Tag Archives: advice

Nobody’s Perfect

stockvault-fortune116480

Barings Bank was the United Kingdom’s oldest merchant bank and the second oldest merchant bank in the world. In 1992, the bank sent 25-year-old Nick Leeson to be the general manager at its new office in Singapore. During that first year there, Leeson made unauthorized trades that earned Barings £10 million in profits. The bank should have had a system where one person was a trader, and another was double-checking and then authorizing these trades. Instead, Leeson did everything with no checks and balances. Yes, these trades were unauthorized, but they made the bank a lot of money and so, instead of nipping the unauthorized trades in the bud, Barings paid Leeson a massive bonus and labeled him a rising star. Things changed very quickly, and Leeson started losing money on his trades. Instead of reporting his losses, Leeson hid them in a suspense account, that he created and tried, unsuccessfully, to recoup his losses. He would then hide those losses in this suspense account as well. By the end of 1994, the losses stood at £208 million. In February of 1994, Leeson left a note stating, “I’m sorry”, and fled Singapore, leaving Barings Bank with £897 million in losses (equivalent to $1.4 billion). Barings Bank could not recover from those losses and, after being in business since 1762, collapsed and was bought by ING for £1.

The story of Barings Bank and Nick Leeson is like one of those puzzles where you circle the ten things wrong in a picture – there are that many problem areas and weaknesses that led to the downfall that we could revisit this story many times for lessons. Today we shall focus on Nick Leeson hiding his bad bets. Initially, Leeson made errors and miscalculations on some trades that he made and lost money from those errors. From some of the accounts from Leeson, it is implied that mistakes were not looked upon kindly. Leeson claimed that he first opened the suspense account in which he hid losses after a colleague lost £20,000 after making an error herself. Instead of either one of them reporting the error, they decided to hide this error from leadership. Nick Leeson then went on to hide more of his trading errors here, thinking, in the manner of a gambler, that he could gain the money he had lost back, and his bosses would never find out what he was doing.

I thought about Nick Leeson this week because I am reading Principles by Ray Dalio. In it, he tells the story of how his employee Ross, who was in charge of trading at the time, forgot to make a trade and that cost the business “several hundred thousand dollars”. Dalio tells us that, with such a costly error, he could have dramatically fired Ross and “set the tone that mistakes would not be tolerated. Instead, Dalio recognized that mistakes happen to us all the time, he himself had made mistakes so large that he had essentially lost his business at some point. Dalio’s approach, which is an approach that I am a huge fan of and have tried to follow for a long time, is to think about what to learn from mistakes and how to improve things to minimize the chances of those mistakes happening again, or at least how to minimize their impact should they occur. As I have written before, Dalio recognized that punishing Ross for his mistake would likely result in other people working hard to hide any errors. Dalio saw that would cost his business a lot more in the long run. At his firm, Bridgewater, Dalio and Ross created an error log where errors were tracked and addressed. Instead of people getting into trouble for making mistakes, they would get into trouble when they didn’t report mistakes.

With Leeson (and Barings Bank) and Dalio in mind and the different outcomes that have resulted from their approaches to dealing with mistakes is very telling. One person brought down the second oldest merchant bank and the other has what is considered to be the fifth most important private company in the United States. Some things to keep in mind when considering how to manage responses to errors in your business:

  • Create an environment where everyone is comfortable reporting errors that they have made. Be explicit with this, both in what you say and how you respond.
  • When you discover a mistake, take the time to look, with your team, into how this mistake might have been avoided or recognized and resolved earlier. An example is, with a missed trade, it is likely that Dalio and his team looked at the process and sought to put in checks to make sure that there were others aware of the trade, checking to make sure the trade was made and having a way to check in with Ross to make sure he had not forgotten.
  • Review your systems to see where there are checks and balances and if especially important areas are not put on one person. Make sure that someone else is checking – we all make mistakes and that is why there is a checking system. Not to make us feel bad about ourselves but in recognition of our humanness.
  • Have open discussions about errors and get input from all levels on how to avoid or detect errors. At the leadership level, you may come up with a system, but you may find that staff find that process cumbersome, don’t stick with it and errors can go undetected for a while. And if an error has not even been detected, it can’t be reported.

These are just a few things to think about but the most important part is creating an environment that is open to communication, not just about success, but about the things that have gone wrong. You should think about making the environment open for the hard conversations the priority because it is simple to report and celebrate success but failure and error are what kill our business. With that in mind, are there situations that you have found yourself in where either you or someone on your team made a mistake? How did you respond, how did others respond, and how did things turn out?

Tagged , , , , , , , , , ,

Just In Case

stockvault-journey190946

 

I’m that person. Next to you on the plane. Pulling out that safety booklet and reading it, from beginning to end. I’m that person. Listening attentively while the flight attendants go through their entire routine, from how to buckle and unbuckle your seatbelt, to the reminder to not inflate your lifejacket until you are outside the plane. Every time, I’m that person. I look around for the nearest exit and sometimes do a mental calculation of my best route there. I check in the booklet to see where my lifejacket is supposed to be and I sometimes feel about to make sure that the booklet is correct. As often as I have flown, I take the time to go through the process and remind myself of what I know and to see if there is something I have missed in the past or a new instruction that may have been added.

Sometimes I wonder if it’s a bit much. However, recently when a plane in New York City made an emergency landing, video taken by a passenger showed that many people on that plan had no idea how to operate the lifejackets and way too many of them had inflated their lifejackets while still inside the plane. This may have been related to panic during a stressful situation but, from looking around me during the pre-flight safety instruction session, it seems the bigger issue is that most passengers just don’t pay attention. There are more interesting or pressing matters that command our attention and, specifically for those who fly often, we are likely lulled into an arrogance of the familiar. We have done this many times before, we must know exactly what’s up at this point. It may be only on that rare occasion of an emergency that we realize that it is ha been so long since we paid attention to the instructions that we now have a very vague idea of what to do.

Many businesses will have a company policy, code of conduct and operations manual and include training. When a new employee starts with a company there is often some kind of onboarding process that includes either training sessions or handing over a policies and procedures manual or a combination of the two. In addition to sharing with the employee how the employee should go about doing their job, the training and manuals should also include what should be done when things go awry. These instructions should be clear, and employees must know not only what to do but also who to go to for guidance when things are not right. Employees must also know who to inform and the various levels of leadership that this information should go through. If there is no protocol, an employee will not know who to take a problem to and those who are told may not know what to do with the information. You don’t want to be that company in the news admitting that people noticed an issue early on but that the information did not make its way to the right people to manage it.

In addition to the initial training, companies should remind employees often. This can be performed in-person, in an online session or through other messaging, like posters around the company. It is dangerous and foolish to believe that employees will remember their week of training or the contents of a manual years into employment, especially during the first week at a company an employee is not yet familiar with the day to day workings of that company. When a crisis hits, you don’t want to be the person being told, “You should have known what to do. We told you during your initial training, ten years ago.” You especially don’t want to be the person asking a coworker why they can’t remember that old training – honestly, what do you remember from ten years ago?

Thinking about your business, take steps to:

  • Include in your training, what a person should do when something is wrong, who they should report to and options for anonymous reporting, in case the matter is sensitive, and an employee might fear retaliation for reporting.
  • Make sure that your training is clear and easy to understand and follow up with employees to make sure that they have understood and retained the training.
  • Have a non-retaliation policy at your company, for people who report wrongdoing and errors. This policy must be something your business takes seriously.
  • Have a disaster recovery policy that you revisit and update regularly. Make sure your employees are familiar with the policy so they know what they are responsible for doing.
  • Have important policy information displayed around the office, to remind employees what is expected of them.
  • Perform regular training updates of your employees so that you are not relying on ten-year-old memories.

It takes me only a couple of minutes to get through the safety brochure and some airlines put time and energy into creating engaging and fun pre-flight safety videos that are actually fun to watch. I hope I am never in a flight emergency situation, but I go forward knowing that if that should happen, I shall at least remember to not inflate my lifejacket while still on the plane.

Tagged , , , , ,

Taking Over…

a-woman-buries-her-face-in-her-hands

Last year, I visited Atlanta Airport seeking an incident report. The airport is a massive place and, after I found a very helpful airport employee, I wound up outside the emergency services offices. Fortunately, the staff was both friendly and helpful and, within minutes, the gentleman I was speaking with was asking his colleague to look up the incident in question in order to provide me with the information I needed for the next steps forward. It all seemed very easy until it wasn’t. His colleague looked at his screen and then stated that something seemed to be going on and his computer was not responding. After trying a few things without success, I was given a phone number to call and follow up. I was to get what I was looking for within the next couple of days.

I left and heard nothing for almost a month, which actually worked out for me because I was traveling a lot and would not have been able to do much with the information. When my call was finally returned, I learned that the reason it had taken so long was that the city of Atlanta had been taken down by a Ransomware attack. The day I was at the airport, was when the attack was happening! Imagine that, I was in the midst of a lot of drama and excitement and had no idea. The only story I have to tell is that I saw a blue screen of death and then it took three weeks for my call to be returned.

I will say this: if anyone is affected by a ransomware attack, my story is probably the best outcome to have. A couple of years ago I shared a story about my friend whose clients were victims of ransomware attacks where $300 to $600 was demanded of them. In that time, ransomware attacks have become more sophisticated and a lot more frequent. Cryptocurrencies have also contributed to the boom because it makes the attackers more difficult to track down. As I wrote in a piece on ransomware, the first known ransomware attack happened in 1989, where the attacker sent floppy disks to attendees at a conference. A program on that disk locked the computer on its 90th restart, demanding $189 of the user for a resolution. The Atlanta ransomware attackers demanded $52,000 (and it took over $2.5 million for the city to recover from the attack). The attackers may ask for what may seem as relatively small amounts when they attack but it adds up. In 2016, ransomware attackers made over $1 billion and that amount climbs every year. In addition to the upfront cost of the ransomware demand, often a victim has to spend a lot of time and money recovering from the attack. I mentioned before that Atlanta spent over $2.5 million and they are not alone. Ransomware damages are predicted to reach $11.5 billion this year.

As you can see from my friend’s experience and that of Atlanta, there is no victim too large or too small for an attack and so it is imperative for all of us to take steps to protect ourselves and do what we can to mitigate any damages should we be attacked.

  • The first easy step is backup, backup and then backup offline. Because I have had backups fail on me, I try to have two backups of information and itis important to make sure that your backup is separate from your computer. In this way, should your computer be attacked, your backup will be someplace else.
  • Then try to use two-factor authentication for your logins. Many applications and websites already insist on this but try to make it a habit for yourself, whether or not someone else is doing it.
  • Update your passwords regularly – yes, it’s a schlep but especially with very regular news about companies being hacked, companies that house your sensitive information and logins, it makes sense to keep changing these.
  • Be careful about opening up emails and clicking on attachments or links in those emails. I know we live in a world with way too many emails and way too little time, but think before you click. If you receive an email you are not expecting, check to make sure that it is a valid email. Just last week, I received an email from a fellow CPA and when I checked with her, it turned out that her email was hacked and was sending out malicious links. If the tone and language of the email are vague or don’t sound like the voice of the person you have dealt with in the past, double-check with the person. It doesn’t take long and can save a lot of pain.
  • Update your software. A lot of ransomware takes advantage of vulnerabilities in software and taking advantage of the fact that many people do not regularly update their software. Set your machine to update automatically, then you don’t even have to think about it.
  • If, unfortunately, you are a victim of a ransomware attack, think on it before you pay. You are dealing with criminals. Although it seems that more often ransomware attackers do restore machines after attacks (it’s better for business, apparently) it is not assured. Often people find that they have no option because they do not have a recovery plan. If you have the option of recovery, it is easier to make the decision on whether or not to take the chance of paying.

Ransomware is on the rise and so it seems that more of us are at risk than before. It is smart to take a few protective steps if only to keep you from taking weeks to return a call.

 

Tagged , , , , , ,

Keep Rolling

gratisography-433H

When I first started running, I was out training, and my knee suddenly buckled in pain. I thought I had broken something, but it turned out that I had IT band syndrome. I tried several approaches to get better. Among these, I would change up my routes so that I was balancing out which leg was favored, I worked to improve my gait and I started foam rolling. No one warned me about that rolling. I think tears sprung to my eyes that first day I foam rolled. I know for sure that I yelped in pain, several times (thankfully I was alone). I couldn’t believe that I was supposed to do this every day, but I had to roll through the pain because I had a race on my schedule and I needed my knee to start working again.

After rolling consistently, I was amazed by how much better everything worked. I was also incredibly relieved that the rolling didn’t hurt so much anymore. I was a foam rolling disciple and whenever anyone told me they were contemplating taking up running, I urged them to also contemplate taking up foam rolling. At a point, I actually found joy in foam rolling. I could get through a rolling session with nary a yelp. It was glorious.

Recently, foam rolling slipped out of my life. After a fall apparently chipped a piece of my knee into non-existence, I could not run at all and I was, instead, focused on weight training to strengthen my knees. At the end of a week of working out, the trainer advised a foam rolling session. I didn’t even think twice; I hadn’t been running, how bad could things be? Painfully terrible, it turns out.

Managing controls in a business works in a similar manner. Sometimes, when a company sets up or has an auditor highlight weaknesses in its control systems, the company will go about creating policies and procedures that address risks and institute controls. At times, with that company, new hires will be given these manuals to read and, if they are lucky, these new employees will receive training. This training will teach the employees about the culture of the company and how to follow policies and procedures, in order to minimize risk within that company. However, how often will that company review its policies and procedures to see if they are relevant to technological advances and new risks that have arisen?

  • How often will the company’s leadership review policies and procedures with existing staff, to ensure that people have not slacked off and are still, for instance, getting the approvals that they are supposed to obtain for transactions?
  • Is anyone checking that reconciliations are occurring monthly (or at whatever frequency has been established) and, once performed, that those reconciliations are being reviewed by the relevant staff?
  • If there is a policy for checks over a certain amount to be signed by two signatories, is anyone reviewing to make sure this is the case?
  • When employees have left the company, have their access to the company’s system been suspended? Once suspended, have their accounts been deleted so that no one else in the company can use them? If they were signatories for bank accounts, has the bank been informed and has the bank removed them from the signatory list?
  • Have the company’s staff received training in how to reduce the risk of phishing?
  • Has the company’s leadership received any training themselves to update them on current risks and to remind them what the policies and procedures of the company are?

These are just a few examples of the many ways in which a company should be regularly checking in and exercising its control muscles. If all you are doing is handing over a manual on day one and assuming that your staff knows what and how they need to do things, you are only setting yourself up for possible pain in the future.

  • Can you be surprised if one of your staff members gets phished and hackers gain access to your company? Think about the pain of finding out that someone pretending to be the CEO sent an email that instructed accounts payable to wire a sizeable amount of money to an offshore account and that accounts payable fell for the scam?
  • If no one is regularly reconciling accounts, can you really be shocked when you discover that an employee has taken advantage of this lack of oversight and embezzled money?
  • If accounts of former employees are not properly suspended and deleted, how will you figure out who has been using them since the former employee left? How will you be able to trace unauthorized transactions?
  • If your company’s leadership is not up to date on policies and procedures, how can they enforce them? At that point, everyone will be just guessing and hoping for the best. Being unprepared and hoping for the best tends to only work out well in the movies.

Maintaining and updating policies and procedures should be a proactive and continuous activity. Speak with a forensic CPA about how to create, institute and regularly review your control systems to reduce risk in your company. It may seem like schlep in the beginning, but having the systems serves a deterrent to those contemplating wrongdoing, it also keeps your staff more educated about how, for instance, they can recognize errors or attempts to suck them into a scam. This can also mean that when something is going awry, it is spotted earlier, minimizing possible losses.

You should be doing this to avoid or, at the very least, minimize any future pain. You don’t want to be like me where incredible pain leads to you even more pain, on the eventual path to healing. Take it from my IT band, proactive is so much better than reactive.

 

Tagged , , , , , , , , ,

One Team, One Dream

 

Pyeongchang Olympics Cross Country Men

The Winter Olympics are going on and I am filled with joy. From the opening ceremony until the end, I am inspired over and over again. Just the other day, Ester Ledecka, from the Czech Republic, won a gold medal, on skis she borrowed from USA’s Mikaela Shiffrin. Athletes, representing their countries, come together to compete against each other while, at the same time, showing incredible sportsmanship, teamwork and support of each other. Four skiers from so-called “tropical” or “exotic” nations (Colombia, Morocco, Portugal and Tonga), who were among the last to finish, waited for the last athlete, from Mexico, to finish. They cheered him across the finish line and raised him in exultation. How incredible is all that?

Since I stepped out and started my own company, I have been spending a lot of time alone. Honestly, even though I was working in offices, my last few positions had me working mostly on my own. Seriously, I could go for weeks without talking to anyone about what I was working on. I would sometimes wonder if anyone cared. I started working on a project a few months ago and I am being reminded how powerful a great team can be.

Modern offices are designed to have more interactions among people – offices are more open, there are games set up in the office and people can hang out on couches. Imagine that, comfortable furniture in the office. With all of that, though, I am finding that the real trick to interaction and successful communication at work sits with the people. I have been in open office spaces where, for days on end, people say barely a word to each other. I have walked down hallways where the person heading towards me will risk breaking their neck by looking anywhere but at me – the horror of a greeting is strong, apparently. The Inner Auditor kept me thinking about the priority of people in a business and on a team.

In the work that we do, we are often under pretty stressful conditions – clients are almost never happy to see us, we have tight deadlines and we are often trying to make sense of things that don’t make sense to the people doing those things. Each of us is incredibly busy and run the risk of keeping our heads down just get through everything assigned to us, while staying within budget. With that kind of pressure, the temptation is high to just put our head down, plug in our earphones and only engage when absolutely necessary. I am sure that approach can get the job done but I know, without a doubt, that the structure of the team that I worked with ensured that we excelled.

We did not choose our team, but I ended up working with three incredible women who have made me better at what I do and how I do it. I believe that we all agree that we have benefitted from our experience together. Each member of the team has a knowledge strength and is more than willing to share what they know and help us get a little stronger too. Even as deadlines have loomed and hours have stretched, our team has prioritized wellbeing. We have been taking time to read more, laugh more and talk to family and friends more. Because our team has come together on these various levels, we are also able to communicate the difficult information that comes up during our work. Sometimes, a person may come across information that will either upset the client or lead to more work. Sometimes a person may realize that they missed something. In these cases, if communication is not good, that person may choose to remain silent. Instead team members may end up spending energy on hiding issues and hoping that they are not discovered. That is never a good thing. Not only did our team feel comfortable about bringing up the issues, we were always willing to brainstorm and work together to resolve them.

Although this may sound like I am seriously crushing on my awesome team (which I am) it is also a great lesson in the incredible value of having a team that is talking to each other and working together in order to produce great work. In an office where no one is talking, and people are not interacting, how long do you think it will take to realize that something is wrong? If people view saying good morning as something to be avoided at all costs, who are they going to tell when they think the person in the cubicle next to them is doing things that they shouldn’t? If people are not talking about what their fellow work mates are doing, how are they to know who to turn to for assistance and will they even feel comfortable approach Janice who barely grunts when they come across each other in the office’s common space? And then, when fraud or error is found at the company, can you really be surprised that it took as long as it did for it to be discovered?

The time you take to get to know the people you are working comes with benefits that are worth far more than that time. It takes more than knocking down walls and providing great coffee. We spend a lot of time talking and reading about the impact of communication. We know this in theory but how often do we put energy into putting this into practice? I know that each one of us stepped outside our comfort zones in order to get to our Dream Team status. Each one of us made a conscious effort to reach out and share of ourselves. Each one of us was determined to produce exceptional work and communication was a key element of achieving that. I have been inspired by these women that I have worked with. I have laughed, been moved and been brave with them.  I shall be truly sad when this project is over and eternally grateful for the great experience. #OneTeamOneDream

Tagged , , , , , , , , , , , ,

Oh, Not So Much Fun…

ice-sculpture-1935357_1920

On Christmas day, I was chatting with my niece, during family celebrations. My phone buzzed and I saw a notification that she had just sent me a message. That was truly odd, because, as I mentioned, we were chatting and, unless she was using her telepathic skills, she was not texting at the same time. Nevertheless, I asked her if she had sent me a message. She looked at me as though I had lost my mind, but double checked her phone and shrugged. It wasn’t me, she said and carried on with her day. Since she was engaging with people and not her phone, and because we were having a fun time with family, I decided that the likely bad news could wait.

I attended a talk earlier in the year where the speaker told us – There are two types of people: those who have been hacked, and those that don’t know it yet. By the time we got home, my niece had gone from being in the latter group to being a panicked person in the former. Often, a person finds out that they have been hacked when, as happened to my niece, their contacts complain about spam messages that they have received from that person. However, more and more often, people don’t know that they have effectively been hacked because the party hacked is a company that is holding people’s information.

In 2017, the most notorious example was, on 17 September, when the credit reporting agency, Equifax was hacked. Initially, the information was that about 143 million people might have been impacted. However, that number has climbed and what kind of information was accessed was vague. When people tried to check with Equifax, they often got different responses each time that they tried. Also, as the months have gone by, the number of people impacted has climbed. If Yahoo! is anything to go by, who knows what the final count will be. The best advice to take right now, is to assume you have been impacted and to take preventative steps and, if you have not already done so, freeze your credit with all four of the major credit reporting agencies.

What is unsettling about how companies announce that they have been hacked is how long it takes for the news to come out. Equifax claimed that it discovered their breach at the end of July but they only made a public announcement in the middle of September. It was only in October 2017 that Yahoo announced that all of its accounts were hacked in 2013. That’s not a typo; they are telling us that if you had Yahoo, Flickr, Tumblr, or any other account owned by Yahoo, you were hacked in 2013. What is anyone supposed to do with that information, four years later? This is worse than a “Look out for falling ice” sign. In November, we found out that Uber had been hacked in 2016 and that the company had opted to pay off the hackers to destroy the information and keep the hack quiet.

The big takeaway is that it may be a while before anyone lets you know that you have been hacked and, unless you live completely off the grid, it is smart, and safe, to assume that you have been hacked. That said, there are steps that you can take to try to minimize the damage that can be caused by hacking:

  • Freeze your credit with the major credit bureaus. Learning about the Equifax breach was especially frustrating because people do not choose to share their information with the credit bureaus. I rolled my eyes at a headline that referred to “customers” being compromised. The best one can do right now (beyond not having a credit history of any kind) is to try to limit how much information gets out.
  • Check your credit regularly. Do this at least quarterly, to make sure that cards have not been opened in your name and without your permission. Annual Credit Report is the only website, authorized by federal law to provide you with a free credit report from a credit reporting agency every twelve months. A great way to spread out the checking over the year is to get a report from one of the agencies every 4 months (instead of getting all three in one fell swoop).
  • Use two factor authentication. This gives extra security over only using a password. The most common method of two factor authentication is having a company send you a text with a unique code, before you can complete logging into an account.
  • Don’t click on every link you come across. If you receive an email with a link and it is not something you have been expecting (and sometimes even if it is something you have been expecting) don’t click on a link because it is there. Check the email to make sure you recognize where the message is coming from.
  • If you trust the link and have clicked on it, still be careful about what information that you share. If you start to feel as though a company is asking for too much – either over the phone or through a website, stop sharing information. Find out, independently, if you really need to share that information and, again, make sure you know who you are sharing your information with and why.

Try to include these in your list of New Year’s resolutions. It won’t stop you from being hacked but at least, it may improve your chances of finding out about it early and taking appropriate steps.

Tagged , , , , , , , , ,

If Lost… Then What?

img_1715.jpg

At the end of May, I was on my way to an event, when a flash of pink on the sidewalk caught my attention. I stopped and realized that I was looking at a small square of leather. I bent down, picked it up and turned it over in my hands. It was a wallet with a MetroCard, some credit and debit cards and a driver’s license in it. I pulled out the license, looked it over, and walked over to the restaurant that was a few feet away from where I had just found the wallet. I must have made a few people nervous, staring at them and then down at the license, to see if anyone there resembled the photo. No luck. I then pulled out my phone and tried a few quick searches, online, to see if I could figure out how to contact this woman. Her name was more common than I imagined; several options came up and none appeared to be her. Yes, her license had an address on it but, the license had been issued several years earlier and people in New York City can move around quite a bit, in search of amenities such as a view, an elevator or affordable rent. As I was running late, I decided to go to my event and put my search off until later. On my way, I spotted a parked police car. I got excited, thinking that I may be able to hand over the wallet, but the excitement faded when I got close to the car and found that there was no one sitting in it.

When I got home and had more time to do so, I hunted down the woman whose wallet I had found and delivered it to her. Even if she had cancelled her cards, I am sure she was happy to get her stuff back – who knows maybe her MetroCard still had 29 days of use left on it. That experience reminded me of a time, years ago, when someone stole my handbag at the airport. I was livid that someone had invaded my space and even stood yelling, in the terminal, for the thief to just take my cash and give me back my stuff. Suffice to say, that did not happen. I did, fortunately, have a kind gentleman give me money to get the train back home. However, a few weeks later, my phone rang and it was the airport, calling to tell me that my bag had been found. They had been able to contact me because I happened to have a dry-cleaning slip in my wallet, and my phone number was on it. I was lucky that I had that slip in my bag but these two events really got me thinking about recovery plans, not just in business, in other aspects of our lives.

With a wallet, for instance, you can keep a business card in the wallet, or put a small card in your wallet with an email address and/or phone number so that, should you be unlucky enough to lose the wallet and a kind stranger picks it up, they can contact you and figure out how to get it back to you. It is an easy thing to do and could be hugely useful. It doesn’t even have to be your usual email address, if you have fears about your inbox being inundated by unwanted email, you can create an email address that you keep for moments such as this.

We never think that we will either lose our stuff or have it stolen from us but it can happen to any of us. It can be personal or it can be a business loss, such as a system crash, or theft and, in all cases, having a recovery plan will go a long way to make recovery less stressful and less expensive. If, at this very moment, you lost everything on your computer, what would you do? Does the thought give you heart palpitations because you would lose very important data, with no way of getting it back? Would you have to shell out a lot of money and spend valuable time working to try to recover everything? Would you wonder whether or not your business could survive such a loss? If this thought is a scary one to you, you should be thinking about sitting down with trusted professionals, to create and put a comprehensive protection and recovery plan in place. You should review various scenarios, even if you think it wouldn’t happen to you. Things to consider when doing this:

  • Are you backing up your data on a regular basis? Automating this process is a great way to make sure that it happens – you don’t want it to all depend on your remembering to do it.
  • Where are you keeping your backups? Do you keep a backup offsite and unconnected to your current system? You don’t want your backup corrupted, should your system go down.
  • Are you checking the integrity of your backups? It isn’t helpful to think you have been creating backups and find out, when you need the backup, that the process was not occurring.
  • Now that you have backups, do you have a recovery plan? Do you know what you are going to do should things go awry? Does your staff know? Do you have the plan in writing and in a space where it can be easily accessed? Have you trained your staff in this recovery process?

There are people who are well-trained in helping you create a backup and recovery plan and that can start with your CPA. You want someone who has experience and knowledge regarding best practices that are practical, useful and effective.

We are humans who work with technology that we have built and we must, therefore acknowledge that we are not infallible and we must therefore create, review and update our contingency plans. And that plan can never just be relying on the kindness of strangers.

Tagged , , , , , ,

Cheating Mysteries

Cheating-feature-photo2

When I first started running long distance, my goal was to run the New York Marathon. After I completed the Chicago Marathon, things changed a little. Of course I still held my breath every year, hoping to make it into the New York Marathon. But I also had another distant dream – qualifying for the Boston Marathon. It was a distant dream because I would need to run a qualifying time in order to get into Boston and my pace at that time was nowhere near one that would get me into Boston. Over the last few years, my pace has improved and qualifying for Boston has become a more attainable dream. Over the years, I have also come to know more runners and have found that many of us aspire to qualify. I know I am always in awe of a person who has qualified for Boston – it is no mean feat.

With the line of work that I am in, I should not have been surprised, but I was, when I read a recent Runner’s World piece about people who cheat to get into the Boston Marathon. I wanted to run the New York Marathon because I was inspired by the runners who ran past my block, the runners who would touch all five boroughs that make up the city that I call home. I enjoy running races in cities and towns that I have never been to, as I find it a great way to visit and discover new places. When I think about Boston, I don’t necessarily think about running the race itself. The power of Boston, for me and for many that I speak with is in what it takes to qualify. That is the challenge. So, when I read about people who cheated by getting someone else to run a qualifying time in their place, or by cutting a course, I was baffled. Where is the joy in telling someone that you achieved something that you didn’t or that you had someone achieve on your behalf? When I speak with fellow runners, I tend to speak with like-minded people who are just as baffled as I am.

This article reminded me that just because one cannot understand the motivations of a cheater, it does not mean that the cheating will not happen. The fact that many of us cannot understand this motivation is exactly what those that cheat bank on. If no one can imagine how or why someone would fake qualifying for the Boston Marathon, the chances are high that a person will get away with faking in order to qualify for the Boston Marathon. This is something that we all should be mindful of, beyond the realms of the Boston Marathon. Way too often, a business owner or manager will forgo instituting checks and balances in their company, because that business owner can’t imagine that anyone that works for them could be the kind of person that would defraud them.

It is important to take steps to keep from being blindsided by your world view. Precisely because you can’t imagine how a person could behave in a fraudulent manner is why you should seek out the services of a forensic accountant, whose job it is to both imagine how a person could defraud you and how to prevent and detect such actions. We all hope that people will be honest, but it is a sad truth that for various reasons, people will cheat. In the context of the Boston Marathon, perhaps some people feel that they are so close to a qualifying time that a little cheat is not such a bad thing. Maybe some people hunger for praise, even if they have not earned it. Maybe some people just don’t think it is a big deal to cheat in order to get into Boston and see it as a victimless crime. In the context of a business, some people may face personal pressures that they feel push them to fraud. Some people may feel that they are not sufficiently appreciated by their employer and may, therefore, feel justified in taking from that employer. No one is immune from the pressures or motivations that lead to fraud, but what we can do is take steps to make it as difficult as possible to be defrauded.

 

Tagged , , , , , , , , , , ,

The Best! The Worst!

New-York-Marathon

Today is marathon Sunday in New York City and, for years now, I have lived less than a block from the marathon route. It is one of the most exciting days of the year for me and I love walking down to the end of my block to join the over one million spectators who line the 26.2-mile route to cheer on the runners. All too often, New Yorkers are thought of as people who just don’t care about others. Per the stereotype, it’s just keep out of our way, don’t look us in the eye and don’t do anything that will slow us down and we won’t have any problems. Marathon day is a day when I am reminded that the city is a city full of people who do things like come out to cheer and high-five strangers as those strangers test their bodies and spirits. I love it.

There are moments, such as the marathon, that bring out the best in people. Disasters, as sad as they may be, also bring out the best in people. People come out and give time, money and other resources to help those in need. Tragically, disasters also tend to bring out the worst in some people. Some among us see disasters as a great opportunity to take advantage of others, for personal gain. Some of the fraudsters are blatant in their unscrupulous ways because they are targeting the desperate among us. A current example is the migrant crisis in Europe, where refugees, seeking to escape dangers at home, will give up all their resources in the hopes of reaching a safer place. Instead, some hand over money to greedy criminals who then lead them into more danger and, sometimes, even death.

Other fraudsters are more slick in their strategies to profit from the suffering of others. In recent months, natural disasters such as fires and tropical storms, have left many in the United States needing assistance. Just in October, while communities in South Carolina were struggling to recover from flooding damage, warnings were being sent out because of an influx of fake charities. These counterfeit charities, preying on the generosity of those wishing to do something to help the displaced and impacted, were taking people’s money and doing nothing to help those in need. Just a couple of days ago in New York, a company agreed to pay a settlement of $700,000 for pretending to collect secondhand clothing to help charities. Instead, this company sold the clothing, paid almost nothing to the charities and made profits of over $10 million dollars, it is estimated.

Because, even in situations where we should be helping others, there are those who are looking to help themselves at the cost of those around them, it is important to be vigilant.

  • It was Halloween yesterday and parents were checking to make sure that the treats that their kids collected were safe for consumption. Yes, people may appear to be doing good things, but it is only smart to make sure that everything is above-board.
  • Even though it may seem like a drag, check up on who you are giving your money or time to.
  • The name may sound familiar, but make sure it really is who you think it is.
  • If you feel uncomfortable about something, it is okay to say no. There are many opportunities to give back to those in need and you will find the opportunity where you are sure that what you are doing is benefitting those who need it.
  • Don’t give your personal information to anyone.
  • If you believe that you have been scammed, contact your local authorities and report it.

Giving is a vital part of what makes us communities. Just make sure that you are giving to the right people and not the unscrupulous scammers around. You know, like that obnoxious person in the neighborhood who decides that they just have to cross the street as the runners are passing by. Don’t give that guy the time of day.

Tagged , , , , , , ,

While We Are Making Plans

surprise

Because I live in the Northeastern part of the United States, I have become one of those people who lives for the brief summer months. There are only a few brief months of warmth and sunshine (and, often, humidity) in which to have a fun life. There are outdoor shows, there is the beach, there are picnics and that’s just a small sliver of all that needs to be done before the cold and darkness return. In my case, I had also signed up for a half marathon, to be run in the middle of October. Summer was my chance to keep on running and build my endurance and distance. When I run, I run on streets and have to deal with cracks in the sidewalk, people getting in my way and traffic. I am always on the lookout to stay safe and not hurt myself. So, in addition to all the stretching and foam rolling (never enough) that I do in order to prevent injury, on top of all of the careful calibration of distance that I do so that I don’t hurt myself by doing too much too soon, I am also keeping a watchful eye on every step that I take in order to keep myself safe and sound during my run.

Well, on a bright and sunny Sunday morning, at the beginning of August, I stepped out of my apartment building and into the parking lot, armed with a whole lot of recycling to put out. The next thing I knew, I had tripped over something (turned out to be a concrete block) and I was stumbling. The recycling flew out of my hands and the first thought that I had was, “this better not mess with my running”. In an attempt to break my fall, I jammed my leg into the ground and a sharp pain shot up my leg. I crumpled, in my mind, elegantly to the ground. It turns out that for all my measures to protect my body, all it took was taking out the trash in order to fracture my knee. I ended up with my knee in a brace and using a cane (that I still have). Throw in a surgery that I had in September and it turns out that this summer was not the summer I had imagined at all. An acquaintance said to me that life is what happens while we are making plans.

Most people business owners, similarly, spend a lot of time and invest a lot into protecting their businesses from most expected challenges. Depending on the size and complexity of the business, this will range from control systems to detect and prevent fraud and waste, to various reports that business owners and management use to monitor how the business is doing. The question that stands though is, what are business owners and management doing to deal with the unexpected or the events that they hope will never happen? Does the business have a disaster recovery plan? Has the business taken steps to encourage tips that will help uncover weaknesses in control systems and catch fraud and waste? Does the business know what it will do when fraud and waste are uncovered? Yes we make plans and take precautions, but are we ready to deal with what happens when the unexpected happens? Are we ready for, you know, life?

Tagged , , , ,