Lisa Cole, Ph.D. is current Chair of the Accounting Program at Johnson County Community College (JCCC) in Kansas City, MO. She has served in this role for 3 years. In the position, she oversees the associate of applied sciences (AAS) and transfer degree programs in accounting at JCCC.
Lisa truly enjoys working with faculty and students. In fact, she was inspired by faculty during her time at MSU. Cole was introduced to the National Association of Black Accountants and attended their student conference at the recommendation of a faculty member, “I had never heard of the organization and it ultimately provided me with support and inspiration. I later became president of the Kansas City chapter…I try to provide the same support to JCCC accounting students,” states Cole.
Before joining JCCC, Cole worked for the IRS, Arthur Andersen & Company, and served as Director and Accountant of Ticket Operations for the Kansas City Royals. She graduated from MSU in 1988 and recently earned her Ph.D. in higher education leadership from St. Louis University.
As a successful alumna, Cole offers the following advice to current students and new alumni, “Believe you can achieve it and you will. Sometimes the path you have to take to achieve your goals will change. It may take longer and you may have to change goals. But keep on pushing and striving… Never stop dreaming and setting goals.”
Outside of her position and service at JCCC, Cole is actively involved in the Kansas City community. She is a volunteer educator with Junior Achievement, Treasurer and Board of Directors member with the Kansas City Boys’ and Girls’ Choirs, YMCA Mentor, and Coordinator of the Upper Room Summer Reading Project.
Cole currently resides in Kansas City with her husband and three children. She spends her spare time attending school activities for her very active children. Her oldest daughter recently joined her mother as an MSU alumna, earning a degree in education.
Who are your customers? Or perhaps a better question is: Who aren’t your customers? Not everyone is interested in, nor a good target for, every product or service offering. Marketing communications should be tailored to a particular audience. For a small business here in the Ozarks, segmentation, targeting and positioning strategies are essential to help focus marketing communications on the right group or groups of consumers without wasting money or effort on the wrong individuals.
As an example, radio advertising can be a useful medium for promoting events at a nightclub. However, it would be less than optimal for a country-western nightclub to advertise on a classic rock station like 104.7 The Cave, or a top-hits music station like Power 96.5.
Although some consumers exhibit variety seeking behavior in music, the majority of people tend to be very loyal to a specific genre. To further examine segments in this market, a nightclub may also focus on specific activities on a particular night of the week. Therefore they market a unique focused offering on each of those nights. Some of these activities might include: happy hour, ladies night, Karaoke night, or college night. These activities might be targeted to subsets of a primary segment, or may encompass target segments entirely different from the primary segment.
However, each of these offerings is focused on a specific target group. Like a nightclub, all businesses can benefit from understanding segmentation, targeting and positioning of their varied offerings.
Segmentation is the process of dividing the marketplace into potential consumer sub-groups based on demographic, socio-economic, geographic and behavioral characteristics. Some segments are more valuable to a business than others. This presents an opportunity for a business to first exclude non-customers, and then rank the remaining sub-groups of interest from best to worst. For example, a specialty perfume company may only consider segments made up of the female gender for its marketing messages. Another perfume company may consider certain secondary segments which include the male gender who purchase their products as gifts. A segment should be large, measurable and reachable. A segment should also exhibit similarities, and be different from other segments. While large businesses often market to multiple segments, a small business here in the midwest with a limited marketing budget may choose to only market to its primary segment.
While segmentation divides the market, targeting is, in turn, a matching of a specific segment to a specific product or service offering. A target group is made up of possible customers for a product, product line or service offering. Axe personal care products, for example, are specifically targeted to young males. While the primary target group is men from 18-24, there are also secondary target segments of younger and older men for these products.
After spending the semester learning about Irish culture, business, and history, College of Business students had the chance to visit Ireland over spring break. The group visited companies like MetLife and MasterCard, and cultural sites like Trinity College and the Cliffs of Moher.
I absolutely love this time of the year. The Ozarks really starts to come alive with the beauty that many of us have probably come to take for granted over the years. I love the colors, the return of spring rains, spring turkey season, all of the new life, and the return of Cardinals baseball!
One thing that I really do not love, however, is the return of tax scams.
Many in the Ozarks, and all over the United States, have discovered that fraudsters have filed fraudulent tax returns in their name. It is a sickening feeling to learn that a criminal has somehow obtained your Social Security number and filed a return in your name. It is natural to wonder how in the world they obtained your data.
Unfortunately, that is a very difficult question to answer. With what seems like a new data breach being announced almost daily, there are a lot of potential avenues for a criminal to get your data. The IRS recently renewed its consumer alert for email schemes, after observing an approximate 400 percent increase in phishing and malware incidents so far in 2016.
I have written in this column in the past about “phishing,” the practice of sending an email to someone in hopes of getting them to click on a link or send information that they shouldn’t be able to access. There is another term that we should all be familiar with, “spear-phishing.” In a “spear-phishing” attack, the email that is sent is very personalized with information that would appear to be known only by those closest to you — friends, family, vendors, etc.
“Spear phishing” is the root cause of some of the most damaging cyber attacks currently being experienced by businesses of all sizes, many of them right here in the Ozarks. A couple of new variations on spear phishing attacks are starting to show up in the form of W-2 related scams and ransomware attacks.
In the W-2 scam, an email is sent to a payroll or HR professional — an email that appears to come from a senior executive (often the CEO or CFO). Of course, the email has been spoofed, but it will appear to be real unless it’s examined very closely. The email will request that the payroll professional send the CEO the individual W-2s for all employees, with an earnings summary for review.
Another variation that has been seen just asks for an updated employee list with name, Social Security number, date of birth, home address and salary. Unfortunately, because the request appears to be from the boss, in many cases this information gets sent to the requester without any questions asked.
This scam is particularly effective this time of year and has unfortunately already claimed many victims. If you receive anything requesting sensitive information, you should be extremely careful and diligent in verifying the identity of the person making the request and your need to provide it.
It should also be noted that email is not, at all, a secure channel of communication. Strong encryption should always be used when sending sensitive information via email.
Another attack that is having a devastating effect on small businesses are ransomware attacks. Ransomware attacks are also often initiated via a spear phishing email. These attacks typically involve tricking the user into clicking on a link and/or downloading software.
The software contains malware that encrypts the user’s (or company’s) hard drive, locking up all of their sensitive files and making them unavailable. The only options to retrieve the files are to either pay the “ransom” (typically with bitcoin, which creates an entirely new set of headaches for the victim) or be willing to commit the resources/money/time it will take to remove the malware from the computer and restore the files from a backup. The latter is, by far, the superior option.
Exercising extreme care when clicking on links or installing software can prevent each of these types of attacks.
Mature organizations that have mature security processes in place better protect their corporate assets and, more importantly, their people (through effective controls and end-user education). Unfortunately, mature security operations are quite uncommon.
Most organizations lack the cybersecurity leadership needed to address these problems. This is evidenced by the more than 1 million unfilled cybersecurity positions, worldwide, that exist right now.
Until we, as a society, address this lack of cybersecurity leadership, we will continue to be plagued by these issues.
Shannon McMurtrey, Ph.D., is director of Missouri State University’s master’s program in cybersecurity, as well as program director for the master’s in computer information systems in the department of computer information systems. Email:email@example.com.
This article appeared in the May 13th, 2016 edition of the News-Leader and can be accessed online here.
In last week’s article I discussed the importance of understanding the significant risk of fraud that all organizations face. Ignoring fraud risk enhances the chance it might occur and reduces a company’s ability to detect it in a timely manner.
Understanding that fraud risk is a major business challenge is typically not sufficient to prevent or detect fraud. Organizations should be proactive in implementing fraud prevention policies and creating systems of fraud detection.
An essential element of fraud prevention and detection is having an educational program in place to define your fraud risks, explain the key issues to prevent and detect fraud, and describe your organization’s fraud-related policies. Most employees have little knowledge of these issues, so such a program will significantly increase employee awareness — a crucial first step in fighting fraud.
Share your fraud risk policies with everyone in your organization — from board members and management to mid- and entry-level employees. Companies should clearly spell out behavior expected from employees.
For example, what are the policies for business travel expenses, personal use of company equipment, personal use of company supplies or inventory, and documentation for expense reimbursement?
Your fraud-related policies should be in writing and all employees should be required to read them and to re-read them periodically. When it’s clear to all employees that top management is fully invested in fraud prevention and detection, it sends a clear message that the fight against fraud is a major goal. This “tone-at-the-top” approach sends a clear policy message throughout the organization.
Of course, teaching employees about fraud risk does not stop those intent on committing fraud. So organizations must have other resources in place to fight fraud.
One major tool is to design and install controls making it more difficult to commit fraud. Controls, sometimes called Internal Controls, are systems or mechanisms designed to ensure that an organization’s assets are used for their intended purposes. Controls may be physical, such as locks and safes intended to ensure only authorized persons have access to assets. Other controls add layers of authority to activities, such as requiring two signatures on checks or multiple authorizations for purchases or work orders.
The nature and character of controls an organization creates depends on the type of organization, assets most at risk, size of the organization and risk level of the operations. Although additional controls make it more difficult for fraudsters to succeed, it does not prevent fraud if there is collusion or if controls are bypassed, as it is virtually impossible to completely eliminate fraud.
Fraud prevention systems and policies take time and effort as well as costing money, so you need to weigh that versus the benefits.
Although each organization experiences different fraud risks, some controls are common across business types: background checks when hiring, bonding employees, carrying fraud loss insurance, and holding unannounced cash or inventory counts.
It’s also a good idea to require ALL employees to take at least a two-week vacation each year, be aware of related party transactions and relationships, think outside the box — look for number, events, activities that just do not seem quite right, and carefully assess the level of fraud risk for each segment of the organization.
According to the Association of Certified Fraud Examiners “Report to the Nations”, the overwhelming source of information in detecting fraud is “tips” from employees and others involved in the organization.
Therefore, the most important fraud detection and prevention action may be to create a fraud hotline where employees and others can, anonymously if desired, report suspected fraudulent or other suspicious activities.
For large organizations with great amounts of assets at risk, there are powerful new tools available in the fight against fraud. Data mining, text mining and data analytics, digital forensics, augmented intelligence, data visualization and computer analytics are cutting-edge technologies that show great promise. These tools offer the possibility of early detection of fraud schemes, resulting in considerable reduction in fraud losses and sending a message that may act as a deterrent.
Fraud vigilance is logical and appropriate. Fraud prevention and detection programs do not suggest that companies don’t trust their employees. Instead, fraud vigilance may be the very thing that protects and defends the business and livelihood of the organization and its employees. These practices follow the adage: “trust but verify.”
Professor Les Heitger, Ph.D., CPA, is the BKD Distinguished Professor of Forensic Accounting in the School of Accountancy at Missouri State University. He is the National President of the Forensic Accounting Section of the American Accounting Association, he is co-author of “Forensic and Investigative Accounting,” and he teaches primarily graduate forensic accounting courses. He can be reached at firstname.lastname@example.org
This article appeared in the May 7th, 2016 edition of the News-Leader and can be accessed online here.