Suggested course of action

Suggested course of action

Didn't find your answer?

Client breaks up with prior accountants in a bad way. This is due to monumental fees, for work riddled with errors (schoolboy ones), tardiness, unprofessionalism, you name it - its wrong. In the "good old days" client furnished said accountants with company NatWest login and memorable password info, in order to do bookkeeping etc. He did this by email. Accountants disengaged about a month or so ago, and this is all confirmed in writing, but evidence (from NatWest) has arrived that shows them logging in and having a good old nose around. Nothings been pinched or altered so no serious crime has been committed BUT considering their disengagement this is unprofessional to say the least. All the codes have since been changed upon discovery. Is there any possible routes of repercussion for such behaviour? ie should this be raised with their professional bodies / police? What are your thoughts and thank you :)

Replies (6)

Please login or register to join the discussion.

By Mouse007
07th Oct 2013 00:13

Computer Misuse Act 1990

Unauthorised access, tut tut (I would presume authority was revoked on dismissal,  that's the view I've always taken). Had a few clients reported to the police for that I have, and they took it very seriously.

 

 

 

You know what you need to do Ben ;)

Thanks (1)
Locutus of Borg
By Locutus
07th Oct 2013 13:31

Naughty but is it worth going to war over?

There was no money lost and like John F says, there may be some explanation, particularly as it was only a few weeks after they were fired.

Life is too short to waste time on making a complaint to the Police or their professional body, who may or may not do something with it.

Thanks (1)
avatar
By Richard Willis
08th Oct 2013 10:53

Interesting scenario

I once left a company that was struggling (to say the least) to pay its creditors and delayed paying my termination pay.  However I still, for a while at least, had access to their bank and was VERY tempted to just transfer what I was owed!  A police DI friend said that you cannot be done for 'stealing' what is rightfully yours but it could have made an interesting case if I had done it!

Thanks (0)
avatar
By User deleted
08th Oct 2013 11:24

What's the point?

Nobody has suffered, there's no financial loss, they've just been nosey. Life is too short. It's a learning experience - change the passwords before you sack them!

 

 

Thanks (0)
By mydoghasfleas
09th Oct 2013 12:29

More than one finger to point

First, if it's post disengagement at the minimum it's unethical. 

Who is to blame?  The client's practices are slack if they did not at least change the passwords.

Did the ex-firm have different access rights?  That would probably be the only way the bank could tell who was accessing the account; if it's shared rights how can the bank distinguish the users.  If the ex-firm had separate user rights then would it not have been sensible to have the bank cancel them?

It could be that the ex-firm is not accessing the account but a member of staff in that firm is without authority.

Out of curiousity, how did the client find out.  If he approached the bank, I presume he had a suspicion something was up - what triggered it.  If the bank approached him, then surely the bank knew something was wrong otherwise it would not have reported it.  As banks make such a song and dance about security being so important surely immediately it suspected something was wrong it should have created a denial of service.

 

Thanks (0)
avatar
By raybackler
09th Oct 2013 13:59

Bank signatory can be a separate role

Surely the issue here is that an accountant with bank access rights should have those rights promptly terminated by the client on disengaging.  As there was a fee dispute the accountant would not be within their rights to make a payment to themselves.  However, as a bank signatory they have the access rights in place and, whilst it may be considered unethical by some, they are not necessarily misusing the access rights merely by looking.  Of course, if this is countermanded by express terms in the engagement agreement or in the dis-engagement process, then that would take precedence, but on the face of it a signatory is a signatory until removed.  There is no failure in bank security, because that is the policy they would follow too, in strict accordance with the bank mandate, until amended.

We recently agreed to complete accounts for a company, where new accountants took over the bookkeeping from 1st April.  We had read-only access to the bank account and although dis-engaged at 31st March, we continued for several months to access the bank account to check debtors and creditors were paid, knowing that the new accountants were also logging in.  We did not check that this was acceptable to the client and we were not removed from the mandate.  There is nothing wrong with this, as both accountants were properly mandated and we were acting in the best interests of the client.  Of course, if at any time we had been prohibited by the client, even though the mandate was still in place, we would have ceased.

Thanks (0)