Looking for the next CEO?
Do your volunteers need workers' compensation coverage?
Why the big deal about segregation of duties?
Does your Web Site Need Audited?
Merchant Account Fraud
The MVP of the Credit Union
E-Commerce (web site business transactions) Audits
Supervisory Committee Manual - (Download PDF)
Looking for next CEO? Back to Top of Page
Does your board know how long it might take to find the right person? Do they even know the capabilities the new person should have? When you see what abilities the candidates possess, how long will it take to train the right candidate and get him (her) to where they should be? What will it cost? If you haven’t had a plan in place for about 5 to 10 years, it may be too late. The new person should be on board for at least 5 years to be checked out and re-trained, etc. and be ready to pilot your ship.
Do you plan to simply hire a person just like Will (the current CEO’s name) was when he became the CEO? You must remember that the CU was much smaller (say $75 million) then and has enjoyed much growth (over $250 million – now) during the 25 years of Will’s tenure. A clone of the original Will most likely won’t be suitable for the job. Shall we think of a supermodel to do the job at hand?
This problem is faced by numerous CU’s. According to the January 2003 issue of CREDIT UNION MAGAZINE, 23% of all credit union CEO’s plan to retire within five years and nearly 50% within 10 years. That means about 5,000 CEO’s are short timers and getting ready to hang it up. It also indicates that you can’t expect to steal one from the CU located just down the road a few miles. The competition for the one’s ready to run a tight ship (such as you are in search of) may be sought by many other entities. Getting the right person from outside of your organization may be a costly exercise. Salary and benefits to hire an outsider for the CEO spot of a large CU is most likely to be quite hefty.
Strong directives have been issued to all CU’s to focus your attention to the problem at hand. One such directive reads as follows: “The existence of a detailed succession plan that provides trained management personnel to step in at a moment’s notice is essential for the long-term stability of a credit union.”
What is a succession plan? It should be a complete guide on how to carryout the activity of replacing the CEO before he departs or announces his departure. An effective plan should accomplish three things: 1) ensures a smooth and thorough leadership transition; 2) maintains operational efficiency; and 3) provides sound member services during the time of transition.
What should a succession plan do? It will prove to be a treasured item if it stems a bad tide of events. The three most prominent are:
- The unexpected loss of the CEO. This could come from an accident, a heart attack, debilitating illness, stroke, spousal illness, family catastrophe, dismissal for wrong-doing, sudden inheritance on his part, and many, many other unannounced events or accidents.
- The retirement of a CEO. This is likely to happen with increased frequency in the next several years.
- The departure for a better, more lucrative opportunity. With the number of CEOs approaching retirement in the near future, this will become a serious issue for CUs.
Key points to use in developing a plan of succession: Obtain board commitment and involvement, secure the CEO’s support and utilize his experience, review your CU’s strategic goals, identify key positions and place numerical sequences and sense of urgencies on each, review job descriptions, and identify future essential CU capabilities (short-falls are not to be overlooked).
Common ways to strengthen your plan:
- Tie the plan of succession to your strategic and operating plans. For example don’t weaken one department by moving too many key workers out at the same time.
- Address staff development. If not closely attended to, your CU can’t take advantage of internal resources available when vacancies occur.
- Update and refine the plan on a continuous basis. This plan needs to be a work-in-progress; ever in need of review and revision.
- Name the internal persons marked for succession. If you possess the right individuals, let it be known who they are and what the expected situations are to be. Likewise, give the board plenty of power and authority to seek the proper individuals from outside if insiders aren’t deemed worthy. It is better overall treatment for those found unfit as they know where they stand and may decide to seek employment elsewhere. You have no room for disgruntled employees to stay on and cause havoc in daily or long-term operations.
A well-defined plan of CEO succession can be one of the most important programs a credit union ever develops, but it must be created well before a succession event occurs. Then it functions as a powerful tool, allowing the CU to maintain a steady course and sense of direction while dealing with the many traumatic challenges present when the leader departs.
Copyright © 2002 Oliver & Associates
Are Your Volunteers Covered? Back to Top of Page
Are your board members and committee members covered against accidents while on the job? Are you like most credit unions and forget about volunteers getting injured while on the job doing credit union work? Perhaps your workers are covered by a blanket policy to cover all employees, if injured, while on the job. What if they aren’t because you have overlooked them? Does your coverage hinge on the individuals being named for coverage and someone has forgotten to keep the reporting up-to-date every time there is a change in committee or board make-up. If your coverage is based on wages, then naturally you are letting the committee members and board members “fall through the cracks,” due to the fact that they receive no wages; and you report no wages for some or all of the volunteers.
An easy way to have coverage would be to purchase the coverage and keep the rosters current on a monthly basis. This coverage may be expensive; especially for members who are only slightly active or very inactive. Some committees only meet quarterly and then for just an hour or two.
Perhaps you should consider as an alternative: Workers’ Compensation. In West Virginia for example, the steps required, to have those persons covered, is very easy. It is thus: annually you elect to have them covered and you pay quarterly premiums.
Let’s say you have a committee member who is part of the team doing an internal audit which takes two or more weeks and is also part of the team that visits each branch each quarter. This person may also spend no less than two weeks per quarter in the main office. Perhaps two seminars and conferences are attended each year. That is two more weeks on company business. Let’s say the volunteer works seven weeks per year. His coverage for the year, on Workers’ Compensation, would cost $65.27. That is a bargain in anyone’s book. The premium is calculated as follows: Minimum wages $10,700 multiplied by a rate of 61 cents per $100. It is but $16.32 per quarter. (Note: The worker wasn’t paid the $10,700. That is what WV Workers’ Comp personnel advise us that must be reported in order to receive the coverage.) Your internal record keeping will provide the information on who is covered for each quarter. This example assumes that the person worked in all four quarters. It is also assumed that if the person only worked (and was reported) in two quarters, then the cost would be one-half. The maximum cost for the seven given weeks or 27 weeks or 47 weeks would still be $65.27.
Please call us for any details about this type of coverage. Beware that the procedures are most likely different in each state.
Why the big deal about segregation of duties? Back to Top of Page
Does your CU have to write off much money each month as un-collectible relating to credit cards? Let’s look at what could happen. Let’s say you are a small CU and perhaps have 12 employees and are a $35 M institution. There is only so much you can do to keep internal controls and checks and balances set up the way the auditors would like them to be. Agreed, but.
George, a 20 year, loyal employee processes new card applications and for the last four years he has also been in-charge of trying to collect from slow payers. Monthly he makes a summarized report, for the manager, of all accounts that need to be written off as unable to collect.
Now for the "what ifs." What if George signs up one new phony card each month and charges $275 and then includes it as a write off? Since no one else is involved, it goes unnoticed. $3,300 goes out the door every year. If someone were to do even some follow-up work on accounts being written off, they should catch the phony items. Even if only once in a while they did some work is that area..
We are aware of some smaller CUs that don’t do any follow-up work on closed member accounts because they see no danger. So they most likely, wouldn’t see any hazard in not being concerned about closed credit card accounts.
Isn’t that what checks and balances are all about? Simply keeping one person from doing too many functions in the same work arena and being able to subvert the processes and enhance himself at the expense of the system!
Does your web site need to be audited? Back to Top of Page
Are you taking applications for car loans and home loans through your web site? How about credit reports? Are your customers apt to be very uncomfortable about placing their valuable, personal information onto the web? Is your web site really safe? How is the encryption? Is it safe? How safe is it from hackers? When they are led to a “secure routine” to guarantee the security of the information, how “secure” is that part of your web site? Is that a false sense of security for your customers? When customers place their most valued possession (their credit and character rating info) in your hands on your web site is it in danger of theft, or erroneous transfer, or being sold in someone’s database?
Perhaps you need an audit of your web site. The auditors check for the items mentioned and many more. When they find that your site is safe and secure and that transactions are processed as purported, they provide you with an audit report and you will then be entitled to place a seal on your site which states that it is audited and complies with ultra-safe procedures. In other words, your customers will be able to rely that the business that they do on your web site is really safe and secure. You also get satisfaction that nothing is “falling through the cracks” on your web site. The report is signed by Certified Public Accountants and is also posted on your site for viewers to access, as they desire.
As the volume of crucial business transactions continue to increase tremendously, more and more difficulties with individual’s confidential information will become a key issue. If you need assistance with web audits, please feel free to contact us.
Merchant Account Fraud Back to Top of Page
Offering credit card merchant accounts is good business, but it can also be a nightmare.
Our high-tech society seems to spawn a new credit card fraud scheme every few hours. Are your merchants getting hit with fraud? Could you be helping them? They may assume that you are there to protect them, and yet you aren’t. What should they rightfully expect, in training or safeguarding, from you? Are you fair game for being sued for not being more of a “big brother” to the merchants?
Would your fraud detection methods catch something like this scenario?
An experienced merchant operates a dress shop in Anytown, USA. She has earned a good living in her shop for many years, selling clothing to local affluent women. She completes a large percentage of her transactions through her credit card machine. One day she learns that two young men are starting up an electronic store next door. They seem very nice, and they become friends with her, always ready to help when she needs a hand with heavy lifting or when a large shipment arrives for her shop. Occasionally, they ask her for little favors, and she helps them when she can, feeling obligated for their assistance.
One day the young men make a sale for $2,400, and as they don’t qualify for a credit card merchant account, they ask her to run the sale through her machine and in turn write them a check. After seeing the sale being made and the customer signing the transaction slip, she agrees, although she feels somewhat uneasy. After several days, she learns that all is fine with her bank account, and she gives them the check (net of her costs). This occurs a number of times over the next six-months. During a recent 10 day period, the young men help her when her car won’t start and when her daughter needs help--they come to her rescue again and again.
And then... they tell her, with much excitement, of a customer who has just ordered $45,000 worth of electronic gear and will come in two days to pick it up. Two days later, they come over to her shop and announce that the customer with the big purchase has arrived and needs to pay on his credit card. Will she please, please help them again? She senses that she is being foolish, but she doesn’t know what to do or whom to seek out for guidance. She feels terribly guilty when she thinks of saying no. And after all, the prior transactions were all good. So finally she agrees. She checks the man’s card over and reviews the invoice and all the documents of the sale. Everything is in perfect order. She notes that the credit card looks familiar (as it was issued by her CU). After 48 hours the young men ask for their check. A phone call to the credit union confirms that the transaction has cleared and the funds are in her account, so she writes them a check.
The following Monday morning, upon arriving at her shop, she discovers that the electronic shop next door is empty. Immediately, she has a sick feeling in her stomach. An inquiry of their landlord yields only that the young men have paid up their rent arrearages and left town. Later that day, she receives a call from the credit union: Her account has been hit with a charge back in the amount of $45,000. Her life’s savings have just vanished before her eyes. A true story!
Let’s look at the potential problems for the CU.
- Were the earlier transactions likely to be caught by a good fraud detection program? Perhaps not. The merchant’s parameters could easily have been $5,000 or higher, but probably not.
- Should a good fraud detection program have caught the big transaction? Yes! A dress shop should never have a transaction that large without inquiries being made before the transfer of funds is finalized.
- Any potential liability for the CU? Yes, most likely. If the merchant thinks along the lines of “somebody else should have done something,” she might pursue legal action.
- What if the CU was also the card issuer for the "phony customer"? Should the merchant have any reason to expect the CU to attempt to make recovery for her? What do you think a judge and jury are likely to conclude about the CU working both sides of the deal and not having any detection mechanisms in place to protect small, independent merchants?
Copyright © 2003 Oliver & Associates
The MVP of the Credit Union Back to Top of Page
This perhaps the most valuable member of the CU team. He finds problem areas and reports them for repair and mending. The managers (Supervisory Committee) send him (her) to the trouble spots and ask that he find the problems and disclose the situations that are weak or in need fixing. His reports are also expected to be a valuable source of feedback of how the various work functions are getting performed. Not just how things are supposed to work, but how they really are being done, by the respective employees.
Yes, this function is important and it is expensive. A good full-time I. A. could cost from $50,000 to $90,000. You get what you pay for. This job is not meant to be just helping customers reconcile their bank accounts or answering customers complaints that they should have more money in their account than what shows on their monthly statement. Due to the expense, many CUs decide to have a part-time I.A.
Another way to beat the high cost is to outsource the work expected to be done by an I.A. Assign the work to CPAs and avoid the monthly salary and fringe benefits expense. The gist of what needs done in the way of checking and testing of the internal flow of work and testing of internal controls, etc. can be done by outsourced CPAs for approximately $5,000 to $10,000, depending on the size of the CU.
If we can assist you in performing internal audits, please contact us for job and price quotes. You will think our person is just another member of the team. We would certainly enjoy being your MVP.
E-Commerce (Web Site Business Transactions) Audits
Back to Top of Page
We have visited several hundred CU web sites wherein much business is being conducted and only a handful show any signs of being audited. The sites that are audited, in any fashion, show a seal of such audit from one of a few internet firms that are involved in internet reviews or audits. One such firm is called: VERISIGN ©. They actually post a symbol on those web sites, which are entitled to carry the symbol. It is a seal of approval. The approval is good for a limited time and states the date of expiration.
CPAs that conduct audits of commerce on web sites also authorize the VERISIGN © symbol on the site along with their audit report. The seal of approval and the report can be viewed by patrons visiting the site.
The audit work project examines the various functions performed on the site. The financial and the technical and banking industry type transactions are all separately examined and found to be in-order prior to the entity being declared fit and have the audit signed off as complete and that the site is worthy of wearing the seal of approval. The audit team consists of auditors capable of checking out the flow of financial information and electronic engineers experienced at examining the data and transactions as they flow through the banking portals and that all information is intact and the integrity of all information is unchanged and not compromised. Firewalls are tested and confidentiality of all personal data is sure to be safe and secure. Protection from hackers is a big consideration in the conduct of the audits.
Another part of the audit is to verify that the CU (banking institution) has and maintains strict procedures for handling confidential information and not selling or distributing the crucial information obtained from the commerce of the web site.
Auditors and high tech engineers are trained and qualified before they are approved to do this specialty work