I was at a client's today and ...well.. let's just say that one Quickbooks password cracking later, one quick crash course in bookkeeping later and they are a bit up and running, more so than they were at 9:00 a.m. this morning when they couldn't get into the bookkeeping program.
It reminded me of the conversations going on in the SBS community about growing out the business to allow someone you don't know to handle your financial 'stuff'. What typically happens in small businesses is that the business owner, a relative or someone they trust does the bill paying, bookkeeping and reconcilation. But here's the problem. In the proper system you should have separation of duties. In a typical small business... you don't. None at all. So what are some issues small business owners should be concerned about when they let someone else do the bookkeeping?
If you answer “yes” to any of these, you may have issues in segregation of duties:
- Is the person who handles your cash also responsible for recording the cash?
- Does the person who pays or orders inventory also receive the materials?
- Are two or fewer people responsible for the accounting function?
- Is only one person responsible for reviewing financial statements each month?
- Is your review of financial journals sporadic?
If you answer “no” to any of these, you may have issues with Bank Reconciliation:
- Do you review canceled checks and endorsements on a monthly basis?
- Do you compare payroll checks with your current employee records?
- Do you question funds transferred between bank accounts?
- Do you track the number of credit card bills you sign per month?
- Are bank reconciliations performed on a timely basis?
- Is someone responsible for reviewing the reconciliations each month?
- Do you verify reconciled items?
If you answer “yes” to any of these, you may have issues with documentation:
- Do you ever sign blank checks?
- Do you ever sign checks without original supporting documentation?
- Do you ever sign checks without canceling supporting documentation?
- Have funds ever been transferred between accounts without review or verification?
- Do you ever sign checks for new business vendors without knowing or verifying their name and association with your company?
If you answer “yes” to any of these you may have issues with employees:
- Are any of your employees extremely possessive of their work records and reluctant to share their tasks?
- Are any of your employees apprehensive about vacations and time off, while always being the first in the office and the last out?
- Have you noticed a substantial change of lifestyle in any of your employees?
- Do any of your employees have a possible substance abuse problem?
- Are any of your employees living beyond their means?
- Have you ever hired an employee before checking references?
- Do you permit your accounting personnel to work longer than a year without taking a vacation?
- Do you have any accounting staff or key personnel who have not been secured with a fidelity bond?
If you answer “no” to any of these you may have a problem with assets:
- Are blank check stocks and signature stamps safely secured?
- Do you restrictively endorse all checks when received?
- Do you deposit cash and checks daily?
- Do you maintain a list of office furniture, equipment, and company vehicles?
Oh, and did you notice I said I easily used a password cracking program to get into that Quickbooks? The password protection provided by the program is easily overcome within mere seconds of using Elcomsoft or any other number of password cracking programs. If Elcomsoft's program can't crack it because the password is too long, it merely asks you if it's okay to 'remove it' instead.
While this certainly a case of the Computer Security Law # 3 [coming up in the next blog post], you should still be aware that it is EXTREMELY trivial to open up a password protected Quickbooks file.