Posts

Superman helps hackers.

It’s a sign of the times that hackers are constantly on the lookout for weaknesses in people’s computer security systems.

Individuals can go a long way to making things more difficult for the hackers by ensuring they have up to date anti-virus software in place and that their passwords are good passwords.

But what is a good password?

Before answering that, let’s look at some bad passwords.

The National Cyber Security Centre (NCSC) has just released a report on some of the most hacked passwords. They analysed hacked accounts where details were being sold by hackers.

Last year an astonishing 23 million people around the world with the password “123456” were hacked.

You should really hang your head in shame if your password is 123456 as it’s very easy to hack into.

OK, what about the name of your favourite football team as your password. Would that provide you with more protection?

Alas not as football team names are very common passwords.

Roughly 280,000 accounts were breached last year with the password “Liverpool”. 

“Chelsea” and “Man-Utd” passwords were breached 216,000 and 59,000 times respectively.

Using the names of your favourite music artist also isn’t a good idea.

The most popular passwords using the names of music artists are “blink182” and “50cent” (these are probably popular as they satisfy the need to have letters and numbers in a password).

If you’re a fan of superheroes then avoid Superman, which was the most common superhero inspired password.

So, onto good passwords.

According to Ian Levy, the Technical Director of NCSC, “Using hard to guess passwords is a strong first step and we recommend combining three random but memorable words. Be creative and use words memorable to you, so people can’t guess your password.”

There you go.

As easy as 123 or should that be, as easy as “123456”…

A €40,000 pudding…

If you’re gong to hide cash then I guess hiding it in the oven may not be a good idea.

Alberto Vazzoler used to be a dentist. He moved on from that but his new activities were allegedly far from legal as he’s currently on trial in Italy accused of money laundering.

Money Laundering is where “dirty” illegally obtained money is “washed” and then reintroduced into general circulation as clean money. In simple terms, criminals disguise the method of obtaining the money from criminal activities to make it look as though it was derived from legitimate sources.

Now although Mr Vazzoler was a dentist, he’s been accused of making serious amounts of money by way of laundering more than €46 million for criminals across Europe.

Together with his accomplices, he’s been accused of channelling funds through various off shore tax havens and amongst other things, “cleaning” some money by way of converting cash into gold.

His girlfriend, Silvia Moro, has also been charged with money laundering.

Details of some expensive cooking emerged during a court session last week when an investigator told the course that Ms Moro sent a WhatsApp message to her sister saying “I’ve done a stupid thing. I put a strudel in the oven to cook where €40,000 was hidden.”

Although a cost of €40,000 would probably make the strudel the most expensive pudding in the world I guess that the couple have more pressing things on their minds now they are in court charged with money laundering and tax evasion which could result in a lengthy prison sentence.

Would you stand for this?

Do you work in an office? Do you sit down at your desk most of the working day?

If you do, then it may be a good idea to ensure you stand up and move around a bit during the day.

Recent research has estimated that 1 in 9 deaths can be blamed on sitting down for at least 6 hours a day.

Let’s pause for a moment as that’s a shocking figure!

In the UK alone that would equate to thousands of people dying every year due to lack of movement and the cost to the National Health Service is estimated at £700 million annually.

Research published in the Journal of Epidemiology and Community Health estimated that 17% of diabetes, 5% of heart disease and 8% of lung cancer cases could be avoided with less sitting.

Leonie Heron from Queen’s University Belfast was the lead author of the study and said “You need to put your body under a little bit of stress to maintain a healthy heart and whole system”.

She went on to say that “It suggests that it is bad for our health how our working lives are structured for a lot of people. You can attenuate that risk by being more active in your leisure time, but it’s something employers can look at. Maybe they should be providing opportunities for employees to be active during the day, perhaps making sure people move every hour…or providing opportunities during lunch and coffee breaks.”

My guess is that a lot of you do sit down for at least 6 hours a day working at your computer. It’s probably a good idea therefore to remind yourself to get up and move a bit when you can as it will be good for your health.

Unless, that is of course, you’re getting up to walk out of the office to have a cigarette…

Causing a bit of a stink…

There’s no room in the modern workplace for bullying and intimidating work colleagues.

Companies should have anti bullying practices in place and in most countries around the world there are laws to protect people who are being bullied.

The Oxford dictionary defines bullying as seeking to “harm, intimidate, or coerce someone perceived as vulnerable” but in some situations it’s difficult to decide whether or not an activity is actually bullying.

Over in Australia a worker claimed that he was bullied by a colleague who repeatedly broke wind at him.

David Hingst claimed that his ex-colleague Greg Short would “lift his bum and fart” on him up to 6 times a day.

Mr Hingst didn’t take this well and sued his former employer for A$1.8m (nearly £1m).

Now, let’s pause here for a moment and hold our breath.

Bullying in the workplace is clearly wrong but claiming damages of nearly £1 million when somebody breaks wind in front of you does seem a bit steep.

Mr Hingst was adamant though and last year took his case to the Supreme Court of Victoria.

The Court found that there was no bullying.

Mr Hingst didn’t agree with the decision and appealed against it and last week the appeal was heard by the Court of Appeal.

Mr Hingst reportedly told the Australian Associated Press that “I would be sitting with my face to the wall and he would come into the room, which was small and had no windows. He would fart behind me and walk away. He would do this five or six times a day”.

Mr Short, the alleged perpetrator of this “crime” had said that he may “have done it once or twice” but denied doing it with the intention of distressing or harassing Mr Hingst.

Alas for Mr Hingst, the Court of Appeal rejected his appeal and found there was no bullying.

Mr Hingst though isn’t taking this sitting down and reportedly has said that he plans to appeal to the High Court.

Free ACCA Study Materials

All of us here at ExP are excited. We’re excited for 2 reasons.

First of all, we’ve just gone over 350,000 followers on Facebook and a huge thank you to all of our followers.

In fact, 350,000 thank you’s!

The second reason is that we’ve just released our free ACCA eBooks. These can be downloaded free of charge on the following page:

Free ACCA Study Resources

We hope that all of you that are studying for your ACCA exams find them useful. If you’re not studying ACCA, you’ll find the eBooks useful if you want an overview of some key finance and business topics.

Thanks again for the Facebook follows and best wishes from all of us at ExP.

Room for improvement at the Big 4…

Oh dear. It certainly wasn’t a great performance by the Big 4 when it came to their annual inspections by the Financial Reporting Council (FRC) in the UK.

The quality of the audits performed had decreased and for KPMG in particular, according to the FRC “there has been an unacceptable deterioration in quality”.

The FRC is an independent body who check the quality of the audits undertaken by the 8 largest firms in the UK. Think of it as “auditing the auditors”.

They rate the quality of the audits undertaken using the following scale:

• Good (category 1)
• Limited improvements required (category 2A)
• Improvements required (category 2B)
• Significant improvements required (category 3)

Overall results from the most recent FRC inspections during 2017/18 show that 72% of audits required no more than limited improvements (compared to 78% in 2016/17). Or to put it another way, 28% of the audits reviewed required improvements (category 2B) or significant improvements (category 3).

For KPMG though things were particularly bad. When the FRC looked at their audits within the FTSE 350 (the largest 350 companies on the London stock exchange), they found that 50% required MORE than just limited improvements (compared to 35% in the previous year).

If you take a step back then this really isn’t very good is it. If you went to a restaurant where 50% of the meals served required more than limited improvements you’d be unlikely to go back to that restaurant again and I’m sure that restaurant wouldn’t be in business for much longer.

KPMG are going to face increased scrutiny by the FRC in the next round of inspections. 25% more KPMG audits will be examined over the 2018/19 cycle of work and the implementation of their Audit Quality Plan will be closely monitored.

So what went wrong?

The FRC noted that there were a number of factors. These included a failure to challenge management and show appropriate scepticism across their audits.

Stephen Haddrill, CEO of the FRC, said “At a time when public trust in business and in audit is in the spotlight, the Big 4 must improve the quality of their audits and do so quickly. They must address urgently several factors that are vital to audit, including the level of challenge and scepticism by auditors, in particular in their bank audits. We also expect improvements in group audits and in the audit of pension balances. Firms must strenuously renew their efforts to improve audit quality to meet the legitimate expectation of investors and other stakeholders.”

Whilst the level of quality found within the Big 4 audits fell, the performance of the mid tier companies improved. The FRC inspections on BDO, GT, Mazars and Moore Stephens showed general improvements in the quality of inspected audits.

The FRC’s Audit Quality Review is explained in more detail here and if you’re interested in reading the reports on the individual firms they can be found on the following links:

BDO LLP Public Report 2017/18 (PDF)

Deloitte LLP Public Report 2017/18 (PDF)

Ernst & Young LLP Public Report 2017/18 (PDF)

Grant Thornton LLP Public Report 2017/18 (PDF)

KPMG LLP Public Report 2017/18 (PDF)

Mazars LLP Public Report 2017/18 (PDF)

Moore Stephens LLP Public Report 2017/18 (PDF)

PwC LLP Public Reporting 2017/18 (PDF)

EY confirm the women were real

Some of you may have heard of the website Ashley Madison.

For those of you who haven’t heard of Ashley Madison, it’s a website where married people can register to meet other married people without their respective husband or wife knowing and then have an affair.

In fact, some of you may be registered members of the site (this does raise the question that if you are a registered member of Ashley Madison and are reading this business blog then at the moment you are finding business stories more interesting than having an affair so well done on that).

Ignoring the rights or wrongs of a website facilitating affairs, Ashley Madison has had an up and down ride over recent years.

Back in 2015, they were hacked. As a result the personal details of their users were leaked and there were a lot of users. When I say “a lot”, there were 32 million users.

The situation got worse for Ashley Madison though.

As well as their systems being hacked and details of who had signed up being leaked, it turned out that the vast majority of users were men and of the women who had signed up a significant proportion were Bots (i.e. a piece of software) or prostitutes.

All in all, not great selling points when trying to encourage new members.

In an attempt to build up trust (if trust is a relevant word for people looking for affairs that is…), Ashley Madison commissioned Ernst & Young to cast an eye over the membership data and see if it stood up to scrutiny.

There were some interesting results including the fact that 15,542 new members signed up each day in 2017 (that’s nearly half a million new users per month).

There were also more active women on the site than men. Globally, the ratio of active males to active females was 1 to 1.13 but there were variations on a regional basis ranging from Australia where the male to female ratio was 1 to 0.78 and Columbia where the ratio was 1 to 2.39.

Ernst & Young also reported that “The Client had used Bot programs to generate message activity with paying customers in prior years. The Bot programs were decommissioned in 2015 and our procedures related to calendar 2017 found no evidence that the use of Bot programs previously operated had been reinstated.”

So, in theory the registrations are human and there’s no danger of falling in love with a bot.

The full Ernst & Young report can be found at www.ashleymadison.com/2017report but I would be careful as if you’re viewing this on a computer at home and your husband or wife finds you’ve been visiting ashleymadison.com then there could be some difficult questions to answer.

Then again, if you start typing in the website and your web browser recognises it from a previous visit to that site then maybe…

Nicely said Mr Musk

We’ve all been there haven’t we? Long boring meetings that don’t seem to be going anywhere.

Maybe you’ve tried to give the impression of being interested in what was being said but in reality the meeting wasn’t relevant for you and your mind was wandering to other more interesting things.

Well, if you’re not a great lover of excessive meetings then you are not alone. In fact, you share the thoughts of an incredibly successful and admired business person. Namely, Elon Musk.

Mr Musk’s current business interests include Tesla and SpaceX.

In the past he founded x.com which later became PayPal. Paypal was subsequently bought by eBay for $1.5 billion.

He currently has a net worth in excess of $20 billion.

But what does he think about meetings?

In an email to his staff that was leaked to the electrek website there were a few productivity recommendations:

In the words of Mr Musk, these include:

– Excessive meetings are the blight of big companies and almost always get worse over time. Please get of all large meetings, unless you’re certain they are providing value to the whole audience, in which case keep them very short.

– Also get rid of frequent meetings, unless you are dealing with an extremely urgent matter. Meeting frequency should drop rapidly once the urgent matter is resolved.

– Walk out of a meeting or drop off a call as soon as it is obvious you aren’t adding value. It is not rude to leave, it is rude to make someone stay and waste their time.

– Don’t use acronyms or nonsense words for objects, software or processes at Tesla. In general, anything that requires an explanation inhibits communication. We don’t want people to have to memorize a glossary just to function at Tesla.

– Communication should travel via the shortest path necessary to get the job done, not through the “chain of command”. Any manager who attempts to enforce chain of command communication will soon find themselves working elsewhere.

– A major source of issues is poor communication between depts. The way to solve this is allow free flow of information between all levels. If, in order to get something done between depts, an individual contributor has to talk to their manager, who talks to a director, who talks to a VP, who talks to another VP, who talks to a director, who talks to a manager, who talks to someone doing the actual work, then super dumb things will happen. It must be ok for people to talk directly and just make the right thing happen.

– In general, always pick common sense as your guide. If following a “company rule” is obviously ridiculous in a particular situation, such that it would make for a great Dilbert cartoon, then the rule should change.

Nicely said Mr Musk.

How much do Big 4 partners get paid?

KPMG UK released their results last month for their most recent accounting period and they showed a fall of 10% in pay for the KPMG partners when compared to the previous year.

Although the firm’s revenue rose by 5% to £2.2 billion, it’s profit fell to £301 million.

The firm wrote off a number of technology investments.

KPMG, like the rest of the Big 4, have invested heavily in technology companies in an attempt to stay at the forefront of technology.

Unfortunately for KPMG, not all of their investments were successful. Bill Michael, the Chairman of KPMG, highlighted one investment that hadn’t done so well – KPMG had committed £3 million to Flexeye, a tech company that analyses large amounts of data and it hadn’t proved to be the wisest investment.

Whilst profits fell, it hasn’t all been bad news for KPMG as their audit practice grew by 10%.

Back to the average pay of the KPMG partners though and although their average pay fell by 10% I’m sure that the partners will still be able to afford to buy a sandwich for lunch.

The average pay for the KPMG partners was £519,000 each.

That’s not too bad is it?

But how does it compare with the average pay from the partners of the remaining Big 4.

The most recent reported results show the following average pay per partner:

Deloitte – £865,000

EY – £677,000

pwc – £652,000

It looks like Deloitte partners will be having the more expensive sandwiches for lunch.

KPMG fires unethical partners

Picture the scene – you’re the senior auditing partner of KPMG in America with more than 30 years of experience serving some of KPMG’s most prestigious clients. There are over 9,000 KPMG people in the US who look up to you as the boss.

You receive some leaked information about which of your audits the US audit watchdog is going to examine as part of their annual inspection of how well KPMG perform audits.

Do you:

(a) Disclose this unethical breach immediately, or

(b) Try to keep things quiet and make sure that the audit files of the audits selected are perfect?

Unfortunately for Scott Marcello, the (now ex) head of KPMG’s audit practice in America, he didn’t choose option (a).

The background to the issue is that every year the US audit regulator, the Public Company Accounting Oversight Board (PCAOB) selects a sample of audits to inspect and ensure they have been performed properly.

A former employee of the PCAOB had joined KPMG. A friend of his who was still working at the PCAOB tipped him off about which audits would be selected for inspection this year.

The confidential information was then passed up the KPMG hierarchy until it reached Mr Marcello.

We can only guess what Mr Marcello and 4 other KPMG partners were planning on doing with the leaked information but one thing was for sure and that was they didn’t disclose the leak.

Whilst the 5 partners clearly weren’t very ethical, KPMG as an organisation acted quickly once they found out about it.

The 5 partners were fired and Lynne Doughtie, the chairwoman and chief executive of KPMG was quoted as saying “KPMG has zero tolerance for such unethical behaviour. Quality and integrity are the cornerstone of all we do and that includes operating with the utmost respect and regard for the regulatory process. We are taking additional steps to ensure that such a situation should not happen again”.

The PCOAB publish the results of their inspections and the previous results of the KPMG inspections perhaps give a reason for why Mr Marcello was keen for any help, whether it was ethical or unethical.

In 2014 and 2015, KPMG had more deficiencies in their audits than any of the other Big 4 in America.

38% of their inspected audits in 2015 were found to be deficient whilst in 2014, 54% were found to be deficient.