Sabitlenmiş Tweet
How did one VP of Finance bring Macy's to its knees with a $151M accounting scandal?
Here’s how I think it all went down… (THREAD)
English
The Secret CFO
11.1K posts
The Secret CFO
@SecretCFO
Sharing real world insights as the former CFO of a multi-billion dollar company. Opinions, not advice.
Sign up to newsletter 👉🏻 Katılım Temmuz 2021
511 Takip Edilen128.7K Takipçiler
As a restructuring lawyer, I have to say that @SecretCFO’s discussion of management compensation and retention incentives in yesterday’s newsletter was really good. His newsletter is worth reading not just for accountants, but for those of us in adjacent jobs also.
English
@David_Beck_Atty David I appreciate that. It’s nice to know it passed muster with someone who knows what they are talking about!
English
I'm more talking about the internal fabric of financial reporting and contrl. The more AI penetrates that (which it will) the more the review mode for CFOs will need to change.
Seeing through bullshit from outsiders is certainly nothing new. That's been part of the job for CFOs forever. But dealing with it from 'insiders' will be new. interesting challenge.
English
@SecretCFO You have dealt with this before. They were called consultants. Those who blindly believed everything a consultant told them will struggle. Those who inspected and evaluated what they said with discernment will be fine.
English
CFOs are going to have to think differently when reviewing AI-produced work.
Shit work performed by humans most often looks and smells like shit work. Easy to spot.
Shit work performed by AI can look and smell like great work. Hallucinations delivered with confidence, beautiful formatting, fake citations, etc.
That's a new threat model... one CFO’s aren’t used to.
How CFO’s review work internally (THE core skill for serious CFOs) is going to have to evolve fast.
Strap in... there will be plenty of embarrassing headlines before many figure this out.
English
@tourcontinues If we just hire a dude called Jason does that do it?
English
We have to get away from natural language prompting. That is the most inaccurate way to engage with an LLM.
We can add the same workflows—footing against known truths—to AI that we ask of any analyst. We just need to adopt language that hasn’t historically been as relevant to corporate finance [markdown, JSON, etc].
Eventually, this will be unnecessary too, but until the tooling is ready, we have no choice if we want to extract maximum leverage and maintain accuracy.
English
@SecretCFO I’m just waiting for the first Fortune 500 company CFO that gets caught not properly reviewing the outputs 😬
English
A huge amount of time in the typical finance function is spent grinding. Spreadsheets and systems to get data in a format it can be useful.
Location 1 codes payroll taxes to one code, location 2 to another code. Or the unit of measure is set in 1,000s instead of singles in a product masterfile somewhere,
That creates manipulation work to produce quality information downstream. Multiply that by thousands of examples and it creates a whole industry.
English
@SecretCFO @SecretCFO Can you give a real tangible example of how solving for this unlocks productivity downstream?
English
@DanThompsonIV That is an amazing example of exactly the kind of thing I mean.
English
@SecretCFO 1/ Income statement variance every period for a department -> ai crawled general ledger and inventory control ledger to produce what I call chains of executions for specific transactions. Sorry I don’t know the accounting term. Found 3 issues combined to create the variance.
English
AI could definitely play a huge role in the feedback loop in improving core system data quality. Identifying transaction coding inconsistencies, product to account / cost center mapping etc.
All of that stuff is handled typically a) manually b) badly and c) to great downstream cost (in information quality)
English
There are three big challenges with Master Data. AI doesn't really solve them.
Ownership - The hardest part about Master Data is driving alignment on who gets to decide on the definition. Teams often use a definition that serves them best - that could mean it meets their unique needs or it could mean it makes them look good to others - and will fight tooth and nail to keep it.
Detecting definition variances - I had an system integration project as a result of an acquisition that went 9 months before it was realized that a "closed" claim meant something different in the two companies. It was only detected when we walked through the claims life cycle for several products in detail. Teams had been talking past each other for months thinking they were agreeing when they weren't. The business rules with the differences are buried in legacy code in the front end systems, back end systems, and data integrations and transformations.
Funding Master Data Initiatives - Federated teams don't "need" master data. They have the data they need to do their jobs. It only helps those dang centralized teams like Finance who need to combine the data from all the BU's. Why should a federated team pay for that (tor even dedicate precious SMEs to it) when it won't help them and will only change their world. Let Finance pay for it. What? Finance doesn't have their own P&L and wants to allocate the expense to me? What am I getting in return?
English
@SligoBrian1994 I’ll take the other side of this … Nested IF formulas are not the future of enterprise data integrity. Lol.
English
Depends on the org really but data being a mess isn't actually that big of a hurdle for reporting, the best approach we had was to categorise P&L line items by nested IF of what we wanted to produce, you'd only have 30-40 PC/contract numbers to add per month to the master list
The Secret CFO@SecretCFO
Revisiting this one year on… and number 1 remains the single biggest opportunity for tech builders for corporate finance teams. And I don’t see anyone building it ?!
English
1 generalises to a problem that very few businesses get right and almost never solved by 3rd party
tech companies occasionally do a good job of what you describe as an internal project, but it requires a very good data engineering team. I know someone tried to get a startup off the ground doing it. Not easy.
Best ROI is a bespoke consulting project in most instances, maybe AI changes that
English
@prab_hub That’s because those are easy to build and don’t require domain expertise
English
Is 4th problem of contract review and revenue leakage prevention still big pain point?
Also, most people are busy building frontend and easy SaaS like social media schedulers or content generation tools.
Nothing wrong with it but there is seriously lack of interest in back office automations for majority of builders.
English
That’s the key point imo. I’ve sat opposite private credit negotiating A&E deals a couple of times. It’s very tough. All the leverage for the credit house comes from the CFO and their Board believing that the shop could and would take the keys in a heartbeat.
If scaling private credit has diluted that (and it makes sense it would). It’s a very different balance of power I think.
English
@OnlyCFO I agree, it's better to be conservative.
However, let's be real, Golub doesn't want to take the keys. These credit shops lost their teeth when they focused on scalability over sustainability.
English
Amend and Pretend. It’s the Golden Age of Private Credit!
OnlyCFO@OnlyCFO
A $40B software debt “maturity wall” is about to hit at the worst possible time. -Higher rates -AI destroying valuations -Growth slowing All my PE-backed company friends are nervous because they know what comes next…and it will impact everyone onlycfo.io/p/the-software…
English
@27XVII Absolutely right.
+ it sets the incentive structure for some truly awful behavior, without any of the protection of the transparency requirements of public markets.
English
The stay private for longer narrative, when combined with the push for retail to have access to private markets will structurally change how the IPO market operates in the future.
If you expand access in the private markets, that will partially consume the exit liquidity provided by the public markets. Ultimately, you will need to see indices adds (e.g., S&P) to provide buying support from ETFs to ensure a strong launch. This is what SpaceX is pushing for.
Edward Robson@27XVII
Yet, we really believe the private markets are properly valuing assets today? Based on the momentum trade in private markets, with VC asset managers, all making concentrated bets into a handful of names. All of the complaints about PE and PC today will eventually come for the VC/GE asset classes. The liquidity constraints facing PC right now will eventually come for the large private companies (e.g., Stripe, Databricks). There will be a reckoning. Liquidity is priced at a premium now more than ever.
English
Led enterprise data risk for 4 years at a Fortune 100 in a heavily regulated industry before retiring last year. It's long, but here was our journey.
Foundational data monitoring & controls were always in place. Cyber, PII, education, etc. If not, really bad things can happen. Get the basics in place first.
When ChatGPT hit, we manually monitored usage including PII & IP in the chats. Usage grew and we made the decision we wanted to encourage responsible experimentation.
This was key to almost everything else we did. It had CEO-level alignment and was recognized future issues would arise because of it. When they did, the CEO didn't waiver and it was treated as a learning exercise and not a finger-pointing exercise and a reason to de-risk everything.
First policy locked down ChatGPT access and required explicit approval and education before gaining access. Automated monitoring.
Alternatives came on board. Aligned on closed solution for broad use. Locked down access to alternatives for most. Research use cases were approved by working group of the risk committee and discussed in risk committee.
Use cases drove the development of a much more robust AI risk framework encompassing and balancing cyber, regulatory, legal, analytics and other risks. Controls existed for some risks but not for others. Controls that existed crossed teams and risk committees. Others like decision repeatabilty, defensibility, and proven non-discrimination needed more maturation, although existing standards and guidelines around things like model validation and drift provided the basis to build on.
Enter a lot of cross-domain education, valid disagreements and perspectives, and yes, some turf wars. This was the long slog. Triaged use cases into "safe w/ agreed upon controls" and "more complex, needs discussion that will eventually lead to agreed upon controls" to keep most things moving while still having more focused insight on the "high risk" use cases.
By the time I left we had about 80% of UC's going through the "safe" path and 20% going through the "more complex" path based on priority. Foundational controls were in place throughout the journey and continued to find unreported instances "in the wild" that need actions/decisions.
Most recent was OpenClaw on some personal devices, networks, and even some side-loaded on work laptops. There is always something new emerging that will introduce new risk or work outside your controls.
We made the decision we wanted to encourage responsible experimentation. Taking the lowest risk approach of locking everything down until we it completely controled wouldn't let us do that. Trusting eveyone to act responsibly also wasn't realistic and wouldn't hold up to external scrutiny. We tried to strike a balance. The multi-domain risk framework took time but got everyone up to speed and on the same page, or at least a page they could all live with. Not waiting until it was "done" allowed most work, and the most important work to move forward. We realized we had a lot of the needed foundation, it was just spread across a lot of different domains and no one had the complete picture.
Based on my participation in data and analytic forums, most F100 firms touch on similar steps, although the order in which the attack them may be different depending on where they are starting, how their enterprise risk committees are organized, and organizational decision making dynamics. Some have the risk committees already. Some don't. Some are top-down decision oriented. Some are very federated. Seems like almost all eventually need to work through the cross-domain alignments. Huge variance on the length this took and when it was done based on the corporate culture.
I may have some contacts. If interested, DM me and we can discuss more.
English
On the topic of data privacy, and compliance concerns for enterprises in the age of AI…
Who are the voices to follow / the smartest people for best practice on this topic?
English
@SecretCFO Most of what I’m seeing online is the big corps use Copilot as the primary tool given more robust privacy standards (that’s what Microsoft is saying at least).
Not sure its actually true but seems like its working for them.
English
@SecretCFO When I was dealing with our first compliance audit, the best advice came from other founders in private Slacks. Skip the influencer crowd. Find the CTOs who've actually failed audits and fixed them.
English
@TheCrustyOldMan Big enterprises (outside the tech bubble) are mostly stuck on AI entirely on this point. I have the data.
I’m looking for someone who understands the truth about the risks who can help unblock it for my audience.
English
@SecretCFO Anyone following "best practices" is moving too slow.
Anyone moving fast enough is is relying on a non-scalable solution.
English
@KevinEspiritu Totally. The dude in charge of product who just manually tweaks payments as he sees fit is a dreadful look.
English
Twitter will never be a serious platform for creators if the higher ups manually tweak payouts
It's not structurally set up to be one anyways, but still...
Falastin Flip@TOliveFern
Twitter has just paid someone $27k mainly for a single cringy AI slop with 9.5m views.. expect more AI slops moving forward,, with certain political orientation of course
English