How to Create Risk Management Guidelines for your Business

Written by: Summer E. Poletti, Cachet Director of Client Relations

With recent IRS legislation now holding third party processors personally accountable for remittance of clients’ payroll tax dollars, establishing and maintaining proper risk management policies is now more important than ever. For details, see our previous blog post blog.payrolltaxmgmt.com/blog/83dfa1bb-f52f-4415-8574-3e60d79a94c0/third-party-payers-could-hold-liability-tfrp-for-non-payment-of-payroll-taxes

Every business model will differ slightly even in our tight-knit industry. First, think about some key factors related to risk.

Consider your niche market. The first step in creating Risk Management guidelines for your company is to assess your potential risk. Do you specialize in a certain sector of the market, such as restaurant payrolls? You need to understand the potential risk of any niche market in which you specialize. Restaurants are notoriously bad at cash-flow management and far more likely to NSF. Understanding your potential risk as it relates to your niche market will help you create a plan that works for your business.

Consider your "selling factor". You already know what sets you apart from the "Big Box" payroll processors; think about how your marketing techniques may affect your potential risk. Do you allow many of your clients to process next-day or same-day payrolls? If so, that is much riskier than processing most of your clients' payrolls two or three days prior to check date.

Consider the policies of your bank or ACH processor.  Timing is of the essence when it comes to items that put your business at risk. Look at your bank or ACH processor's policies and tailor your risk management policies accordingly -- How soon are they notifying you of a client NSF? Do they give you the ability to suspend or reverse files?

Consider the capabilities of your tax compliance software. You may be able to offset risk by holding payroll tax deposits in the event of a client NSF. It is important to know the capabilities of your system in order to set your risk management policies. Does your system automatically track $100k payrolls? Does your system allow you to place clients on hold for NSFs? Does your system automatically hold payroll tax deposits if funds have not been received?

Once you have taken into consideration all factors that will contribute to your potential risk and your ability to control it; you need to establish written guidelines that are published, known, and practiced by all employees.

Know Your Client. You should consider steps to ensure you do not take on any "clients" tat are fraudulent companies, "payroll jumpers", or companies that are financially unstable. Consider running credit checks on new clients, visiting their offices, calling to obtain references from other vendors with which they process, calling their former payroll service bureau, etc.

Establish procedures for next-day and same-day payrolls. To stay competitive, you need to be in a position to offer next-day and same-day processing. Consider requiring these clients to wire funds to you. If your ACH processor has the capability, Drawdown FedWire (reverse wire) may also be a good choice.

Establish procedures for client NSFs. Your procedures should help ensure that you recover the funds as soon as possible. The procedures should include escalating NSF fees, procedures for holding or reversing payroll tax deposits, procedures on when to terminate a client for NSF activity, etc. Follow your procedures to the letter and don't fall into the "he's good for it" trap. Do not let your clients put your business at risk by soliciting unsecured loans!

Reconcile Daily. Make sure you are reconciling your accounts, especially your tax impound account, down to the FEIN (client) level, on a daily basis.

Consider contracting a risk management expert. You can limit your risk by contracting with a trusted partner, allowing you to focus on your core product -- payroll. A service like PTM's FlexTax, gives you the control you desire in an in-house tax processing system, but with all the checks and balances you get with traditional payroll tax outsourcing solutions.

Whichever way you go, make sure you establish risk management policies, and that you review and revise them no less frequently than annually. Make it a point to read articles on industry trends and adjust your business policies as needed.

How to Leave Effective Voicemails

Written by: Summer E. Poletti, Cachet Director of Client Relations

Anyone who reads business blogs and publications knows that on average, Americans are constantly trying to cram more and more into a "standard" workday, which means the people you need to reach are more and more likely to be unavailable when you call. It's time to take a look at how to leave effective messages when it seems like voicemail is taking over as the primary way in which we communicate over the phone.

Prepare before you call. This might sound strange, but you have to realize before you make a call that there is a likelihood, even if you have a scheduled call, that you will get voicemail. Take a quick second to prepare what you will say if you have to leave a message. This will help you avoid the embarrassment of leaving a rambling, incoherent voicemail that you wish you could erase.

Speak Slowly. Make sure that you speak slowly and clearly so that the recipient can understand (and take notes on) your message.

Leave your name and company. You would think that this goes without saying, but I cannot tell you how many times I have received a voicemail that said "Hi, it's me..." or "Hi, it's John...” Perhaps you think you have a distinct voice and people will recognize you, but don't leave it to chance. Even if you have a unique name, it's also best to leave your company name so you don't leave people guessing.

Leave your call back number twice. Even if you know the recipient has your number, make it easy for them and leave it in the message, this way they don't have to take time to look it up. Make sure you speak a little slower when leaving your call back number, and give it twice. This ensures the recipient can write it down and double check it without having to replay your voicemail.

Keep it short. This is the most important rule to leaving effective voicemails. You should never try to leave a message that, when hand-written, would not fit on a sticky note. If you prepare ahead, you will be less likely to ramble on and on. If you have more than one or two items to discuss or confirm, it would be best to ask the recipient to call you back at their convenience or send an email. Your email can then begin "Per my recent voicemail ...” Refer to our blog post blog.payrolltaxmgmt.com/blog/ptm-client-relations-blog/how-to-write-an-email-people-will-read for tips on writing effective emails.

Don't leave a message. This also may seem strange, but you may not want to leave a message every time you get a voicemail. This is especially true for those of you in sales. If you have a feeling the message you leave will sound something like "Hello, it's me again..." hang up and try again. If you are getting caught in a voicemail back hole with this person, it's best to try to catch them live.

Getting voicemail all the time can be frustrating, but you can increase efficiency if you learn to leave better messages. Good luck and happy dialing!

Watch Your Back(up)

Written by: Cachet IT Department

Every company should employ some type of backup system no matter how small or large they are… but the question is what type of backup is best? Before we get into that, we need to understand what “backing up” means.

There are several reasons to backup:

1. Keeping copies of important data and information
2. Providing redundancy in case of system failures
3. Disaster recovery to allowed continued operation of services.

In addition to the whys, there are also several levels of backup:

1. Archiving a copy of documents and files
2. Backing up databases and programs
3. Backing up user systems and even the entire network.
4. Onsite replacement hardware such as computers, servers and hard disks in case of failures
5. Backup power supplies
6. Backup broadband lines because many businesses rely on internet and email

And within each of these storage based backup levels; there are also several methods to do so:

1. The oldest standard is physical media, backing up to either tape, CDs or DVDs (in the past, used to be floppy disks for anyone old enough to remember those)
2. External hard drives for instant access to data for restore or recovery.
3. Online backup (usually paired with “cloud” services)
4. Real-time replication (similar to online backup but creating an actual mirror copy of a database/system that can be activated and put into use in case the primary system fails)

We believe the best method is to employ a combination of these backup procedures depending on what kind of data and systems are being backed up.

• We use onsite back to multiple file servers, hard drives and physical media for documents, files and emails.
• We use high-speed tape backup that is stored offsite for all system data, databases and programs. Those backup procedures run during off hours.
• We use real-time replication to an out-of-state server facility for disaster recovery.
• We have a backup email system in case our email server goes down.
• We have duplicate hardware of all our critical systems to ensure rapid replacement if a failure occurs.
• We have a backup phone system in case of power outage in our primary facility.
• We have multiple backup broadband lines to our primary broadband line

While implementing many of these protocols could be expensive and time-consuming, we can tell you that we have had to use several of these backup systems at least once. Some of them were put into place because we recognized the need for them based on past experiences and we are always looking to improve our backup procedures.

It’s always better to prepare for such contingencies than having to deal with them when they happen… so whatever method you use, at least do as much as you can.

And backups aren’t just for hardware, systems and data… there is a component that is just as important for your business, personnel and procedures backup. We’ll cover that in a future blog entry.

How to Write an Email People Will Read

Written by: Summer E. Poletti, Cachet Director of Client Relations

The average American worker's inbox is flooded with more emails now than ever, and it is becoming increasingly difficult to prioritize which emails require attention first, after filtering out all of the Spam. I've learned through trial and error that there are a few Dos and Don’ts that should be followed in order to ensure that emails will be read and will garner the desired response for the intended recipient.

Do: Mind your To's, Cc's and Bcc's. To ensure your email will be read and you will get the action or response you require, you must first start with the recipient. Be sure you are sending it to the correct person and that only one person is on the "To" line. Why? Because when we are busy and receive and email directed at more than one person, we tend to put it off thinking that someone else will respond, but in actuality, no one does. If you are unsure as to the right person to address, take your best shot and then add a disclaimer at the end, something to the effect of "If you are not the correct person, please let me know who is." Also be mindful to copy those who are necessary and only those who are necessary. And if this is a sensitive subject, avoid the email altogether, see our blog blog.payrolltaxmgmt.com/blog/ptm-client-relations-blog/5-signs-its-time-to-stop-typing-and-pick-up-the-phone for pointers on how to decide to make a call instead of sending an email. You could inadvertently embarrass someone by copying their boss. Similarly, use blind copy sparingly. If you want someone to know of the discussion privately, you could forward the email under separate cover or better yet, discuss it personally. The person to whom you directed the email could later find out you blind copied someone else and could see that action as sneaky or underhanded.

Format the email properly. A good way to ensure your recipient knows you are directing the email to them is to use his or her name. Email does not require the formality of a business letter, but does require more formality than a text message. A simple "John," is an excellent way to start an email. Tap into what you learned from first grade through graduate school and remember to write complete sentences and break paragraphs when necessary. Use a signature on all emails, replies and forwards so your recipient never has to search to find your contact information if they want to call you.

Start with a pleasantry. The type of pleasantry will depend greatly upon how well you know the recipient. Your email is almost guaranteed to be well received if you give someone the warm and fuzzies before you get down to business. Keep it short and sweet though, no more than two sentences.

Write professionally, but don't get too academic. There is a fine line to walk here, you want your recipient to know that you are an intelligent professional, but you don't want to come across as an intellectual elitist. A good rule of thumb is to keep away from slang as much as possible. If you must have a friendly and joking conversation, it is best to do so over the phone or in person. Another rule of thumb would be to steer away from words you would not hear on the evening news. Your recipient may be offended if they have to use the dictionary to get through your email.

Use bullet points. If you are listing items, giving options or discussing more than two things, consider using bullet points. This breaks up the email, making it seem shorter.

Give a call to action. If you need the recipient to do something, let them know, make it clear and concise and leave it to the end of the email. You'd be surprised -- unless you say "please get back to me", they might not.

Use the "Important" button sparingly. If every email you send is of "high importance", your recipient will get annoyed and start placing all of your emails at the bottom of the pile. It's like the boy who cried wolf -- leave that button for true emergencies only and you'll improve your response rate.

Don't:
Hit send when you are still angry. If you have to wait a few minutes or even until the next morning to respond, it is far better than sending something you later want to recall. No one wants to read an email that is essentially you yelling at or berating them.

Use "creative" formatting. Fun fonts, colors, cool backgrounds, and cute graphics do have a place in email -- your personal email. Your mom or best friend will think nothing less of you if you send an email written in pink scripty font with cats all over it, but your clients and your boss will. Choose a conservative font like Times New Roman, Arial, Helvetica, etc. Use a readable size, like 10 to 12 pt. Write in black on a white background. Keep your signature to the basics: name, company, title, phone, fax, email.

Write the way you (or your kids) would text. This is the contrast to the point above about writing professionally. In a customer service environment, it is easy to feel chummy with clients and want to drop some of the formalities, but we have to remember that this is a business relationship. Drop the "whom" and "Dear", but always write in proper English.

Forget to proofread. Adding to the point about writing in proper English, always proof read your emails before sending. Outlook and Word do this automatically, so there is no excuse for sending emails riddled with spelling and grammatical errors.

Take a fresh look at your email style and ask yourself -- if you received that email in a business setting, would you read and respond? If not, it's time to make some changes; you'll improve your communication over all.

5 Signs it’s Time to Stop Typing and Pick Up the Phone

Writen by Summer E. Poletti, Cachet Director of Client Relations

It's no secret that, while allowing us to function efficiently in ways we thought were only possible in Science Fiction movies, technology has greatly hindered our society's ability to communicate in a personable manner. I will admit that I am just as guilty as anybody to fall into the email trap. Email is a fantastic tool, but like anything, too much of a good thing can be detrimental. Following are a few rules I try to follow to keep myself in check.

Your email is too long. Review your email as you are writing it or prior to sending it. Does it read more like a novella than a memo? If so, it might warrant a phone call to discuss the contents, then you can send the email later to confirm the conversation. Keep in mind that everyone is just as busy as you and just as likely to skim over a too-long email. Good rule of thumb is to keep the email short enough to fit on one page if printed (including the headers and your signature).

Numerous emails have been sent back and forth. Everyone has been there before -- emails keep going back and forth, but the message isn't getting across or the argument is escalating. Whatever the reason, there comes a point where you need to get on the phone and discuss the matter at hand. I wish there was a magic number so we could all know when to stop the maddening email chain, but a good sign is when you see another reply in your inbox and you get the sinking "not again" feeling in your gut.

What you have to say is sensitive in nature. If you have to deliver bad news or discuss a sensitive topic, it is always best to do so in person or on the phone. You don't want the recipient to read your email the wrong way and turn a sensitive subject into a huge disaster. If you are speaking with the person live, you also have the opportunity to gauge their reaction and troubleshoot on the spot if necessary. When emailing on a sensitive topic, you never know when the person will read your message, how they took it; you are also giving an untold amount of time for them to sit and stew on it -- good or bad. Again, no magic formula here, if you keep wondering "how should I say this?", it's probably best to deliver the message personally.

Your client is upset. It probably goes without saying, but if your client is upset, the email is probably somewhat sensitive in nature. You also could end up sending a very long email or numerous emails back and forth. At the core of good customer service is relationship building and you should not expect to mend a relationship with an upset client simply by sending an email. Please refer back to our blog blog.payrolltaxmgmt.com/blog/ptm-client-relations-blog/5-things-clients-love-to-hear, clients dig personal service and they love talking to you.

Your client almost always calls you rather than emails. Clients love personalized service and at the core of that is knowing what they want. Not just clients in general, but that person specifically. You will have a happier client if you service them the way they want to be serviced, so it is important to know what each client prefers. If your client calls more often than emails, call them first to discuss the topic and then send an email when you are done to confirm the conversation.

I hope these simple tips help to put email in its proper place -- as a great tool to help us manage our busy days, but not the end all and be all.

7 Tips for Safe Social Networking

Written by: Jill Henderson, Cachet Marketing Manager

People, particularly parents, are well aware of the dangers of social networking in terms of personal attacks but with Social Networking becoming more and more prevalent in both our business and personal lives, its more important than ever to protect yourself against all types of cyber criminals. The following tips are great ways to minimize your risk exposure online:

1. Password protection - Use a different password for social networking sites then you do for your email and financial accounts. Also, change your passwords frequently and do not use names or numbers (such as birthdays) within your passwords that are publicly posted on your social networking profiles.
2. Following and Friending - Be selective in who you connect to. Connecting with strangers on social networks is absolutely unnecessary in a personal arena but in business making contacts and expanding your referral network is important. Consider only connecting with people you know, friends of friends/colleagues, people who work within your same industry or who share similar hobbies. Anyone can misrepresent themselves online but being selective about who you connect to can help limit the threats to your accounts and personal information.
3. Links - Don't click on suspicious status updates, articles or links. If your Great Uncle who only listens to Frank and the rest of the Rat Pack, starts tweeting about Justin Beiber... he's probably been hacked, don't perpetuate the security breach by clicking and risking your accounts as well.
4. Oops! I Clicked - If you must (or accidentally) click on your "Great Uncle's" Justin Beiber tweet and it takes you to another page asking for personal information or passwords, do not provide the information!
5. Privacy Settings - Make sure that you set your privacy settings when creating your social networking profiles and update them regularly. Social media sites are constantly adding and changing security and sharing features, checking your settings regularly will allow you to share or hide personal information at a level that is comfortable for you.
6. Security Software - Make sure the security software on your computer and handheld devices is up to date.
7. Checking In - Publicly posting your location or weekend/vacation plans can open you or your home up to criminal attacks. If you're going on vacation and you are excited to tell your friends and family all about it, consider waiting until you return from your vacation or limit the people who can see that particular post... otherwise you could arrive home to an empty house. Do you have a "crazy" ex that you want to stay away from? Checking In around town lets them know where you are; if you don't want people to find you, don't tell them where you are.

Email Security and Phishing

Written by: Nixon Adoyo, PTM Tax Client Services Manager

Phishing perpetrators continue unrelenting assault on businesses in a bid to illegally gain access to extract data from companies so they can further their criminal activities. The Payroll Service Industry seems to be dealing with a new barrage of attacks that have continuously evolved and progressed in sophistication in an attempt to fool unsuspecting organizations into granting access to vital data.

Attackers seem to be stepping outside known “bait” methods or email formats that could easily be identified and flagged by using email addresses and domain names that mimic known and respected organizations like the IRS, NACHA, BBB and even USPS.

Earlier this year, the Electronic Payments Association received reports that companies and individuals were receiving fraudulent emails that appeared to have been sent from National Automated Clearing House Association (NACHA). Reported emails were sent to unsuspecting individuals and organizations advising of electronic payments that had been rejected, flagged or blocked by the Clearing House Association.

Instructions in these emails advised recipients to open attachments for more details on mentioned blocked transactions. Once the email or attachments were opened, Malware attached to the emails infected victims systems successfully completing intended task.

National Automated Clearing House Association (NACHA) released an alert in March 2011 advising organizations of the phishing emails in an excerpt taken from their website citing, they were aware of emails varying in content that appeared to be transmitted from email addresses associated with the NACHA domain (@nacha.org). These emails later began listing addresses with fictitious names of NACHA employees and or departments as shown in this example. (jdoe@nacha.org)

The notification went on to clarify that NACHA itself does not process or touch ACH transactions that flow to and from organizations and financial institutions. NACHA also does not send communications to persons or organizations about individual ACH transactions that they originate or receive. While Payroll Tax Management notified clients about these emails, complete details are available on NACHA's website.

The Internal Revenue Service and the Federal Deposit Insurance Corporation have also released publications on their websites about phishing emails created to seem like they come from their domains and have detailed nature of emails and how to identify, contain and report problem.

So far names of the following organizations have been used in these phishing scams.

• BBB - Better Business Bureau
• FDIC - Federal Deposit Insurance Corporation
• IRS - Internal Revenue Service
• NACHA - National Automated Clearing House Association
• USPS - United States Postal Service

To protect our internal assets and client data, Payroll Tax Management (PTM) employs security software programs to monitor its system and to identify unauthorized attempts to upload or alter information. Emails procedures and training is done to equip employees with the ability to identify phishing emails. The importance of training is making everyone aware of these ever evolving phishing attacks along with better understanding of how all organizations we transact with communicate. With this knowledge it becomes that much easier for everyone to help flag suspect communication methods.

Payroll Tax Management has also implemented policies and procedures that have helped identify emails that may not have been flagged as spam but appear suspect. Continuous education and communication to employees has helped defeat these attacks. Employees are constantly aware that suspect emails with attachments and/or links to Web pages host malicious code and software. For this reason, they do not open attachments or follow Web links in unsolicited emails from unknown parties or from parties with whom they do not normally communicate.

Forwarded emails from known parties that seem suspicious or otherwise unusual are also handled the same way and verification of the messages is done first by contacting sending party by phone before actually opening. Learning about organizations that handle our transactions and their methods of communication also helps identify these fraudulent emails. The IRS and other prominent organization like NACHA or FDIC state they do not send or solicit information by email.
We hope this information helps our clients and partners protect their systems from these attacks.