My Acrobat Pro 8.2.5 has an OCR Text Recognition function in the Documents menu. I've found the Microsoft Office Document Imaging program (in my case, part of MS Office 2007) does a better job.
So we all need to remember the limitations of security through obscurity (see
But if one posts bank statements without any additional qualifying information around it (typically, what memos and categories I use in Quicken that my reports product), that is indeed ONLY raw data.
Have you ever seen a corporation's raw bank statement either in their annual reports, or in there SEC filed reports (10-Qs, 10-Ks)? No, you see produced sets of numbers with financial notes attached. In my view, showing a bank statement is fairly meaningless.e.g.:
I don't know about the others, but I withdraw my objection now that I understand that the info is password protected rather than just being squirreled away in an obscure corner of the Internet where you hoped no one would notice it. Although the password can be cracked, it's not worth the effort given the limited damage, if any, that a thief could do, especially if you monitor the account balance.
In our much larger community, where the info posted is personal but not as sensitive as bank account numbers, forcing everyone to remember a password would be an inconvenience. We don't want to be paranoid, but we also don't want strangers to be easily able to harvest our data with mechanized tools. What is not cost effective for criminals on a small scale (your case) becomes lucrative business on a large scale if lots of private organizations publish unprotected personal data. That's why I like Robert's suggestion of making the data image-only; it increases the cost of harvesting the data, even if it's unprotected, to the point where it is probably not cost-effective to do so.
Jerry
Mr. Jan,
As a former HOA treasurer (62 homeowners), I've been following this thread with interest. I wonder if another approach wouldn't be just as easy and eliminate any security issues. If I understand correctly your HOA is 11 owners (you + 10 others). I've assumed that this is the maximum size that this HOA will ever reach. Also, based on other posts that you have made, it appears that you are using Quicken to track your revenue and expenses.
Assuming that I am correct, about the above, why not just email the reports to your HOA members each month in PDF format? Obviously your members have internet access or you would not want to post to a website. You could set up an email distribution list in your email application and than sent one or more emails each month based on reports generated in Quicken. Wouldn't this approach serve your purpose?
E-mail is also highly insecure, unless it is encrypted. That being said, it MIGHT be marginally better than posting it to a web page to be potentially crawled and indexed by a search engine.
An e-mail usually travels through multiple computers and servers and a multitude of routers. Being typically un-encrypted, it is a simple matter to reconstitute/read the e-mail at any point along the route to its destination.
Chad Neeper wrote in news:idjijp$lp7$ snipped-for-privacy@speranza.aioe.org:
I still fail to see what information has to be transmitted to the HOA. Would a categorized report or summary of income and expenses be more concise and informative? I am missing the information as to how many different categories of how many individual transactions there are each month. Moreover, I'd assume that funds are collected and expended for different purposes (upkeep of buildings, maintenance of grounds, whatever).
Even though there may be relatively few units, quarterly or yearly meetings would/should be held to explain HOA matters and get input from the members (right?).
In NJ and especially in our community (Radburn.org) these matters are in flux (and unfortunately were subject to very costly litigation). It would (IMNSHO) behove everyone to establish in writing procedures and policies and mechanisms for auditing of expenses, whether by an otside company or from a HOA member group separate from the management/trustees.
Unencrypted fetching of web pages (i.e. via http:// rather than https://), even from password-protected sites, is also insecure. These pages will probably pass through almost as many routers as the email. Then there are those browser add-ons which are a hacker's paradise. And in either case (email or web site) you may have users accessing the data via their unsecured wireless LANs (of the 7 other wireless networks my computer can see, 3 are completely unsecured and 2 more have easily cracked WEP encryption).
It's just a matter of Name Your Poison no matter what you do. You just have to balance the benefits and risks using the best, and probably inadequate, info at your disposal.
Jerry,
I agree "name your poison". To the best of my knowledge NO DELIVERY SYSTEM is 100% secure. Not the U.S. Mail, FedEx, UPS, Cell Phones, Land Lines, etc. I see very little risk publishing a monthly (or in this case due to size of the HOA) a quarterly itemized category report (even expanded to show payee names) along with an account balance report via email. Account numbers need not, nor should they be, shown. What would/could anyone do with a few account descriptions numbers
If the U.S. government can't secure it's information 100% neither can anyone else. But that's not going make me paranoid. Life's too short.
Ahhh. You be one of those agitator types. Generally, "double checking the treasurer" otherwise known as auditing, is done by a CPA or accounting firm who provides a statement certifying that the financials are in order and that the summary information provided by the officers/board are correct as presented.
The term password-protected, and everything said about password-protection, still applies. Your data is protected by the Yahoo account passwords of the approved group members. Only instead of having to crack/guess a single password, strangers can get at your info if they break into the Yahoo account of ANY of your group members. You need to ensure that ALL group members choose strong passwords. And the larger the group, the greater the security risk.
Jerry
that is certainly one way to look at it. Unfortunately a normal audit of the books happens once a year. There needs to be someone double checking the bookkeeper for potential errors or fraud. HOAs have a potential problem when a board member must approve all checks written by the bookkeeper. they get compliant and just blindly sign the checks. A lot of damage can be done between the annual audits that could have been avoided. At my condo association the office manager managed to steal $45K before she was caught.
Normal internal controls include safeguards that require multiple people to be involved in the bookkeeping. Many small businesses and HOA don't have the staff to allow for this to happen.
One simple step is to have the bank recs done by someone not involved with approving or writing the checks. I do this for my old condo association for a nominal fee each month. We trust the property manager but she has been known to make posting errors so this helps keep the books in good shape.
Posting the bank statements to a website don't really solve this problem unless check images are included in the bank statement. Even then the homeowner does not know how the funds were used. Actual vs budget P&L reports are a better tool for the homeowner & board to make sure nothing is going wrong.
A better solution is to always have multiple people involved in the bookkeeping process-multiple signers for each check, regular reports from the accounting system distributed and other good internal controls.
?Hi, Robert - and Jan.
I just want to strongly echo what Laura said!
"Internal controls" are needed by every organization. They are needed to control (1) what happens and (2) what is reported about what happened.
Multiple signatures are effective only if BOTH signatures are applied AFTER the check is written. Every CPA can tell stories about finding blocks of pre-signed blank checks in the checkbook, ripe for misuse by the other signer. This is just one glaring example of misuse of an internal control over "what happens".
Bank reconciliation by someone other than the check-signer is a way to guard against misreporting how much was spent and for what. Since banks rarely show us the front and back of checks these days, we have less chance to spot incorrect recording/reporting of disbursements, whether the errors were intentional or not. But separation of the check-writing and reconciliation functions still can provide internal control when conscientiously applied.
As you said, Robert, the focus of an audit is on the financial statements, which are necessarily prepared after - maybe long after - transactions have taken place. The audit is intended to provide assurance to third-party readers of the financial statements. It seldom is designed primarily to detect or prevent fraud. So the CPA should be involved much earlier to design the accounting system, making sure that it includes a strong system of internal control. Separation of duties, multiple signatures, frequent presentation of financial reports, etc., are all components of such a system.
It should be pointed out that a good system of internal controls protects the bookkeeper, treasurer and other responsible persons as much as it protects the members. How else can you protect yourself against charges of mishandling of funds? How else can you assure the members that the information you furnish them actually reflects reality?
As I often mention here, I've been retired for a couple of decades. Some CPA concerns, like tax rules and accounting and reporting standards, change from time to time. But some fundamental principles, such as the need for adequate internal controls, remain constant.
RC
I certainly understand the audit requirements and am working toward making that happen. We have a total budget of $13K and spend $1,500 of that on a bookkeeper.
Frankly, I am thinking about recommending that I do the monthly accounting as treasurer and pay a CPA to review the books once (or twice) a year with a report directly to the board. It should be cheaper and a much better control.
That's what we do. 28 member HOA, all but the Treasurer are volunteers. The Treasurer is a non-HOA related, independent CPA who provides financial reports monthly to the officers. Controls state that all budgeted expenditures over $200 must be approved by two officers, as do any non-budgeted expenditure. Deposits must be scanned/photocopied and deposited within 24 hours, with copies of the scans sent to HOA officers. No cash payments accepted, excess funds in checking account frequently swept to a controlled savings account, etc.
That sounds like a good idea. Check your by-laws as well any state regulations that cover your type of HOA to see if there is an audit requirement specified.
My condo association thought they were in compliance by having the CPA who came in each month to do the bank recs (never did them in the software program) also issue a statement of audit each year when he did the taxes. We were told later that our annual audit needed to be performed by an auditor not a normal CPA. And that it needed to done by a person independent of our normal bookkeeping operations.
Don't expect to save much money with your proposal. They pay $3800 per year to the CPA who performs the annual audit. She also does the annual tax return. This is in addition to the money fees that I charge the association. I do the bank recs and payroll tax forms/payments each month.
That is a pretty tight budget. Replacing the bookkeeper would certainly be one option but make sure you have enough training from her/him before taking on the task. It's more than just paying bills.
What will you do if there is a major repair needed? My old condo association was screaming that their $100K in reserve was not enough to cover a major catastrophe. They now have about $300k. They are responsible for all roofs and roads in the complex. If your association is not responsible for large ticket items then you are okay.
$100K could be too much, $300K could be too little. Some states have laws that specify how much reserves are required and how to compute them. Might be worthwhile to see what the local law is. Roofs, roads, windows are all big hitters. If the law doesn't specify, it would definitely be worthwhile getting an accountant with HOA experience to run the numbers. Expected lifetime of each asset and historical costs are all factors.
BeanSmart website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.