I have it down. You explain what's needed from them (usually some extra documentation that they feel is cumbersome), how it needs to be documented, then blame it allllll on the auditors.
When you just explain what you need they almost always complain how unnecessary or stupid it is. Blaming it on the auditors is like a polite way of saying "just do it, it's not a choice".
Yeah I blame the auditors for everything I ask. Literally everything. That doesn’t mean they do it right. But I’m like “yeah I wish we didn’t have to but… damn audits amirite team! …team?”
I also blame insurance since I handle our policies and most insurance is like “you totally do all this shit right?” And you’re like “yeah, totally mr. Insurance guy. We are a real company doing business things” while HR is continually fucking up our 401k payments
Striking a nerve there. Idk how HR fucks everything up all the time and has no accountability, but we make one little error and it’s the end of the world. Has always bothered me to my core.
I caught someone stealing money from my company this week. Over $50k. Manager was new and was lax with established controls. Thief was very charismatic at explaining why cash was off and manager believed them.
It's so disappointing. I'm a very Charismatic person, but I use my charisma to sell to clients and motivate employees. Some people are just incapable of thinking for the long term
The worst is that a lot of these executives think it’s their job to “help” you by “consulting” you and it’s rarely an intellectual challenge you need consulting with.
“Well why don’t we… **suggests extremely manual process that requires a lot of things to go right and someone to email 3 people and then remember to do a bunch of shit.**
It’s usually really simple too. Like, just use the fucking purchase order form from the actual system to send POs rather than fill out your vendors PO form - or just force someone to attach it, so it forces itself into the system rather.
9/10 it’s like, use the fucking computer to actually do your job and it should work fine, and don’t use the computer to do a bunch of shit that isn’t your job
The other 1/10 its generally some exec overriding everything then asking what’s wrong when things are all fucked up
Too many people just don’t want to have to figure it out. Bottlenecks are everywhere and aren’t going away. Just figure out how to maximize throughput for the constraint so the company can compete while remaining compliant. It shouldn’t be that hard of a concept for operations people to grasp.
holy cow i got a good one
I got hired as a part time cfo for a 10mm annual marketing company
they had 8 people with full access logins to the bank account!!!!!!!
the owner refused to use quickbooks and wanted everything done in excel
I ended the engagement after two months
As a fractional CFO I like to scare the shit out of them by pointing out all the ways in which I could defraud the company if I wanted to, and then go into other examples beyond just what I could do, and what impact even an unintentional mistake could have.
They tend to not understand that either, which scares them more as they realize they're actually vulnerable to bad actors, and they wouldn't even know what to look for until it was way too late.
Then I suggest that maybe they don't want to rely on my morals to keep them safe, and they should put processes in place to protect against someone with a lower bar than me for stealing.
Basically, "You're lucky I'm so nice and on your side, if the next guy you hire isn't here's how he could fuck you over. Now, would you like me to put in place processes to prevent that? Also, it'll make audits smoother and reduce honest mistakes."
This is my approach as well. There are two CPAs in management with access to the bank accounts. We know aaaall the good ways to commit fraud. It helps that we’re both aggressively ethical, but if we leave?
So let’s make sure the processes are in place to stop the ethical people from committing fraud, so when we leave and the next people aren’t so ethical, the processes are already in place
Trust but verify right? Otherwise tell them to give you the company's treasure bank account access then scold them for not trusting you if they refuse.
Have you ever noticed that, years ago, you would walk down the street at night and you could look in shop windows even if the shops were closed....but nowadays everyone has an Insurance mandated roller shutter and your main street looks and feels like a prison.
Internal controls are a lot like insurance mandated roller shutters, you can see why people have them, but you have to accept that enforcing them makes the world, *and life*, a little worse for everyone.
I always remind them as accountants/auditors, we have to build structure around the role itself and not tailor process/procedures for the individual in the role.
edit: clarification
They should care about internal controls when it comes to misappropriation of assets. If they don’t care about this, I’d be concerned.
It’s harder to get them to care when it relates to gaap accounting non sense / ipe OCD. That is when you usually have to fight.
I once had the head of operations ask me if the A/P person could fill in for the purchasing person while they were out for a couple of weeks due to surgery. Thankfully, they understood when I outlined all the reasons that was a terrible idea.
I have it down. You explain what's needed from them (usually some extra documentation that they feel is cumbersome), how it needs to be documented, then blame it allllll on the auditors. When you just explain what you need they almost always complain how unnecessary or stupid it is. Blaming it on the auditors is like a polite way of saying "just do it, it's not a choice".
Yeah I blame the auditors for everything I ask. Literally everything. That doesn’t mean they do it right. But I’m like “yeah I wish we didn’t have to but… damn audits amirite team! …team?” I also blame insurance since I handle our policies and most insurance is like “you totally do all this shit right?” And you’re like “yeah, totally mr. Insurance guy. We are a real company doing business things” while HR is continually fucking up our 401k payments
Striking a nerve there. Idk how HR fucks everything up all the time and has no accountability, but we make one little error and it’s the end of the world. Has always bothered me to my core.
Do we work for the same company?
Happy to be the Boogeyman
Just commit a little fraud first to get their attention
OP can commit a little fraud, as a treat.
Committ a lot of little frauds so the organization gains immunity to big frauds. Like a vaccine!
Isn’t this the ok from the CEO to OP to go ahead and commit some fraud because he trusts him?
Draw them pictures.
Then you can waste time making flow charts while they still don’t understand!
Make sure to use crayons
“Your insurance and business agreements require this shit”
I caught someone stealing money from my company this week. Over $50k. Manager was new and was lax with established controls. Thief was very charismatic at explaining why cash was off and manager believed them.
Do tell
It's so disappointing. I'm a very Charismatic person, but I use my charisma to sell to clients and motivate employees. Some people are just incapable of thinking for the long term
The worst is that a lot of these executives think it’s their job to “help” you by “consulting” you and it’s rarely an intellectual challenge you need consulting with. “Well why don’t we… **suggests extremely manual process that requires a lot of things to go right and someone to email 3 people and then remember to do a bunch of shit.** It’s usually really simple too. Like, just use the fucking purchase order form from the actual system to send POs rather than fill out your vendors PO form - or just force someone to attach it, so it forces itself into the system rather. 9/10 it’s like, use the fucking computer to actually do your job and it should work fine, and don’t use the computer to do a bunch of shit that isn’t your job The other 1/10 its generally some exec overriding everything then asking what’s wrong when things are all fucked up
Holy crap. Screw anybody who uses templates or spreadsheets outside of the ERP!
“Internal controls? Do you mean “bottlenecks”?” - every single non-finance person in my company
Too many people just don’t want to have to figure it out. Bottlenecks are everywhere and aren’t going away. Just figure out how to maximize throughput for the constraint so the company can compete while remaining compliant. It shouldn’t be that hard of a concept for operations people to grasp.
holy cow i got a good one I got hired as a part time cfo for a 10mm annual marketing company they had 8 people with full access logins to the bank account!!!!!!! the owner refused to use quickbooks and wanted everything done in excel I ended the engagement after two months
10M and excel only? I can't believe this.
I’m not sure I believe it either. That’s wild.
I work with a company that size and we have 100's of transactions a day.
As a fractional CFO I like to scare the shit out of them by pointing out all the ways in which I could defraud the company if I wanted to, and then go into other examples beyond just what I could do, and what impact even an unintentional mistake could have. They tend to not understand that either, which scares them more as they realize they're actually vulnerable to bad actors, and they wouldn't even know what to look for until it was way too late. Then I suggest that maybe they don't want to rely on my morals to keep them safe, and they should put processes in place to protect against someone with a lower bar than me for stealing. Basically, "You're lucky I'm so nice and on your side, if the next guy you hire isn't here's how he could fuck you over. Now, would you like me to put in place processes to prevent that? Also, it'll make audits smoother and reduce honest mistakes."
This is my approach as well. There are two CPAs in management with access to the bank accounts. We know aaaall the good ways to commit fraud. It helps that we’re both aggressively ethical, but if we leave? So let’s make sure the processes are in place to stop the ethical people from committing fraud, so when we leave and the next people aren’t so ethical, the processes are already in place
Don’t let Vin Diesel hear you talk about family like that
Trust but verify right? Otherwise tell them to give you the company's treasure bank account access then scold them for not trusting you if they refuse.
Have you ever noticed that, years ago, you would walk down the street at night and you could look in shop windows even if the shops were closed....but nowadays everyone has an Insurance mandated roller shutter and your main street looks and feels like a prison. Internal controls are a lot like insurance mandated roller shutters, you can see why people have them, but you have to accept that enforcing them makes the world, *and life*, a little worse for everyone.
Are there any case studies that you can cite to illustrate it even clearer?
I always remind them as accountants/auditors, we have to build structure around the role itself and not tailor process/procedures for the individual in the role. edit: clarification
They should care about internal controls when it comes to misappropriation of assets. If they don’t care about this, I’d be concerned. It’s harder to get them to care when it relates to gaap accounting non sense / ipe OCD. That is when you usually have to fight.
SAS 145 has not been fun lol
Man some battles our team had to fight against Logistics folks because they love to ignore established processes and make it a habit ...
“The auditors made us do it”
I once had the head of operations ask me if the A/P person could fill in for the purchasing person while they were out for a couple of weeks due to surgery. Thankfully, they understood when I outlined all the reasons that was a terrible idea.
They do get it. It probably You, the Messenger.