The "Gold Standard" in the evaluation process has always been the face-to-face interview, and with good reason. Whereas references are strictly subjective, and often amount to nothing more than someone else's opinion of the candidate, an interview gives you the opinion that should really count — yours. And while testing results can give you an idea of the candidate's "book knowledge," they can be poor indicators of potential job performance.

The interview is then the most accurate and telling measure available to you. The type of questions you ask, and the answers you receive, are the key to making the right hire. Beyond that, it's your interpretation of the answers that is crucial. What skills and personality traits are revealed? Once you understand exactly what is being said, and discern what the answers tell you about the candidate, your next task is to evaluate how the attitudes and frame of mind that produced those answers will fit into the position and your organization.

Still, the traditional face-to-face interview has its limitations. The biggest hurdle is determining whether the opinions expressed are sincere and accurate. This can be a daunting task at times, since many candidates are "coached" by agents who know exactly what you are looking for. Sometimes, a sharp applicant can even ascertain what would be the most favorable answer, so they can "tell you what you want to hear." Even if answers to traditional interview questions are sincere and accurate, they often fail to reveal the crucial character traits and "soft skills" that are an important part of the make-up of any candidate.

The best way to avoid many of the shortcomings of the traditional interviewing process is to employ behavioral-based interviewing techniques. Behavioral interviewing is a relatively new mode of job interviewing. Employers such as AT&T and Accenture (formerly Andersen Consulting) have been using behavioral interviewing since the late 1980's. Behavioral based interviewing provides a more objective set of facts to make employment decisions than do other interviewing methods. Asking "behavioral" questions, which involve the description of a situation or task, the applicant's actions or reactions to them and the result of those actions, will allow you to evaluate the candidate's proven performance on other jobs. The questions you ask should allow you to analyze the candidate's past and predict their future. Behavioral interviewing is said to be 55 percent predictive of future on-the-job behavior, while traditional interviewing is only 10 percent.

The following are behavioral interview questions designed to uncover the true essence of a candidate. The questions should be straightforward, emphasize the recent past and be phrased to allow the applicant to provide both positive and negative information. Follow-up questions, which are spontaneous questions in response to a candidate's answers, are employed to uncover more specific information. Note that the questions are so open-ended, they don't even require a question mark.

Whether you're interviewing for a Controller or a Staff Accountant, the answers to these behavioral questions, their follow-up questions and answers and your evaluation of them, could be the key to making the right hire.

BY TAMMY HERSH CPA, MBA, ABV
MANAGER

Over the last year, it has become almost impossible to open a newspaper or business journal without seeing some mention of fraud. The recent scandals and fraud schemes that have headlined our newspapers have led executives and investors to the realization that internal fraud committed by management or employees can severely damage a company and even result in the collapse of major corporations. In an effort to boost investor confidence and improve corporate governance within organizations, the U.S. enacted the Sarbanes- Oxley Act of 2002 (the "Act"), mandating provisions aimed at strengthening corporate accountability and governance and affecting the fiduciary responsibility of both officers and directors of public companies. As directed in Section 404 of the Act, the Securities and Exchange Commission is requiring the management of public companies to report on the internal controls of their organization in their annual reports.

What does this mean for privately held companies and small businesses? First, even though the new regulations do not apply to non-public companies, privately held companies interested in going public or selling their holdings to a public company will have to conform to the new legislation. For example, many small and privately held businesses have loans to officers. The Act specifically prohibits any personal loans to or for any director or executive officers. These loans would have to be repaid before any initial public offering.

Second, officers, directors and investors have become more aware of the significant impact fraud can have on an entity. Good corporate governance within an organization may make a company more attractive to potential buyers, investors and other capital sources.

Finally, the risk of fraud, and the costs associated with it, exist in all organizations, not just public companies. According to a 2002 study by the Association of Certified Fraud Examiners ("ACFE"), fraud cost U.S. businesses $600 billion in 2001, equating to 6% of an organization's revenue. The study also showed that small businesses tend to be the most vulnerable to fraud; on average, small businesses lost $127,500 per fraud scheme compared to an average of $97,000 for the larger businesses.

The existence of fewer checks and balances in small business is a primary reason they suffer greater losses. The small number of employees leads to a lack of segregation of duties, basic accounting controls and a greater level of trust among owners and co-workers.

New, fast growing businesses are also at high risk for employee theft due to the lack of established policies and procedures. The result is weak controls and many opportunities for fraud to occur.

What are the risks and how can they be minimized?

Types of Fraud
There are three major types of fraud: asset misappropriation, corruption and financial statement fraud. The fraud schemes we have heard so much about over the last year at Enron, WorldCom and Tyco have all been cases of financial statement fraud. This type of fraud is the most costly per scheme, but it is the least common, occurring only 5% of the time, according to the ACFE. The study further showed that the most common type of fraud is asset misappropriation, occurring 86% of the time.

Asset misappropriation is the greatest threat to small businesses. It is defined as the theft or misuse of an organization's assets by management or an employee, which is most often the theft or embezzlement of cash. This can include skimming revenue before it is recorded on the books, stealing cash receipts, stealing inventory, payroll fraud and fraudulent disbursements.

Why Do Employees Steal?
Most experts support a theory called the fraud triangle. This theory states that in order for fraud to occur, three elements must exist. First, there must be a need by the employee. This could be a financial need from living beyond one's means, a vice (gambling problem, alcohol or drugs), or an unexpected crisis or event. Second, there must be an opportunity to commit fraud, usually due to lack of internal controls within an organization. Lastly, the fraudster must be able to rationalize committing the fraud, such as believing that the funds are only being borrowed, or that the employee is underpaid, therefore the embezzled funds represent part of the employee's salary. These employees believe that they can successfully perpetrate the fraud without being discovered.

Types of Employees
Employees can be placed into three major categories. The first category is your "generally honest" employee who has no intention of stealing from your organization, but will if the opportunity arises and there is a need for financial resources. This individual is your first-time offender who is the typical perpetrator of fraud. The thought of getting caught and possibly going to jail is incomprehensible for these employees. For this reason, the mere perception that a fraud scheme may be detected can many times prevent fraud from occurring. The second category is the "professional" fraudster who enters your organization with the intent to commit fraud and is always looking for opportunities. The "professional" fraudster does not fit the fraud triangle model discussed earlier. This individual does not need to rationalize his/her actions. Professional fraudsters seek out organizations with weak controls. By implementing strong control policies, a company can deter these professionals from ever entering their organization. The last category is the "honest" employee who would never steal from the organization.

Almost all victims of fraud make the mistake of believing that their longtime employees all fall into the last category of the "honest" employee and that it would never happen to them. The most likely person to commit fraud in your organization is the long-time trusted employee. This employee has been with the company long enough to develop relationships with vendors, to gain the trust of the business owners and other co-workers and to understand the weaknesses in the company's internal control structure.

Minimizing the Risk
By instituting strong internal controls in an organization, a business owner can minimize the opportunities to commit fraud. This will not only prevent the "generally honest" employees from committing fraud, but can also deter "professional" fraudsters from targeting your organization. In addition to strengthening internal controls, business owners need to set the tone within an organization and develop a climate that is hostile to fraud.

One of the requirements of the Sarbanes-Oxley Act is that all public companies implement a fraud hotline. All organizations, small, large and privately held, should have a fraud hotline. In the study by the ACFE it was found that the most common method for detecting fraud was through a tip from an employee, vendor or customer. By setting up a fraud hotline, organizations can cut their fraud losses by approximately 50% per scheme.

Until now, fraud has been one of the largest unmanaged costs to business owners. However, the recent events of Enron and Worldcom have led business owners to recognize the high cost of fraud and to take action to protect their organizations. This is reflected in a survey sponsored by Robert Half Management Resources that shows that 58% of private companies in the United States are evaluating their internal controls and instituting new practices. Of the CFOs surveyed who are implementing changes: 44% said they were reviewing or changing current accounting procedures, 36% were creating or expanding the internal audit function and 23% were hiring an independent firm for consulting work.

THE IMPORTANCE OF IT CONTROLS IN THE ERA OF THE REAL-TIME ENTERPRISE

BY DANIEL SCHROEDER CPA, MBA, CISA
DIRECTOR, BUSINESS PROCESS & TECHNOLOGY MANAGEMENT

The Real-Time Enterprise defined — The term "real-time enterprise" is frequently used to refer to companies whose applications are integrated and networked, and where data files are updated and transactions are posted automatically "as and when they occur" in the normal course of business. For example, in real-time companies, a shipment transaction immediately and automatically adjusts inventory records, updates the customer order, and prompts invoicing.

Governance and IT Controls
Looking forward, we can be sure that the real-time integrated IT systems will only become more prevalent and complicated. It is also likely that, in this era of Sarbanes-Oxley and Corporate Governance, the institutions that influence and/or regulate distributors will only increase their awareness of the control risks associated with the use of real-time systems. The following are examples of IT controls appropriate for most real-time IT environments:

1). Protect the Perimeter — since in a real-time enterprise, a company's financial system operates within the context of the overall network (LAN/WAN/Internet/Extranet), it is important to know that access to the LAN on which the financial system operates is protected and monitored. All points of ingress into the company's IT network should be protected by firewalls that are logged and monitored.

2). Passwords and Access Rights — logical access to any financial system should be strictly defined to specific individuals with specific job responsibilities. Access rights should reflect deployment of effective policies for segregation of duties; for example, the individual with access to creating purchase orders should not also have access to approve purchase order receipts and accounts payable invoices. Access rights should define exactly who has authority to create manual journal entries and initiate "batch" postings from subsidiary ledgers to the general ledger. Access rights should be regularly updated to reflect changes in personnel assignment. Overall network and system access passwords should be periodically changed.

3). Change Management — personnel responsible for maintaining and creating program code should only have access to the "test environment"; that is, they should not be able to put programs into production. Before program changes are put into production, the ultimate users of the modified programs should test and sign-off that new programs and changes are accurate and complete. It is usually appropriate to have a financial manager sign-off on any changes affecting financial programs.

4). Logging — protecting the integrity of the financial system's data files and programs is critical and the company should have automated logging (not controlled by people responsible for programming support) to automatically identify changes to programs and data files. These logging reports should be automatically made available to and monitored by the senior IT security person and/or financial management. Companies that have outsourced their programming support often think that since a professional third party is doing this work, normal access controls and logging are not needed. This is not true. Any individual with access to the computer system should have access rights defined specifically to their role, and access to key data files and programs should always be logged.

5). Transaction Integrity — the financial system should have the capability to generate "Edit Registers" for manual journal entries to enable the details of the transaction to be confirmed by supervisory management before being released for posting to the general ledger. Posted journal entries should be supported by either subsidiary journal reports (summary and detail) or edit registers approved by authorized financial personnel to attest to the transaction’s accuracy and completeness.

The real-time enterprise provides distributors with increased efficiencies as well as increased risk. Be sure you have protected yourself by advertising the IT control issues that real time organizations face.

USE TAX — A Snake in the Grass

BY DANIEL GIBSON CPA, EA
SENIOR MANAGER

Sales and use taxes represent nearly half of all tax collections that fill state coffers each year. Eager to guard this revenue, particularly in this era of state deficits, states pursue audits that often result in painful tax, interest and penalty assessments. Businesses that do not realize their true exposure to these taxes can significantly risk hurting their operations.

What is a Sales Tax?
Generally, this tax is usually levied on the sale or transfer of tangible personal property ("TPP") or certain enumerated services. For most states that levy sales tax, generally all sales of TPP are taxed unless the statute provides for exemptions. Enumerated services are sales of services that the jurisdiction's statutes specifically define to be subject to sales tax. This tax is normally collected by the seller of the TPP or provider of the service for the state when the seller/provider has sufficient enough connection (or nexus) to the state in which the transfer of goods or service takes place.

Example 1: If Mr. Seller, whose only location is in State A, sells TPP to Mr. Buyer, a resident of State B, and the transfer of that TPP takes place in State A, Seller is obligated to collect sales tax from Mr. Buyer and remit it to State A.

Example 2: If, instead, Mr. Seller ships the TPP to State B, via common carrier (UPS, FedEx, etc.), Mr. Seller is not obligated to collect sales tax from Mr. Buyer. Why? The transfer of TPP takes place in State B. Since Seller has no connection (or nexus) in State B, he has no obligation to collect and remit the sales tax to State B.

So What is Use Tax?
This is a tax on the receipt, possession, consumption, storage, or use of property. All jurisdictions that have sales taxes have enacted use taxes to "complement" or cover transactions where no sales tax is collected. The manner in which the order has been placed is irrelevant. The order can be placed face-to-face, over the phone, by mail or over the Internet and the product will still be subject to sales or use tax. If sales tax is not collected, the buyer (or user) of the product is then required to self assess use tax.

Example 3: Same facts as Example 2. Since Mr. Seller is not obligated to collect sales tax from Mr. Buyer, Mr. Buyer is off the hook, correct? Wrong. Since no sales tax was charged to Mr. Buyer, Mr. Buyer is obligated to charge himself use tax.

So What Do I Need to Do?
The key to limiting your exposure to current and prior years' sales/use tax is adequate internal sales and use tax procedures and proper compliance. On a monthly, quarterly or annual basis, you should be reviewing your current year out-of-state purchases of such items as office supplies, furniture, computers, business supplies, samples provided to customers, etc. If the seller has collected no sales tax and the item would have otherwise been subject to sales tax in your state, you probably owe use tax. This should be self-assessed, reported and paid to your state. What if you believe you have no use tax to report? We still recommend filling out your respective state's use tax form and reporting "NONE" for the amount of use tax being self-assessed. After the forms are filed, the state normally has a limited amount of time (usually three to four years) to audit the forms. Once this time has expired, the state, generally, can no longer audit that form. If the form is not filed for a period, the state can go back and audit that period no matter how much time has elapsed. Another tip: if no amounts are being self-assessed, make sure the return is filed by certified mail or instead of "NONE" report $1. The cancelled $1 check can serve as your proof of mailing.

If you need any assistance on the matters discussed above, please feel free to contact your Amper, Politziner & Mattia State & Local Tax (SALT) Group representative.