You Must Think Specifics…

Computers don’t implement anything in general…and neither do programmers. But we business folk tend to think in generalities. Someone might say, “Put the cost in column 3.” Seems simple enough. Until you start to try to calculate cost. Which cost? Last cost? Average cost? FIFO cost? Cost including freight or not? Cost including handling and warehousing charges? What cost? There are a lot of costs.
When I ask these questions of some clients, they get frustrated. It’s as if I’m trying to pin them down. So the typical answer is something that evaluates to, “I don’t care, just pick one.” So we do. And then….
It is terribly important when you talk to computer folk that you think in specific. Computers have to think in specific. Over the years, I’ve worked with perhaps a dozen or so off-the-shelf computer software programs that dealt with inventory. Pehaps a dozen or so more that were custom written. Most of these implemented the details of inventory cost differently. Many of them differed in how they made the General Ledger entries. Some of them reported different numbers on financial statements than they did on management reports (for very good, well-thought-out reasons). But all of them implemented very specific processes for determining cost. And it was important (ultimately) to understand the details in order to figure out what they were doing.
Let me say that as a CPA and a programmer, I have trouble saying that some of these were right and some were wrong. They were different. I could argue for all but a few being appropriate. But I had to understand the details to understand what I was seeing in reporting and on financial statements.
When we ask detailed questions or seem to bog down in meaningless drivel, keep in mind that we’re just trying to get to the best result for everyone. And try to think specifics…

Is Someone Stealing From You??

Employees steal from businesses every day. I don’t know why I thought of this issue. I guess that I’ve been working with a few clients that seem to have some exposure to Fraud. So here goes.
A Certified Fraud Examiner (CFE) is trained to detect, prevent, and determine the extent of fraud. I’m not a CFE, so anything I may write here is based on my experience as a CPA, not on additional training or expertise on fraud. If you think you have an issue with fraud, I can find someone to refer you to, but I’m not the guy.
During my career, I’ve known many CPAs. One of the favorite issues for discussion is the fraud they’ve seen. Here are some of the best/worst:

  • The company had three groups of people who could sign checks. The bookkeeper would produce a check to a “short-name” company (VISA, for example), then get the President to sign. This check would go with the bill. Another check would be signed by the Vice-President. This one would have “VISA” erased and the bookkeeper’s name inserted. The expenses were hidden in a variety of accounts. Best I could tell from my CPA friend, she got about half-a-million before they caught her.
  • The secretary who just wrote checks from the operating account in her name and buried them on the financial statement. No telling how much she got.
  • The accountant who stole the cash from “counter” sales and the coke money.
  • The bookkeeper who doubled her own salary and approved personal loans from her 401(k)
  • The company manager who came in on the weekend, did work with company materials and machinery, and sold it at a fraction of what it cost the company to produce
  • The foreman in the building products business who set aside a certain amount of each received shipment as “rejected” to be returned. This was placed at a special location during the workweek. The foreman then had the (completely different) weekend crew move the “rejected” product to a special warehouse. By the time they caught him, he had stolen enough to build a house for himself, a garage for his father-in-law, and he had started on a new house for his sister-in-law.

Well, you get my drift. All of these were small businesses. None could afford the loss. All got taken for several thousand dollars, some for several hundred thousand. And, perhaps most important, none of these companies were stupid or negligent. They were all duped. And so were there accountants. Sometimes for many years. Here are some of the common ways people steal:

  • Setting up dummy vendors (really themselves or accomplices) and paying invoices to them.
  • Taking kickbacks from vendors to continue approving artificially high prices
  • Lapping. Lapping is taking cash (or check) and covering the cash stolen with later cash. It works like this: Customers A & B pay $200 which is stolen. Customer C pays $250. $200 of Customer C’s payment is applied to A & B, $50 is stolen. This continues until the person is caught. Obviously, the person doing this has to keep good notes, can’t very well go on vacation, and has to keep stealing more and more to cover earlier theft.
  • Stealing cash which isn’t accounted for. My auditing professor said that the easiest theft is from churches. There are no invoices, so there is no way to know how much cash “should” have been collected. Poor recordkeeping in situations like scrap sales allow this.
  • Selling product off the back dock.
  • Stealing product for personal use.

I’m sure there are many more ways people steal, but this will give you and idea. How do you prevent it? Based on my experience, here are a few suggestions:

  • Control cash, credit cards, and inventory tightly. Make sure that even highly trusted management employees are not trusted with these items. Many businesses don’t control inventory tightly because they believe it will impact customer service. If theft puts them out of business, that’s more likely to impact customer service.
  • Have a process for approving expenditures and bids that assures that the prices being paid for products and services are in-line with market prices. This will avoid many kickbacks.
  • Require vacations, and move employees to cover the function of vacationing employees while they are gone.
  • Consider fraud like a cheating spouse. If you suspect it, there’s probably a good reason for it; check it out.
  • Ask yourself this question about each employee: On a scale of 1 to 10, how much do I trust this employee. Choosing 1 means I wouldn’t trust them to close the door on their way out. Choosing 10 means, “I’d give them my entire fortune in cash and expect them to give it back to me even if I were lost at sea for 10 years.” If you rank any employee 8 or above, you probably trust them enough for them to have opportunity and means to steal.
  • Look for motivation to steal in employees. An employee with constant financial trouble has a motive to steal. Fraud seminars teach that it takes (a) opportunity, (b) motivation, and (c) means [method] to steal. If an employee has any two of the three, watch out!

As small businesspeople, we’re incredibly busy. It’s easy to just trust people to do what they are supposed to do, but if we ignore the signs that someone might be stealing, we’re asking for trouble.

Time for Blogging

Ok, so someone ought to ask me, “As busy as you seem to be, how do you have time for blogging?” My answer is the same as I’ve heard from others in the past when I’ve asked similar, “How do you have time for…” questions. I hated it when I got it; I hate it when someone at a seminar says it; now here I go blogging the same thing:
I don’t have time NOT to blog. It’s relaxing for me, but more than anything else, it FORCES me to keep up on the technology. It FORCES me to remember to tell our clients about the things that I think will affect their businesses. It HELPS me focus my own thinking.
So there, another meaningless answer to a very good question.

Security is REALLY An Issue

Ok, so I’m not a reactionary when it comes to security. I’ve generally thought that if you were reasonably careful, you’ld be OK. And my experience has confirmed it. You need the basics: a firewall; virus protection; occasional malware scans; some intelligence regarding what to click on, what attachments to open; some intelligence regarding…oh, wait, I said that already. Unfortunately, malware has now become almost as big a problem as viruses.
Soon, it will become a more serious problem. With a keyboard logger loaded on your computer, I can see your bank account access information, corporate logins, what web sites you visit, and virtually anything else that gets typed on your keyboard. You might think twice about letting your kids download games from just anywhere…
Here’s the opening paragraph from yesterday’s SANS ((SysAdmin, Audit, Network, Security) Institute’s @RISK newsletter:

This will be a bad week for cyber defenders; the vulnerabilities that will be announced this week will affect a very large proportion of business executives. Last week’s critical vulnerabilities included an unpatched, important vulnerability in Apple Safari and a very critical
vulnerability in Firefox that demands immediate upgrading.

Hey, folks, when SANS cries, it ain’t “Wolf!”
For more from SANS:
SANS Institute – @Risk: The Consensus Security Alert
Be careful out there!