Corporate Social Reponsibility for the U.A.E.

June 12th, 2017 by Stephen Jones No comments »

The Ministry of Economy in Dubai today on Monday said that it will be mandatory for the private sector to declare their Corporate Social Responsibility (CSR) initiatives by the end of 2017. The CSR initiative aims to encourage all companies to play a role in charitable, humanitarian work. Mohammad Ahmad Bin Abdul Aziz Al Shehhi, Undersecretary at the Ministry of Economy, discussed the National Strategy’s 11 initiatives for CSR, which were set to develop a supportive and stimulating environment for companies to invest in social responsibility.

The CSR programme is one of six main themes of the UAE’s National Strategy, which aims to encourage all companies to play a role in charitable and humanitarian work.

Percentage

The ministry will announce a minimum percentage that should be allocated to CSR by all private companies.

Companies will be able to register starting July, and will be required to declare their audited CSR accounts to the ministry and upon licence renewal at the Department of Economic Development.

Auditors will be required to ensure the financial statement for the company verifies their CSR initiatives and CSR spending.

Al Shehhi said that another initiative is the establishment of a National CSR Index, which will rank entities in the country, based on the percentage of their contributions and projects.

The assessment process will take place in April 2018, while the Corporate Social Responsibility (CSR) Annual Report and National CSR index results will be announced on Zayed Humanitarian Day in June 2018.

Year of Giving

Sultan Bin Saeed Al Mansouri, Minister of Economy, said the launch of the annual report represents an important milestone for the ‘Year of Giving,’ as such programmes and initiatives introduce a solid base for the organisational system of charity works in the UAE.

“Cooperation between the Ministry of Economy, Departments of Economic Development and Chambers of Commerce and Industry and other governmental and private bodies is an essential and effective driving force for transforming the ‘Year of Giving’ concepts to practical programmes and initiatives,” he said.

Smart CSR platform

Al Shehhi highlighted the different services of the Smart CSR platform, which will be launched in July to enable all private companies to register, and to view the various fields of CSR initiatives. It will include guides and tools to make CSR contributions along with models displaying the implementation process.

“One of the main targets of the programme is to spread awareness about the values of CSR within the private sector. We are sure many private companies have CSR programmes, however, it is time to launch a joint platform based on concrete projects, and build partnerships between the public and private sector,” said Al Shehhi. He pointed out the ministry anticipates that all companies in the UAE who are currently registered in the economic department will become members of the CSR programme, which has now been set as a minimum requirement in the private sector.

The Dubai Chamber of Commerce and Industry recently hosted its annual Dubai Dialogue conference at its premises which focused on the UAE’s Year of Giving and highlighted the important role that public-private partnerships can play in achieving the objectives of the national initiative.

The event, organised by the Chamber’s Centre for Responsible Business, was attended by 150 delegates, including H.E. Sultan bin Saeed Al Mansoori, Minister of Economy of the UAE, H.E. Mohammed Alshehhi, Undersecretary for Economic Affairs at the UAE Ministry of Economy, and H.E. Hamad Buamim, President and CEO, Dubai Chamber, as well as various stakeholders from the UAE’s public and private sectors.

The National Strategy for the Year of Giving comprises over 1,000 initiatives and programmes which cover six main themes, namely corporate social responsibility (CSR), volunteerism, the developmental role of humanitarian organisations, legislative systems and government policies, media, and serving the nation.

In his keynote speech, H.E. Al Mansoori said: “Organising this year’s conference is particularly important in light of the UAE’s move to declare 2017 as the ‘Year of Giving’. The wise leadership is taking a number of relevant steps to develop an integrated framework aimed at spreading the initiative’s principles and encouraging active participation of the government and private sectors at the institutional and individual levels.”

The UAE’s Minister of Economy noted that the government is keen on building a more systematic CSR methodology by offering incentives and monitoring, and putting key indicators into place that measure the initiatives’ progress and their benefit to society. Dubai Chamber’s President and CEO said that forming a united vision for CSR and sustainability in the UAE is one of the main objectives of the Dubai Dialogue conference as it enables organisations to share knowledge, experiences, and best practices in this field.

“Corporate social responsibility is at the core of the Year of Giving strategy, which comprises many initiatives that will have a direct and significant impact on the UAE’s business community and society at large,” added H.E. Buamim.

The 11 initiatives for CSR include incentives, facilities, and financial privileges. Among the financial privileges is the ‘Responsible Procurement’ initiative, which will be implemented in cooperation with the financial departments of the various emirates. It aims to allocate a percentage of government contracts to outstanding companies in the field of CSR. The ministry will also launch the ‘CSR Label’ and ‘CSR Passport,’ which will be awarded to the five most innovative companies in the field.

Another initiative is the establishment of the ‘coordinating forum for CSR.’ The forum will be organised in cooperation with the UAE Chambers of Commerce and Industry, to provide platforms for regular communication in order to build partnerships between private sector companies and leaders of the humanitarian and charitable sectors.

“The country’s leadership has a vision to establish the position for the UAE to be the most giving of the world,” added Al Shehhi.

11 initiatives within the Corporate Social Responsibility (CSR) programme:

1. The Smart CSR website to be launched

2. CSR annual report to be published

3. National CSR index to rank companies based on CSR spending

4. CSR Label

5. CSR Passport

6. Monetary incentives for outstanding companies in the CSR field

7. Mandatory annual declaration of CSR projects

8. Coordinating forum for CSR

9. Annual announcement for CSR

10. Responsible procurement

11. Work committees for CSR

Dynamics 365 for Finance and Operations.

June 7th, 2017 by Stephen Jones No comments »

Dynamics 365 Enterprise Edition with Dynamics 365 for finance and Operations

interoperability is provided to this modern, enterprise, ERP by: the Common Data Model, Power Apps, and Flow.

What does that really mean?
Dynamics 365 for Operations is written in HTML 5 and all the functionality can be used on almost any device from anywhere including mobile device from iPhones to android tablets.

Dynamics 365 for Enterprise Edition brings togetherall your businesses pieces : ERP (Dynamics 365 for Finance and Operations), Adobe Marketing Cloud CRM, Office 365, Cortana, Power BI, Microsoft Azure, and the Azure IoT suite.

This seven suite package is one unified software system that helps you run your business easier. The enterprise edition package handles:
• Operations
•Sales
• Field Service
• Project Service Automation
•Customer Service

And all from one integrative, communicative, familiar platform extended further with Power Bi, Power apps and Flow functionality with a managed environment, telemetry and much more.

Workspace: The workspace or dashboard is a list of your most commonly used items; if you cannot find what you need on the workspace the module will have it.

Dashboard: A user interface that organizes and presents your job functions information in a way that is easy to read.

Recently Viewed: A list of all links that have been recently viewed in the software.

Module: Functional compartments of the software; 33 in total allowing access to anything your job functions require from accounts payable to warehouse management.

The software is designed to make your work life easier, and your employees happier. That is a winning combination for your business. An example of this is exemplified in the dashboards and workspaces alone.
These two features alone can increase productivity by as much as 40% considering a worker’s time is lost when switching between tasks. This productivity waste costs the global economy $450B per year.

Watch this video for a taste of Power Bi reporting?

What is the difference between Dynamics 365 for Operations and Dynamics 365 Financials?

Dynamics 365 has two editions, Enterprise and Business editions. The Enterprise edition is optimized for 250+ employees and includes the capabilities of Dynamics CRM Online and Dynamics AX products that existed in market pre Q4CY16. The Business edition is optimized for 10-250 employees and includes Dynamics 365 for Financials. Business edition and is not inclusive of Dynamics GP, Dynamics NAV or Dynamics SL.

What is the difference between Dynamics 365 Enterprise Plan 1 and Plan 2?

Enterprise Edition Plan 1 gives you the flexibility to work with any app functionality. Plan 1 includes flexibility to use Dynamics 365 for Sales, Dynamics 365 for Field Service, Dynamics 365 for Customer Service, Dynamics 365 for Project Service Automation, and full PowerApps P2. Licensing becomes simpler because all Plan 1 business application rights are included.

Why would I need Plan 2?

Plan 2 adds Microsoft Dynamics 365 for Operations to the Enterprise edition of Dynamics 365. Dynamics 365 for Operations provides cloud-based ERP designed to help your entire enterprise work smarter with connected systems—including financials, demand planning, supply chain management, project management, project accounting, human resource management, retail, and much more.

Where did CRM go?

CRM is alive and well, but is packaged differently since the release of Dynamics 365 Enterprise and Business Editions. Dynamics 365 delivers the full spectrum of CRM through five individual apps— Sales, Customer Service, Field Service, Project Service Automation, and Marketing —that work seamlessly together. So you can implement just what your business needs now, and add others as those needs grow.

When you are a current Dynamics CRM Online customer you’ll find that converting to Dynamics 365 will require considerable thought. There is no direct relationship between the previous structure and the new structure. Instead of levels (essential, basic and professional), you’re now providing access to users based on their job function. In the end, it is a better fit all around but reaching out to your partner or Indirect CSP for help will make life much easier.

A Dynamics 365 (online) subscription doesn’t include Office 365 applications such as Exchange Online or SharePoint Online. You can significantly enhance your company’s online, collaborative experience by integrating Office 365 applications with your Dynamics 365 (online) subscription. However, that requires a separate purchase.
Is Dynamics AX still for sale?

Microsoft has recently extended the mainstream support date of AX 2012 R3 to October 2021. This is perfect for companies who have recently implemented AX 2012 R3 and those requiring more time to migrate to AX7 and Microsoft Azure.

Dynamics 365 for Operations will be available to purchase on-premise starting this month, June 2017 The special caveat to remaining on premise is as follows: The on-premise data will not benefit from Microsoft’s intelligence capabilities of embedded analytics, machine learning, or other capabilities available to cloud subscribers. An Azure AD tenant will be needed.

Synergy Software Systems has been leveraging the power of Microsoft Dynamics AX since the pre-cloud days when Dynamics 365 for Operations was called Axapta and we have implemented and supported it for 15 years since v 2.5. Synergy Software Systems has also implemented and supported Dynamics CRM since its launch for almost 10 years. That reflects our partnership with Microsoft since 1993.

European Union General Data Protection Regulation (GDPR) – 2018 what should GCC countries consider?

May 30th, 2017 by Stephen Jones No comments »

The UAE Ministry of Economy is raising awareness among private sector companies of the need to be ready for new European data protection rules, which comes into force one year from now.

The European Union General Data Protection Regulation (GDPR) is set to become law by May 2018. The new rules govern all companies in Europe, as well as all companies trading with European companies and individuals.

The GDPR was drafted to “harmonise the protection of fundamental rights and freedoms of natural persons in respect of processing activities and to ensure the free flow of personal data between Member States

The law includes strong penalties for either misuse of data, or failure to protect the personal data of customers, with fines of up to 4% of annual turnover, or 20m euros ($22m).

HE Juma Mohammed Al Kait, Assistant Undersecretary for Foreign Trade at the Ministry of Economy, noted that the regulation issued by the EU aims to protect the data of every individual in the EU.

This not only impacts companies operating in European countries, but includes all institutions and companies that conduct business, trade and investment activities within EU countries, including the UAE business sector linked with European trade relations.

Due to this, the Ministry is working on deepening its knowledge about the new legislation, its provisions and requirements, and aims to reconcile its operational procedures with European authorities, in adherence with the framework of the GDPR, before May 2018.

Al Kait emphasized the EU is one of the UAE’s most important trade partners. Trade between the two sides generated $65.8 billion in 2016 alone. The UAE has become one of the top 10 destinations for EU exports, and is home to over 41,000 European companies, in addition to over 121,000 EU citizens.

Penalties will also apply to information controllers and processors, including cloud software companies.

The new legislation also outlines terms of approval for the use of data, to prevent companies from using legally illegitimate terms, and gives both parties the ability to easily withdraw if desired.

The compliance world will change dramatically for a number of GCC organizations on 25 May 2018. In just over one year’s time GCC organizations that:
1.have a branch, subsidiary or single representative in the European Union (“EU”);
2.do not have a physical presence in the EU, but offer goods or services to data subjects in the EU; or
3.neither have a physical presence in the EU nor offer goods or services to people in the EU, but monitor the online behavior of data subjects in the EU, will have to ensure that they are complying with the European Union General Data Protection Regulation (“GDPR”).

Who is likely to be affected?

Based on the test set out in the GDPR, the new regulations will likely apply to a significant number of entities in this region.
Obvious examples include:
– major airlines that fly to and from the EU,
- hotel and tourism operators who promote travel to the region to EU data subjects,
- regional banks and other financial service companies that have branches in the financial centres in the EU and online.

Less obvious examples include:
- e-commerce companies that are able to accept payments in euros and deliver to the EU
- mobile apps that can be downloaded by users in the EU and which have access to a user’s contacts, photos or location data.

All of these businesses may need to comply with the GDPR and to mitigate the risk and cost of failure to do so.
If your organization is affected it has three main options:
1. wait and see i.e. do nothing (not advisable);
2.consider what it needs to do to ensure that it does not fall within the scope of the GDPR;
3. take immediate steps to prepare to comply with the GDPR .

For option (2), if your organization does not have an establishment in the EU and does not need to target or monitor EU data subjects then you ight consider making it very clear that your website or app is not for use by EU users (e.g. including geo-blocking EU data subjects).

for option (3), if you have not started the process of ensuring compliance by now, then there is a lot to do.

1.monitor business to consumer business practices, including:
- conducting a data protection audit,
- examining the legal basis on which it processes personal data and updates its privacy policies;
2.monitor internal business practices, including:
- review and update of agreements with data processors,
- implement processes for adoption of pseudoanonymization and privacy by design
- considering the legal basis on which it transfers personal data between jurisdictions;
3.establish compliant accountability processes, including”
- processes for record keeping,
- appointment of a data protection officer or EU representative and dealing with data subjects;
4.invest in infrastructure, including:
- how to determine the severity, and impact on data subjects of a data breach
- to establish robust security processes and procedures for notifying regulatory authorities and data subjects -

The need for compliance, especially for longer-term projects such as records of processing and compliant contracting, must be addressed as soon as is practicable.

Businesses that either operate, target customers or monitor individuals in the EU should :
• Audit: to identify key remediation areas.
• Record of Processing: This mandatory record will require significant internal resources, but will also help to plan and implement GDPR processes. .
• Consider Contract Renegotiations: The GDPR requires that contracts with data controllers include additional obligations. As companies come to renegotiate contracts, ensure that adequate data protection clauses are added.
• Review and update, where necessary, employee notices to be GDPR compliant. If you currently conduct criminal records checks, then review national laws where you operate to ensure you can continue to do so . There is an emphasis on transparency in the GDPR. Notices must be clear, concise and informative. Employees must be adequately informed of all data processing activities and data transfers and the information set out in Articles 13 to 14 must be provided. Criminal records can no longer be processed unless authorized by member state law.

Consider whether your organization is processing any sensitive personal data and ensure the requirements for
processing such data are satisfied While the grounds for processing are broadly the same as those set out
in the current Data Privacy Directive, the GDPR imposes new requirements to gain valid consent. Consent can be withdrawn at any time and systems must be able to handle withdrawal request.

• Review and update, where necessary, customer notices to be GDPR compliant
• Consider whether your notices have to accommodate “child-friendly requirements”. he GDPR requires parental consent for the processing of data related to information society services offered to a “child” (ranging
from 13 to 16 years old depending on the member state.
• Data privacy rights. The current rights to request access to data or require it to be rectified or deleted have been expanded to include a much broader right to require deletion (“the right to be forgotten”), a right not just to access your data but have it provided to you in a machine readable format (“data portability”). Versions of the existing right to object to any processing undertaken on the basis of legitimate interests or for direct marketing and the right not to be subject to decision based on automated processing are also included and expressly refer a right to object to profiling.
These must be clearly communicated in the notices given to data subjects, e.g. privacy policy
• Privacy by design. Ensure processes are in place to embed privacy by design into projects (e.g. technical and organizational measures are in place to ensure data minimization, purpose limitation and security)

Consider what data you hold in emails, in CRM systems, Social media.
What should be your data access use and retention policies?

Personally I think it will be great if this is a way to prosecute the perpetrators of all the spam nd phishing emails I get or at least to remove data form their lists!

VAT registration nears for the GCC – what should you be doing now – contact Synergy Software Systems

May 29th, 2017 by Stephen Jones No comments »

VAT (Value Added TAX), which is also called as ‘tax on consumption’ , is a tax that is payable while purchasing any product. VAT is applied as particular percentage of the cost of goods and services, hence it can not be considered as a charge on companies. It is a general tax amount, which is added by the producer to the inputs before they are sold as new offerings.

All UAE businesses subject to the Value-Added Tax have to submit their tax declaration statements on a quarterly basis after the VAT law goes into effect starting January 2018, according the Ministry of Finance.

The threshold for VAT registration put at Dh375,000 as per the ministry’s announcement this week.
It is optional to register between Dh187,500 and Dh375,000 .

UAE businesses will be able to start VAT registration in Q3 2017 and it is compulsory to be registered by Q4 2017.

Businesses will be able to register online using eServices.

The UAE businesses, subject to the tax, have to keep all files that allow competent authorities to audit their transactions and commercial activities, with the nature of the needed documents to be announced over the coming period. Businesses will be required to keep records which will enable the authorities to identify the details of the business activities and to review transactions. The specifics regarding the documents which will be required and the time period for keeping those will be communicated in due course.

Review your finance systems’ readiness for rapid implementation to meet these requirements. There will be a shortage of skilled consultants, and there are several holidays (EID, Diwali, Christmas, New Year, National Day etc. its also budget time, and preparation for year end audits,to fit in during the last quarter. Allow time for collection of your trading partners VAT registration ids, for report development and update, for testing and for staff training.

All six of the GCC member states: Saudi Arabia, Qatar, Oman, Kuwait, the UAE and Bahrain – have now signed and approved the VAT framework.

Registered businesses will be expected to submit VAT returns on a regular basis. It is expected that the default period for filing VAT returns will be three months for the majority of businesses. Registered businesses will be able to file their returns online using eServices.

Exemptions:
We understand that:
Health, education services, international transportation, import gold for investment purposes, commodities and exports are exempted from VAT in UAE.
Residential buildings for sale or lease during the first three years in which the building is completed, some financial services and empty plots of land are also exempted from VAT.

The GCC Member States will appreciate the VAT on financial provisions. The Banks and Financial House are ineligible for VAT in terms of the services provided, instead, they might be eligible for input tax based on tax recovery rates determined by each Member State.

The Federal Tax Authority has also announced a 100 per cent tax on tobacco, energy drinks and 50 per cent on carbonated beverages. This is separate from VAT.

The General Authority for Zakat and Income Tax (GAZT) in KSA reportedly warned businesses, during an awareness session that took place at the Riyadh Chamber of Commerce on Monday 16 May 2017, that penalties will be applicable in the cases of violation of VAT laws and regulations.

Penalties

The following types of Penalties will apply in each of the following cases:
• Case 1: Businesses required to register for VAT and that fail to register shall be liable to double the net tax due.
• Case 2: Committing an error in filling the tax return shall result in paying an additional 50% of net tax declared.

• Case 3: Exaggerated tax refund claims shall be subject to a penalty 50% of the original amount reported.
• Case 4: Late filing of tax return would result in a penalty of SAR 1,000 and an extra 5 to 20% of the unpaid tax. The percentage varies depending on the number of days of delay.
• Case 5: Non-registered person who issue an invoice with VAT shall pay SAR 1,000 or double the amount of the net tax (whichever is higher).
• Case 6: Not keeping records of the required documents shall result on a penalty of SAR 1,000 or 2% of the monthly average taxable supplies (whichever is higher).
• Case 7: Non-compliance with GAZT inquiries in providing relevant information shall result in a penalty of SRA 1,000 or 2% of the average monthly taxable supplies (SAR 20,000 maximum) or whichever is higher.

Ramadan 2017 starts soon – Ramadan Kareem to all of our readers -Synergy Software Systems

May 25th, 2017 by Stephen Jones No comments »

The holy month of Ramadan is expected to start this weekend. “The Saudi Supreme Court has already called on all Muslims throughout the Kingdom of Saudi Arabia to sight the crescent of the Holy Month of Ramadan on Thursday, May 25- it is expected that Ramadan will officially start on either Friday or Saturday.

During this period of fasting and spiritual reflection there will be several changes to our office routine:
Those working at site will work client hours
Our offices will be closed on Fridays and Saturdays until end of Ramadan.
From Sunday to Thursday our work hours will be 9 am-5pm

\Visitors will be provided with water in the conference room at their request, but will otherwise generally not be offered refreshment.

Some Guidance for those new to the region.
It is very easy to forget in hot weather that there are cultural norms and that authorities and others will be offended if these are not followed. It is a difficult enough time in this climate for those who fast, so please show due respect. You may well be stopped by the police for e.g. drinking a bottle of water in your parked car, or you may offend others by eating sweets, or your own food.

This is a very difficult time due to the hot, humid weather, which is expected to get a lot hotter, and we encourage you all to take adequate drinks of water at the appropriate times.

Dress code: Dubai has fairly relaxed standards that it is a tourist destination, but please be extra aware of the need to behave and dress with modesty and decorum and respect in this period.

Public shops and restaurants. Opening hours may be amended because those too will have shorter working hours – so plan ahead. In most cases shops will open after Iftar and will stay open much later than usual.

Alcohol sales, and public entertainment, music etc. will be stopped.

Some restaurants and shops may serve takeaway food during daylight hours, but will not be open for sit down meals.Some hotels may have segregated screened areas where food can be obtained.

Clinics, doctors, pharmacies etc. may also have reduced working hours.

Travel
Paid parking zones in Dubai,
The tariff will apply to all car parks (Zone: A, B, C, D, and G) from Saturday to Thursday at two periods:
from 08:00 am to 05:00 pm,
and from 07:00 pm to 12:00 (midnight).
The tariff will apply to the parking of the:
Dubai Silicon Oasis (Zone H), Saturday to Thursday, from 08:00 am to 10:00 pm,
Tecom (Zone F), Saturday to Thursday, from 08:00 am to 06:00 pm,
Fish Market (Zone E) from 08:00 am to 11:00 pm daily from Saturday to Friday,

Bus services
Public bus main stations, like Gold Souq Station, will open from 04:25 am to 12:00 (midnight)
Al Ghubaiba Station from 04:30 am to 12:00 (midnight).
Subsidiary stations, like Al Satwa, will operate from 04:57 am to 11:35 pm, and Route C01 will operate around-the-clock at Satwa.
Al Qusais Station will open 04:30 am to 12:00 (midnight),
Al Quoz Industrial Station will operate from 05:00 am to 11:30 pm,
Jebel Ali Station will be offering service from 05:00 am to 12:00 (midnight).

Stations of Metro Link buses, such as Al Rashidiya, Mall of the Emirate, Ibn Battuta, Burj Khalifa-Dubai Mall, Abu Hail and Etisalat, will open from 05:00 am to 12:20 am (past midnight).
The timing of all Metro Link buses will match the timing of the metro service.

Inter-city bus stations will operate in Ramadan as follows:
Main stations like Al Ghubaiba will operate around-the-clock to Sharjah (Jubail), and from 4:30 AM to 12:00 midnight to Abu Dhabi.
• Subsidiary stations, like Union Square, will operate from 04:35 am to 01:25 am (of the following day).
• Al Sabkha Station will open from 06:15 am to 01:30 am (of the following day).
• Deira City Centre Station will open from 05:35 am to 11:30 pm,
• Karama Station will open from 06:10 am to 10:20 pm,
• Al Ahli Club Station will open from 05:55 am to 10:15 pm .
• External stations, like Sharjah Al Taawon, will operate from 05:30 am to 10:00 pm,
• Fujairah Station will open from 05:15 am to 09:30 pm,
• Hatta Station from 05:30 am to 09:30 pm, and Ajman Station from 04:27 am to 11:00 pm.

Metro services
Dubai Metro services, the Red Line stations will run service in Ramadan from Saturday to Wednesday from 05:30 am to 12:00 (midnight).
On Thursday, stations will open from 05:30 am to 01:00 am (of the following day)
On Friday from 10:00 am to 01:00 am (of the following day).
There will be no change in the timing of the Express Metro service during Ramadan.
The Green Line stations will operate in Ramadan from Saturday to Wednesday from 05:50 am to 12:00 (midnight).
On Thursday, stations will operate from 05:50 am to 01:00 am (of the following day)
On Friday from 10:00 am to 01:00 am (of the following day).

Dubai Tram
The Dubai Tram will operate from Saturday to Thursday from 06:30 am to 01:00 am, and on Friday from 09:00 am to 01:00 am (of the following day).

Marine transport
The schedules of marine transit services during Ramadan :
The Water Bus will shuttle in marina stations (Marina Mall, Marina Walk, Marina Terrace, Marina Promenade) from 12:00 at noon up to 12:00 midnight.
The Water Taxi will operate from 09:00 am until 10 pm.
Dubai Ferry will be calling at Ghubaiba Station at 11:00 am and 06:30 pm.
The Ferry will operate from Marina at 11:00 am, 05:00 pm and 06:30 pm.
From Al Jaddaf Station to Dubai Water Canal Station, the Ferry will be running service at 10:00 am and 05:30 pm
From Dubai Water Canal Station to Al Jaddaf Station at 12:05 at noon and 07:35 pm.

The timing of Abra during Ramadan will be as follows:
Traditional Abra will operating at (Ghubaiba, Baniyas, and Dubai Old Souq), from 10:00 am until 12:00 (midnight).
At Al Jaddaf Station, Dubai Festival City, it will operate from 07:00 am to 12:00 (midnight).
At the Sheikh Zayed Road Station (Dubai Water Canal), it will operate from 08:00 pm to 02:00 am (of the following day).
The Electric Abra will be operating at Burj Khalifa/Dubai Mall from 08:00 pm until 11:30 pm,
At Al Mamzar from 08:00 pm to 02:00 am (of the following day).

Testing centres
Technical testing centres run by suppliers will offer services in respect of light vehicles during Ramadan in the morning only without prior appointment. Technical testing services of heavy vehicles will be offered in the morning and evening.

The business hours of strategic partners’ centers will be as follows:
Tasjeel Enoc (Al Qusais, Al Awir, Al Barsha, Al Tawar and Warsan) from Saturday to Thursday will be open in two shifts. In the morning from 08:00 am to 04:00 pm and in the evening from 09:00 pm to 02:00 am (of the following day).
Hatta Center will open from 09:00 am to 03:00 pm,
Jebel Ali Centre will open from 08:00 am to 04:00 pm.

Emarat, Shamil, Al-Adid, Wasl, Al-Muhaisna, Nad Al Hamar, Al Jaddaf and Al Arabi Centers will open from Saturday to Thursday on two shifts. In the morning from 09:00 am to 04:00 pm and in the evening from 09:00 pm to 02:00 am (of the following day).

Quick Registration Centre will also open in two shifts:
In the morning from 09:00 am to 05:00 pm and in the evening from 09:00 pm to 03:00 am (of the following day).
PAL Garage will open from 09:00 am to 04:00 pm,
Al Shirawi Enterprises Centre will open from 09:00 am to 05:00 pm.
Al Mumayaz Centre will open from Saturday to Thursday (at Al Mizhar Markets and Al Barsha Mall) on two shifts.
In the morning, it will open from 09:00 am to 04:00 pm and in the evening from 09:00 pm to 01:00 am (of the following day).
Tamam Speedfit & Cars Centers will open from Saturday to Thursday on two shifts.
In the morning, they will open from 09:00 am to 04:00 pm and in the evening from 09:00 pm to 02:00 am (of the following day).

Centres that will open on Friday during Ramadan are: Tasjeel Enoc (Al Qusais and Al Barsha) from 09:00 pm to 02:00 am (of the following day); they will offer VIP Service for processing transactions only.
Wasil-Al Arabi Centre will open on Friday from 09:00 pm to 02:00 am (of the following day),
Quick Registration Centre will open from 09:00 pm to 03:00 am (of the following day).

Health.
Those who are fasting from early morning need to be aware of the risk of fatigue or feinting especially if driving long distances and should adjust their meal times and sleeping hours.

With an earlier finish we may all get a lot more exposure to sunlight. Take care to avoid overexposure. We are close to the equator and the sun’s radiation is much stronger here than is generally realized even on a cloudy day. Protect your eyes with sunglasses, if you are fair skinned then also consider sun cream, or long sleeves or a parasol and/or a hat. The locals cover themselves from head to foot for good reason. Long distance driving e.g. to Abu Dhabi also creates risk of overexposure.

Service centres
Customers’ happiness centres will be operating from Sunday to Thursday at different times.
Umm Al Romool, Al Barsha, Deira and Al Kafaf Centers will open from 09:00 am to 02:00 pm.
Al Tawar, Al Manara, and Al Awir Centers will operate from 09:00 am to 05:00 pm.

Some general Ramadan Do’s and Don’ts
DO… make the most of the community spirit. Say ‘Ramadan Kareem’ to friends and colleagues, introduce yourself to those neighbours to whom ‘you’ve always meant to say ‘hi , organise an after-work iftar, and catch up with friends and family.
DO… understand that many locals become a night owl. Everything happens later during Ramadan. Malls are open past midnight and suhoors go into the early hours.
email responses may take longer, and it may take a little more planning to process visas, or just about any other government business transaction if their working hours are reduced
DO… your bit for a good cause. Ramadan is a good time to put your money where your mouth is. The UAE has a wide range of charitable and volunteering organisations.
DON’T… forget the ‘rules.
If you’re not a Muslim, then they still apply – you’re still expected to be respectful.
It’s frowned upon to dress inappropriately, eat, drink or smoke during daylight, play loud music or swear in public. At the very least these things are frowned upon and will cause discomfort to others, and at worst you may find yourself in trouble with the police or fined.
DON’T… lose your patience. Working hours are likely to be shorter (and perhaps a little less productive), those who are fasting tend to be tired, and the UAE’s roads will be more hectic at times.

سائلين الله عـز وجـل أن يرزقكـم فيه مغـفـره ورحمه وعتق من النار.
We ask ALLAH Almighty to bless you with forgiveness and mercy and freedom from fire

May all your prayers be answered.

Dynamics 365 Talent leverages LinkedIn -coming soon.

May 20th, 2017 by Stephen Jones No comments »

In a recent post we announced details about the Linked-in Sales Navigator: http://www.synergy-software.com/blog/?p=5707 following Microsoft’s blockbuster acquisition of LinkedIn last year,

Dynamics 365 will also include features for Human Capital Management (HCM). Earlier this month, Microsoft announced its new Talent application for Dynamics 365 which is scheduled for release from July 2017 as a standalone cloud-based HCM application that includes Human Resources (HR) admin, workforce planning and employee experience capabilities and utilizes Microsoft Common Data Services as the data storage and extensibility model (i.e. it is not directly part of either CRM, and you need to on cloud to use it.).

Some of these capabilities are built out from the HCM capabilities of the Dynamics 365 ERP Operations app / Dynamics AX which will retain that existing functionality.

Microsoft has highlighted two new HCM workflows: for candidate engagement, and for employee on-boarding that will be exclusively available to Dynamics 365 Talent, and that leverage the LinkedIn integration.

to see a Technical preview register your details here: https://info.microsoft.com/get-updates-for-dynamics365-talent-app-register.html

Talent Engagement

When hiring new staff HR teams have many disconnected sources of data: LinkedIn profiles, CV’s, portfolios of work and actual job applications all of which need to be matched to the selection criteria for each role.

Without visibility of a complete candidate profile, time is lost to build up a profile from these various sources, or is wasted on interviewing unsuitable candidates.

Connecting directly to LinkedIn Recruiter, Dynamics 365 Talent will offer a more complete human resources profile that also connects Office 365 and that will make the hiring process more transparent for HR professionals. Using LinkedIn Recruiter, teams will be able to define the criteria for a job role: location, skills, spoken languages and job titles etc to find prospective, matching candidates:

Within the Dynamics 365 Talent interface, hiring managers can easily see what both internal and external recruiters are doing thanks to new integration with LinkedIn. This will for example show which individuals applied for the role, and the current stage of the process for each candidate. Each candidate’s LinkedIn profile, including their application detail, is integrated and accessible directly from Dynamics 365 for HR teams from both desktop and mobile devices.

From this interface to Dynamics 365 Talent, use Office 365 integration to check the availability for all members of the interview team to suggest suitable times to set up interviews in the hiring team’s schedule. Send out Calendar invites from Dynamics 365 to each party and track these and the invitation responses:

Provide feedback about candidates which is shared with everyone involved in the hiring decision within Dynamics 365 Talent to help identify which individual(s) will be made an offer.

Employee On-Boarding

Hiring the right people doesn’t necessarily mean an appointment will be successful and high attrition from new starters is costly in terms of the recruitment costs and lost productivity.

The new, on-boarding experience, provided by Dynamics 365 Talent provides added support to manage these logistics. in the launch event, Microsoft demonstrated how Dynamics 365 will streamline on-boarding processes to help new employees get started so they fit in with the organisation’s culture, and quickly contribute to its growth.

These capabilities include on-boarding templates, that feature a series of activities which need to be completed by HR teams and successful candidates prior to their arrival. For example, this running background checks on the individual and following up references, or getting the candidate to provide their national insurance details, send an employment tax summary from their previous employment, submit visa information, or complete a non-disclosure agreement.

This provides clear visibility from a single interface about the state of readiness for both the candidate, and the organisation ahead of the employment start date. Templates can also be used to share more information that will prepare the individual for their first day. This could include logistical detail such as parking information and building security processes, details of the training they will need to complete and more detail about organisation and its values, e-polices, office access out of hours, claiming expense, reporting absence etc. This content can also provide more information about their role, and how this contributes to the success of the business.

Leveraging LinkedIn integration, the on-boarding template can also introduce the individual to their new work colleagues enabling them to connect with these contacts ahead of their arrival. This will also highlight other contacts within the organisation who they may already know, this can include individuals who attended the same school, or who also worked previously for the same employer. Once defined, adapt each template and re-use for future on-boarding processes.

With access to the respective skills, qualifications and past experiences of staff using LinkedIn data that will enrich Dynamics 365 this will likely evolve to enable individuals to be more accurately matched to projects. It will be interesting to see how this eventually works with the Dynamics 365 project service to go beyond its existing skill ratings functionality. Already it is clear that these new connected capabilities will help organisations to strategically hire the right people and nurture them for mutual success.

LinkedIn announced last month that it had “crossed an important and exciting milestone” by reaching a half billion users across 200 different countries, compared to the 467 million the company reported in October. “A professional community of this size has never existed until now,” noted Aatif Awan, vice president for growth and international products, in a LinkedIn blog post .

The United Arab Emirates, is the country with the most connected users, with an average of 211 connections each, while London is the most connected major city, with an average of 307 connections per user.

Power BI premium is now available

May 20th, 2017 by Stephen Jones No comments »

The introduction this month of Power BI Premium promises greater flexibility in terms of: licensing, scaling and ease of deployment. See the announcement on powerbi.microsoft.com,

The license flexibility gives Organizations greater control over its user’s level of access, fully enabling capabilities for some, while others who just need to view and interact with reports will be able to do so without licenses.

Similar to many other Microsoft cloud-based products and services like Dynamics 365, Power BI Premium comes with greater scalability, to allow organizations to scale up or down based on their changing business needs over time.

Premium also provides the ability to manage Power BI reports on-premises with Power BI Report Server.
Power BI Report Server on-premises is fully compatible and cloud-ready. This is particularly of interest for those looking into a Local Business Data (on-premises) deployment of Dynamics 365 for Operations. The new service will be generally available late Q2 2017.

Microsoft has also just released the new Process Analyzer Content Pack for Power BI for Dynamics 365 Version 8.2 and higher. Use this content pack to monitor and analyze your business processes based on the detailed process information stored in your Dynamics 365 system.

There was also a recently introduced Microsoft Power BI content pack for Social Engagement with a new Engagement Analytics report; and of course there still tne Engagement Performance and Team Performance reports previously released.

The Engagement Analytics report provides additional insights regarding engagement on social media with metrics based on location, sentiment, tags and authors. The data model is also enhanced to include these additional dimensions to give more power to explore and to analyze your Social Engagement data.

Deal with WannaCrypt ransomware

May 15th, 2017 by Stephen Jones No comments »

To get the latest protection from Microsoft, upgrade to Windows 10.
Keep your computers up-to-date to get the benefits of the latest features and proactive mitigations built into the latest versions of Windows.

Microsoft Malware Detection and Removal Tools

Use the following free Microsoft tools to detect and remove this threat:

• Windows Defender – built-in to Windows 10. There’s nothing to buy and nothing to install. No configuration, no subscriptions, and no nagware
• Microsoft Safety Scanner: https://www.microsoft.com/security/scanner/en-us/default.aspx?wt.mc_id=AID618806_EML_5062822

(The Microsoft Safety Scanner is a free downloadable security tool that provides on-demand scanning and helps remove viruses, spyware, and other malicious software. It works with your existing antivirus software. Note: The Microsoft Safety Scanner expires 10 days after being downloaded. To rerun a scan with the latest anti-malware definitions, download and run the Microsoft Safety Scanner again.The Microsoft Safety Scanner is not a replacement for using an antivirus software program that provides ongoing protection.)

Also view :
• Microsoft Security Response Center Blog
• Microsoft Malware Protection Center Blog
• Microsoft Safety and Security Center webpage

We recommend customers that have not yet installed the security update MS17-010 do so as soon as possible. Until you can apply the patch, we recommend two possible workarounds to reduce the attack surface:
• Disable SMBv1 with the steps documented at Microsoft Knowledge Base Article 2696547 (Reboot Required)
• Consider adding a rule on your router or firewall to block incoming SMB traffic on port 445

Windows Defender Antivirus detects this threat as Ransom:Win32/WannaCrypt as of the 1.243.297.0 update.

Enable Windows Defender Antivirus to detect this ransomware.
Windows Defender Antivirus uses cloud-based protection, to help protect you from the latest threats.

Use Office 365 Advanced Threat Protection, which has machine learning capability that blocks dangerous email threats, such as the emails carrying ransomware.

Monitor your network with Windows Defender Advanced Threat Protection, which alerts security operations teams about suspicious activities.

For enterprises, use Device Guard to lock down devices and provide kernel-level virtualization-based security, allowing only trusted applications to run, effectively preventing malware from running.

A ransomware threat does not normally spread so rapidly. Threats like WannaCrypt typically leverage social engineering or emails as primary attack vector, relying on users downloading and executing a malicious payload. However, in this unique case, the ransomware perpetrators incorporated publicly-available exploit code for the patched SMB EternalBlue vulnerability, CVE-2017-0145, which can be triggered by sending a specially crafted packet to a targeted SMBv1 server.
It was fixed in security bulletin MS17-010, released on March 14, 2017.

WannaCrypt’s spreading mechanism is borrowed from well-known public SMB exploits, which armed this regular ransomware with worm-like functionalities, creating an entry vector in machines still unpatched even after the fix had become available.

The exploit code used by WannaCrypt was designed to work only against unpatched Windows 7 and Windows Server 2008 (or earlier OS) systems, so Windows 10 PCs are not affected by this attack.

We haven’t found the exact initial entry vector used by this threat, but there are two scenarios that we believe are highly likely for this ransomware family:
• Arrival through social engineering emails designed to trick users to run the malware and to activate the worm-spreading functionality with the SMB exploit
• Infection through SMB exploit when an unpatched computer can be addressed in other infected machines

The threat arrives as a dropper Trojan that has the following two components:

• Ccomponent that tries to exploit the SMB EternalBlue vulnerability in other computers
• Ransomware known as WannaCrypt

The dropper tries to connect the following domain using the API InternetOpenUrlA():
hxxp://www[.]iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea[.]com

When connection is successful, the threat does not infect the system further with ransomware, nor try to exploit other systems to spread; it simply stops execution. However, when the connection fails, the dropper proceeds to drop the ransomware and creates a service on the system.

Blocking the domain with firewall either at ISP or enterprise network level will just cause the ransomware to continue spreading and encrypting files.

The threat creates a service named mssecsvc2.0, whose function is to exploit the SMB vulnerability in other computers accessible from the infected system:

Service Name: mssecsvc2.0
Service Description: (Microsoft Security Center (2.0) Service)
Service Parameters: “-m security”

When run, WannaCrypt creates the following registry keys:

• HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\ = “\tasksche.exe”
• HKLM\SOFTWARE\WanaCrypt0r\\wd = “

It changes the wallpaper to a ransom message by modifying the following registry key:
• HKCU\Control Panel\Desktop\Wallpaper: “\@WanaDecryptor@.bmp”

It creates the following files in the malware’s working directory:

• 00000000.eky • 00000000.pky
• 00000000.res

• 274901494632976.bat
• @Please_Read_Me@.txt
• @WanaDecryptor@.bmp
• @WanaDecryptor@.exe
• b.wnry
• c.wnry
• f.wnry
• m.vbs
• msg\m_bulgarian.wnry
• msg\m_chinese (simplified).wnry
• msg\m_chinese (traditional).wnry
• msg\m_croatian.wnry
• msg\m_czech.wnry
• msg\m_danish.wnry
• msg\m_dutch.wnry
• msg\m_english.wnry
• msg\m_filipino.wnry
• msg\m_finnish.wnry
• msg\m_french.wnry
• msg\m_german.wnry
• msg\m_greek.wnry
• msg\m_indonesian.wnry
• msg\m_italian.wnry
• msg\m_japanese.wnry
• msg\m_korean.wnry
• msg\m_latvian.wnry
• msg\m_norwegian.wnry
• msg\m_polish.wnry
• msg\m_portuguese.wnry
• msg\m_romanian.wnry
• msg\m_russian.wnry
• msg\m_slovak.wnry
• msg\m_spanish.wnry
• msg\m_swedish.wnry
• msg\m_turkish.wnry
• msg\m_vietnamese.wnry
• r.wnry
• s.wnry
• t.wnry
• TaskData\Tor\libeay32.dll
• TaskData\Tor\libevent-2-0-5.dll
• TaskData\Tor\libevent_core-2-0-5.dll
• TaskData\Tor\libevent_extra-2-0-5.dll
• TaskData\Tor\libgcc_s_sjlj-1.dll
• TaskData\Tor\libssp-0.dll
• TaskData\Tor\ssleay32.dll
• TaskData\Tor\taskhsvc.exe
• TaskData\Tor\tor.exe
• TaskData\Tor\zlib1.dll
• taskdl.exe
• taskse.exe
• u.wnry

WannaCrypt may also create the following files:

• %SystemRoot%\tasksche.exe
• %SystemDrive%\intel\\tasksche.exe
• %ProgramData%\\tasksche.exe

It may create a randomly named service that has the following associated ImagePath: “cmd.exe /c “\tasksche.exe”"

Then it searches the whole computer for any file with any of the following file name extensions:
.123, .jpeg , .rb , .602 , .jpg , .rtf , .doc , .js , .sch , .3dm , .jsp , .sh , .3ds , .key , .sldm , .3g2 , .lay , .sldm , .3gp , .lay6 , .sldx , .7z , .ldf , .slk , .accdb , .m3u , .sln , .aes , .m4u , .snt , .ai , .max , .sql , .ARC , .mdb , .sqlite3 , .asc , .mdf , .sqlitedb , .asf , .mid , .stc , .asm , .mkv , .std , .asp , .mml , .sti , .avi , .mov , .stw , .backup , .mp3 , .suo , .bak , .mp4 , .svg , .bat , .mpeg , .swf , .bmp , .mpg , .sxc , .brd , .msg , .sxd , .bz2 , .myd , .sxi , .c , .myi , .sxm , .cgm , .nef , .sxw , .class , .odb , .tar , .cmd , .odg , .tbk , .cpp , .odp , .tgz , .crt , .ods , .tif , .cs , .odt , .tiff , .csr , .onetoc2 , .txt , .csv , .ost , .uop , .db , .otg , .uot , .dbf , .otp , .vb , .dch , .ots , .vbs , .der” , .ott , .vcd , .dif , .p12 , .vdi , .dip , .PAQ , .vmdk , .djvu , .pas , .vmx , .docb , .pdf , .vob , .docm , .pem , .vsd , .docx , .pfx , .vsdx , .dot , .php , .wav , .dotm , .pl , .wb2 , .dotx , .png , .wk1 , .dwg , .pot , .wks , .edb , .potm , .wma , .eml , .potx , .wmv , .fla , .ppam , .xlc , .flv , .pps , .xlm , .frm , .ppsm , .xls , .gif , .ppsx , .xlsb , .gpg , .ppt , .xlsm , .gz , .pptm , .xlsx , .h , .pptx , .xlt , .hwp , .ps1 , .xltm , .ibd , .psd , .xltx , .iso , .pst , .xlw , .jar , .rar , .zip , .java , .raw

WannaCrypt encrypts all files it finds and renames them by appending “.WNCRY” to the file name. For example, if a file is named “picture.jpg”, the ransomware encrypts and renames to “picture.jpg.WNCRY”.

This ransomware also creates the file “@Please_Read_Me@.txt” in every folder where files are encrypted. The file contains the same ransom message shown in the replaced wallpaper image. After completing the encryption process, the malware deletes the volume shadow copies by running the following command:

cmd.exe /c vssadmin delete shadows /all /quiet & wmic shadowcopy delete & bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog -quiet

It then replaces the desktop background image with a message and also runs an executable showing a ransom note which indicates a $300 ransom and a timer. The ransomware also demonstrates the decryption capability by allowing the user to decrypt a few random files, free of charge. It then quickly reminds the user to pay the ransom to decrypt all the remaining files. The worm functionality attempts to infect unpatched Windows machines in the local network. At the same time, it also executes massive scanning on Internet IP addresses to find and infects other vulnerable computers. This activity results in large SMB traffic from the infected host, which normally can be observed by SecOps personnel.

Once a vulnerable machine is found and infected, it becomes the next hop to infect other machines. The vicious infection cycle continues as the scanning routing discovers unpatched computers. When it successfully infects a vulnerable computer, the malware runs kernel-level shellcode which seems to have been copied from the public backdoor known as DOUBLEPULSAR, but with certain adjustments to drop and execute the ransomware dropper payload, both for x86 and x64 systems.

Dynamics 365 for Finance and Operations

May 14th, 2017 by Stephen Jones No comments »

Dynamics 365 for Operations once known as AX-7 gets a new name starting 07/01/2017; the software will be called Dynamics 365 for Finance and Operations to better reflect its capabilities.

I can’t help thinking that this 59 character title will be abbreviated – maybe to DFO365?

Ransomware strikes again

May 13th, 2017 by Stephen Jones No comments »

Ransomware increased 35% last year.
More alarming is the continuing recent rise in both sophistication and the mass distribution of ransomware.

Ransomware can bring your business to a halt and cause significant financial damage.
Unlike the stealthier advanced attacks that can stay undetected on corporate network for months, the impact of ransomware is immediate and intrusive.

Cyber attackers don’t need a lot of money, resources or technical sophistication to use ransomware.

Todays headlines:
Hospitals across the country hit badly by attack
Nearly 100 countries affected
Fears of chaos over weekend
Cyber attack hits German train stations as hackers target Deutsche Bahn

Russian-linked cyber gang Shadow Brokers was blamed. It is claimed the group, which has links to Russia, stole US National Security Agency cyber tools designed to access Microsoft Windows systems, then dumped the technology on a publicly-accessible website where online criminals could access it – possibly in retaliation for America’s attack on Syria. The exploit was leaked last month as part of a trove of NSA spy tools. The ransomware locks down all the files on an infected computer and asks the computer’s administrator to pay in order to regain control of them. The ransomware, called “WannaCry,” spreads by taking advantage of a Windows vulnerability for which Microsoft (MSFT, Tech30) released a security patch for in March. .
Affected machines have six hours to pay up and every few hours the ransom goes up

The global cyber attack crippled services on Friday (yesterday) The U.K. health service faces a weekend of chaos after hackers demanding a ransom infiltrated the health service’s antiquated computer system. Operations and appointments were cancelled and ambulances diverted as up to 40 hospital trusts became infected by a “ransomware” attack demanding payment to regain access to vital medical records.
Doctors warned that the infiltration – the largest cyber attack in NHS history – could cost lives.

Medics described how computer screens were “wiped out one by one” by the attack, spread to companies and institutions worldwide, including international shipper FedEx Corp in the US, and Germany’s rail operator. Spain’s largest telecom operator, Telefónica., was also affected. Spanish authorities confirmed the ransomware is spreading through the vulnerability, called “EternalBlue,” and advised people to patch.

Helsinki based Security software maker Avast said they had observed 57,000 infections in 99 countries with Russia, Ukraine and Taiwan the top targets. Megafon, a Russian telecommunications company, was hit by the attack

The ransomware is automatically scanning for computers it can infect, whenever it loads itself onto a new machine. It can infect other computers on the same wireless network. It has a ‘hunter’ module, which seeks out PCs on internal networks, so, if your laptop is infected and you go to a coffee shop, then it will spread to PCs at the coffee shop and from there, to other companies.

The sad part of the NHS tale is that Microsoft provided free software to protect computers in March, which raises questions about why the NHS was still vulnerable. it seems that many trusts were using obsolete systems, while others failed to apply recent security updates. Indeed This there are estimates that 90 per cent of NHS trusts in the UK are still using Windows XP – a now unsupported, 16-year-old operating system., introduced before 2007 which is particularly vulnerable,

Unknown attackers deployed a virus targeting Microsoft servers running the file sharing protocol Server Message Block (SMB). Only servers that weren’t updated after March 14 with the MS17-010 patch were affected; this patch resolved an exploit known as ExternalBlue, once a closely guarded secret of the National Security Agent, which was leaked last month by ShadowBrokers, a hacker group that first revealed itself last summer. The ransomware, aptly named WannaCry, did not spread because of people clicking on bad links. The only way to prevent this attack was to have already installed the update.

Through the ExternalBlue exploit, the malware installed an NSA backdoor payload called DoublePulsar, and through it went WannaCry, which then spread rapidly and automatically to other computers on the same network.“Whereas ransomware such as Locky normally requires user interaction, such as opening a word document, WannaCry has the capability to spread automatically. Thankfully a weakness in the method of propagation has allowed researchers to take control of a piece of attacker infrastructure and limit new infections— otherwise it could have been even worse.

Microsoft said yesterday that it is pushing out automatic Windows updates to defend clients from WannaCry.

What is ransomware
?Malicious software that locks a device, such as a computer, tablet or smartphone and then demands a ransom to unlock it

Where did ransomware originate?
The first documented case appeared in 2005 in the United States, but quickly spread around the world

How does it affect a computer?

The software is normally contained within an attachment to an email that masquerades as something innocent. Once opened it encrypts the hard drive, making it impossible to access or retrieve anything stored on there – such as photographs, documents or music

How can you protect yourself?
Anti-virus software can protect your machine, although cybercriminals are constantly working on new ways to override such protection

How much are victims expected to pay?
The ransom demanded varies. Victims of a 2014 attack in the UK were charged £500. However, there’s no guarantee that paying will get your data back.
If you think you might be vulnerable to WannaCry, or you don’t remember installing any updates over the past month, then your first step is to address that issue immediately.

This is the most critical Windows patch since [Conficker], which was one the largest similar infections to date.
Despite having been patch nearly a decade ago, the Conficker worm is still in circulation which you find everywhere. WannaCry, too, is going to be on networks for years.

The importance of downloading and installing security updates (as opposed to just clicking “remind me tomorrow” for several weeks in a row) cannot be overstated.

Just ask the patients of the 16 hospitals in England whose delay in care could have been easily avoided

VAT planning- GCC framework is published

May 10th, 2017 by Stephen Jones No comments »

The GCC’s unified agreement for value added tax (VAT) has recently been published (in Arabic only) by the
Saudi Ministry of Finance on their website.

This unified agreement sets out the framework under which VAT can be implemented in each of the
GCC member states. The framework includes agreement on certain matters but still allows member
states discretion on how to treat others.

Once the agreement is ratified, each member state can issue its own local law and implement VAT.

The UAE intends to implement VAT with effect from 1 January 2018 but other states may take another 6 months or so.

The framework paves the way for implementation, for a basic rate of VAT of five percent with certain supplies of goods and services zero rated or VAT exempt. We understand that the Ministry of Finance (MoF) will release the UAE’s law on VAT towards the end of June. This will detail how the UAE will interpret the GCC framework and how it will deal with those matters where it has discretion. These will include whether to treat certain supplies as zero rated or VAT exempt.

The local law will detail conditions for:
VAT deductions,
VAT grouping
Rules for recovering VAT in respect of financial services
Reporting formats

There is no indication of how VAT will apply to free zones.

The MoF has recently been holding a series of public awareness sessions, outlining how they
propose to apply VAT to those areas where the GCC framework allows discretion. The UAE has also
taken steps to set up its own Federal Tax Authority (FTA), which will be responsible for all VAT
matters in the UAE.

The framework provides information to start planning for VAT.

VAT will impact all businesses in the UAE, either directly or indirectly.

So carefully review your systems and review their processes to understand the impact of VAT and to determine what needs to be done to be fully compliant with the new laws.

Do you need to recruit? Train?

Budget for auditors, or consulting support, or system modifications or upgrades?

What contracts are in place beyond 1 January 2018 -how will those be impacted by VAT?

All businesses will be required to maintain extensive and proper books of account because complete, verifiable
documentation will be essential to support a VAT refund claim and avoid penalties for non-compliance.

Accounting systems should be able to identify and record VAT – payable and receivable, – across the entire supply chain. Ensure that your systems will enable you to:
- hold VAT registration ids by trading partner
- hold VAT codes by item fro the relevant tax rate or exemption.
- identify and record rebates,
- exemptions,
– or other special VAT treatments on particular transactions.
- generate commercial documents like invoices or till receipts with VAT shown
- deal with rebate and returns
- create timely, accurate statutory returns
- work with current interfaces.
- product auditable accounts.

We have already received several dozen inquires to assist with this transition, if you need assistance with your business systems to comply with VAT then please contact us in good time – year end is a holiday season and also a busy time for new system go live, and for financial audit preparation.

Mobile security- Microsoft’s Secure Productive Enterprise

May 7th, 2017 by Stephen Jones No comments »

As more information, devices and users travel beyond the traditional network restraints, every organisation needs to place security at the forefront of a modern workforce strategy. It’s now over 6 months (October 2016) since Microsoft released its Secure Productive Enterprise package,
• What is SPE all about?
• Is SPE just ECS under a new name?
• Is SPE just a licensing bundle?

1. What is Secure Productive Enterprise?

SPE is a licensing option from Microsoft that e bundles together: Windows 10 Enterprise, Office 365 and Enterprise Mobility + Security technologies into a single offering.

It comes in two variants: SPE E3 and SPE E5.
It can be purchased per user, with a significant cost saving compared buying the products individually.

There are several other variations nuances, of how you can buy SPE (which licensing program) and how much it will cost you. This will largely depend on your organisation’s requirements and your current licensing position with Microsoft.

2. Is SPE just ECS under a different name?

The Microsoft Enterprise Cloud Suite (ECS) has effectively become SPE E3 and includes the following core products and services:
• Windows 10 Enterprise (E3)
• Office 365 (E3)
• Enterprise Mobility + Security (E3)

3. What is Enterprise Mobility + Security?

Enterprise Mobility + Security (EMS) is what was the Enterprise Mobility Suite. The name change reflects the significant number of security products and services that were added to this solution since the launch of EMS.

4. So, is SPE just a licensing bundle?

SPE can just be a licensing bundle, if that’s all you want it to be. But it is also much more…
There is so much new technology in SPE (and Microsoft is adding to it all the time) that it can be hard to keep up. Even as a licensing option, Microsoft has included some firsts.

SPE includes brand new cloud and on-premises licensing entitlements to help organisations who plan to transition to the cloud over time, and it allows Software Assurance customers to install Office Professional Plus and Office 365 Professional Plus on up to five devices per user for the length of the subscription.

You also get the on-premises server rights for SharePoint, Exchange and Skype for Business thrown in.

More than forty thousand customers that Enterprise Mobility + Security (EMS) today.

For industries that require advanced identity governance such a:s government, military, pharma, financial services, etc SailPoint integration will extend Azure Active Directory Premium to provide full, fine-grained provisioning and lifecycle governance across enterprise systems on-premises and in the cloud. A direct connector automatically aggregates user accounts, group permissions, and Microsoft Access Panel tiles and maps each of these to the SailPoint Identity Cube. It also provides the basis for SailPoint to send change events back to Azure AD when access is modified during a governance mitigation process.

In addition to this, SailPoint will connect to applications managed outside of Azure AD, including on-premises applications like EPIC, which is widely used in healthcare. This creates a 360-degree view of all access in the organization and creates a strong foundation for comprehensive control

https://blogs.technet.microsoft.com/enterprisemobility/2017/02/10/azure-ad-and-sailpoint-advanced-identity-governance-across-your-on-premises-and-cloud-resources/

Contact us to request a copy of Microsoft’s fact sheet “Secure-Productive-Enterprise-at-a-Glance-October-2016.pdf”

0097143365589

May 7th, 2017 by Stephen Jones No comments »

As well as leveraging Linked in for Sales Microsoft also recently announced its plans for Talent Management.
The new Dynamics 365 for Talent with LinkedIn integration will bring together the places where companies find talent, and the world of work in Office 365 – starting in July 2017.

Employees are the heart of every company, and talent is the most scarce and expensive resource.
To help companies better manage and nurture that precious resource, this is a new application for HR organizations called Dynamics 365 for Talent.

From sourcing and recruiting, to onboarding and retention, Dynamics 365 for Talent will provide a 360-degree view of your workforce, with modules that empower an organization to:
• access the best talent, quickly, with LinkedIn Recruiter integrations that enable dynamic candidate profiles to give managers and interviewers the most up-to-date information
• deliver personalized onboarding experiences to accelerate a new employees’ ability to deliver i with targeted activities and learning resources, along with access to relevant contacts.
• Maintain an up-to-date view of employee experiences through a consolidated HR profile that will span Office 365, Dynamics 365 and LinkedIn profile information

Dynamics 365 + LinkedIn Sales Navigator ask Synergy Software Systems, Dubai.

May 3rd, 2017 by Stephen Jones No comments »

Improve sales with Dynamics 365 + LinkedIn Sales Navigator

Dynamics 365 for Sales helps salespeople work on sales data and surface actions directly within Office 365 to more quickly close a deal. Quotes can be created using customer insights, accurate pricing and inventory data, and then recorded in the appropriate system, including any custom discounts offered, and then sent to the customer – without ever having to leave Outlook.

LinkedIn integration will help salespeople deliver better outcomes from LinkedIn Sales Navigator and LinkedIn’s 500 million professionals.

Sales Navigator with Dynamics 365 will dramatically increase the effectiveness of salespeople by tapping into their professional networks and relationships, giving them the ability to improve their pipeline by:
• Leveraging signals across email, CRM and LinkedIn to get contextual recommendations for the next best action within Dynamics 365 for Sales, facilitating introductions directly through the company’s network, and sending InMail, messages and customized connection requests
• Engaging buyers with tailored content throughout the account lifecycle, and getting account and lead updates including news mentions and job changes
• Building strong relationships with existing contacts through access to LinkedIn profile details including photos, current roles and work history.

Take advantage of this solution with an introductory offer that brings together LinkedIn Sales Navigator and Dynamics 365 for Sales – at about half the cost of competitive solutions in the market,

Available in July 2017.

Two leading sales solutions at one low price
Microsoft’s Relationship Sales solution includes:
– LinkedIn Sales Navigator Team
- Dynamics 365 for Sales, Enterprise edition

$135 user/month

Dynamics 365 Operations, ‘SPRING” 2017 release financial roadmap

April 29th, 2017 by Stephen Jones No comments »

Microsoft has long been enhancing Analytics nd this trend continues

CFO Workspace: Rich user interfaces that has been showcased, where a CFO can look-up any needed KPIs and drill down to the lowest level of detail.
Customer Management: All customer-related information can be made available using workspaces – e.g. KPIs, drill downs into collection statuses, open invoices, aging reports, write-offs, open orders/quotes.
Payables and Vendor Management: Purchasing managers can streamline their operations with vendor compliance reporting for payment terms, which helps manage cash flow with timely payments and invoice entry all through workspaces.

Mobility is another strongly growing feature area.
Mobile capability (or PowerApps) will now also be incrementally deployed for Dynamics 365 for Operations. The plumbing will be done via CDS, which will help synch not just data entities, but also workflows.

Vendor Invoice Approval: Once the vendor enters their invoice using the new vendor collaboration portal (with edit capability), it gets submitted to the workflow. The workflow can be made to be processed through three-way match, look-up the needed accounting distribution (if applicable), and then ping the AP manager to approve the invoice. The mobile capability will also be available in an offline mode, which would later synch once online.

Customer and Vendor Aging Reports: All customer and vendor aging reports can be made available using the mobile power app.

A catch to embedded analytics and mobile, however, is the heavy dependency on the Azure stack. The underlying constructs – Power BI, PowerApps, CDS, Azure service bus – are only available on the Azure stack.

The Power BI desktop application is available to use (which can be hooked up to legacy databases), but it won’t provide any template applications, nor will it be able to use the Common Data Model.

New Fix: Ability to Delete a Main Account and Dimension
• A pain of Dynamics 365 for Operations and its previous version, Dynamics AX 2012 R3, has not supported deletion of a main account after it was used. For example, even when the account was used in a posting profile and then immediately cleared, and not used ever again, the user could still not delete the account. Technically, this happens as soon as a record is created in the DimnesionAttributeValue table using that specific account. This spring, Microsoft will be releasing a fix for this.

In the GL Journal line, when there is only one default relevant dimension value for an account, that dimension will automatically be populated on the ledger combination field. In addition, when any dimension value is inactivated, then thatwill not show up on any of the lookups, which helps prevent repeating steps that cause posting errors.

Cash Flow Forecasting
• The process of cash flow forecasting thus far (up until Dynamics AX 2012) was known to be inconvenient; hence, Microsoft chose not to retain that functionality within Dynamics 365 for Operations. The current version of Dynamics 365 for Operations doesn’t have any of it.
• In the spring release, Microsoft will launch a single parameter screen for the setup of cash flow forecasting, in which the user will have the ability to set-up parameters for all the following modules: General Ledger, Accounts Payable, Accounts Receivable, Budgets and Inventory.
• The user will have the option to choose which transactions to include and which to exclude for cash flow reporting – like: expected payments from your customers, previous payment, and receivable patterns.
• All cash flow reporting functionality will now be moved into a Power BI dashboard. The user will have the power to explore the same data by legal entity, financial dimension, currency, and bank account.
Intercompany Setup of Accounts: Now a Global Screen

intercompany posting
In earlier versions of Dynamics AX, intercompany posting relationships between two companies depended on the source/destination entity. For instance, USMF and DEMF could be set-up by going to the USMF entity and then adding the accounts for the DEMF relationship. (And the same process would follow for any two legal entities.) In essence, the user has to log-in to the specific entity to set-up that relationship. Once set-up, transactions could go either way, i.e. the user could go to either company, and set the transaction into the other company. • With the new release, a global interface is made available so that, regardless of company, you can see all intercompany relationships. Every company relationship configuration is viewable and editable.
• Reciprocal transactions are by default blocked, i.e. a USMF to DEMF relationship will only allow transactions originating in USMF to post in DEMF, but not the other way around. The system will need an explicit record for DEMF to USMF to create a transaction in the reverse order. A “create reciprocal relationship” button will soon be available to auto-create those records for the user.

Review Vendor Invoices in Accounts Payable
• A complaint about Dynamics 365 for Operations is that it doesn’t allow companies to review the actual invoice from a vendor right before making the posting decision. That functionality is finally here.
• With the spring release of Dynamics 365 for Operations, the user can view the actual vendor invoice (that was previously attached) from the posting screen. This is going to be made available on the invoice journal screen along with inquiries and the pending invoice screen. The user will be able to easily review the journal and invoice attachment side by side, without having to navigate to the document attachment window. This is limited, however, to the first attachment, with the assumption that most invoice lines come with a single attachment.

Generic Electronic Reporting (GER) and Printing Checks
• Generic Electronic Reporting, or GER, is new functionality developed in Dynamics 365 for Operations to help many customers with their business requirements. While the core functionality targets localized reporting, it is extended for use across the board wherever there are pre-specified formats for reports, as well as reports that are commonly used across regions.
• Electronic reporting has two components: the data model and the format.
The formats that are currently supported in Dynamics 365 for Operations are TXT, XML and worksheets.
With the new release, Word documents will also now be supported, which will basically allow us to output a Word format of a report with predefined XML meta data tags at various points in the format.
• Since 2016, 160 configurable regulatory formats, with imports from txt, reports on doc and pdf, are supported.
• In 2017, Microsoft will support multiple versions, with import from XML, and offer the ability to use images in templates and format updates on Excel templates.
• The same capability will be extended to provide multiple check formats that are supported by banks. Historically, check printing has been (and still is) a pain with printer alignment issues. But now, check formatting will be made easier by using electronic reporting or Excel capabilities.
Out-of-the-box templates will be provided to consume the information and adhere to acceptable layouts.

Generic Tax Engine (GTE)
• The Generic Tax Engine (GTE) is a brand new add-on that helps to address complex sales tax calculation . This tool is primarily targeted toward countries such as: India, Brazil, Russia, etc. In these countries, there isn’t an electronic format of tax data being published by the government, which can be absorbed into the system.
• Most business accounting teams work very actively to stay on top of the tax setup so that every transaction is taxed with the correct rate. Localization patches thus far have made this a major challenge; but now with GTE, the whole tax combination can be configured to drive the formula for tax. The user can define various components of the tax, and define which taxes are meant for state sales, out-of-state sales, or international sales.
• In addition, product category rules and conditions can be built into formulas. This functionality has very strong potential for most European countries, where taxation can be configured.
• Microsoft has very clearly stated that the bounds of this functionality is limited to providing the construct for building complex tax formulae and using it in transactions. There is no intention to have actual tax % values be updated into this from an external (government) source; the assumption is that the Dynamics 365 for Operations user will configure the rates manually.

Fixed Assets
The previous versions of Dynamics 365 for Operations saw the major change of consolidating value model and depreciation books into what is now called “Book”.
• On the book, the system can be configured to either post to GL or not.
• With the spring release, we are going to see some of the following:
o The ability to run depreciation as a single process across multiple companies from the fixed asset depreciation proposal screen: In previous versions, the user (as part of the month-end process) was expected to log into every legal entity and run depreciation.
o Now, they can execute it just once from any legal entity, as long as the default depreciation journals for every legal entity are configured for each legal entity.
o The “Post journal” toggle and batch processing functionality on the depreciation proposal helps to auto-post all legal entities at one go. For users, this is now a one-step process for a period close.
o Valuations hub, with multi-book: We will now have the ability to see multiple books related to the same asset side-by-side. This is very similar to the FA balances inquiry against a book, but with the difference of having multiple books for comparison.
o Rows in the FA statement will now be configurable by FA group: Earlier, the user was expected to add every asset as and when acquired to the statement rows.
o Fixed asset roll forward report.

Financial Reporting
• Major modifications are coming to the Dynamics 365 for Operations financial reporting space. Management Reporter’s functionality is absorbed into the Dynamics 365 for Operations interface, to give users the ability to access the interfaces to construct Management Reporter building blocks, right out of Dynamics 365 for Operations.

Some additional changes that are on the way are:
• Users will be able to generate reports for any level of the hierarchy from the reports.
• The data mart will be deprecated and reports will run off the entity store,.

This provides lets users either manually refresh the data as needed, or to sync in batches.

Some features that will be launched further down the road are:
• The report designer will be moved into Dynamics 365 for Operations.
• Ability to import report definitions with tree functionality from Excel.
• Ability to publish reports onto SharePoint.

Data Migration: Copying Over a Legal Entity
• A process that typically happens multiple times during an implementation cycle is copying configurations from one environment to another, or one legal entity to another.
• While this topic is not directly related to the financial modules, GL, AR, AP, FA, Bank, and Budget configurations are a very big part of the snapshot to copy over.
• There is set-up involved to get a snapshot ready, which uses data entities as the underlying construct.
• A configuration template will need to be created, to which data entities/packages can be assigned.
• These templates can be exported and imported into another legal entity.
• This also works in conjunction with the data sharing framework – be careful to update sharing policies .