Category Archives: Risk Management

Here’s How I Changed My Driving Habits in 21 Days

I previously detailed the painful experience but happy end results of my recent vehicle incident.

But that was not the best part of the story. The best part was the life-changing experience of changing my mindset and actions behind the wheel.

Continue reading

How an Accountant can Add Value Beyond Number Crunching

Recently I was describing the job of an accountant to a friend. I explained that many people view accountants as “bean counters” or “number crunchers.” Tracking transactions and reporting on a company’s financial condition are certainly important aspects of an accountant’s job. However, accountants have many more opportunities to add value.

To illustrate, consider a situation involving a hypothetical Acme Co. transacting business with Supplier Co.:

  • Supplier Co. typically purchases any raw materials needed to fulfill orders and then converts them into finished goods. However, due to unique economic factors, Acme agrees to pay for raw materials to be delivered to Supplier. In essence, Acme’s payment (though not directly to Supplier but to a company that supplies Supplier) functions as a type of “deposit” or “prepayment.” Acme fronts some of the expense of the goods prior to taking ownership of them.
  • In turn, Supplier is to convert the raw materials into finished goods and deliver them to Acme.
  • As part of the arrangement, Supplier has agreed to reduce its selling price per unit (which originally included the cost of the raw materials) in order to compensate for Acme having paid for the materials up front.
  • Suppose that Supplier encounters problems producing the finished goods. Perhaps some of the raw materials were defective or wasted. For whatever reason, Supplier delivers fewer units than Acme’s original order. 
  • This presents several challenges for Acme. First, Acme must determine how much it recouped of the cost of raw materials and how much it expended but did not recoup due to the shortage. Second, Acme must clearly detail to Supplier how the shortfall of units delivered hindered Acme from recovering its costs for the raw materials. If Acme paid for enough raw materials to produce 1,000 widgets but only 800 were delivered, Acme missed out on recovering 200 widgets worth of costs.

Enter the accounting and finance group. By staying alert to the ramifications of the short shipment — i.e., the failure to recover the cost of the raw materials that were paid to produce 1,000 rather than 800 widgets — the accountants can prepare analysis to detail the effects of the shortfall. The accountants can also work to negotiate with Supplier to provide a credit on a future order or to send payment to help Acme recover the shortfall.

Assuming Supplier values Acme’s ongoing business and wants to avoid legal problems, a clear and detailed analysis by Acme’s finance and accounting group could help Acme recover the “lost” funds.

I was once involved in a circumstance very similar to this. It was very rewarding to see the fruit of my efforts when the business I worked for received a payment from its supplier due to the shortage of units shipped.

Note that I would advise, whenever possible, avoiding prepayments and deposits or paying for supplies up front. However, sometimes these commercial arrangements are difficult to avoid depending on the nature of the industry and a host of other factors. When a company gets into a situation like Acme’s, the accountants need to exercise “situational awareness” and understand the ramifications for the business. The accountants can create value by driving the process of analyzing the shortfall and helping to negotiate for recouping funds from the supplier.

Recovering funds that rightfully belong to the business and avoiding wasteful spending can add value in much the same way as making sales and bringing in revenue for the business. This goes beyond traditional “bookkeeping” or financial analysis and reporting. The key is to exercise good stewardship and fulfill fiduciary obligations by treating the business’ money as if it were your own.

Don’t Abuse Trust and Discredit Your Profession

We have all heard of disappointing scenarios when leaders abuse trust, fail in their fiduciary responsibilities, and discredit themselves and their professions. Financial professionals who commit fraud certainly fall into this category. Other examples include religious leaders who deceive trusting and devoted followers through fraud or abuse. Doctors, lawyers, teachers, and other professionals are not exempt from abusing trust and discrediting themselves.

In circumstances that involve abuse of trust, it is appropriate for such professionals to reap the consequences of their actions (legal, financial, and otherwise) and to find other lines of work that don’t involve fiduciary responsibilities. It is one thing to “mess up” and to learn a lesson from mistakes due to incompetence. A professional career might be salvageable in this situation. It is another matter altogether to actively use deceit and manipulation to abuse the trust that others placed in you.

Particularly troubling in these abuse of trust situations, the fraud and deceit go beyond ordinary commercial transactions in which the buyer and seller are expected to beware as a matter of course (i.e., “caveat emptor” and “caveat venditor“). It’s one thing for a buyer to “pull the wool” over a seller’s eyes (or the other way around). However, professionals who deceive actively abuse trust that others formally place in them due to their positions.

Financial professionals are expected to be competent and trustworthy. Credentials such as the Certified Public Accountant (CPA), Certified Management Accountant (CMA), Certified Financial Analyst (CFA), and Certified Treasury Professional (CTP), require training and compliance in ethical codes of conduct.

The word “credential” implies credence or trust. A credible person, whether certified by a professional body or not, follows ethical standards and consistently performs competently to demonstrate reliability and gain trust.

Moreover, financial professionals have fiduciary responsibilities to their principals. This means that professionals must guard their principals’ interests and exercise due diligence as if the resources they are stewarding were their own.

CPAs are required to avoid “acts discreditable to the profession.” These include, but are not limited to, acts such as breaching confidentiality, illegally harassing or discriminating in employment practices, negligence in financial record keeping and reporting, and failing to follow proper accounting and tax standards. Additionally, fiduciaries are expected to avoid actual or perceived conflicts of interest.

Take your professional ethical and fiduciary responsibilities seriously. Many people are relying on you. You don’t want to give yourself and your profession a bad name by breaching this trust. Know the rules of ethics, and resolve to live by them. Be prepared in advance to appropriately and decisively respond if you ever receive pressure to diverge from the ethical high road.

Four Pitfalls to Avoid in Decision Making

I first encountered Chip and Dan Heath’s writings when I listened to the audio book of Made to Stick several years ago. I was fascinated by their insights regarding influence and persuasiveness summarized by the SUCCES acronym: Simplicity, Unexpectedness, Concreteness, Credibility, Emotions, and Stories.

The Heath brothers also authored Decisive: How to Make Better Choices in Life and Work in which they lay out four principles with the WRAP acronym for avoiding pitfalls in decision making:

  1. Widen your options. This helps avoid the pitfall of “narrow framing.” It is all too easy to engage in the fallacy of “either/or” rather than recognizing a variety of potential approaches. Usually there are more than one or two choices. Rather than framing a decision as yes or no, either/or, consider small experiments and in-between steps to open a range of options. This reminds us of the insight from Getting to Yes regarding creatively inventing options that can satisfy all parties in a negotiation. Also, creativity and options can give you walkaway power to help you avoid bad situations and ripoffs.
  2. Reality test your assumptions. This helps to avoid the pitfall of “confirmation bias.” Rather than only seeking information that serves your preconceived notions, step back for a dose of reality. Make sure that you consider various scenarios, pros and cons, and sources of evidence. Even (and especially) if the evidence points away from your initial assumptions and inclinations, carefully evaluate and revisit your decision process.
  3. Attain some distance. Don’t let irrational feelings and short-term thinking lead you toward a wrong decision. You have to know yourself and understand your tendencies and weaknesses. Perhaps you are impulsive. On the opposite end of the spectrum, perhaps you suffer from fear or analysis paralysis. The Heath brothers recommend stepping back and asking yourself, “What would I tell my best friend to do in this situation?” I like to seek out counsel from others who are more experienced, or if I don’t have that luxury for some reason, I try to analyze what advice a “wise” person might give me.
  4. Prepare to be wrong. This helps to avoid the mental and emotional pitfall of overconfidence. Sure, we all want to be right. We want to “believe in ourselves.” However, if we’re honest, we have to admit that our decisions don’t always turn out like we were expecting. The authors suggest developing a “tripwire” that would trigger the decision-maker to reassess the decision and make appropriate adjustments. Actively evaluate decisions, make changes, and learn from mistakes.

Decision making can stretch us to our mental and emotional limits at times, but understanding the pitfalls and applying the Heath’s sound advice can make the process more smooth and enjoyable.

Five Ways to Develop Business “Street Smarts”

Are “book smarts” or “street smarts” more important? Although there is a place for both, we can tend to err on one side or the other. Young professionals with high GPAs tend to be noted for their “book smarts.” Several years into their careers they discover the necessity of developing “street smarts” that some of their peers might have come by more naturally.

Early in my career I tended to trust people and share a lot about myself. Perhaps, I reasoned, if everyone laid all their cards on the table, it would be easy to figure out how to create win-wins.

Do you notice any problems with this approach?

For example, in one of my early jobs I played a team-based game of business strategy that involved negotiation, sharing information, and trading. Much to my unpleasant surprise, I learned that not everyone shared my approach of making helpful information readily available. (Imagine that!) I learned that, although win-wins are often needed in order for people to advance, ultimately people are more interested in their own success than in mine.

Gratefully, getting a dose of reality can shake deluded idealism from a person fairly quickly.

Over time I learned that some of my assumptions, behaviors, and habits were flawed or at least needed tempered with a dose of realism. There is a place for being savvy or “street smart” — for example, “knowing how to close a sale, when to walk away from a deal, when to remain silent, and how to select winners as employees or colleagues.”

Whether street smarts are skills or attitudes, learned or inborn traits, a financial professional who aspires to a position of organizational leadership should seek and develop these attributes.

Here are five categories of street smarts drawn from Dr. Tony Alessandra:

  • Heightened awareness – Understand your surroundings and don’t allow yourself to be blindsided. Military and law enforcement personnel utilize a “color code of mental awareness” that ranges from “condition white” (total oblivion) to “condition red” (all-out fight). In the context of business, finance professionals do well to routinely maintain “condition yellow” (comfortably alert to one’s surroundings). To put it simply, don’t be paranoid but do watch your back and maintain situational awareness.
  • Confidence – I wrote previously about the importance of confidence, the role of preparedness in boosting confidence, and seven ways to develop confidence.
  • Healthy skepticism – Take measures such as getting your agreements in writing so that people don’t take advantage of you. I wrote previously about professional skepticism, which is an officially recognized and required mindset within the audit profession.
  • Resourcefulness – Be quick, persistent, prepared, flexible, adaptable, and connected.
  • Risk-taking – Choose when to accept, avoid, reduce, or share risks. Don’t let fear hold you back, but learn from you mistakes.

Learn the theories. Develop “book smarts.” But never underestimate the importance of lessons from the “school of hard knocks.” Develop discernment and become increasingly savvy by carefully analyzing your experiences for lessons learned.

A Brief How-To Guide for Avoiding White Collar Prison

We are all familiar with examples of high level financial executives who landed in white collar prison due to their indiscretions. Think of Enron, WorldCom, and Madoff as just a few examples. How can these situations be prevented?

I wrote previously about the fraud triangle and followed up with a post about a model that expands this from three to five elements. Organizations can do their best to hire people who do not have the pressure to commit fraud or the desire to rationalize fraud. However, the bottom line factor that organizations can directly manage, largely through internal controls, is reducing the opportunity for theft, irregular financial reporting, and other frauds.

Although an organization’s management has the primary role of preventing opportunities for fraud, each employee can prevent the temptation of committing fraud by mitigating pressures and overcoming rationalizations.

Of course, one’s ultimate career goals, as well as ethical responsibilities, go well beyond staying out of white collar prison. So here are some tips for avoiding getting anywhere close to the line of unethical or illegal activity:

  • Eliminate the pressure to commit fraud by having your own financial house in order. This applies on at least two fronts. First, your temptation or pressure to steal from an organization will be reduced if live within your means and keep your debt levels low. Employees sometimes are driven to cross the line by having personal financial pressures. Secondly, if you encounter a situation in which someone pressures you to commit financial reporting fraud, you can more easily say “No!” and walk away from your job (and paycheck, bonus, and stock options) if you have savings in the bank and low personal debt levels.
  • Eliminate the opportunity to commit fraud by making yourself accountable. A value-adding financial professional will undertake implementation of sound internal controls. Top financial executives are not “above the law,” and they should demonstrate this by the tone they set through words, actions, and patterns of behavior. Some well known frauds have been perpetuated because senior management exempted itself from internal control standards.
  • Eliminate the rationalization to commit fraud by maintaining your integrity. Have nothing to hide. Make good on your promises. Draw a personal “line in the sand” that you will be unwilling to cross even if pressures and opportunities arise. Create options and alternatives for yourself in order to gain walkaway power. Be ready to take decisive action rather than hesitating and giving yourself time to rationalize what you know is a fraudulent course of action.

Again, go beyond the aspiration to avoid white collar prison. Maintain the highest levels of ethics and integrity. I will explore models of ethical decision making and behavior in future installments.

17 Principles to Safeguard Assets and Ensure Organizational Effectiveness

One of my favorite aspects of being a financial professional is knowing that others on the management team and in my organization are relying on me. I am expected to handle key functions within the business, and if I do my job well I can contribute integrally to the organization’s success. This can provide a constant sense of urgency but also a rewarding feel of satisfaction and significance.

Among the not so glamorous yet important features of an organization’s structure are internal controls. Accountants are expected to implement sound measures to safeguard assets and reasonably ensure that management’s objectives are achieved toward effective operations, reliable financial reporting, and legal and regulatory compliance.

Even if this sounds boring, take consolation in the fact that your organization’s survival and success depends on it.

The Committee of Sponsoring Organizations (COSO) first released its Internal Control-Integrated Framework in 1992. This document defined internal control and provided accompanying standards. Over twenty years later the framework is still highly relevant.

In May of 2013 changes were made that kept the core intact and added, among other things, seventeen principles to help with implementation of the framework in light of changes over the years. A recent article in The CPA Journal discusses these seventeen principles as organized under the five categories of internal control within the COSO framework.

    • Control Environment

1) Commit to integrity and ethical values – this largely entails setting an effective “tone at the top.”

2) The independent Board of Directors should oversee internal control – among other things, objectively evaluate managers and ask appropriate questions.

3) Establish appropriate authority, responsibility, and reporting structures.

4) Attract, develop, and retain the right talent to achieve objectives.

5) Hold employees individually accountable for fulfilling organizational objectives.

    • Risk Assessment

6) Be able to identify and assess risks by having first formulated objectives with sufficient clarity.

7) Identify and analyze risks throughout the organization to determine how they should be managed – choose whether to accept, avoid, reduce, or share risks.

8) Consider potential fraud risks, including misappropriation of assets and alteration of records, that could deter the organization from achieving its objectives.

9) Be ready for changes, including within the external environment, business model, or leadership, that could impact the internal control system.

    • Control Activities

10) Mitigate risks to acceptable levels by choosing and implementing appropriate control activities.

11) Technology is a special category of importance for implementing control activities that help enable the organization to achieve management’s objectives.

12) Policies establish expectations and procedures put these policies into action in order to deploy control activities.

    • Information & Communication

13) Support internal control functions with relevant and timely information – capture data, transform it into information, and protect its availability and accessibility to appropriate parties.

14) Communicate internally regarding internal control objectives and responsibilities.

15) Communicate with appropriate external parties regarding internal control, carefully considering the timing, audience, and nature of the communication.

    • Monitoring Activities

16) Have ongoing evaluations to determine whether internal controls are working effectively.

17) Communicate internal control deficiencies to senior management and the board of directors so that they can timely take corrective action.

In short, internal controls help management set a proper tone, define organizational objectives, and run the business effectively. A leadership-oriented financial professional who wants to be indispensably valuable within an organization should study and understand how to effectively choose, implement, and monitor internal controls on an ongoing basis.

Poetry and Art for the CFO: Twelve Elements

Are you left or right brained? Analytical or emotional? A number cruncher or a poet?

Although it might run counter to our initial assumptions, CFOs are expected to go “beyond the numbers” and manage key aspects of the business as a whole. We have seen the importance of understanding technology and operations, among other factors not directly related to number crunching.

Very critical is the CFO’s role in dealing effectively with people and relationships. A CFO needs to be approachable. To become CFO material, a finance professional needs to develop habits of ambiguity tolerance, composure, empathy, energy, humility, and confidence.

On that note, the international accounting and finance firm Deloitte has published a poetic and artistic description of the CFO’s twelve elements, which encapsulates the expansive requirements and responsibilities of the CFO’s job:

“As CFOs grow in stature and importance, they keep coming back to the same issues that form their agenda. The elements of the CFO Agenda represent a powerful framework for one of the toughest jobs on earth. Year after year, quarter after quarter, they endure.”

Here are the twelve elements and my summation of the messages:

  • Truth – Be real. Know the true story and tell it.
  • Growth – Plant and water. Make choices and commitments to move plans forward.
  • Relationships – Work together. Manage relationships up and down, inside and out.
  • Decisions – Root your insights in numbers. Don’t manage solely based on your gut.
  • Capital – Manage business investments. Determine timing, amounts, and allocations.
  • Disruption – Be discerning as technologies, industries, and markets constantly change.
  • Crisis – Manage risks. Be ready to respond to various sorts of threats.
  • Infrastructure – Be an enabler. Invest in tech, talent, systems, and solutions.
  • Transactions – Research deals with the right criteria, calmly, thoroughly, and rationally.
  • Transitions – Change is constant. Build your skills and reputation in the midst of it.
  • The Street – Have give and take on forecasts. Be vigilant to represent the company well.
  • Me – Provide solutions. Navigate through complexity to make things happen.

Don’t take my word for it. Take a look at the presentation for yourself. Reflect on the messages. Do you agree or disagree with each of the elements and how they’re presented? How can you apply these insights in your work as you develop your career?

Know Your Enemy: Think Like Fraudsters to Beat Them

The famous ancient military leader and war theorist Sun Tzu is noted for his clear dictum:

“Know your enemy.”

Although the concept can make many people uncomfortable, finance professionals understand that combating devious financial schemes requires not only an understanding of system vulnerabilities. A battler against fraud has to learn how to think like a fraudster:

“If I wanted to steal from this company or misstate financial results, where would I look for weaknesses that would enable my scheme to succeed undetected.”

Of course, beyond concocting potential fraud schemes as a mental exercise, the careful and diligent finance professional is quick to pursue the ultimate aim of this process: Devise countermeasures to combat vulnerabilities.

The consulting firm WorldCompliance published a white paper entitled, Fraud and Money Laundering: Can You Think Like a Bad Guy? by Dennis M. Lormel.

Expanding upon the fraud triangle concept, Lormel lists five elements that characterize frauds:

A potential fraudster who 1) lacks integrity, 2) sees an opportunity due to a poor control structure, 3) has a motive such as greed or a pressure such as a financial hardship, 4) rationalizes the scheme (perhaps by reasoning that he feels underpaid and overworked), and 5) possesses the capability due to positioning and skills; will no doubt execute the fraud.

Certainly, as previously discussed, effective internal controls can mitigate the opportunity for fraud. However, sometimes it is possible for fraudsters to circumvent controls or to collude with partners in their schemes.

Lormel notes: “The elements of fraud include a representation about a material fact; which is false; and made intentionally, knowingly, or recklessly; which is believed; and acted upon by the victim; to the victim’s detriment. The ability to be deceptive and avoid detection is one of the fraudster’s primary keys to success.”

Bad guys are proactive about manipulating the system, even as those who combat them are often reactive. Among other factors, fraudsters look for environments with unethical culture due to poor tone at the top. Fraudsters understand the importance of laundering funds through financial institutions and maintaining a reasonable appearance and a story of legitimacy.

Lormel points out: “Over time, spin and deception get much more difficult to disguise. The veneer of reasonableness tends to fade. A good fraudster usually watches intently for signs that their scheme is unraveling. At that point, they will implement their exit strategy. However, often times, fraudsters are blinded by their own greed and arrogance. They either miss or disregard the warning signs of detection. Instead of following an exit strategy, they find themselves in jail.”

A finance professional, whether an auditor, controller, CFO, banker, investment manager, or someone else entrusted with fiduciary responsibility; has to think several steps ahead of the fraudsters. Know what warning signs to look for, ask questions, don’t believe everything you hear, and be ready to act quickly when something doesn’t look right.

Lormel concludes: “There are two prominent end games. One has a private sector focus, the other, a public sector focus. On the private sector side, the end game is to prevent or minimize monetary losses and reputational risk. On the public sector side, it is to seek prosecution, recover illicit proceeds and assets through forfeiture, and/or bring enforcement actions. Both end games could carry significant consequences. In either event, understanding how the bad guys think and taking preemptive steps to stop them makes the end game easier to handle.”

Know your enemy. Combat a fraudster by knowing how a fraudster thinks and operates. This is especially important with regard to IT-related frauds due to the importance and sensitive nature of electronic records and system access points.

Manage Risks with Preventive, Detective, and Corrective Controls

Is it better to sell a prevention or a cure? From a marketing standpoint, there is likely more money to be made selling cures. People would rather not attend to the many risks in their lives that may not materialize — after all, where does one begin? — but once a contingency does manifest itself, the same people are willing to pay great sums for cures.

The world of a finance professional is different. Some of our core functions include thinking, planning, and communicating about risk. We do not have the luxury of taking a “wait and see” approach toward managing risk. We have to be proactive about foreseeing risks and planning accordingly. We think in terms of broad categories, such as regulatory and legal compliance risks, IT-related risks, political risks, market risks, credit risks, and more.

Finance professionals measure the extent of our organizations’ exposure to risks and help guide senior management in assessing the best way to effectively expose our organizations to risk and at the same time manage risks. After all, if an organization is not taking risks, it might as well shut down because it cannot grow or produce a return on investment.

Part of an auditor’s evaluation of an organization is in terms of internal controls, how they are documented, how they are communicated, how employees are trained in them, and so forth. Controls are designed to prevent fraud and material misstatements of financial results, as well as to ensure effectiveness in carrying out management’s objectives.

Here are three types of controls to consider in your organization:

  1. Preventive — Some of the best controls prevent fraud, theft, misstatements, or ineffective organizational functioning. For example, we saw in a previous post the effectiveness of segregation of duties to prevent fraud. Preventive controls can be as simple as locks and access codes to sensitive areas of a building or passwords for confidential information.
  2. Detective — A security camera is a good example of a detective control. A store manager who notices a pattern of a cash drawer coming up short when attended by a particular clerk can easily look at video of the clerk’s actions throughout the day to detect potential theft. An access log and an alert system can quickly detect and notify management of attempts by employees or outsiders to access unauthorized information or parts of a building.
  3. Corrective — Coupled with preventive and detective controls, corrective controls help mitigate damage once a risk has materialized. An organization can document its policies and procedures, enforcing them by means of warnings and employee termination when appropriate. When managers wisely back up data they can restore a functioning system in the event of a crash. If a disaster strikes, business recovery can take place when an effective continuity and disaster management plan is in place and followed.

Think in terms of preventing, detecting, and correcting risks of fraud, theft, ineffectiveness, and breakdown. The world is full of risks, and problems tend to strike suddenly and unexpectedly. Cures are great, but if you rely on finding a solution once a risk has already materialized, you might find that your lack of planning has made the risk unmanageable.