In Your Face

In Your Face
Thought provoking opinions on topical issues.

Tuesday, April 27, 2004

The Penny Has Finally Dropped

I see that there was a “dust up” this weekend, at the G7 talks, between the President of the European Central Bank (ECB) and the finance ministers of France and Germany.

The leaks from this meeting suggest that the finance ministers are more than a tad “peeved” at the ECB’s refusal to cut rates.

The finance ministers know that they are unable to kick start their sluggish recession bound economies, as long as Europe’s interest rates remain at the current levels.

Jean-Claude Trichet (President of the ECB) knows that as long as it is the ECB’s mission to take a European wide view with regard to inflation, he cannot reduce interest rates at the behest of France and Germany.

Gordon Brown (the UK’s Chancellor of the Exchequer) can look on with a smile of smug self-satisfaction. The UK remains outside of the Euro, and therefore outside of the remit of the ECB.

I have noted before that the European Union cannot succeed in micro managing the economies of its member states (see The Impact of The Euro); as long as there is a single currency managed by a central bank. In my view the EU, in its present form, is destined to fail.

It seems that the finance ministers of France and Germany have only just realised this. The “penny has finally dropped”.

Thursday, April 22, 2004

Preventing Cheque Fraud, It’s Not Rocket Science!

This week in the UK, Joyce De-Laurey was found guilty of stealing £4.4M from Goldman Sachs.

It transpires that the former secretary accumulated her “nest egg”, over a period of 14 months, by forging the signatures of two senior members of Sachs on cheques and wire transfers.

The money was used to finance a lavish lifestyle enabling her to purchase, amongst others, a villa in Cyprus for £750K, £56K of Cartier “goodies” and £20K of items from Harrods.

I have had many years international experience running internal audit departments, and investigating frauds (see resume); and am constantly surprised as to how lax some companies’ cheque authorisation procedures are.

It seems an opportune moment to remind those in business of some of the basic controls that should be in place, in order to minimise the risk of fraudulent payments (note this list is not exhaustive):

  • There should be a hierarchy of cheque signatories. The larger the amount, the more senior the level required to sign.


  • Cheques over a certain predetermined limit should have at least two signatures.


  • Cheques should never be drawn without a cheque requisition being signed by a responsible official, who does not sign the cheque.


  • Cheque requisitions should be supported by documentary evidence, eg invoice/purchase order.


  • Transaction summaries of cheque payments should be routinely reviewed by internal audit.


  • Transactions over and above a predefined norm should be checked by internal audit.


  • An up to date cheque signatory list should be maintained, showing limit/authorities etc.


  • The bank should be encouraged to proactively query suspicious transactions.


  • Bank reconciliations should be performed regularly, and be up to date.


  • All directors’/senior managers’ personal accounts should be thoroughly reviewed by internal audit on a regular basis.


  • Finally, and this really ought to have rung alarm bells at Goldman Sachs, where an employee starts to display ostentatious signs of new found wealth; identify the source of this wealth.


As you can see, the above points are not rocket science. However, I would bet good money that many companies, not just the hapless Goldman Sachs, may not have all of these procedures in place.

Wednesday, April 21, 2004

What Use Are the Olympics?

The Olympics are soon to be foisted upon us again. I confess that I have little interest in sport, and find the “over the top” enthusiasm and saturation coverage by the media of this four yearly event to be tedious in the extreme.

This time it is the turn of the “lucky” Greeks to host this sporting extravaganza.

The modern Olympics, a far cry from the games envisaged by the ancient Greeks, are in my view a complete waste of time and money:

  • The hapless cities that host them are turned into a traffic congested hell on earth.


  • A media circus descends on the city and occupies every hotel, bar and restaurant; displacing the local citizens.


  • Despite the hype and media splurge, those that host the event rarely see a profit.


  • The security risks these days far outweigh the benefits; viz the pipe bombing in Atlanta in 1996, and the terrorist atrocity in Munich in 1972. Goodness only knows what is being planned by the fanatics and scum for the 2004 games.


  • The athletes themselves, instead of being fine examples of the human body in its natural form, are in fact pumped up products of illegal steroids and substances. So much for promoting health, fitness and vitality!


  • Some athletes so grotesquely abuse substances and their bodies, in order to make their mark on the Olympics; that even their gender is called into question.


  • The games, originally designed to promote friendly competition between rival nations, are used as a massive propaganda tool by the host countries to promote their own vision of society. Witness the Munich Olympics of 1936, or the tit for tat boycotting of the Olympics by the USA and USSR in the 1980’s.


I for one will be doing everything possible to avoid reading about them, or watching them, when they start later this year.

They are, in my opinion, of little value or purpose.

Thursday, April 15, 2004

You Get What You Ask For

I note that my previous article, "The Merging of the Customs and Inland Revenue", seems to have been rather prophetic; with regard to the inability of politicians to manage IT projects.

An article in Wednesday's Times notes that owing to the slipshod vetting of tenders; the UK tax payer has been landed with a cost over run of £150M, relating to a contract with an IT agency that vets people working with children and the vulnerable.

It seems that the number of people using this service was massively underestimated. A classic mistake often made when defining the usage requirements of new IT systems.

The politicians thought that they were being clever in contracting with the company that offered the lowest bid.

However, that bid was based on low usage figures which were in fact wrong. The actual figures, which were much higher, have resulted in a significantly higher variable running cost.

Be careful when vetting tenders, you get what you ask for!

Tuesday, April 06, 2004

The Merging of the Customs and Inland Revenue

Gordon Brown, in his recent UK budget, announced that the offices of Customs and Excise and the Inland Revenue would be merged. The timescale for this is estimated, by KPMG tax chief Laughlin Hickey, to be around five years.

The disruption and chaos to the UK tax and VAT systems, that it will undoubtedly cause, is beyond measure. Needless to say, the overburdened tax payers will bear the brunt of the chaos.

One area that will undoubtedly cause the most difficulty will be the merging of the departments’ computer systems. As anyone who has managed an IT changeover knows, the process of upgrading or changing an IT system needs to be carefully planned controlled and monitored.

Many private sector firms find IT system changes to be unexpectedly costly, both in terms of time overruns and money expended trying to fix “bugs” etc; which were not expected at the planning stage. The history of public sector IT changes is littered with even more expensive failures, the IT upgrade of the air traffic control system is one such example of poor planning and control.

This seems an apposite time to remind IT managers (and the Treasury) of the basics of planning, and managing, a successful IT change.

Here is a very generic checklist, which can be used when reviewing the merits/demerits of a new IT system. Note, it is very basic, and is not intended to be comprehensive.

General

  • System/user specification - compared with standard Internal Control Objectives. Is the package in conformity with company recommendations?


    • Is the system being taken "as delivered" or is it being customised?

    • if so, additional development costs and timescale

    • if so, implications for system size and response time

    • use of PC packages to replace or supplement larger systems

    • are features being lost which will have to be replaced e.g. inputs to planning at head office level.


  • Cost rentability/payback savings:


    • what are the alternatives?

    • have all costs been identified and included e.g. incremental licence fees?

    • has the in house IT department been permitted to bid for service and have cost-comparisons been prepared on a rational basis?

    • downsizing risks.

    • cost implication for remaining users.


    Interfaces to other systems

  • Organisational issues:


    • user profiles set up to reflect organisation.

    • discipline in manufacturing environment.

    • is integration within the package matched by an integrated approach to the implementation?

    • is system ownership/module ownership clearly defined?

    • is the role of Data Administrator defined?

    • is there sufficient local expertise for a stand-alone IT dept. especially if there is a change to unfamiliar hardware and operating system?


  • Controls


    • Security and disaster recovery.

    • what is covered by a Service Contract with the in house IT department, and what is a local responsibility e.g. order desk terminals?

    • Maintenance/support:

    • costs of third party support



    Internal Control Checklist

    This checklist covers the key issues which will arise from the initial review of the application.

  • Access controls:


    • Validation checks:
    • both within the system and by responsible officials e.g. credit referral

    • All points of data entry identified/controlled

    • Clearance of rejected data/dump accounts:

    • clearly defined who should receive the data

    • timescale for reacting to that data

    • escalation procedure if a serious problem manifests itself

    • log for registering error reports and their disposal


  • Processing/proving checks (closed loop):


    • goods movement:

    • consider all aspects of logistics chain e.g. is material removed by Quality Control?

    • identify exit and entrance points.

    • Are transactions registered in correct chronological sequence e.g. if work in progress is back flushed before stores issues are booked, there will be an apparent negative consumption.

    • Does opening balance plus each class of transaction produce an amount equal to sum of closing balances on stock file?

    • Does opening balance of debtors plus each class of transaction produce an amount equal to sum of balances on sub-ledger?

    • Does same logic apply to accounts payable sub-ledger?

    • Batch thinking can be usefully carried over to modern packages when considering completeness of processing.


  • Exception reports:


    • responsibility for acting on them

    • Authorisation of sensitive transactions e.g. special discounts, credit notes, write offs/ons, adjustments. VAT implications.

    • All physical points of despatch identified and controlled, including direct deliveries. Proof of despatch to and receipt of goods at remote sites e.g. telecommunication infrastructure project.


  • Exceptional transactions outside normal system parameters:


    • one-offs, manual dockets, specials, projects, tooling charges.

    • Cancellation/reversal of transactions. Authority and method of booking e.g. tends to be basic data capture as distinct from system-generated transactions. Effective communication of effect on net net turnover.


  • Master data file maintenance:


    • customer, product, price files, vendor record, classification of accounts.


  • Bill of Materials:


    • completeness and accuracy.

    • Processing/job dependency sequences control. Quality of user manual - are dependencies explained?

    • Interface/reconciliation of operational system with financial accounts - nominal ledger:

    • order processing, goods movement, accounts payable, accounts receivable, cash

    • Month end/year end procedures. Closing off and archiving procedures.

    • Ability to restore. Initialisation of new accounting period.

    • Initial transfer/loading of files from previous system including manual systems. Are front-end validations/checks being used or by-passed? If latter, will copied over data be regarded as corrupt by new package?
      Watch for reversible entries when transferring over a trial balance.


  • Goods Received Note/Receiving Report clearance:


    • age listing and price difference analysis.

    • Audit trail/history records:

    • days/months available on screen?



  • Back-up/contingency planning:


    • risks prioritised

    • disaster recovery plan

    • Control of change management. Implications for software and organisation. Will home-grown changes make it impossible to take new releases of third party software?

    • Is there an ability to fix problems locally or is all technical expertise in, say, the USA of Germany? If overseas, what is response time?


  • EDI links with suppliers and customers:

    • cost benefit of reducing goods movement pipeline but need to minimise exposure to hacking.


    System reporting

    • Do people get the reports they need and does the IT department know the distribution list?


    • Does the package provide an addressing facility; do not take it for granted that it will.


    • Are the reports acted on and/or do staff know what to do with them?


    • Training of operators and users. Are features understood and are they being used cost-effectively? Are staff working around the system e.g. is it in danger of migrating to PC spreadsheets?


    • Control of charges from software houses for maintenance and development. Proper contracts in writing and proper system for screening orders for change requests.