Practice Management System

Manages engagements’ onboarding process, progress and invoicing status. Incorporates effective scheduling tools to optimise staff allocation, utilisation and billing contributions.

Instructions

• This page helps you prepare "Solution Requirements" section in Vendor Management Portal and you will see the exact questions and flow.

• 🔴 Mandatory questions: Must answer "Yes" to continue

• 🟡 Preferred questions: Can answer either way and continue

• Follow the question flow as indicated

Q1 🔴 Mandatory - Customer Relationship Management (CRM)

Main Question: Does your solution come with a Customer Relationship Management function that enables the firm to perform the following functions:

Core CRM Requirements: a. Setup and edit client contact across all modules in real time with one single entry b. Setup multiple entities under a single group c. Monitor real-time job and billing status by client d. Monitor project pipeline and activities by client e. Assign and edit different categories to clients and prospects to conduct targeted marketing and communications f. Include remarks (e.g. call and meeting details) on potential leads g. Manage initial contact before client acceptance to facilitate KYC, track past interactions including revisiting for possible other offerings, and facilitate customer due diligence and final acceptance

🔴 Answer: ○ Yes [Next: Q2] ○ No [⚠️ Cannot Proceed]

Q2 🟡 Preferred - CRM Access Control

Main Question: Can your solution limit access to selected information within the system?

Example: (e.g. audit staff can only access the audit clients and engagement information but not the other service lines.)

🟡 Answer: ○ Yes [Next: Q3] ○ No [Next: Q3]

Q3 🔴 Mandatory - Financial Management and Accounting

Main Question: Does your solution come with a Financial Management and Accounting function that enables the firm to perform the following functions:

Financial Management Requirements: a. Setup and edit automated alert function to provide budget, billing, and accounts receivable reminders b. Track accounts receivable c. Setup multiple entities for invoicing and receivables

🔴 Answer: ○ Yes [Next: Q4] ○ No [⚠️ Cannot Proceed]

Q4 🟡 Preferred - Financial Management Milestones Setup

Main Question: Can your solution setup auto-invoicing via milestones by date and/or hours?

🟡 Answer: ○ Yes [Next: Q5] ○ No [Next: Q5]

Q5 🟡 Preferred - Financial Management Payment Processing Automation

Main Question: Can your solution automate workflows to process recurring payments?

🟡 Answer: ○ Yes [Next: Q6] ○ No [Next: Q6]

Q6 🔴 Mandatory - Project Management

Main Question: Does your solution come with a Project Management function that enables the firm to perform the following functions:

Project Management Requirements: a. Allocate jobs to accountants with automated email alert function b. Monitor project status and bottleneck c. Monitor project costing and profitability d. Enter timesheet, available in real time e. Monitor staff utilisation and performance f. Forecast manpower resources and resource planning g. Adjust real-time capacity when timesheets are entered, jobs allocated, and staff records updated h. Auto-generate engagement code for multiple engagements and for different service lines i. Align individual engagements to overall function/service line utilisation report j. Track inter-service line or function charging and invoice

🔴 Answer: ○ Yes [Next: Q7] ○ No [⚠️ Cannot Proceed]

Q7 🟡 Preferred - PMS Additional Functions

Main Question: Can your solution come with any of the following functions:

Additional PMS Features: a. Manage staff claims including approval workflow b. Manage cashflow including forecasting and budgeting module c. Enter timesheet via mobile app

🟡 Answer: ○ Yes [Next: Q8] ○ No [Next: Q8]

Q8 🔴 Mandatory - Dashboards

Main Question: Does your solution come with customised dashboards that enable the firm to perform the following functions:

Dashboard Requirements: a. Customise performance metrics b. Monitor upcoming engagements not yet commenced that are approaching filing deadline c. Generate staff utilisation and performance report d. Generate client engagement list containing data required by ACRA inspection e. Ability to generate lead conversion report f. Review cash flow, revenue, workflow, profitability, employees, billing, receivable workflow g. Filter by project, by customer, by employees and by profitability h. Set security restrictions such that data available is on an as-needed basis i. Provide advanced search function

Technical Dashboard Requirements: Your digital solution should have one or more dashboards that provide an at-a-glance overview of key metrics/indicators with at least 4 charts/graphs to help users analyse data through data visualisation.

Interactive Features Required: The dashboard must include at least one of the following interactive features:

• Option 1: Interactive charts/graphs that allow users to interact with one chart and apply that interaction as a filter to other charts on the dashboard, and vice versa

• Option 2: At least three common filters/slicers applicable to ALL charts/graphs on the same dashboard

🔴 Answer: ○ Yes [Next: Q9] ○ No [⚠️ Cannot Proceed]

Q9 🟡 Preferred - Audit Quality Indicators and KPI Dashboards

Main Question: Does your solution come with customised dashboards that enable the firm to perform the following functions:

AQI Dashboard Requirements: a. Track Audit Quality Indicators under ACRA's AQI Disclosure Framework b. Monitor KPI with customisable metrics by individual staff such as partner/manager

🟡 Answer: ○ Yes [Next: Q10] ○ No [Next: Q10]

Q10 🔴 Mandatory - Integration

Main Question: Are the modules above tightly integrated?

Integration Requirement: (i.e. information can be pulled from all modules and is linked to the dashboard.)

🔴 Answer: ○ Yes [Next: Q11] ○ No [⚠️ Cannot Proceed]

Q11 🟡 Preferred - Cloud Accessibility

Main Question: Is your system using a cloud-based platform?

🟡 Answer: ○ Yes [Next: Q12] ○ No [Next: Q12]

Q12 🟡 Preferred - Software Integration

Main Question: Can your software integrate with other softwares to aid the firm in the following functions:

Integration Capabilities: a. Pull and push information (e.g. pulling of information from accounting software, billing information can be captured into accounting system, etc) b. Execute and monitor the Quality Control processes and controls (e.g. Automated PMS tools)

🟡 Answer: ○ Yes [Next: Q13] ○ No [Next: Q13]

Q13 🟡 Preferred - System Integration

Main Question: Can your software integrate with systems such as email, KYC/AML, audit tools, document management system, HR software, or data analytics software?

🟡 Answer: ○ Yes [Next: Q14] ○ No [Next: Q14]

Q14 🔴 Mandatory - System Integration - Elaboration

Main Question: List the systems and/or softwares that your solution can integrate with.

🔴 Answer: ○ Yes [Next: Q15] ○ No [⚠️ Cannot Proceed]

Text Elaboration Required: [Text Box for Description/Details]

Q15 🟡 Preferred - AI Features

Main Question: Does your solution incorporate AI in your core features and functions?

🟡 Answer: ○ Yes [Next: Q16] ○ No [Next: Q17]

--

Q16 🔴 Mandatory Follow-up - AI Features - Elaboration

This question appears only if you answered "Yes" to Q15

Main Question: Describe your AI feature and its benefits. Examples are:

AI Feature Examples: a. Generate output, identify items, or provide recommendations based on training models to improve decision-making b. Recognise text, images to shorten time taken for manual inputs of forms c. Others, please specify

Confirmation Requirement: Click "Yes" to confirm you have completed the instructions.

🔴 Answer: ○ Yes [Next: Q17] ○ No [⚠️ Cannot Proceed]

Text Elaboration Required: [Text Box for Description/Details]

Q17 🔴 Mandatory - Business Data Extraction

Main Question: Can your solution enable SMEs to efficiently extract business data in various discrete formats such as CSV, XLSX, XML, and TSV?

🔴 Answer: ○ Yes [Next: Q18] ○ No [⚠️ Cannot Proceed]

Q18 🟡 Preferred - Personal Data Collection

Main Question: Does your digital solution collect, use, disclose, process or dispose personal data?

🟡 Answer: ○ Yes [Next: Q19] ○ No [Next: Q21]

--

Q19 🔴 Mandatory Follow-up - Personal Data Protection

This question appears only if you answered "Yes" to Q18

Main Question: Can your solution demonstrate compliance with the following Personal Data Protection requirements?

Compliance Requirements: Digital solutions that collect, use, disclose, process or dispose personal data should incorporate features that support the obligations under the Personal Data Protection Act (2020).

Mandatory Action: To comply with this requirement, you MUST complete the Personal Data Protection Requirements form at https://go.gov.sg/pdp.

🔴 Answer: ○ Yes [Next: Q20] ○ No [⚠️ Cannot Proceed]

Q20 🔴 Mandatory - Vulnerability Assessment/Penetration Testing (VA/PT)

Main Question: Has your solution undergone a comprehensive security vulnerability assessment/penetration testing (VA/PT) conducted by a qualified third-party within the last 12 months? The scope of the VA/PT must cover network security; application security; data protection measures and access control (if applicable); API security testing (if applicable); Cloud security configuration review (if applicable). Specifically, for web application security, the scope must cover minimally all OWASP Top 10 vulnerabilities.

Submission Requirements: Please submit the VA/PT report (dated maximum 1 year from the checklist submission date). The VA/PT Report must include Executive summary; Detailed findings and risk ratings; Remediation recommendations; Evidence of vulnerability fixes or mitigation plans; Testing methodology used; Scope of assessment; Assessor's qualifications and certifications.

Reseller Note: If you are the reseller of the solution, please obtain the VA/PT report from your product principal. SOC 2 Type II report can be accepted if the detailed technical vulnerability assessment results are part of the SOC2 Type II scope.

Qualified Third-Party Definition: [1] Qualified third-party refers to: CREST-certified companies [ https://www.crest-approved.org/members/] or companies with security professional with relevant CREST certifications; Security professionals with recognised certifications such as: Offensive Security Certified Professional (OSCP); EC-Council Certified Penetration Testing Professional (CPENT); GIAC Penetration Tester (GPEN); or other equivalent industry-recognised certifications.

Confirmation Requirement: Click "Yes" to confirm you have completed the instructions.

🔴 Answer: ○ Yes [Next: Q21] ○ No [⚠️ Cannot Proceed]

Date of Issue Required: [Date Field]

Upload Supporting Document Required: [File Upload]

Q21 🟡 Preferred - Cybersecurity Compliance - Cyber Essentials Mark (CEM)

Main Question: Are you the Product Principal of the solution that you are submitting for pre-approval?

🟡 Answer: ○ Yes [Next: Q22] ○ No [Next: Q24]

--

Q22 🟡 Preferred - CEM for Product Principal

This question appears only if you answered "Yes" to Q21

Main Question: Has your organisation achieved CSA Cyber Essentials for ICT Vendor Mark certification or equivalent recognised cybersecurity certifications (including but not limited to Cyber Trust Mark or ISO27001) that validate the implementation of appropriate security controls against common cyber threats in your organisation and the solution you are submitting for pre-approval?

Important Note: Vendors are encouraged to comply at application and are required to meet this requirement by the Annual Review, where it will be assessed as mandatory.

Reference: Note: For more information on Cyber Essentials mark, please refer to https://www.csa.gov.sg/cyber-essentials/

🟡 Answer: ○ Yes [Next: Q23] ○ No [Assessment Finished]

--

Q23 🔴 Mandatory Follow-up - CEM for Product Principal - Elaboration

This question appears only if you answered "Yes" to Q22

Main Question: Please specify the following information:

Required Information: i. The certificate demonstrating your organisation has attained Cyber Essentials for ICT Vendors ii. The cybersecurity certification the organisation has met iii. The scope of the certification

Document Submission: Please also upload a copy of the Certification and indicate the Certification Issuance Date in the date field.

Confirmation Requirement: Click "Yes" to confirm you have completed the instructions.

🔴 Answer: ○ Yes [Assessment Finished] ○ No [⚠️ Cannot Proceed]

Text Elaboration Required: [Text Box for Description/Details]

Date of Issue Required: [Date Field]

Upload Supporting Document Required: [File Upload]

Q24 🟡 Preferred - CEM for Resellers

Main Question: Has your organisation achieved CSA Cyber Essentials Mark certification or equivalent recognised cybersecurity certifications (including but not limited to Cyber Trust Mark or ISO27001) that validate the implementation of appropriate security controls against common cyber threats in your organisation and the solution you are submitting for pre-approval?

Important Note: Vendors are encouraged to comply at application and are required to meet this requirement by the Annual Review, where it will be assessed as mandatory.

Reference: Note: For more information on Cyber Essentials mark, please refer to https://www.csa.gov.sg/cyber-essentials/

🟡 Answer: ○ Yes [Next: Q25] ○ No [Assessment Finished]

--

Q25 🔴 Mandatory Follow-up - CEM for Resellers - Elaboration

This question appears only if you answered "Yes" to Q24

Main Question: Please specify the following information:

Required Information: i. The cybersecurity certification the organisation has met ii. The scope of the certification

Document Submission: Please also upload a copy of the Certification and indicate the Certification Issuance Date in the date field.

Confirmation Requirement: Click "Yes" to confirm you have completed the instructions.

🔴 Answer: ○ Yes [Assessment Finished] ○ No [⚠️ Cannot Proceed]

Text Elaboration Required: [Text Box for Description/Details]

Date of Issue Required: [Date Field]

Upload Supporting Document Required: [File Upload]