Letters

Remote Accessibility Revisited
I believe “Remote—But Connected” (JofA, Mar.02, page 63) contained a number of inaccuracies, which I would like to address:

The article said firewall installation is an easy do-it-yourself project (page 65). While some installations are relatively straightforward, a professional should be consulted when you have valuable, sensitive information—such as client data—to protect. Knowing how to construct the proper rule base, configure network address translation, harden the underlying operating system and test the firewall’s effectiveness requires an experienced security engineer.

The article also said that setting up a virtual private network (VPN) is quite simple. This would be true if you were a certified network engineer, understood network address translation, routing, IP and were conversant in that vendor’s software and hardware. Having the telephone number of the telco’s senior technical support engineer would also help.

The definition of IPSec was incorrect. IPSec stands for Internet Protocol Security, not Internet Protocol Secure. See www.ietf.org/html.charters/ipsec-charter.html for some definitions and Internet-Drafts on IPSec and working with VPNs.

A number of the comments about Microsoft terminal server were also incorrect.

Citrix MetaFrame is a feature-rich application that provides many additional benefits to a terminal server installation. However, there are many circumstances where a simple terminal server installation is the perfect solution.

A Citrix implementation will always cost more than just a Microsoft terminal server implementation. Citrix is installed on top of Windows 2000 Server, which includes terminal server. In order to run terminal server, Microsoft requires each computer connecting to the terminal server to have a Microsoft 2000 Server Client Access License (CAL) and one of the following licenses: Windows 2000 Professional, Windows XP Professional or a Microsoft terminal server CAL. When implementing a Citrix MetaFrame solution, the MetaFrame server and client access licenses are an additional cost to the Microsoft licensing.

Citrix MetaFrame does not provide any additional level of security over terminal services. Citrix does not even make this claim.

Having implemented numerous Microsoft terminal server, Citrix WinFrame and Citrix MetaFrame solutions, my experience is that Citrix MetaFrame is not necessarily faster than Microsoft terminal services. The relative speed and performance of each product depend on the applications and solutions implemented as well as available bandwidth.

Michael F. Crowe, CPA
Chicago

Author’s reply: The observations made in the letter are valid but seem dependent on a framework using much more complex products than we recommend for organizations of less than 200 users.

The way a firm chooses to spend technology dollars can make a big difference in ease of use, ongoing cost and performance. We prefer simple, reliable, fast solutions that require minimal expertise to install and maintain, and our recommendations on the use of appliance firewalls, VPN technology and Citrix Metaframe still stand.

In the computer world, three-letter acronyms (TLA) often have multiple meanings, and it is common for one TLA to have several definitions. Either one for IPSec conveys the key idea of transferring information across the Internet in a secure or encrypted fashion.

Randolph P. Johnston, MCS
Hutchinson, Kansas

“Thievery” Numbers Don’t Add Up
I read with interest “Control Cash-Register Thievery” (JofA, Jun.02, page 88), but the following made me scratch my head:

“Each evening, just before closing all eight registers, someone would ring up a several-hundred-dollar refund on one, remove an equal amount of cash and close out the register for the day. The amounts ranged from $200 to $700.” The article also said: “Of the $800,000 stolen in three years….”

If $800,000 were stolen in three years and the store was open 365 days a year, the average amount stolen would be $731 per day—yet the article told us that $200 to $700 was removed from one register each day.

I also noted other unusual items in the article such as the ratio of credit card receipts to cash that, if correct, would indicate the reported sales of the store averaged $550,000 per year and reflected at least $267,000 a year of credit memos. Forget tracking credit memos—if the sales were $817,000 and only $550,000 was reported, then the gross profit percentage would be an immediate clue to everyone, especially if there were 13 other stores.

Further, the article pointed out the author reconciled the $800,000 fraud and that the insurance deductible was $500,000. I’m guessing the insurer reimbursed the discounted retail chain $300,000, but the author waived his fee because he felt his work was inadequate.

I’m sure all this can be explained, but I believe this succinct presentation could leave readers guessing. My point is that summarizing a fraud investigation, which generally is very detailed and laborious, needs to be extremely accurate or it’s possible the work can lose its credibility.

Charles (Chuck) T. VanBelle Jr., CPA
Perrysburg, Ohio

Author’s reply: The sentence in question should have read: “Each evening, just before closing all eight registers, someone would ring up a several-hundred-dollar refund on one or more, remove an equal amount of cash and close out the register for the day.”

Joseph T. Wells, CFE, CPA
Austin, Texas

Professional Responsibility Comes First
I disagree with the points made in “Pay for Performance” (JofA, Jun.02, page 24).

The goal of partner compensation should not be “to inspire the most profitable performance.” Profits are good, but only after assuring each partner diligently exercises his or her professional responsibilities. Partners who accept substandard financial reporting or auditing may for awhile have very profitable performance, but they jeopardize their careers, their firms and our profession.

Charles Toder, CPA (retired)
New York City

Lesson From Yesteryear
Sixty years ago I was apprenticed to an English auditor. One day my boss asked me to be in his office just before midday, and I was told to sit on a chair away from his desk.

At noon a client, the owner of a large textile manufacturing company and my boss’s fishing buddy, arrived. My employer did not hesitate to tell his friend, “There’s something wrong with these inventory sheets.” Without argument the client accepted the proffered papers and took them away to be corrected. I was then sent back to work, having learned the lesson.

Where can an accounting student today obtain such an education? Can this type of ethical behavior be legislated?

Kenneth S. Most
Professor Emeritus
Florida International University
Lauderdale-by-the-Sea, Florida

Kudos for Article
Bravo! “Meet the Press” (JofA, Jul.02, page 39), an article on how to build media relationships to attract attention and enhance business opportunities, was superb.

The importance for practitioners to cut through the information morass, distinguish themselves and define their areas of expertise has never been more acute. According to Dun & Bradstreet, 2,600 (net) new accounting firms opened for business in the 1990s and more than 11,000 firms are operating in the United States today.

As the article pointed out, CPAs can gain significant marketplace advantage by sharing unique and insightful business opinions that appear in print and broadcast media. And in our shorthand, media-glutted world, a universal truth of marketing exists, particularly in professional services: Quality exposure = credibility = new business.

I have spent the better part of my career as a Fortune 500 corporate spokesperson, and it’s been my experience that fundamental financial concepts are still foreign to many reporters working on the business desk. Reporters might have little or no formal business education, even at prominent national news agencies. If CPAs are used as sources more frequently, not only will they grow their business prospects, the quality of business media coverage is sure to improve.

Bill Getch
Managing Director
Getch Communications Group Inc.
Atlanta