Archive for January, 2010
Noticed in Years
Posted by mbechara in Uncategorized on January 29, 2010
This week we have a guest column by Dan Helming.
Noticed in Years
by Dan Helming
I noticed in the years that I’ve been an adult, that there are some things that I have learned to do, just from the interests I have from being a guy and have learned over time.
Like spot-touching up a car. I don’t know much about cars, but I like my car to look reasonable, and I like to do things on summer evenings etc. that get you outside with a beer and the radio.
I leave my car’s finish “open for business” in the late summer months. In prepping for touchup or buffing out a scratch, you need to remove the wax or poly first with denatured alcohol. So rather than strip a patch and put wax back on each time, I strip the car around Labor Day, and then keep it stripped until I’ve gone as far as the sunlight, the temperature, and my time goes into the fall. I can layer some touchup paint over a couple of days, I can buff out a scratch, I can go back over the work that is not quite complete, etc. Then ready or not, when the temperature is never above 50F, it’s time to do my wax or poly and put the finish away until the spring. It’s a necessity to stop because the paint will not thin out properly or cure when it’s cold. You want to paint at about 60F. or above, wax when the temp is about 45F. or above.
Almost time to put the finish away but nice to have a 70F. Sunday again.
Anyway, I was thinking about the same things that I have gotten a similar feeling for in business. One is my feeling for jobs in the financial services industry, which I serve as well as other NY-area industries. My wife does placement in the industry, and in my experience, when the recession has bottomed out… is when they have their last layoffs. They clean up their balance sheets, put the costs of the last layoffs into the non-operations line, and have too much work for their people until they report the first good earnings and are ready to pick the hiring back up.
Another thing I’ve gotten a feel for is internal controls and the potential for fraud in the workplace. I see the COSO framework, and I see the Internal Control Questionnaires that are supposed to pinpoint where internal controls are lacking. And I see them applied in the workplace. But I don’t buy in to the idea that “anyone” can use these questionnaires, as a part of software or otherwise, and get the emphasis right.
For one, I see an equal treatment of all functions, Accounts Payable, Inventory, Accounts Receivable, Treasury, etc. and there are a lot of boilerplate questions across the functions, i.e. where do entries originate, how are they recorded, how are they authorized, etc.
With my experience as a controller, consultant, writer, and educator, I see things differently.
I see Purchasing as being low on the totem pole in fraud, for example, but I still want to hone in on the personal computer purchasing, approval, inventory, and retirement processes, both for information security and for improper appropriation purposes. I also want to have an understanding of any blanket orders and offsite storage of items like stationery. I want to see that usage and inventory levels make sense in real-time, that the number of sheets of paper etc. make sense and we aren’t just pumping our cash into fraudulent, non-delivered inventory.
I‘ll hold the detail on the others, but one area where I really want to focus is on the movement of cash through wire transfers. No matter what firm I go to and what procedures I have, they break down on wire transfers. The reasons they give for the controls breaking down: 1) The wires are urgent, that is why they are being done by wire. 2) The procedures are stripped down so that in an emergency (why a wire is usually required) a wire can get out the door. 3) the bank requires fewer controls for a wire. 4) the process is mostly administrative and administrators need to do most of the procedure; the higher-level people don’t know the process.
Fine, but all of these reasons weaken the controls and cause it to be an area where people can make mistakes or take advantage. And especially now, banks don’t focus on your internal controls or even very heavily on authorization signatures. If they have a reasonable idea that your company is in favor of the transaction, they will let it go.
Someone has got to tell me how the knowledge of vulnerabilities and experts’ experience with fraud can be compressed into a questionnaire or computer program. I think these are great tools. However, have you ever heard this expression, I think is funny but true: “a fool with a tool is still a fool with a tool”.
And I count my time spent with getting certification in internal audit in as being one of the more valuable experiences of the last 5 years. Some of the stuff is obscure. Now I doubt that many of you will have to worry about the ethics of an internal audit dispute, and whether you would mediate, or go to the board, CEO, or audit partner first to disclose the dispute. When you get certified, you will know, and it will make sense from the perspective of the thousands of years of experience of thousands of worldwide audit professionals who helped codify the ethics.
But I’ve worked with leadership in some of my own working situations who weren’t certified, and: I don’t think it was accidental that they didn’t think it was important whether firms had more preventive or detective controls, even though Sarbanes-Oxley spells it out in Statement #2. Which would you think? [Statement #2 calls for a balance of preventive and detective, and too much of either is a weakness]. I think that certified internal auditors pay a little more attention to others prior experiences, rules and codifications. What is the saying? Smart people learn form the mistakes of others, mediocre people from their own mistakes, and dumb people don’t learn.
Have a good week,
Dan Helming
Knowing It All Means Not Knowing Much
Posted by mbechara in Uncategorized on January 21, 2010
A fool has many answers but a wise man has only questions. – Unknown
As I walked into the house a few days ago, dinner was on the stove, the kids were racing down the stairs to take their places at the table and my wife was moving around the kitchen at the speed of light.
As we sat down to eat and the plates began to fill with food, the question hit me out of nowhere.
“Dad, what’s a psychotropic hallucinogen?, asked my young son.
The clatter of plates and background noise quickly stopped. After a few seconds of awkward silence I answered him.
“It’s a kind of drug that affects your brain and makes you see things that aren’t real,“ I answered.
“Where did you hear about this son?”, I asked him.
Shaking his head at the ignorance of my question he quickly reproached me by saying, “Dad! Don’t you remember when the Scarecrow shot Batman in the face with a yellow gas?…Well, Batman told Alfred it was a psychotropic hallucinogen!”
“Oh”, I lamely replied.
His desire for knowledge not yet satiated, he continued his questions:
“How does it make you see things that aren’t real?”
“By altering the composition of the chemicals in your brain”
“How does it alter the composition of the chemicals in the brain?”
“By changing their molecular structure”
How does it change their molecular structure?”
“Go ask your Grandfather! (Conveniently a chemist)
Not only do children want all the answers to everything but they want easy answers as well. It is only through the maturation process that we as adults realize that sometimes there are no answers to some problems, much less easy answers.
I have often thought to myself how little we as humans know. The more one reads, the more one learns and most importantly, the more one watches what goes on around him, the more he realizes how limited our knowledge is.
To younger people this seems counterintuitive, as they expect a linear progression of knowledge and learning.
The more one knows then the less he does not know. Right?
Wrong. As we expand our knowledge we understand more for sure, but we also begin to ask more questions and this in turn expands one’s sense of what they don’t know.
Metaphorically, as we gain knowledge our slice of the pie gets bigger (what we know), at the same time the size of the entire pie gets bigger as well tempering our knowledge gains.
I for one have a visceral mistrust of those who claim to know it all or those that have very easy answers to complex problems.
The software business is famous for this. How many times have you been approached by a software salesperson who claims that they have the “killer app?” They tell beautiful stories of how their software application will, at the press of a button, tell you nearly everything.
From how much your product costs to make, to consolidating financial statements without human intervention to who took a two hour lunch on Friday, there is seemingly no end to the things that will happen “automatically.”
In our own business, governance, risk and control (GRC) software has been floated around as the solution to identify all risks, make sure no one does anything stupid and allow management to know everything all the time.
Sure..sure…
We know a little bit about risk assessment and we know that no software can independently identify risks. The process of identifying and quantifying risks is a non linear process and far too nuanced for traditional software to handle.
Tools are needed for risk assessment for sure, but these tools need to be ones that enhance our human judgment rather than replace it. To find out more about our Neural Network based risk assessment process contact us here.
But back to our quest for knowledge…
I suppose in the end that this is what life is about. We are engaged in a constant learning process, we find answers to some questions and these answers breed yet more questions. The extinguishment of our collective intellectual curiosity would probably result in the stasis of our technological advancement.
The most learned people realize the limitations of what they know and are constantly questioning their assumptions about what they think they know and striving to ask questions that have not been asked before.
Later that evening, after the kids were in bed, my wife and I sat down to relax. She offered me some kind of herbal tea and I accepted.
As we drank the tea I began to share some of the thoughts mentioned above with her. About half way through the conversation, I looked into the kitchen from the room where we were sitting and saw something on the counter.
“Wait a minute is that a new coffee maker?”, I asked. “We don’t need a new coffee maker.”
“No its not”, my wife replied calmly.
“What do you mean it’s not, I’m looking right at it”, I asserted.
“It’s not a new coffee maker”, she repeated.
Confused as to what she was talking about I decided to take a few seconds to gather my thoughts. To fill in the silence I asked, “What kind of tea is this anyway.”
Her full smile beamed at me as she happily replied, “It’s a psychotropic hallucinogen!”
Have a great week,
Michael Bechara, CPA
Managing Director
Granite Consulting Group Inc.
The War Against Professional Judgment
Posted by mbechara in Uncategorized on January 13, 2010
The news just gets more jaw dropping by the week. So let me get this straight. A guy walks up to a ticket counter with no passport, buys a one way ticket for about $3,000, pays cash and has no baggage. Oh yea, and his dad reports him to the US Embassy as a security threat a few days prior.
The result?
He is allowed to fly to the United States and attempts to set off a bomb on approach to the Detroit airport.
The response?
Put in place enormously expensive scanning equipment that generates naked pictures of passengers. See this:
New Airport X-Ray Too Revealing?
We have here another story of extremes. We have taken two very good things: technology and solid work procedures, and cleansed them of an essential element, namely professional judgment.
In so many professions: accounting, medicine and of course security, we see a disturbing predisposition towards trusting technology and procedures (bureaucracy) over the judgment of a well informed human being.
To illustrate our point let’s stick with this example of airport security for a moment.
Having been a frequent international traveler, I am very aware of the differing approaches to airline security. The primary method in most of the world is human interaction with the passenger.
That’s right, to board the plane you have to talk to airline security personnel.
“Where are you going? Business or pleasure? Oh you’re an American, what’s your favorite baseball team?”
These are all questions that have been asked at one point or another. The questions are designed to get the passenger talking. Security personnel are looking for blank stares, stuttering, uncomfortable body language, etc. as indicators that something is amiss.
Indeed over time security personnel learn to recognize patterns of speech and behavior that are indicative that the passenger is not bona fide. To quote the author Charles Hugh Smith:
“The human mind seeks patterns and trends as a key survival strategy: if we can anticipate a problem before it overwhelms us, or discern a pattern or cycle in the world around us, we can make a timely and very beneficial corrective adaptation.”
Contrast this method with ours (and others) technology and procedure focused approach to airline security.
Security personnel have minimal verbal interaction with passengers and are very focused on staring at screens and operating machinery. When a person or a piece of luggage fails an initial screening then the security person follows a rote set of procedures to check the person or carry-on luggage. Rarely is the passenger engaged in any questioning.
Businesses are no exception to this predisposition. Policies and procedures have reached epic proportions and there seems to be a slavish devotion towards software packages.
My friends, technology and procedures are the handmaidens to human decision making and not their master. If we strip the human element out of the decision making process our systems become hopelessly ineffective.
The best functioning systems are those that marry people, processes and technology. Competent management must then manage this symphony in the right proportions to ensure that all the pieces are in place and are functioning effectively.
Now that we have described the symptoms can we identify the disease?
This is the hard part.
Maybe it’s because we have taken technology and elevated it to a religion like status. Perhaps we are soothed by the false security of having machines do the thinking for us because “machines don’t make mistakes.”
Alternatively maybe we live in collective fear of our own legal system. If we make a judgment, someone might disagree with our decision and serve us with a lawsuit. Procedures are seen as a way to tell the legal system, “Hey I just did what I was told.”
Sadly maybe some believe that well educated and trained humans are simply too expensive to maintain and do not provide sufficient benefit.
I would posit that these are gigantically flawed views.
Returning to the subject of airport security, there is an example of an airline security system that relies more on humans than technology and that rewards professional judgment more than following procedure.
See this:
How the Israeli’s do Airline Security
This article is an interview with Isaac Yeffet, the former head of security for the airline El Al and now an aviation security consultant in New York. Here are some of the more interesting things he had to say:
“We must look at the qualifications of the candidate for security jobs. He must be educated. He must speak two languages. He must be trained for a long time, in classrooms. He must receive on-the-job training with a supervisor for weeks to make sure that the guy understands how to approach a passenger, how to convince him to cooperate with him, because the passenger is taking the flight and we are on the ground.”
“If there was any failure, the security people immediately were fired, and we called in all the security people to tell people why they failed, what happened step by step. I wanted everyone to learn from any failure. And if they were very successful, I wanted everyone to know why.”
“When you come to the check-in, normally you wait on line. While you wait on line, I want you to be with your luggage. You have to meet with me, the security guy. We tell you who we are. We ask for your passport, we ask for your ticket. We check your passport. We want to find which countries you visited. We start to ask questions, and based on your answers and the way you behave, we come to a conclusion about whether you are bona fide or not. That’s what should happen.”
El Al has not had an airline tragedy in the past 40 years.
Anyway I’m sure the billions we are spending on technology and new security procedures are just as good as the judgment of well trained and well educated security personnel.
I still can’t help wondering; however, what would have happened if someone had asked the hapless terrorist mentioned above, “Dude, where’s your passport?”
Have a great week,
Michael Bechara, CPA
Managing Director
Granite Consulting Group Inc.
Get Your Ticket Punched
Posted by mbechara in Uncategorized on January 7, 2010
Long ago, I considered joining the Coast Guard. As a young guy, the thought of being out on the water chasing drug smugglers and rescuing people quite appealed to me.
And why not; serving one’s country is honorable and a true expression of public service. As I talked to the recruiters and they gave me their various pitches, I began to inquire how the promotion system in the Coast Guard works. I received many smooth sounding but nonsensical answers about training, length of service, etc.
To me, these responses did not answer why some people were promoted faster than others. Finally one of the recruiters dropped the façade and gave it to me straight. “Look kid, to get promoted you have to get your “ticket punched.” he confided.
This honest man went on to explain what he meant. In order to be promoted into the upper ranks you need to have held certain jobs along the way. I can’t remember exactly what those jobs were, but the point was that to be in high command you needed to have served in several key jobs and gained some key experiences.
Those making promotion decisions would look at your record to identify if you have held the appropriate jobs before promotion to the next rank, hence the term “getting your ticket punched.”
This system actually makes a lot of sense to me as it ensures the leaders have first hand experience in many of the areas they will be commanding. This first hand experience fosters mentoring, understanding and compassion toward those under their command.
I often think how far the business world has gotten away from such a basic and common sense approach.
Currently there a strong movement away from viewing experience as the primary criteria for evaluation. The substitutes for experience are “credentials” or “certificates.”
There are two manifestations of this concept. The first is the hiring process for many jobs. Experience, technical skills and character are no longer the primary qualifications for job seekers. Ignoring the platitudes from HR and recruiters, the focus in hiring has shifted towards credentials. Are you a CPA? Did you work at a big accounting firm? Do you have an MBA?
Sure the job descriptions are full of stuff about experience and character but the dead giveaways are the disqualifying statements such as “CPA required.”
The hiring process seems to have devolved from a rigorous examination of one’s experiences to a “check the box” exercise by management.
Unfortunately “checking the box” rarely ensures that the person you are hiring has the skills you need to fulfill the company’s requirements. For example, I myself am a CPA, and am acutely aware of the large spread of skills amongst those carrying this designation.
The second manifestation of the preference of credentials over experience is in our own area of consulting. It’s comical to see people in this business with nearly 20 letters behind their name. I literally have seen the following (name anonymous of course):
John Doe, CPA, MBA, CFE, CISA, CIA, CCSA
To quickly handle the obvious rebuttal, yes most of these certifications have experience requirements attached to them, but let’s face it they are minimal. In addition, one wonders how the “expert” consultant manages to gain any real in depth experience while pursuing all those credentials.
As usual we left the most egregious example for last. Crystallizing the concept of “preference for credentials over real experience” we see people fresh out of business school being employed as “consultants.” These consultants are typically employed by very high end (and high priced) firms and they often sit across the table from battle scarred, grey haired managers lecturing them about “how you need to run your business.”
If you stop right here you can see how inherently illogical this is. Someone with little or no experience is employed as an “advisor” to people with years of experience?
Other consulting companies..cough…Granite Consulting…..cough…have been successful in advising their clients using consultants with decades of experience.
Certifications and credentials are fine as a starting point. The problem arises when they become a substitute for real experience or a disqualifier for those with deep experience and knowledge.
I will never forget years ago, I was working for the finance arm of an automobile manufacturer. There was a branch manager in Canada who had been in the business for approximately 30 years and had run his branch effectively and profitably. An edict had come down from the mountaintop that all branch managers must have a minimum of a Bachelors’ degree.
Alas our poor friend in Canada did not have his Bachelors degree so, you guessed it, he was forced to obtain one or…..
It was a scene from the twilight zone. I’ll never forget leaving the office one night after hours and seeing him studying in his office. Popping my head in his office, I asked what he was doing. When he told me I felt terrible, so I naively tried to make him feel better by telling him how much I admired his decades of experience.
Our Canadian friend looked up at the 24 year old Staff Internal Auditor with a Bachelors degree. With a disgusted look he grunted, “I’ll trade ya.”
Until next week,
Michael Bechara, CP..oh forget it
Managing Director
Granite Consulting Group Inc.
-
You are currently browsing the archives for January, 2010
Loading...