Controllers Are Not Auditors

Having just read an article in an accounting newspaper (The Bottom Line, “Heat rising in provincial standards fight” by Jeff Buckstein, Vol. 25, No. 9, August 2009 link to article) I feel that this topic should be mentioned. There is a misconception in the business world in general, and among the population that an accountant is an accountant is an accountant. This is simply not true, and I’ve come across this many times in my professional career.

I am a controller. I control companies. I provide the stability, professionalism, and drive to ensure that a company is being handled properly, carefully and respectfully in terms of reporting. This drives from the initial purchase order being authorized to buy a cleaning supply, all the way through to the compilation of financial statements to be audited. Everything from the ground up is under my purview, and is where my responsibilities as a controller lie.

This is not a job for the faint of heart. Most times, things run smoothly. Other times, crisis hits, and requires management level decisions on how to deal with emergency situations – from financial decisions to regulatory compliance decisions. This isn’t just a matter of dealing with Securities Commissions or GAAP, but WCB, the Canada Revenue Agency, etc. One of the most common examples that I use is this: “one of our supervisors comes running into the office, and screams out that there’s been an accident, two employees are dead and three are critically injured. What do you do, as the controller?”

One would be hard pressed to find a non-controller accountant capable of answering this question in a meaningful way. The controller is responsible for not only the books, but the operation, the livelihood of the company. It is up to him or her to ensure that emergency response teams are called, first aid is delivered. Assuming that the controller isn’t that close to the operations (and I have been), the next step is to inform the family of the employees, and to contact WCB. The benefits need to be coordinated. If the employee is unconscious, the employee’s family will need that employee’s income; the short-term disability will need to be set up.

The point is this: auditors are trained to audit; controllers are trained to control. There is some crossover of these skills, but essentially, they are different worlds. My primary objective as a controller is not to ensure that the financial statements are adhering to GAAP (although that is a secondary one, more on this below.) My primary objective is to control the company, and to ensure that it is healthy, honest, and being guided properly.

Compliance with GAAP is but one of my duties. It is a large part of them, but once I – as controller – design the systems and processes of internal control, it will be left to review to ensure that compliance exists. In the intervening time, I am ensuring compliance with municipal, provincial, and other federal regulations, including any foreign regulations. I am ensuring taxation is dealt with, inventory control is being handled, A/R is being collected, WCB is being paid, process problems are being addressed, etc. It is up to me to check on, and make sure that management understands the financial impact of the decisions, or lack thereof, that they make.

I need a professional designation at this level, to ensure that I understand, appreciate and can work with all of the various rules, expectations and professional requirements of my job. To that end, I have focussed my training on such activities as include leadership, communications, negotiation, and information technology advances.

I do not audit. I hire auditors. That is their specialty; mine is controlling companies. It does not mean – in any way, shape or form – that I am better or worse than an auditor. I am a different type of accountant.

It would do well for certain accounting bodies in Canada to remember this distinction.

Database Integrity

During a recent upgrade to the database where I work, the external consultants in charge of the project updated the database during working hours. On the one hand, it was a complete disaster for my entire department for a business day. On the other hand, it provided me the opportunity to impress upon my employees the need for data integrity. Using this incident as a training device, I was able to explain in excruciating detail why data integrity is so important.

Accounting systems are made up of two parts: the database and the front end. The front end is what the use ultimately sees. It provides the functionality, the user interface, the reporting systems, etc. Examples of front end systems include Great Plains, ACCPAC, Peachtree, and others. Behind the front end, holding the transactions, is the database. Databases vary in type but essentially work the same. They can be extremely complex systems that are made more simple to use by the front end system. It is possible to access the transactions (with the right knowledge and security settings) directly from the database. Not many people know this, and it should not be used for many reasons, not the least of which is coming up.

As a controller for a company, I have to stand behind the financial statements and verify that they are - to the best of my knowledge - good. This means that not only do I have to verify that the numbers work, I have to confirm that my internal controls functioned properly. Then, on top of that, there is an implicit confirmation that the data itself is good, that the data integrity hasn't been compromised. If that integrity is compromised, it means that - as a controller - I cannot reasonably assure anyone that the numbers I provide are actually correct. There may be errors that are unseen in the data and cannot be detected. These errors could easily produce incorrect data, compiled into incorrect information, upon which incorrect decisions are made.

Almost amusingly, this is a best-case scenario. There is a larger, more far-reaching problem that can come of compromised data integrity.

Since the database contains all of the financial information of a company, it could easily be considered that the accounting system is the pulse of a company, and therefore the database is the blood. If there is a problem with the data, it will (most of the time) cause the database to shut down and cease functioning. The data becomes corrupted, and the accounting system can no longer start, let alone produce reports, cheques, invoices, or anything.

In order to correct this kind of error, there are three main strategies that can be utilized to recover the data. These are: restore from daily backup, identify and correct the error, or manually overwrite the corrupted section. What the best response to the error will be is dictated by the type of error. Sometimes it is a simple unbalance between two tables in the database, i.e. between the accounts receivable table and the general ledger posting. Note that this is a different kind of error than the control account being out of balance with the subledger account; that type of error can be corrected with a journal entry. Database errors cannot. Sometimes the error can be far more broad reaching, such as a situation where the debits and credits in the system do not match. This kind of error likewise cannot be fixed by a journal entry.

If the database is totally unrecoverable, or the possibility of fixing it severely outweighs the cost, the best route is to restore from the latest backup and redo the transactions that occurred in the intervening period. The advantage to this is that a) one can verify that the error doesn't exist in the older version, b) it is the most stable option because there is no possibility of improper amounts being recorded via a database transaction, c) it can be audited at a later date provided the appropriate backup is kept, and d) it will almost certainly correct the error. The main disadvantages are that a) there is the possibility for a lot of lost time due to having to redo the transactions, b) there is a very strong possibility of lost transaction in the intervening period, and c) unless the system error is truly understood as to the cause, there is a possibility of recurrence of the same error.

The second option, to identify and correct the error, is of a somewhat more limited scope. If the error can be corrected by running a query / script on the database itself, this option can be very strong. (I have witnessed an error and corrective action like this on a database wherein some general ledger accounts did not close to the retained earnings account automatically. This error was discovered at the January month end, after 29 days of transactions had been recorded.) This kind of fix works on specific, smaller problems, but requires a very high level of expertise to perform. Usually, this kind of activity is way beyond the scope and knowledge of a controller, and even if the controller could solve the problem himself or herself, it is very highly recommended that they engage an expert for two reasons: the first, that something may go wrong during the corrective action that requires an expert, and the second is that should something go wrong, it is very helpful to have an external party to point at. (Or didn't you know that's what consultants are for?)

The third option is to manually overwrite the corrupted section. Of these options, this is the worst for a few reasons. First off, it requires more expertise than the second option (running a script-driven repair.) Second off, databases function in very complicated manners. A simple general ledger transaction, for example, could contain the following information: journal entry number, date, account number, amount, line description, originating exchange rate, modified exchange rate, functioning currency amount, entry date, entry username, etc. These are not all of them, by far, but indicate the level of complexity that even a simple journal entry contains. To overwrite the affected section of the database would be difficult to ensure that all of the subtle links are corrected, and that the system works properly and as expected when complete. The kinds of errors that this can correct are also very limited in scope. This error is almost a worst-case scenario, because of these complexities and expertise required to complete.

The complexities involved in any of these scenarios is time-consuming and problematic. For each hour that is lost correcting a database error, the company is likely losing between two and three hours in the time it will take to recover to the point before the error occurred. This lost productivity can cost the company thousands of dollars for even a one-day error that gets fixed. The expense to the company will rapidly get out of control, and in a very bad case, could threaten the very existence of the company.

Given the different methods of dealing with a database integrity crisis, the best advice that I can give anyone, anywhere, and under any circumstances is this: don't let it happen. Database integrity isn't a hard thing to maintain. Controllers, accountants in general, and any information worker should be aware of the concepts that underlie the information systems they use. This isn't to say that every accounting clerk should know how to run an SQL script, but they should know the basic fundamentals of how database tables work, and know what signs to look for that may indicate compromised database integrity. Some may feel that such activity goes beyond the scope of accounting staff, but it is my opinion that accounting staff are the front line of defense of the information with which they work.

The 5 Steps to Business Destruction

In this day and age of economic uncertainty (of which I don't personally ascribe, but that's beyond the scope of this article) there are many businesses that have either failed or are in the process of failing. These businesses need not die, as in most cases, it is merely the result of poor planning on the part of management. The top level managers become obsessed with minutiae in an effort to stave off the wolves at the door - except the wolves aren't yet present.

In order to help those to whom this may be a new experience, I will relate the results of my observations of the predictable steps that top level managers make that help a company along the path to destruction.

Step 1: Destroy the Information System

It is a scary fact that many managers are unfamiliar with the advantages and sheer power good information can provide. Sometimes this is the fault of the knowledge workers, the controllers, the accountants, the analysts. Sometimes it is superstition with regards to the computer, with the manager being afraid of the ghost in the machine. Either way, the result is the same. The manager will avoid leveraging the information systems at his or her disposal to help prevent the incumbent disaster. At best, this will produce lop-sided, potentially lucky decision making. At worst, this will be a means to stroke the ego of a manager who feels that "I can do it better than anyone."

The problem doesn't stop with existing information systems either. In my experience the first action any company will take when presented with a financial loss due to an information crisis is eliminate the solution to the crisis. I have witnessed a company hemorrhage cash due to two different sales people in the company undercutting each other in the same city, yet management would not spend the $4,000 required to prove that this was happening. (In all, it cost the company well over $500,000 in lost sales revenue and two years of market development. In the end it took a staff of three people devoted to sales reporting to produce the same reports the system would have.) For some reason, management feels that information systems and infrastructure spending is the most discretionary spending of all. This is folly. As in so many different avenues of life "he with the best information the fastest will win." This is as true for sales, finance and cost control as it is for anything else.

There is, however, a worse situation than even this. If a company decides to implement a solution, but doesn't wish to spend the money to set it up properly. Too often in this technological age, people presume that a computer will solve all of their problems, and will implement a piece of software claiming "it's only $4,000." They have failed to take into account that the software may be that much, but the cost to set it up properly, change the business processes to interact with the software, train the staff, and learn to operate the system to the requirements of the manager will likely cost easily twice as much as the software. If any of these steps are missed, the software will disrupt the functioning of the company at worst, or leave the staff feeling powerless to save themselves at best.

Step 2: Get Lost in Cost Minutiae

If you were to hire an employee to oversee the manufacture of wood stoves at a price that exceeds anyone else in the company, yet he spent the majority of his time sourcing a supplier to wash the mirrors in the bathroom, you would likely discipline him or fire him, would you not? Yet, this is happening every day in most companies in one fashion or another. Face it, managers are expensive. They are the more flexible people in your organization, usually blessed with a plethora of skills that go beyond the mere performance of the job. They are the multi-function tools, and the higher up on the food chain they are, the more skills they possess. Why, then, do these people spend their time going through the most minute of costs to save a dollar?

The truth is that in order for these managers to "save money", they usually don't have the guidance necessary to understand that if it takes them hours to save the company $20, the company isn't getting a good deal. I have seen managers pore over telephone bills for three or four hours, only to scream "eureka" when they find a $15.00 error. Their time would be better spent standing still in front of the staff; at least the staff would have the illusion that their manager cares about them. The sad truth is that managers that engage in this kind of activity haven't separated the idea of personal finance and business finance in their head. A $15.00 saving might be worth a labourer's time who gets $8.00 an hour to look into on his personal phone. It is not the case when the company spent $300 of the manager's time to save the $15.

The worst-case scenario of this is when the manager in question engages the services of the accounts payable clerk, or even more laughably, a lower manager to collect and collate the data for this kind of activity. This takes the problem, and in fact, compounds it. Now, instead of the opportunity cost of the manager performing such a banal task, there is the opportunity cost of the whole staff involved in the project. Unless and until there is a sustained benefit that exceeds the cost of this analysis, this should be avoided at all costs.

Step 3: Blame Those Who Work for You

During wartime, the only time that a soldier ever questions his superior's orders is when he is either a) unclear, or b) in violation of ethics and morals. Why is this? Because the lowest private in an army knows that he is responsible for his ethics, morals, and the orders he's given. You don't put a private on trial for war crimes (unless he alone did something atrocious), you put the chain of command on trial. The chain of command is what makes the decisions, and ultimately should take responsibility for them. Running a business is not remotely similar to running a war, with the exception of the chain of command. Without a leader, a company is nothing more than a group of people that get together for eight hours a day to hang out. The leadership is what makes the company run, gives it direction and guides its path.

Sadly, when things are going poorly in a company - and the management is poor - this is where things get out of hand. The manager in question will blame those who for him for the failures of the company. From the fact that it's losing market share to the fact that its costs are out of control, this manager will tell anyone who is concerned (usually either his manager, or the shareholders) that it is the staff creating the problem, and they should be disciplined/relocated/fired. Although this may seem extreme, I have personally witnessed this more times than I care to admit. It is around this time that the staff will start ducking for cover, sick time will skyrocket, and people will get grumpy with each other.

The main problem is that when a customer is dealing with someone who doesn't want to be at work, they know. The customer is sensitive to your business environment, unless the customer is too remote to know of you. The customer isn't necessarily the consumer, either. It could be another subsidiary of the same company, or even the parent company itself. Either way, when the staff of this manager are afraid to come to work, it creates more problems than it solves. It will obfuscate the real causes of the downturn in business, it will cloud the judgement of anyone who needs to make a decision (to the point of total intellectual paralysis), and it will confuse any attempt to determine cause and effect.

Step 4: Blame Those for Whom You Work

Don't laugh. It happens. This will usually take the form of complaining about a "lack of support" or that the [upper management/shareholders] "don't understand the business." It is this managers job to ensure that the people to whom he or she reports know and understand the business from that perspective. Anything less is a total failure on the manager's part, and an abdication of his or her responsibility. The manager will turn the blame-thrower up the line, claiming that he or she isn't being given the necessary resources to solve the problem. Of course, this isn't the problem. The problem is - as yet - undefined, because there is no staff willing to admit that they can't report on the minutiae because the information system has been shattered. The manager claims, wrongly, that the situation is beyond their control, that it can't be fixed.

The plain truth of the matter is that the manager could have solved the problem at the outset by changing his or her behaviour, and not embarking on the 5 steps to oblivion. When presented with an information-related crisis, the correct action would be to identify the problem first. Unfortunately, because of the competitive nature of today's workforce and society in general, few people feel that they are allowed to take the time to consider a problem first. They feel that the only justification they have is in action, not strategy. Whether or not the pressure is there from the people to whom this manager reports is irrelevant. The manager will be convinced that they must act regardless of consequences, and take off in a direction no one knows, at an unknown speed for a vague destination.

The punishment of upper management (or the shareholders) will continue until either a) the problem solves itself, or b) the manager runs himself or herself out of a job.

Step 5: Obtain Free Financing From Your Accounts Payable

Step 5 isn't really chronological, it merely represents the death rattle of a company breathing its last. Some managers (particularly the more cunning ones) will skip steps 3 and 4, thinking that if they keep the blame-thrower to themselves, no one will know that they really have no better an idea of the problem than anyone else. In order to save money, they decide that it's best to hold off on paying some of the payables. That way, they can save some interest cost, and everyone is happy. (I have no idea where people get the impression that interest cost is discretionary. That viewpoint is simply illogical. Money must come from somewhere, it's that simple.) The first expenditures that get left off the list are usually those that are a) large and b) not directly related to production. Who is it? We have a winner: government.

For some odd reason, many people seem to think that if you owe the government money and don't pay it's okay. Trust me, it's not. I've been an unfortunate victim of showing up to work to find chains on the door, and a lovely man wearing a blue uniform, carrying a gun and holding a seizure warrant asking me if I was the owner. Apparently, when one doesn't pay the government in a vain attempt to save the business, the effect is opposite.

To avoid certain regulatory problems, some managers will pick other services or goods on which to hold payment. Ultimately, this "free financing" is a fallacy, as in the end, you will have no suppliers left willing to deal with your company on your terms. There is but one way that this story ends, and that is in receivership.

The above scenario details action with no identification of problem. The problem remains undefined through the bitter end of the company, with the company dead, the manager left wondering what he or she could have done if fully supported with a staff that would do what they're told to uncover minute details from a broken information system. It is important to remember as you watch them walk away that through their end of days, it was never their fault.

All of the above take place in a progression that may not be immediately visible to the owners or upper managers of the company. The first people that will notice a problem are the people who work for this poisonous manager. Sadly, the people who should listen to those employees likely never will. They rely upon the poisonous manager to report what those same employees have to say. The only thing that can be done to avert the inevitable disaster is to follow the progress of the company during times of crisis, and determine if the information system is still intact.

A Really Scary Article

The date was February 6, 2009, when I saw on a local Calgary newspaper the headline "'30's Advice for 30-Somethings". Now, without putting too fine a point on it in the introduction, this is a really, really bad headline. For a start, it's promoting this wonderful continued fear mongering over a non-existent recession, and for a second, it's making the tragic assumption that 30-somethings today haven't the foggiest notion of how to live.

Speaking as someone who is 34, I must say that this headline (and related article) are very offensive. The article itself contains 12 paragraphs. The first ten are an interview with an older lady who doesn't seem to have any credentials save the fact that she was alive during the aftermath of the Great Depression. In the article she spends ten out of twelve paragraphs talking about how the younger generation doesn't know how to live, and that they need to ensure that they value their family.

I understand where she's coming from - from the concept of "you need family to survive" right through to "I was so poor I didn't even have shoes." But in all honesty, this isn't the Great Depression, and it's not the 1930's. Times have changed, technology certainly has changed, and financial sophistication has changed dramatically as well.

During the Great Depression, part of the problem was exacerbated by the fact that information traveled very slowly. Consider that during that time, the most reliable form of medium to long distance communication was mail, with its commensurate problems. A medium distance letter (say, from New York to Los Angeles) would take a very long time to get there, let alone one from New York to Tokyo. Any time there was a fluctuation in the market, the only method of propagating that information was through the print media, and perhaps through radio, although the latter was more unlikely, as the print media would be more readily available to people who didn't have radios at work (as is common today.)

The market problems this time around were so quickly identified that it seemed pretty obvious that the crash was coming. We knew ahead of time. We didn't know exactly when it would crash, but we knew it was coming. But now, here is where the differences lie:

When it started to crash, everyone knew - at the time. The internet, the news media, the radio, television, print, every form of communication known to man was crying about how the stock market had come tumbling down, how fortunes were lost, and lives ruined. None of it had actually happened yet, no no. You can't report on things that haven't yet occurred, but since "good news" is based on human misery, the communications technology on which we've become reliant was used to cause the problems.

Many companies right now are doing what happens any time that a market correction occurs. They are downsizing their operations to trim the chaff, they are taking baths on the face of their financial statements (meaning taking losses that are paper in nature [not cash] and writing down assets to more realistic values based on current market conditions.) They are contracting, getting smaller, leaner, meaner, and doing the corporate version of "going to the gym." When times are good, companies tend to overstaff; when the times are bad, they tend to reduce their staffing levels under the misguided belief that such actually does something.

Yet it's the media that is taking all of these stories and linking them together, based on the principles of marketing known as FUD. FUD stands for Fear, Uncertainty, Doubt. The average person may not understand the intricacies of how a person being given a mortgage who didn't technically qualify for one, but they understand it when someone spoon-feeds them "well, Morty lost his job because of the recession." (Morty didn't, he lost it because he slacks on the job, and his boss has always wanted to get rid of him, so now seemed like a good time.)

As a true-life example of this, I know of a company that had two production facilities. It was decided in June of 2008 to shut one of them down in November of 2008. The reasons were varied, but involved operating in a hostile political environment, the lack of ability to hire competent managers in the geographic location, and the poor quality control on the finished product as a result. Given that one doesn't want to tell a group of front-line factory workers that they're losing their jobs in four months (it would seriously compound the quality problems), management made no mention of this to the employees of the production facility.

When the facility was shut down on schedule, the local media interceded and cried doom and gloom about how the production facility was shut down due to "the Recession." (It's worthy to note that the recession hadn't even been verified yet - the stock markets had just started the roller coaster ride.) People rushed in to help the "poor, jilted worker" to find more work, and hissed at the "evil corporation" that shut down the facility. Had anyone bothered to ask beyond the newspaper articles, they would have found that "the Recession" was not the reason. The newspaper, however, wanted to sell many copies, and this was the easiest method of doing so.

It's this narrow-minded fear-mongering that is causing this recession-like atmosphere. The markets have corrected. It's over. It's done. The companies are out there scrambling to live, the ones that can adapt, at any rate. The others will fail. This is called natural selection. It's sad sometimes, yes. But if you're producing a product nobody is buying (like, say an SUV), why would it make sense to continue producing it? If the company can't adapt, it should (and most of the time will [but that's another article]) fail. And that is what is currently happening.

It's not a recession, at least not in the sense of the Great Depression. It's a market correction, bigger than we've seen, yes. But it's over. Let it rest. Let the markets lick their wounds, and they will heal.

However, never ever forget that the world has changed. Business has changed, become more sophisticated. The average consumer knows and understands more about personal finance than ever before in history. To top it all off, the ability to move more information than can ever be necessary instantaneously around the globe, individually or collectively is now almost unlimited.

It's different...

...and it's already over.