I was out in the field this week working on an case where the resources of the firm… well let’s just say that a key trusted employee took advantage of that trust. And it was laughable that here was this multi-million dollar company running a peer to peer network of XP Home machines running with no more than 256
K(meg)(1) RAM. Now obviously the level of quality of computer equipment didn’t play into this abuse of trust, but the lack of efficiency due to slow outdated inappropriate equipment was staggering. We brought in our own equipment, printers, etc because to use their equipment was painfully inadequate.
But here in a nutshell is the recipe for misuse of trust.
1. Don’t have unique usernames/passwords on Computers. I mean who really needs accountability anyway?
2. Don’t have unique usernames/passwords on your accounting application. Let everyone log in with the same username/password. Does it really matter who screwed up the bookeeping? Booked entries that are hard to trace?
3. Have employees who aren’t owners have full check signing ability and don’t review their work on a regular basis. Really what could they do with check signing power anyway right?
4. Never look over the financial statements or bank statements. Balances in accounts called “Suspense” and “Opening Balance Equity” in certain accounting applications are surefire signs there’s a problem with the data.
As a business owner the key thing you can empower yourself with is taking the time to understand your financial position. I know of several business owners that can scribble out their financial position on a napkin. They know what they sold. They know the costs. They know what the net should be. And by golly, they are pretty darn close.
My advice? Learn to be a little paranoid. Those insiders can do things and hurt badly. Take the time to review your financial position. If you don’t sign checks, do so, or at least ensure that all items look in order. And above all else, set up usernames and passwords. It would make the trail of evidence for this investigation a lot clearer if the users were separated out and not “Admin”.
(1) still can’t count RAM worth a darn