compromised credential or one legacy application to cause a data breach.” It estimates that MFA can block more than 99.9% of account compromise attacks. If that seems too high, perhaps it is, but MFA is still highly effective; Google says its implementation of MFA halved the number of account compromises. When you have MFA enabled, it’s less concerning if your password is leaked or compromised. That alone won’t be enough to allow a hacker to gain access. Without MFA, you’re probably in breach of the Privacy Act The Office of the Privacy Commissioner recommends all organisations, regardless of their size to introduce MFA. When a breach occurs, one question often asked is whether an organisation has taken reasonable steps to protect the data they hold. If it is deemed the organisation did not take reasonable steps to protect its data, this could result in a breach of the Privacy Act. What’s reasonable depends on the size of the organisation breached and the scale and sensitivity of data it holds. No matter how small your business or charity might be, it almost certainly holds some personal information. It might be as basic as a list of members’ names, phone numbers and email addresses. Or perhaps it’s a more complex customer management system that includes payment details, health information or biometric data. As such, implementing the MFA is no brainer. Under the Privacy Act, every organisation or individual that holds data must collect it appropriately, keep it safe and allow the people it concerns to be able to access it (for more details, read the Privacy Principles). The Office of the Privacy Commissioner describes two-factor authentication as a bare minimum for small businesses or organisations that hold digital information. Without MFA in place, if someone unauthorised accesses your business data, you are likely to be in breach of the Privacy Act. This could lead to a penalty under the Act starting from $10,000; the most ever awarded is just over $168,000. The risks of a data breach go far beyond penalties, though. Your organisation may also experience potentially huge financial losses, reputational damage, and be forced to shut down. We know of one instance where a small online business experienced a data breach, and the cost of remediation and compliance was so high that dissolving the business was the best outcome. Cyber incursions are such a significant risk it’s hard to overstate their potential impact – yet many organisations are unaware of their responsibilities and risks. It’s all part of everyday risk management Cyber security can feel like a particularly thorny specialist topic that sits outside business as usual. But there’s a better way to think about it – cyber security is simply another risk management activity. It’s not separate or unique or different to other risks in your business, so managing it should equally be an everyday task. This means switching on MFA and getting everybody using it automatically, as well as keeping up to date with software patches and managing passwords effectively. Simple steps like these go a long way to protecting your organisation from breaches. In some cases, you might need to switch platforms to be able to access MFA for your organisation. We also occasionally see small regional organisations in areas that are digitally excluded, which can make this tricky. There may be workarounds available, or alternative platforms that can help. Create awareness and provide training We know that it can feel inconvenient to add MFA to apps you use frequently. If those who use your systems don’t understand the importance of using MFA, they may find this extra effort irritating, or try to switch it off. It’s essential to have all users on board. Education is the key – you need to explain to everyone why MFA is vital and why it is well worth the additional effort. You need to create awareness and provide training. According to research by Verizon, 82% of all cyber attacks “involved a human element”, and phishing scams still dominate social engineering attacks. We know that many small and medium enterprises and Not for Profits, don’t have in house IT and cyber expertise, however, being small or local doesn’t exempt you from the Privacy Act, so you still need to make the effort to not only enable MFA, but to understand your obligations under the Act, establish cyber security policies, and incorporate MFA into your overall approach to risk management.

Beyond compliance: What are your annual financials really telling you? With the first six months of the 2024 year behind us and March 2023 year end compliance work in full swing, it’s always interesting to see common themes jumping out from clients’ financial reports. While annual compliance can be seen as a chore for many, it still provides important opportunities to discover valuable insights to keep your business safe and help it improve. What’s behind your record revenue numbers? To a large degree this is an inflation story, but we are seeing genuine growth in the mix as well. The key is maintaining and increasing the gains you’ve made. Revisit your goals for what you want your 2024 year-end financials to look like and develop or enhance your plan to get there. For example, what can you do to generate more leads and increase customer retention? From setting up a customer feedback programme to exploring where advertising your brand would be most effective, a little bit more investment in your sales and marketing efforts can make a huge difference. And, how well do you know your client base, and what are your most successful and profitable product lines? While you’re likely to have a reasonably accurate idea of where your revenue is coming from, investing in tools and software to segment your customer base can open up a whole new world of up-to-the-minute insights about what’s working well and what isn’t. You can then allocate more resource to the most successful products and services. Take the 80/20 rule for example – if 80% of your revenue comes from 20% of your customers or offerings – focus on that instead of everything else. This can also give you time and space to explore new products or services to enhance your customers’ experience. The margin squeeze: Reduced gross profit percentage A weaker New Zealand dollar, higher costs of freight and shipping in the earlier part of the 2023 financial year, and higher costs to purchase goods all contribute the squeeze. While businesses have put their prices up, contributing to the growth in revenue, in many cases it has not been by enough, or not soon enough to maintain gross profit margins to the same extent as in 2022. We typically see a lag in clients putting their prices up, often wearing cost escalation for fear of losing business and market share. Keep a regular eye on your month to month and year to date financial results, along with comparison to prior years. Once or twice a year just isn’t going to cut it in a volatile economic environment. This is where the power of periodic reporting comes in. These monthly reports act as a temperature check for your business by giving you updates about your key performance indicators which typically include: • Current ratio of liabilities to assets (working capital) • Gross and net profit margins • Interest cover • Stock turnover • Aged debtors and creditor payment times • Ratio of wages to sales It may sound onerous to set up, but it’s an invaluable exercise. Once you have reports automatically rolling over monthly, you can also streamline your annual compliance requirements, save a considerable amount of time trying to find historical information, and get regular up-to-date results that lead to improved decision-making. Overheads are creeping up What seems like death by a thousand cuts, with overheads up across the board, a little here and a little there, it absolutely makes a difference, particularly at the wages line. We’ve heard this in the media on a frequent basis and it has absolutely been playing out in clients’ results. Watch out for ‘lazy’ costs. It’s easy for excess to creep in when times are good and the cash is flowing. Consider what is necessary to core business and staff morale and retention, and focus on trimming the fat. Are you up to speed on technology developments within your industry, and continued emergence of AI? Are there tools or processes you could introduce to materially reduce overheads or improve efficiencies? This could include reducing the impact of travel on your overhead costs by using technology for meetings instead, or simply delaying capital expenditure for a certain period of time. Sometimes bigger cuts need to be made – particularly when it comes to wages, but proceed with caution and approach all decisions with a future focus. For example, if you need to reduce your headcount, will this increase again during your next growth phase? There’s always going to be costs for recruiting and training new team members, and if the labour market is tight how will this impact your ability to deliver products and services to customers? It all comes down to cashflow A cliché no doubt, but cashflow is absolutely the lifeblood of your business. There’s lots of levers you can pull to improve your position, including: Terms of trade with your customers: Can you reduce/re-negotiate payment terms, speeding up your cash conversion rate? Making customer payments easy: Set up a click through payment function within your invoices and enable payment by credit card. The easier it is to be paid, the sooner you will be paid. Focus on debtor collection: Stop putting off those tough conversations and start making your accounting software work for you – many products have automated reminders. Take the time to set this up and any other relevant functionality. It will save you time in the long run. Are you carrying too much stock? Does your stock system alert you to aged stock? And, without shooting yourself in the foot from a margin perspective, what clever ways can you clear excess stock profitably? Are you paying your creditors too soon? Make the most of payment terms available to you and consider re-negotiating with suppliers where applicable. Are you getting the best deal from your suppliers? Go to market and see what’s out there. We’ve seen some incredible cost savings for clients undertaking this activity. Consolidate your suppliers: If you’re using a multitude of suppliers, explore options where you can negotiate a better rate by spending more with fewer suppliers, resulting in cost savings overall Consider debt funding structures: You may be able convert short term bank overdrafts into term debt to spread the load during times of tight cashflow. Jump on the tax pooling bandwagon: Consider using tax pooling to smooth out or defer provisional tax payments. And above all, forecast, forecast, forecast! Failing to forecast cashflow and plan ahead can cause even the most profitable businesses to rapidly fail.

The more you know about your business, the better your decision-making can be. That’s why we’re always surprised at how many businesses don’t produce consistent monthly reports. Periodic reporting checks the pulse of your business and gives you monthly updates on your key performance indicators.

Is your Not for Profit enterprise prepared for a cyberattack? If the answer is 'no', you're not alone. Our research report, Here for Good? uncovered some alarming statistics that highlighted cybersecurity as a major vulnerability in the sector

In March 2024, PCI DSS version 3.2.1 is officially retires and version 4.0 comes into full effect – and if your business accepts card payments, you need to ensure you’re ready. PCI DSS protects your customers’ information when they provide their credit/debit card details or planned payments, and you must comply with the standard.

The US is the bastion of capitalism – and yet it is committing to building a greener, more sustainable future. It has recently done something revolutionary, investing in transforming its economy for the better. Biden’s signature piece of policy, the Inflation Reduction Act of 2022, is a powerful tool for positive change. It provides $500 billion in new spending and tax breaks that will boost the green transition, encourage investment in R&D, and support its manufacturing and agricultural sectors.

In February we launched a bi-annual research initiative to track business sentiment and explore where New Zealand businesses are succeeding, and where they’re feeling pain.

A lot of online scams are pretty obvious. Your bank isn’t going to send you emails about your balance expiring soon. And you know the IRD isn’t going to send you a text to transfer your tax rebate. Unfortunately, the types of scams most likely to affect New Zealand businesses are considerably more sophisticated.

Even if your business makes millions, it won't be sustainable in the long-term unless you collect it. Your staff won't get paid, Inland Revenue will be knocking on your door, and your business will quickly fail. Business owners understand this, yet a surprising number do very little cashflow planning. Failing to forecast cashflow and plan ahead can cause even the most profitable businesses to rapidly fall into a death spiral.

As the likelihood of a recession looms, businesses need to avoid self-fulfilling prophecies about hard economic times to come. Instead, now is the time to make sound decisions about future proofing their operations. Think proactivity, not reactivity; opportunities not crises.

Today, cybersecurity has become a top concern for public sector leaders, as the number and sophistication of breaches continues to increase. If you want to strengthen your agency’s IT defences and understand your current state of cyber-preparedness, we recommend the following steps as part of a wider cyber security maturity assessment.