October 2008 Newsletter

THE CURRENT ECONOMY
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
There are some of you out there who will not be here a year from now. The one’s most likely to survive the current situation are those that do not have an excessive amount of debt, have their inventory lean and under control (by use of a formal Open-To-Buy or some other method that works for them), have selling staff that is motivated and productive, really know and understand their customers, and have expenses tightly controlled. If that does not describe you, you may have time to turn your situation around – but do not put it off. Don’t wait until your only option is a GOB sale.

CREDIT CARD SECURITY
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
We want to extend our personal thanks to Tim Smyth, President of Smyth Retail (http://www.smythretail.com) for allowing us to provide you this excerpt from a newsletter they have sent to their clients. The following is good information and it should be read and acted upon.

Effective July 1, 2010 no processor will be able to process credit cards from a system that is not certified as compliant! Also, if your system is deemed vulnerable the PCI DSC will decertify it by October 1, 2009.

The Payment Card Industry Data Security Council (PCI DSC) is making rule changes to help reduce the cost of credit card fraud (and indirectly your card processing costs). They are requiring that all companies involved in card processing properly provide solutions that enable retailers to better protect themselves from fraud through a formal certification process. The PCI DSC requirements imposed on products and systems will significantly increase the protection of retailers from such loses and, at least for now, protect them from expensive direct compliance requirements. I believe the requirements the PCI DSC is imposing on software systems foreshadow what I expect to be increased regulations that will ultimately be imposed on retailers who want (and need) to process credit cards.

We have all heard the horror stories of retailers whose customers’ credit card information has been compromised by hackers and thieves. It should send chills up your spine to think of the damage to your reputation if your customers’ credit card numbers are stolen, and that doesn’t even consider the business threatening lawsuits that would be sure to follow (even if you are diligent in protecting your customers’ data). When it comes to bankcard processing, the most important thing for you to understand is that you, the retailer, will be held accountable for any direct losses if your customers’ credit cards are stolen and the resulting penalties and fees could easily destroy your business. Furthermore, if a breach occurs you will be subject to hefty fines, forensic audit costs, and recertification costs. Your liability is not just for the loss of your credit card sales but for the sum total of the credit limits of all cards you are processing (or more directly have on your system at the time an encroachment is detected)!

While credit card security is important for any retailer processing bankcards through Point of Sale, the security risk involves any retailer who maintains any credit card information anywhere on a computer: be it any sort of electronic list, email, Microsoft Word© document or any customer profile. Technically, you are even responsible for security breaches on your computer if your own credit card number is on your computer! And as long as we are at it, you need to remember that there are other types of confidential information anyone might store on a computer that represent liability risk such as Social Security Numbers, Drivers License numbers, and of course all the passwords used to secure not only these but your own financial information. Even if the principals of a business are personally careful and diligent with security they are also responsible for the actions of their entire staff. If you carry any kind of Accounts Receivable, Store Credits, Gift Certificates, Gift Cards (remember that Target had their Gift Cards hacked), etc. you have additional personal security risks. Forgetting even malicious attacks on sensitive information, the cost of viruses and data corruption in time and direct costs alone is frustrating and expensive enough to warrant improved system security. It is safe to assume that everyone has a need for improved computer security!

If you really want to protect yourself from legal liability (and you should), you are going to have to invest at least time, and in some cases money, to better protect yourself from these thieves and the associated liability in the event your data is compromised. You are already responsible for performing an internal annual security audit which I’ll bet you aren’t performing. Any measure you take now will help you protect your liability, and more importantly even the possibility of having your customers’ confidential data being compromised. It is important to understand that security is not a one time or annual consideration; it must be an ongoing effort. The bottom line is that you could, at great cost, do everything humanly possible to secure your business, and even if you had the resources of the National Security Administration you could still get hacked tomorrow by some new method of the ingenious idiot and be held liable. As a small business person you have to keep in mind the risk-reward factor in security. We can’t afford the best money can buy, but we don’t need to. Hackers aren’t targeting the smaller retailers like they do big companies or the NSA; in fact, hackers are first and foremost looking for low hanging fruit. If a tiger is chasing us we don’t have to be the fastest runner, we just need to be faster than the person running next to us! You can’t afford perfect protection but you can’t afford to ignore security.

Implementation Guide
While your service provider must make changes to your software to better secure your system, their efforts won’t help you if you don’t directly take action to implement the changes and other security policies and controls to protect yourself. One of the things your system provider should be providing as a requirement of the PCI DSC is a detailed “Implementation Guide” which will help you better understand how to best secure your system.

Some changes you will (or should) be seeing in the near future with your system are:

* Allow you to minimize the level of cardholder information retention
* Enhanced user authentication
* Enhanced Email and internet controls
* Enhanced encryption
* Added security for remote Log-Ins and System Support
* Lock down of Point of Sale to prevent unauthorized access to the internet
* Enhanced encryption of Credit Card information

PCI DSS requirements:
The following summarizes the 12 general requirements of the Payment Card Industry Data Security Standards (PCI DSS) and the important requirements involved for properly protecting your network. While at this time you do not need to formally complete and submit a questionnaire, these industry guidelines should be followed when developing your network security policy as they would be required for PCI DSS compliance if your system provider had not made the changes or if you were a larger retailer, and should be considered the benchmark for establishing your security policy to maximize your protection from fraud. You can find a document detailing each of these requirements at http://www.pcisecuritystandards.org/saq/instructions.shtml.

* Build and Maintain a Secure Network
Requirement 1: Install and maintain a firewall.
Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters

* Protect Cardholder Data
Requirement 3: Protect stored cardholder data and purge old and unnecessary cards.
Requirement 4: Encrypt transmission of cardholder data across open, public networks.

* Maintain a Vulnerability Management Program
Requirement 5: Use and regularly update anti-virus software or programs.
Requirement 6: Develop and maintain secure systems and applications

* Implement Strong Access Control Measures
Requirement 7: Restrict access to cardholder data on a business need-to-know basis.
Requirement 8: Assign a unique ID to each person with computer access.
Requirement 9: Restrict physical access to cardholder data.

* Regularly Test Networks
Requirement 10: Track and monitor all access to network resources and cardholder data.
Requirement 11: Regularly test security systems and processes.

* Regularly Monitor Networks
Requirement 12: Maintain a policy that addresses information security for employees and contractors.

Summary
While these new standards sound alarming (and they should), and require your attention, they represent important security measures that all retailers should all be implementing. Even if you are not processing credit cards through your Point of Sale system, these issues concern you. Unless you do not accept or even use credit cards (and you all do), you are responsible for protecting cardholder information. The costs of improving security are minimal compared to the risk associated with a security breach.

You need to implement sound security policies and work toward a fully compliant Security Policy. Not only is it in your self interest, I suspect that the PCI DSC will continue to make further demands to assure proper security is implemented. Of course the hope is that the changes they are imposing on all software suppliers and providers of credit card authorization services will reduce fraud and losses. What you must remember is that the wolves of the world are also taking advantage of new technologies. If your store’s system has not been compromised, it is only a matter of time!

If you do not know if your software provider is doing all that needs to be done about this issue, NOW is the time to find out!

4-5-4 CALENDAR
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
We now have copies of the 2009 4-5-4 Retail Accounting Calendar available (4-5-4 Calendar). The calendars are printed on cardstock and have 2009 on once side and 2008, 2009 and 2010 side by side on the back. To request a copy, or several, for your store just email us with your request being sure to include your name, store name and address.

You do not use the 4-5-4 calendar? Read below:
If you do not use the 4-5-4 Calendar, I want to encourage you to change to this calendar as it makes sales planning easier. With the regular calendar, sales comparisons to last year are complicated by the fact that a month may have 4 Saturdays this year while it had 5 last year. For most retailers Saturday is their largest volume day of the week. It makes it more difficult to plan sales when you are looking at unequal months.

The better accounting calendar is the 4-5-4 Calendar. The 4-5-4 Calendar divides the year into quarters with the first and last month of each quarter consisting of 4 weeks each and the middle month of each quarter consisting of 5 weeks. Each accounting calendar month will begin on a Sunday and end on a Saturday. Each accounting calendar month will have the same number of selling days as the same month last year. For example, March has 5 perfect weeks every year, 5 Saturdays, 5 Mondays, etc. With the regular calendar this is not true, since March may have 5 Saturdays this year and only 4 Saturdays next year. This makes it more difficult to plan sales.

For holidays that are a set day of the week, such as Thanksgiving, there will always be the identical selling days before and after the holiday, year after year. There will always be two selling days in November following Thanksgiving. Each month will consist of either 4 or 5 perfect weeks making it very easier to analyze payroll costs. With the 4-5-4 Calendar, each accounting period for one business year corresponds to the same period next year, and the next. This provides an invaluable review and forecast tool for management.

The 4-5-4 Calendar is especially suited for use in preparing sales forecasts and operating budgets. Also, since each month ends on a Saturday you will enjoy the convenience of taking physical inventory counts at week end and not having to either subtract or add sales which preceded or followed the physical count to arrive at a clean cut-off. The inventory counts should therefore be more accurate.

The 4-5-4 Calendar was devised with the needs of the apparel, sporting goods and gift retailer in mind. Our business cycles are those periods of time between the start and end of a sales season. In general, our business cycles end in July and January. Therefore, the standard 4-5-4 Calendar begins with the month of February, which is traditionally the beginning of the Spring selling season.

Changing to the 4-5-4 Calendar will make very few differences in the store's procedures. About the only difference is to realize that for the first year, sales comparisons to last year can be made only at the end of each 13-week quarter.

The 4-5-4 Calendar is also recognized by the IRS for income tax reporting purposes. It is referred to by the IRS as the 52-53 Week Year. To adopt the 52-53 Week Year it is necessary to file a statement with the tax return for the first tax year for which the election is made. If you are keeping the same fiscal year end, you make the election by filing your tax return for the 52-53 week year and attaching to it a statement showing:

1) the day of the week on which the tax year will always end (SATURDAY)
2) that it will end on the date such day of the week (SATURDAY) occurs nearest the end of the month
3) and the month with reference to which the tax year will end (JANUARY for most retailers).

Note: Many retailers have a December fiscal year end because they are not corporations and have no choice about their year end. You can still use the 4-5-4 calendar. You can actually keep your store’s books on the 4-5-4 calendar ending January then make a simple adjustment at your December year end to report your tax information for 12 months (by adding in the data from the prior January).

According to the IRS “A taxpayer changing to a 52-53 week tax year does not file FORM 1128 if the 52-53 week year ends with reference to the same calendar month as its previous tax year ended, and the taxpayer keeps its books and computes its income on the new 52-53 week year”

However, once you change to this 52-53 Week Tax Year, you can not change to another tax year, including going back to a Jan. 31 year end (if that is your regular year end), without prior approval from the IRS. This is done using their form 1128-Application to Adopt, Change or Retain a Tax Year. You will find it is not hard to change to the 4-5-4 Retail Accounting Calendar. It is just a matter of changing your thinking a little. If your computer software does not support the retail 4-5-4 Calendar then it may be time to look for a true RETAIL package. To get a copy of the current 4-5-4 Calendar for your review - - and use if you decide to change - - just send us an email with your request and your name, store name and address.

This is the calendar the BIG retail chains all use to report their sales. It is recognized by state governments for reporting sales taxes. I know this is not “the way it has always been done” and I know that “you have been doing just fine” using the regular calendar; however, once you change I think you will be glad you did. Try it. If you do not like it, you can always change back to the regular calendar before the end of the year and the IRS will never know.

Top of page

QUOTE OF THE MONTH
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"The pessimist sees difficulty in every opportunity. The optimist sees the opportunity in every difficulty."

Winston Churchill, British statesman, soldier and author

SEPTEMBER SALES SURVEY
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
First, THANK YOU to everyone who participated in our survey.Your participation makes the results meaningful. To remind everyone, this survey concerns September sales.

OPEN-TO-BUY SERVICE
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Control your inventory and increase profit with TRMA's Open-To-Buy Service starting at just $300 a month.

It is critical for the retail store that inventory be controlled so there is not too much or too little. We have been providing this service to retailers for many years, and at a price even the smallest retailers can afford.

For more information, call us toll free at 1-877-206-1299, visit us on the web at http://www.the-retail-advisor.com/open-to-buy.html, or send an email to LC@the-retail-advisor.com.

TELE-SWAP GROUPS
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Join a Tele-SWAP Group to talk to other retailers like yourself! The questions and topics we have discussed in recent sessions are numerous. A few recent examples are:

"How are you stimulating business now?"
"What benefits do you offer full-time employees?"
"Discussed HSA insurance plan one member started a year ago and savings generated."
"What do you see as the direction for merchandising your store in the next few years?"
"How do you find a good in-house tailor and at what pay scale?"
"What has been your most successful line thus far this year? Most disappointing?"

If you would like to discuss the types of issues listed above, and others, with retailers who are similar to you, but far enough away they are not competitors, give us a call at 1-877-206-1299 or on our web site at http://www.the-retail-advisor.com/peer_groups_tele-swap.html. Then you can complete an online application. Once I get your application I will contact you about joining a group to take part in a monthly one- hour teleconference call. The biggest commitment will be the one-hour a month for the call. The cost is minor at just $180 for a 6 month commitment (just $30 a month).

There are so many retailers around the country who are isolated because they are a small independent retailer. This service gives you an opportunity to talk with others in a similar situation without having to worry about giving away any information to your competition. Get the help and advice you need to be moresuccessful without having to leave your store.

Click on the link above and join a group today!

KEEP YOUR EMPLOYEES HONEST & INCREASE YOUR BOTTOM LINE!
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Studies have shown that almost half of all your store's shrinkage is due to employee dishonesty!

If you can reduce shrinkage by 1% that is an additional 1% of profit for you. As the owner it is your job to provide the procedures, checks and balances to keep your employees honest.

Fortunately, I can help. As controller for a 5-store chain of family apparel stores and with my experience working with retailers around the country as a retail management consultant I have developed a manual to help you with this. It is our "Internal Control Manual" that covers all aspects of a retail store's operations. It is set up in an easy question and answer format where a Yes answer means things are OK and a NO answer means you may have a problem that needs further checking

To get a copy for your store, for just $95 shipped Priority Mail, visit our website at http://www.the-retail-advisor.com/internal_controls.html.

Do not wait until you discover that a trusted employee has stolen $70,000 from you (like a retailer I know had happen to him last year). Take steps now to make sure your merchandise and cash are as safe as you can make them.

RETAIL JOB DESCRIPTIONS
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Well thought out and developed job descriptions should be the documents you use as a basis for interviewing and hiring new employees and also for making sure your employees are doing their job as it should be done. To help you with this time-consuming project, TRMA has developed very detailed job descriptions for almost all positions in a retail store in WORD so you can easily copy them to your computer and personalize them to your unique situation. The job descriptions are available on CD for only $25, including shipping. The set includes the following descriptions:

1	Profile Of The Perfect Retail Employee	14	General Manager
2	Basic Position Description For All Employees	15	Merchandise Manager
3	Accountant	16	Office Manager - Bookkeeper
4	Accounts Payable Clerk	17	Store Operations Manager
5	Advertising And Display Manager	18	President
6	Assistant Store Manager	19	Shipping & Receiving
7	Buyer	20	Sales Manager
8	Cashier	21	Sales Associate
9	Controller	22	Store Manager
10	Credit Sales Manager	23	Store Manager (for stores with a General Manager)
11	Credit Controller & Collector	24	Tailor-Head
12	Department Manager	25	Tailor I
13	Display Manager	26	Tailor II Or Seamstress

Most job descriptions are 2-4 pages long. Your investment is just $25 for the complete set, including shipping. To order, mail your check to the address below and we will mail the job descriptions to you:

Job Descriptions
The Retail Management Advisors
510 Red Oak Street
Allen, TX 75002

WHAT WE DO . . .
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
o Monthly Open-To-Buy Service
o  Open-To-Buy Implementation on Your System (if available)
o  Merchandise Performance Evaluation
o  Shrinkage Control
o  Development of Incentive Plans
o  Development of Job Descriptions
o  Seminars On Retail Subjects
o  Financial Analysis
o  Financial Budgeting and Cash Flow Projections
o  Computer/POS System Evaluation, Selection, Usage
o  Policy and Procedure Development
o  Lead Tele-SWAP Groups (Share With A Peer)