Just In Case

stockvault-journey190946

 

I’m that person. Next to you on the plane. Pulling out that safety booklet and reading it, from beginning to end. I’m that person. Listening attentively while the flight attendants go through their entire routine, from how to buckle and unbuckle your seatbelt, to the reminder to not inflate your lifejacket until you are outside the plane. Every time, I’m that person. I look around for the nearest exit and sometimes do a mental calculation of my best route there. I check in the booklet to see where my lifejacket is supposed to be and I sometimes feel about to make sure that the booklet is correct. As often as I have flown, I take the time to go through the process and remind myself of what I know and to see if there is something I have missed in the past or a new instruction that may have been added.

Sometimes I wonder if it’s a bit much. However, recently when a plane in New York City made an emergency landing, video taken by a passenger showed that many people on that plan had no idea how to operate the lifejackets and way too many of them had inflated their lifejackets while still inside the plane. This may have been related to panic during a stressful situation but, from looking around me during the pre-flight safety instruction session, it seems the bigger issue is that most passengers just don’t pay attention. There are more interesting or pressing matters that command our attention and, specifically for those who fly often, we are likely lulled into an arrogance of the familiar. We have done this many times before, we must know exactly what’s up at this point. It may be only on that rare occasion of an emergency that we realize that it is ha been so long since we paid attention to the instructions that we now have a very vague idea of what to do.

Many businesses will have a company policy, code of conduct and operations manual and include training. When a new employee starts with a company there is often some kind of onboarding process that includes either training sessions or handing over a policies and procedures manual or a combination of the two. In addition to sharing with the employee how the employee should go about doing their job, the training and manuals should also include what should be done when things go awry. These instructions should be clear, and employees must know not only what to do but also who to go to for guidance when things are not right. Employees must also know who to inform and the various levels of leadership that this information should go through. If there is no protocol, an employee will not know who to take a problem to and those who are told may not know what to do with the information. You don’t want to be that company in the news admitting that people noticed an issue early on but that the information did not make its way to the right people to manage it.

In addition to the initial training, companies should remind employees often. This can be performed in-person, in an online session or through other messaging, like posters around the company. It is dangerous and foolish to believe that employees will remember their week of training or the contents of a manual years into employment, especially during the first week at a company an employee is not yet familiar with the day to day workings of that company. When a crisis hits, you don’t want to be the person being told, “You should have known what to do. We told you during your initial training, ten years ago.” You especially don’t want to be the person asking a coworker why they can’t remember that old training – honestly, what do you remember from ten years ago?

Thinking about your business, take steps to:

  • Include in your training, what a person should do when something is wrong, who they should report to and options for anonymous reporting, in case the matter is sensitive, and an employee might fear retaliation for reporting.
  • Make sure that your training is clear and easy to understand and follow up with employees to make sure that they have understood and retained the training.
  • Have a non-retaliation policy at your company, for people who report wrongdoing and errors. This policy must be something your business takes seriously.
  • Have a disaster recovery policy that you revisit and update regularly. Make sure your employees are familiar with the policy so they know what they are responsible for doing.
  • Have important policy information displayed around the office, to remind employees what is expected of them.
  • Perform regular training updates of your employees so that you are not relying on ten-year-old memories.

It takes me only a couple of minutes to get through the safety brochure and some airlines put time and energy into creating engaging and fun pre-flight safety videos that are actually fun to watch. I hope I am never in a flight emergency situation, but I go forward knowing that if that should happen, I shall at least remember to not inflate my lifejacket while still on the plane.

Advertisements
Tagged , , , , ,

Taking Over…

a-woman-buries-her-face-in-her-hands

Last year, I visited Atlanta Airport seeking an incident report. The airport is a massive place and, after I found a very helpful airport employee, I wound up outside the emergency services offices. Fortunately, the staff was both friendly and helpful and, within minutes, the gentleman I was speaking with was asking his colleague to look up the incident in question in order to provide me with the information I needed for the next steps forward. It all seemed very easy until it wasn’t. His colleague looked at his screen and then stated that something seemed to be going on and his computer was not responding. After trying a few things without success, I was given a phone number to call and follow up. I was to get what I was looking for within the next couple of days.

I left and heard nothing for almost a month, which actually worked out for me because I was traveling a lot and would not have been able to do much with the information. When my call was finally returned, I learned that the reason it had taken so long was that the city of Atlanta had been taken down by a Ransomware attack. The day I was at the airport, was when the attack was happening! Imagine that, I was in the midst of a lot of drama and excitement and had no idea. The only story I have to tell is that I saw a blue screen of death and then it took three weeks for my call to be returned.

I will say this: if anyone is affected by a ransomware attack, my story is probably the best outcome to have. A couple of years ago I shared a story about my friend whose clients were victims of ransomware attacks where $300 to $600 was demanded of them. In that time, ransomware attacks have become more sophisticated and a lot more frequent. Cryptocurrencies have also contributed to the boom because it makes the attackers more difficult to track down. As I wrote in a piece on ransomware, the first known ransomware attack happened in 1989, where the attacker sent floppy disks to attendees at a conference. A program on that disk locked the computer on its 90th restart, demanding $189 of the user for a resolution. The Atlanta ransomware attackers demanded $52,000 (and it took over $2.5 million for the city to recover from the attack). The attackers may ask for what may seem as relatively small amounts when they attack but it adds up. In 2016, ransomware attackers made over $1 billion and that amount climbs every year. In addition to the upfront cost of the ransomware demand, often a victim has to spend a lot of time and money recovering from the attack. I mentioned before that Atlanta spent over $2.5 million and they are not alone. Ransomware damages are predicted to reach $11.5 billion this year.

As you can see from my friend’s experience and that of Atlanta, there is no victim too large or too small for an attack and so it is imperative for all of us to take steps to protect ourselves and do what we can to mitigate any damages should we be attacked.

  • The first easy step is backup, backup and then backup offline. Because I have had backups fail on me, I try to have two backups of information and itis important to make sure that your backup is separate from your computer. In this way, should your computer be attacked, your backup will be someplace else.
  • Then try to use two-factor authentication for your logins. Many applications and websites already insist on this but try to make it a habit for yourself, whether or not someone else is doing it.
  • Update your passwords regularly – yes, it’s a schlep but especially with very regular news about companies being hacked, companies that house your sensitive information and logins, it makes sense to keep changing these.
  • Be careful about opening up emails and clicking on attachments or links in those emails. I know we live in a world with way too many emails and way too little time, but think before you click. If you receive an email you are not expecting, check to make sure that it is a valid email. Just last week, I received an email from a fellow CPA and when I checked with her, it turned out that her email was hacked and was sending out malicious links. If the tone and language of the email are vague or don’t sound like the voice of the person you have dealt with in the past, double-check with the person. It doesn’t take long and can save a lot of pain.
  • Update your software. A lot of ransomware takes advantage of vulnerabilities in software and taking advantage of the fact that many people do not regularly update their software. Set your machine to update automatically, then you don’t even have to think about it.
  • If, unfortunately, you are a victim of a ransomware attack, think on it before you pay. You are dealing with criminals. Although it seems that more often ransomware attackers do restore machines after attacks (it’s better for business, apparently) it is not assured. Often people find that they have no option because they do not have a recovery plan. If you have the option of recovery, it is easier to make the decision on whether or not to take the chance of paying.

Ransomware is on the rise and so it seems that more of us are at risk than before. It is smart to take a few protective steps if only to keep you from taking weeks to return a call.

 

Tagged , , , , , ,

Keep Rolling

gratisography-433H

When I first started running, I was out training, and my knee suddenly buckled in pain. I thought I had broken something, but it turned out that I had IT band syndrome. I tried several approaches to get better. Among these, I would change up my routes so that I was balancing out which leg was favored, I worked to improve my gait and I started foam rolling. No one warned me about that rolling. I think tears sprung to my eyes that first day I foam rolled. I know for sure that I yelped in pain, several times (thankfully I was alone). I couldn’t believe that I was supposed to do this every day, but I had to roll through the pain because I had a race on my schedule and I needed my knee to start working again.

After rolling consistently, I was amazed by how much better everything worked. I was also incredibly relieved that the rolling didn’t hurt so much anymore. I was a foam rolling disciple and whenever anyone told me they were contemplating taking up running, I urged them to also contemplate taking up foam rolling. At a point, I actually found joy in foam rolling. I could get through a rolling session with nary a yelp. It was glorious.

Recently, foam rolling slipped out of my life. After a fall apparently chipped a piece of my knee into non-existence, I could not run at all and I was, instead, focused on weight training to strengthen my knees. At the end of a week of working out, the trainer advised a foam rolling session. I didn’t even think twice; I hadn’t been running, how bad could things be? Painfully terrible, it turns out.

Managing controls in a business works in a similar manner. Sometimes, when a company sets up or has an auditor highlight weaknesses in its control systems, the company will go about creating policies and procedures that address risks and institute controls. At times, with that company, new hires will be given these manuals to read and, if they are lucky, these new employees will receive training. This training will teach the employees about the culture of the company and how to follow policies and procedures, in order to minimize risk within that company. However, how often will that company review its policies and procedures to see if they are relevant to technological advances and new risks that have arisen?

  • How often will the company’s leadership review policies and procedures with existing staff, to ensure that people have not slacked off and are still, for instance, getting the approvals that they are supposed to obtain for transactions?
  • Is anyone checking that reconciliations are occurring monthly (or at whatever frequency has been established) and, once performed, that those reconciliations are being reviewed by the relevant staff?
  • If there is a policy for checks over a certain amount to be signed by two signatories, is anyone reviewing to make sure this is the case?
  • When employees have left the company, have their access to the company’s system been suspended? Once suspended, have their accounts been deleted so that no one else in the company can use them? If they were signatories for bank accounts, has the bank been informed and has the bank removed them from the signatory list?
  • Have the company’s staff received training in how to reduce the risk of phishing?
  • Has the company’s leadership received any training themselves to update them on current risks and to remind them what the policies and procedures of the company are?

These are just a few examples of the many ways in which a company should be regularly checking in and exercising its control muscles. If all you are doing is handing over a manual on day one and assuming that your staff knows what and how they need to do things, you are only setting yourself up for possible pain in the future.

  • Can you be surprised if one of your staff members gets phished and hackers gain access to your company? Think about the pain of finding out that someone pretending to be the CEO sent an email that instructed accounts payable to wire a sizeable amount of money to an offshore account and that accounts payable fell for the scam?
  • If no one is regularly reconciling accounts, can you really be shocked when you discover that an employee has taken advantage of this lack of oversight and embezzled money?
  • If accounts of former employees are not properly suspended and deleted, how will you figure out who has been using them since the former employee left? How will you be able to trace unauthorized transactions?
  • If your company’s leadership is not up to date on policies and procedures, how can they enforce them? At that point, everyone will be just guessing and hoping for the best. Being unprepared and hoping for the best tends to only work out well in the movies.

Maintaining and updating policies and procedures should be a proactive and continuous activity. Speak with a forensic CPA about how to create, institute and regularly review your control systems to reduce risk in your company. It may seem like schlep in the beginning, but having the systems serves a deterrent to those contemplating wrongdoing, it also keeps your staff more educated about how, for instance, they can recognize errors or attempts to suck them into a scam. This can also mean that when something is going awry, it is spotted earlier, minimizing possible losses.

You should be doing this to avoid or, at the very least, minimize any future pain. You don’t want to be like me where incredible pain leads to you even more pain, on the eventual path to healing. Take it from my IT band, proactive is so much better than reactive.

 

Tagged , , , , , , , , ,

Even When You Don’t Want To…

9ea73231-a8e0-4d06-9589-da7f1dc5e372

Linda Kadzombe

Linda was not my friend. I was in high school, sitting in the car, in the school parking lot, with my father, waiting for my little sister to show up. She ran up, with a friend and they stood by the car, smiling and sporting matching nose rings. My father looked up and the two girls, and their matching noses, and exclaimed – “I suppose nose rings are part of the school uniform now.” That is my first significant memory of Linda, who was my sister’s friend. Along with a great group of friends, Linda and I rang in 2000 in Victoria Falls. We talked about the fact that we were both moving the United States and we promised to keep in touch with each other. This vague promise turned into a relationship that the word “friend” does not do justice. With our families far away, we checked in with each other almost every day and often the conversation started this way: “Just checking in. I’m alive.” Once, I called Linda when I stuck in a dress I had ordered online and that I was trying on. She was living in Boston and I was in New York City and yet, she was the first number I thought of dialing. We were travel buddies and talked about becoming the sweet old lady travelers that we often came across during our trips. We shared a love of European chocolate and I was a person she taught, and gave permission, to stab her with an EpiPen should the need arise.

On March 6th, I received a call that had never even drifted into my imagination. While flying back home from an epic vacation with her cousins, Linda passed away. The news was devastating; it still is. At the same time, there was a lot to do. Whether or not you have planned for death, when death happens, there is a lot that needs to be done, not only to put your loved one to rest but also to sort out your loved one’s affairs. Friends and family came together for Linda and, as we navigated various issues, we were frustrated, energized, and touched, often all at the same moment. It made me think about the importance of planning, not only for the workplace, but also for one’s personal life.

The first step is the dreaded will. No one wants to ever think about their mortality but, even when you think you have nothing, you always have enough to put in a will. At the very least, you have your wishes. Even when you think to yourself – oh, I am single, and/or I don’t have children – you still should have a will. Remember that a will is a legal document and you should be sure to comply with the law, or your will may not be accepted as binding. For instance, the rules about whether or not a handwritten will is recognized varies by state. You should also see if your financial accounts can be set up to be transferrable or payable upon death, as this will save survivors the headaches of dealing with probate court. In addition to letting people know what you want done with your stuff, you should also think about how and where you wish to be laid to rest, if that is something that is important to you.

We live in an age of paperless billing and most business being transacted through online accounts. This means that, for many of us, all our accounts have a login and information about accounts and their existence may only exist in our email accounts. To questions about what accounts and liabilities Linda might have, we could only shrug and guess. Dashlane estimates that the average user has 90 online accounts! Consider making a list of your accounts that you will keep safeguarded in a safe, or with a lawyer, if you keep your will with a lawyer. There are various ways in which to work to both safeguard your personal information and also ensure that your accounts are known and closed correctly, after passing.

If you don’t already have it, get life insurance. The policy doesn’t have to be a big one; just enough to cover the costs that may come up due to death. These include:

  • Payment of final expenses;
  • Taking care of your loved ones, if you have loved ones that depend on you;
  • Payment of debts, so that your next of kin are not on the hook for them;
  • Payment of estate taxes

It may seem horribly morbid to talk about death and it is certainly no fun to deal with the affairs of a loved one. In the midst of grief, you don’t want to deal with some of the headaches that can pop up around the administration of everything – dealing with hospitals, funteral homes, airlines or whatever. Fortunately, Linda had an amazing network of people who loved her (and some incredibly kind strangers who saved the day more than once). All worked hard to get her home and laid to rest near her family. We also were able to spend a lot of quality time with friends and family that we had long promised to spend time with you. You know how that happens – next week, next month or next summer turns into ten years. However, through it all, we had a lot of figuring out how to do something or where to find things because we had never even thought about navigating this terrain.

Take some time to think about what you have and what you want done about it. Talk to your loved ones and tell them to make plans, if they have not already. Remember that it is never too early to plan and, unfortunately, often too late.

Tagged , , , , , , ,

One Team, One Dream

 

Pyeongchang Olympics Cross Country Men

The Winter Olympics are going on and I am filled with joy. From the opening ceremony until the end, I am inspired over and over again. Just the other day, Ester Ledecka, from the Czech Republic, won a gold medal, on skis she borrowed from USA’s Mikaela Shiffrin. Athletes, representing their countries, come together to compete against each other while, at the same time, showing incredible sportsmanship, teamwork and support of each other. Four skiers from so-called “tropical” or “exotic” nations (Colombia, Morocco, Portugal and Tonga), who were among the last to finish, waited for the last athlete, from Mexico, to finish. They cheered him across the finish line and raised him in exultation. How incredible is all that?

Since I stepped out and started my own company, I have been spending a lot of time alone. Honestly, even though I was working in offices, my last few positions had me working mostly on my own. Seriously, I could go for weeks without talking to anyone about what I was working on. I would sometimes wonder if anyone cared. I started working on a project a few months ago and I am being reminded how powerful a great team can be.

Modern offices are designed to have more interactions among people – offices are more open, there are games set up in the office and people can hang out on couches. Imagine that, comfortable furniture in the office. With all of that, though, I am finding that the real trick to interaction and successful communication at work sits with the people. I have been in open office spaces where, for days on end, people say barely a word to each other. I have walked down hallways where the person heading towards me will risk breaking their neck by looking anywhere but at me – the horror of a greeting is strong, apparently. The Inner Auditor kept me thinking about the priority of people in a business and on a team.

In the work that we do, we are often under pretty stressful conditions – clients are almost never happy to see us, we have tight deadlines and we are often trying to make sense of things that don’t make sense to the people doing those things. Each of us is incredibly busy and run the risk of keeping our heads down just get through everything assigned to us, while staying within budget. With that kind of pressure, the temptation is high to just put our head down, plug in our earphones and only engage when absolutely necessary. I am sure that approach can get the job done but I know, without a doubt, that the structure of the team that I worked with ensured that we excelled.

We did not choose our team, but I ended up working with three incredible women who have made me better at what I do and how I do it. I believe that we all agree that we have benefitted from our experience together. Each member of the team has a knowledge strength and is more than willing to share what they know and help us get a little stronger too. Even as deadlines have loomed and hours have stretched, our team has prioritized wellbeing. We have been taking time to read more, laugh more and talk to family and friends more. Because our team has come together on these various levels, we are also able to communicate the difficult information that comes up during our work. Sometimes, a person may come across information that will either upset the client or lead to more work. Sometimes a person may realize that they missed something. In these cases, if communication is not good, that person may choose to remain silent. Instead team members may end up spending energy on hiding issues and hoping that they are not discovered. That is never a good thing. Not only did our team feel comfortable about bringing up the issues, we were always willing to brainstorm and work together to resolve them.

Although this may sound like I am seriously crushing on my awesome team (which I am) it is also a great lesson in the incredible value of having a team that is talking to each other and working together in order to produce great work. In an office where no one is talking, and people are not interacting, how long do you think it will take to realize that something is wrong? If people view saying good morning as something to be avoided at all costs, who are they going to tell when they think the person in the cubicle next to them is doing things that they shouldn’t? If people are not talking about what their fellow work mates are doing, how are they to know who to turn to for assistance and will they even feel comfortable approach Janice who barely grunts when they come across each other in the office’s common space? And then, when fraud or error is found at the company, can you really be surprised that it took as long as it did for it to be discovered?

The time you take to get to know the people you are working comes with benefits that are worth far more than that time. It takes more than knocking down walls and providing great coffee. We spend a lot of time talking and reading about the impact of communication. We know this in theory but how often do we put energy into putting this into practice? I know that each one of us stepped outside our comfort zones in order to get to our Dream Team status. Each one of us made a conscious effort to reach out and share of ourselves. Each one of us was determined to produce exceptional work and communication was a key element of achieving that. I have been inspired by these women that I have worked with. I have laughed, been moved and been brave with them.  I shall be truly sad when this project is over and eternally grateful for the great experience. #OneTeamOneDream

Tagged , , , , , , , , , , , ,

Three Words for 2018? We Got This!

IMG_2843

Over the last week, I have been thinking about 2018. I don’t know about you, but 2018 snuck up on me. One moment I was caught up in the day-to-day of 2017 and the next moment 2018 was just a couple of weeks away! After my initial panic, I thought – well, it’s great because I get to think of my three words. Three words? Well, if you haven’t been on this journey with me before, I shall explain. In 2012, I met and was inspired by Tom Hood and he introduced me to the Three Words approach, which came from Chris Brogan. At the start of every year, now, I sit and think about what three words I would like to guide me through that year. During the year, I come back to those words, to help center, direct and motivate me. Over the last few days, I have thought about how to make this work better for me, and I determined that I must display these words to remind me, even when I am not thinking about being reminded, to move me when I feel stuck and to hold me accountable. I say this in part because, 2017 was a challenging year for me and I found that I often lost track of my guiding lights. Involved in, and sometimes overwhelmed by, the moment, I often forgot to even look for my words. Putting the words everywhere, will go a long way to keeping me mindful of that.

Last year, I started looking back over my year and I have found this to be a great way to assess how things went and to help me set my intentions for 2018. My three words:

Imagine. This is the first word that came to me. During 2017, in part through work and volunteering with the New York State Society of CPAs and the AICPA, I have had some truly new experiences. I have learnt how to play poker and how poker skills can benefit me in the workplace; I have worked with a team to consciously inch towards better health – physically, emotionally, and spiritually – and that has included laughing more and skating in Byrant Park; I have collaborated with incredible people and presented in various spaces, from a national conferences to a college campus. During the year, I have been involved in conversations that have opened my eyes, that have ventured into spaces that are often afraid to even tiptoe into, that have renewed my hope when things have seemed bleak. I have often reminded myself to listen and to hear because that is when I find the moments that hit me hard and that get me to imagine and those moments are incredible. When we imagine, and step outside of what we know, we can find brilliance, we can find understanding and, just as important, we can also see and revise the not so great. In 2018, I want to imagine without fear of where my imagination will lead me. I want to imagine and be okay with when what I imagine doesn’t always work out. I also want to make sure that I make the time and space for my imagination. Back in 2015, I tried to create space for me to be bored, which is a big part of creating the space for imagination and, as the exercise stated, brilliance. It did free my mind in great ways and, looking back and looking at now, I know I need a lot more boredom in my life. And I still haven’t finished my Starry Night jigsaw puzzle!

Innovate. During 2017, I listened and took part in conversations about change. The conversations were about artificial intelligence (AI) about blockchain (and cryptocurrencies, like Bitcoin) and about cybersecurity. Other conversations were about what diversity, inclusion, and belonging mean and if and why it is important. We had conversations about what to do about all the change happening in our professions, in our world and in our lives. We talked about how we react to it and how we can embrace, be ahead of and even create greatness out of all the change. Beyond the conversations, we brainstormed and tried new things. We looked at the new approaches other took and ran with them. I spend a lot of time looking at challenges and how, sometimes, people take the same approach to resolving them and see minuscule results. As much as we tout how “change is good”, it is a human thing to resist changing the status quo. During this year, I want to innovate. I want to collaborate and brainstorm and determine to try something new. I want to embrace the difficult conversations, appreciate and improve upon feedback and, on my part, provide truly constructive feedback. I want to remember the power of synergy and never forget that the best innovations come through a community of people sharing, listening and taking risks.

Act. My third word came to me after I wrote and thought about my 2017 look back. When it comes to training, I have established and go with what gets me to success. If I have a race, I print up a daily timetable that includes rest days, cross training days and exactly what I shall do on each day (distance, goals, tempos if needed). The night before every training, I put out exactly what I am going to wear on the day and I determine my route. I think about and take away all my excuses so that, when I wake up, I just do exactly as planned and that gets me a step closer to where I need to go. I keep my schedule on the wall and tick off each day as I go along. During 2017, I often did not apply this approach. As a result, especially where I felt the stakes were high, I became adept at getting cold feet, at second-guessing myself and at putting things off until I decided it was too late to do them. There are many reasons why this happened but knowing the reasons and doing nothing about them is not helpful. I am going to do more acting in 2018. To help me do this, I am going to find the ways to take away my excuses, and I am also going to be more realistic about what I can get done, so that I don’t end up doing many things in a mediocre manner that only serves to disappoint me and others. I also must remember to be kinder to myself when I act and to see the power in action. I must remember that it is through action that I can bring value and have impact.

Before diving into 2018, I want to take a moment and meditate upon my previous three words:

2013 – Change, Discover & Motivate
2014 – Transform, Pursue & Collaborate
2015 – Receptive, Synergy & Service
2016 – Learn Fear & Community
2017 – Embrace, Persevere & Monchu

Several years ago, I went to Hawaii with friends and decided to take surfing lessons. I was a couple of months out of surgery and hesitated before I went out – I wasn’t at full strength, everyone else was going on a fun outing and I would be doing this solo, as no one else was interested. But, I had been thinking about taking a surfing lesson and I had told my surfing neighbor (who ultimately became my husband) that I was going to take a lesson and that made me feel accountable. During the lesson, I fell countless times, I scraped my knee and sometimes even got to the point where I was able to ride a wave while kneeling on the board. Then, I stood, and rode, and didn’t fall off. It was glorious and totally worth every fall, and the skin missing from my leg. When I finally fell off the board, I rose out of the water with a victorious yell! It is this that I must remember – it is a journey but it can only happen if I Imagine, Innovate AND Act.

Happy and wordy 2018 to you! Please share with me – what are your words for 2018?

Tagged , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Fare Thee Well!

IMG_1800

“2017 was an intense year”. That’s the news alert that I received on 26 December. You’re not kidding me! – that was my response. This year has been a more challenging year than I expected it to be. Last year, I decided to do a year in review. Looking back helped me think more about my plans for the future. I have decided to do the same thing again. It is important to take stock. Without that, how can one think about the future?

As the year began, I decided to deal with minor health issues that turned out to be way more tedious and drawn out than I ever expected. Something that I thought would not take much time at all ended up lasting through July. What a drag. A trip that my husband and I had been planning, to visit my grandmother, was postponed. Then, on 10 June, my grandmother passed away. It was devastating news and made more so because, being in the midst of my own treatments, I could not travel for her funeral. The silver lining in this was that I discovered something I had never known. My family in Zimbabwe shared the above photo and I was stunned to see just how much I look like my grandmother.

Despite the challenges that came with the new year, I was honored and excited to be an instrumental part of a new committee with the New York State Society of CPAs – the Diversity & Inclusion Committee. It has been an eye-opening and insightful year, working to provide programming to our members to improve diversity & inclusion in our profession and to have frank and enlightening discussions and events around the topic. I have had fun times with members and those who have attended events and I like to think that, one little step at a time, we are making progress.

I have continued with the cello lessons that I started a year ago. I have woken up on Saturday mornings, exhausted after a long week at work, drained and not looking forward to the long drive back to downtown Brooklyn and the horror that is looking for a parking spot. However, once I get into class, I find joy. Our cello instructor started an adult orchestra and I have already had two recitals. A year ago I was learning how to play “Twinkle, Twinkle” and that was an important milestone. A couple of weeks ago, our orchestra played the theme to Jurassic Park AND I played a solo!! I’m no Yo-yo Ma (and never plan to be) but I always welcome the opportunity to work my brain and heart in new ways. I believe it makes me a better person, a happier person and a much better CPA!

I have continued to be inspired by high school and college students. These interactions renew my energy to work to build the pipeline to our profession – there is so much incredible talent out there and some of that talent should be a part of our profession. I speak with young people who are full of passion and promise and it fills me with joy!

I spoke at the AICPA’s Forensic & Valuation Services Conference. I met an incredible range of fellow professionals and came away feeling as though my brain had expanded a little bit. Every year, I look forward to sharing thoughts and insights and learning from Forensic & Valuation professionals and this year did not disappoint.

During the year, something I struggled to do was run. A couple of years ago, while taking out the trash, I tripped over a concrete block in my parking lot and fell, hard. I fell hard enough to fracture my leg and spent several months in a brace. As I failed to make a comeback, I went to see a doctor and found out that I had a torn meniscus. I closed out the year a procedure to fix the meniscus. That is all sorted out, but it turns out that, through that fall, where I wasn’t even running away from a rabid raccoon, I managed to do more damage to my knee that may need to be sorted out. The sad part of this is that I have been told to give up running. Honestly, I was gutted. Running has become a large part of who I am. My runs are my quiet time, they are my meditation and my medication. I have run through a Times Square that is cleared of traffic and pretended that I am trying to escape zombies. I have run through all five boroughs of New York City, during the marathon, and found delight and strength from those lining the route. To be told, “no more” is a difficult thing to swallow. I keep faith that I shall find new adventures and hold the secret (not so much now) hope in my heart that I shall run again.

  • I skated in Bryant Park and even let go of the railing!
  • I spent time with friends and family at the beach (I live here now!)
  • I went to an interactive screening of The Big Lebowski. There were a lot of bathrobes and even more spandex.
  • I have met new people who have made my life better.
  • I continue to be extremely grateful for all those I have known, who have given me hope, joy and support, sometimes even when they don’t realize they are doing so.

Yes, 2017 was a year with pain and disappointment but 2017 was also a year of inspiration and joy and it is important to see the progress that we have made, the work that has been done and the relationships that have been formed and built upon. I am ready for next year because I know I have great things to carry forward with me.

It is two days before 2018 – a year that will bring the Winter Olympics and the FIFA World Cup! I already have three words for 2018 – Bring It On!!!

Tagged , , , , , , , ,

Oh, Not So Much Fun…

ice-sculpture-1935357_1920

On Christmas day, I was chatting with my niece, during family celebrations. My phone buzzed and I saw a notification that she had just sent me a message. That was truly odd, because, as I mentioned, we were chatting and, unless she was using her telepathic skills, she was not texting at the same time. Nevertheless, I asked her if she had sent me a message. She looked at me as though I had lost my mind, but double checked her phone and shrugged. It wasn’t me, she said and carried on with her day. Since she was engaging with people and not her phone, and because we were having a fun time with family, I decided that the likely bad news could wait.

I attended a talk earlier in the year where the speaker told us – There are two types of people: those who have been hacked, and those that don’t know it yet. By the time we got home, my niece had gone from being in the latter group to being a panicked person in the former. Often, a person finds out that they have been hacked when, as happened to my niece, their contacts complain about spam messages that they have received from that person. However, more and more often, people don’t know that they have effectively been hacked because the party hacked is a company that is holding people’s information.

In 2017, the most notorious example was, on 17 September, when the credit reporting agency, Equifax was hacked. Initially, the information was that about 143 million people might have been impacted. However, that number has climbed and what kind of information was accessed was vague. When people tried to check with Equifax, they often got different responses each time that they tried. Also, as the months have gone by, the number of people impacted has climbed. If Yahoo! is anything to go by, who knows what the final count will be. The best advice to take right now, is to assume you have been impacted and to take preventative steps and, if you have not already done so, freeze your credit with all four of the major credit reporting agencies.

What is unsettling about how companies announce that they have been hacked is how long it takes for the news to come out. Equifax claimed that it discovered their breach at the end of July but they only made a public announcement in the middle of September. It was only in October 2017 that Yahoo announced that all of its accounts were hacked in 2013. That’s not a typo; they are telling us that if you had Yahoo, Flickr, Tumblr, or any other account owned by Yahoo, you were hacked in 2013. What is anyone supposed to do with that information, four years later? This is worse than a “Look out for falling ice” sign. In November, we found out that Uber had been hacked in 2016 and that the company had opted to pay off the hackers to destroy the information and keep the hack quiet.

The big takeaway is that it may be a while before anyone lets you know that you have been hacked and, unless you live completely off the grid, it is smart, and safe, to assume that you have been hacked. That said, there are steps that you can take to try to minimize the damage that can be caused by hacking:

  • Freeze your credit with the major credit bureaus. Learning about the Equifax breach was especially frustrating because people do not choose to share their information with the credit bureaus. I rolled my eyes at a headline that referred to “customers” being compromised. The best one can do right now (beyond not having a credit history of any kind) is to try to limit how much information gets out.
  • Check your credit regularly. Do this at least quarterly, to make sure that cards have not been opened in your name and without your permission. Annual Credit Report is the only website, authorized by federal law to provide you with a free credit report from a credit reporting agency every twelve months. A great way to spread out the checking over the year is to get a report from one of the agencies every 4 months (instead of getting all three in one fell swoop).
  • Use two factor authentication. This gives extra security over only using a password. The most common method of two factor authentication is having a company send you a text with a unique code, before you can complete logging into an account.
  • Don’t click on every link you come across. If you receive an email with a link and it is not something you have been expecting (and sometimes even if it is something you have been expecting) don’t click on a link because it is there. Check the email to make sure you recognize where the message is coming from.
  • If you trust the link and have clicked on it, still be careful about what information that you share. If you start to feel as though a company is asking for too much – either over the phone or through a website, stop sharing information. Find out, independently, if you really need to share that information and, again, make sure you know who you are sharing your information with and why.

Try to include these in your list of New Year’s resolutions. It won’t stop you from being hacked but at least, it may improve your chances of finding out about it early and taking appropriate steps.

Tagged , , , , , , , , ,

Something’s Not Right

306H

When I was just heading into my teenage years, something was not right. Not with me, but with my mother. It was unsettling for me and then miserable. It was difficult enough to be heading into my teenage years but my mother was not helping by being off.

First of all, she began to act out of character. She would come home from work and ask for a glass of water with lots of ice in it. You may not see anything wrong with that, on the face of it, but it was plenty odd because my mother never drank glasses of water with lots of ice in them. And now she wanted a glass every night. To make things even more stressful for us, each glass was closely examined and if it was not perfect – not enough ice, water somehow looked cloudy, the glass was not perfectly polished – one of us kids would have to get a new glass and make sure that it was perfect this time.

Then there was the language. My mom started using new slang. For all I know now, she may have started hanging out with a new lunch buddy and picked up some phrases from this new friend. But, along with the water, this new language mom was freaking me out. It was truly odd. But the breaking point came, for me, one Saturday morning. I was following my mother around the house and she watered and spoke to her many, many plants. This was totally in character so that gave me some comfort and was likely the reason why I was hanging about with her that morning. Then I noticed that her dress didn’t quite fit. It was tight on my mom and that was, once again, out of character for her. What was going on?

That thought was still with me as I spent time alone that afternoon. What was going on? Well, after an afternoon of pondering, I had narrowed it down to two options. Either my mother was having an affair or she had been abducted by aliens and they had left an imposter alien in her place. My two options seemed to be the only options that made sense to me at the time – I had friends at school whose parents were going through divorce. Something about our conversations made me think that divorcing parents did not act like themselves. But, if it wasn’t divorce, it could only be aliens. I blame Star Trek for getting me to believe that my mother could be abducted and a poor replica, that wasn’t quite the same size and betrayed itself with its weird speech patterns and love of ice, be left in her place. Both options were devastating for me; either way I was losing my mother and that filled me with despair. I even cried a little that afternoon.

Fortunately for my state of mind, just that week, as though she knew what was going on with me, my mother broke the news. She was pregnant (some may say I was sort of right about the alien in her body). What a relief!

It turns out that, despite all the clues that I noticed, I came to a completely wrong conclusion about what was causing the changes in my mother. Fortunately all my wrong conclusions led to was an afternoon of sadness and tears. In the work place, the consequences of taking data, red flags and other clues to incorrect conclusions can be far more costly. A classic example is that of Rita Crundwell, who defrauded the city of Dixon of over $53 million. The people who worked with her saw that she had a growing stable of quarter horses and was often traveling far and wide with these horses. They assumed that the horses paid for themselves and more and this was how she could afford to keep them. People in the horse world, who knew that horses cost more than they made, thought that she had some kind of trust fund that paid for her extravagant lifestyle. When Rita would not let anyone do her work, or even collect her mail, they thought she was being a great treasurer who diligently controlled her city’s budget. No one saw all the clues and thought she was embezzling money.

If someone was paying attention to the clues and knew how to analyze all the red flags that Rita Crundwell left in her wake, her fraud would never have lasted for the two decades that it did. If, for instance, the city had taken on the services of a forensic CPA to analyze, design and implement control systems and to help them with fraud prevention and deterrence, they may not have lost over $53 million to Crundwell.

This is an excellent reminder of how important it is to have a CPA, with experience and qualifications in financial forensics, to analyze and assess your business’s operations and finances to see what clues are there and what those clues really mean. You may notice that things are amiss, but how willing are you to accept how expensive coming to the wrong conclusion can be for you?

Tagged , , , , , , , , , , , ,

If Lost… Then What?

img_1715.jpg

At the end of May, I was on my way to an event, when a flash of pink on the sidewalk caught my attention. I stopped and realized that I was looking at a small square of leather. I bent down, picked it up and turned it over in my hands. It was a wallet with a MetroCard, some credit and debit cards and a driver’s license in it. I pulled out the license, looked it over, and walked over to the restaurant that was a few feet away from where I had just found the wallet. I must have made a few people nervous, staring at them and then down at the license, to see if anyone there resembled the photo. No luck. I then pulled out my phone and tried a few quick searches, online, to see if I could figure out how to contact this woman. Her name was more common than I imagined; several options came up and none appeared to be her. Yes, her license had an address on it but, the license had been issued several years earlier and people in New York City can move around quite a bit, in search of amenities such as a view, an elevator or affordable rent. As I was running late, I decided to go to my event and put my search off until later. On my way, I spotted a parked police car. I got excited, thinking that I may be able to hand over the wallet, but the excitement faded when I got close to the car and found that there was no one sitting in it.

When I got home and had more time to do so, I hunted down the woman whose wallet I had found and delivered it to her. Even if she had cancelled her cards, I am sure she was happy to get her stuff back – who knows maybe her MetroCard still had 29 days of use left on it. That experience reminded me of a time, years ago, when someone stole my handbag at the airport. I was livid that someone had invaded my space and even stood yelling, in the terminal, for the thief to just take my cash and give me back my stuff. Suffice to say, that did not happen. I did, fortunately, have a kind gentleman give me money to get the train back home. However, a few weeks later, my phone rang and it was the airport, calling to tell me that my bag had been found. They had been able to contact me because I happened to have a dry-cleaning slip in my wallet, and my phone number was on it. I was lucky that I had that slip in my bag but these two events really got me thinking about recovery plans, not just in business, in other aspects of our lives.

With a wallet, for instance, you can keep a business card in the wallet, or put a small card in your wallet with an email address and/or phone number so that, should you be unlucky enough to lose the wallet and a kind stranger picks it up, they can contact you and figure out how to get it back to you. It is an easy thing to do and could be hugely useful. It doesn’t even have to be your usual email address, if you have fears about your inbox being inundated by unwanted email, you can create an email address that you keep for moments such as this.

We never think that we will either lose our stuff or have it stolen from us but it can happen to any of us. It can be personal or it can be a business loss, such as a system crash, or theft and, in all cases, having a recovery plan will go a long way to make recovery less stressful and less expensive. If, at this very moment, you lost everything on your computer, what would you do? Does the thought give you heart palpitations because you would lose very important data, with no way of getting it back? Would you have to shell out a lot of money and spend valuable time working to try to recover everything? Would you wonder whether or not your business could survive such a loss? If this thought is a scary one to you, you should be thinking about sitting down with trusted professionals, to create and put a comprehensive protection and recovery plan in place. You should review various scenarios, even if you think it wouldn’t happen to you. Things to consider when doing this:

  • Are you backing up your data on a regular basis? Automating this process is a great way to make sure that it happens – you don’t want it to all depend on your remembering to do it.
  • Where are you keeping your backups? Do you keep a backup offsite and unconnected to your current system? You don’t want your backup corrupted, should your system go down.
  • Are you checking the integrity of your backups? It isn’t helpful to think you have been creating backups and find out, when you need the backup, that the process was not occurring.
  • Now that you have backups, do you have a recovery plan? Do you know what you are going to do should things go awry? Does your staff know? Do you have the plan in writing and in a space where it can be easily accessed? Have you trained your staff in this recovery process?

There are people who are well-trained in helping you create a backup and recovery plan and that can start with your CPA. You want someone who has experience and knowledge regarding best practices that are practical, useful and effective.

We are humans who work with technology that we have built and we must, therefore acknowledge that we are not infallible and we must therefore create, review and update our contingency plans. And that plan can never just be relying on the kindness of strangers.

Tagged , , , , , ,
Advertisements