It sounds like a basic “duh” statement that businesses should own their accounts. But let me tell you, a lot of businesses have ceded complete control over vital systems to third-parties.
And that has ultimately hurt their companies, costing them thousands, if not millions, in lost time and expense regaining control of the accounts. Or replacing the accounts in their entirety.
Even if nothing bad has happened yet, it is a major risk for you and your company if you are not maintaining ownership of your business accounts.
When Account Ownership Goes Wrong
Let me tell you a little horror story that happened to a client recently.
They were using a marketing company that promised them big things – a brand new sparkling website that would be SEO optimized with lots of backlinks and blog posts, brand videos, Google Ads driving tons of new customers to them, and probably the kitchen sink too. They promised all of this with a quick turnaround time and charged a really high premium for it.
And then failed to deliver.
My client was pissed, rightfully so. After months of complaints that were never answered, they moved to terminate the relationship.
But one problem – the marketing company had setup all the accounts. They “owned” the Google Ad account, the domain, the website, everything.
Once the termination notice was sent, the marketing company turned off the Google ads and stopped updating the website that was only partially complete with major sections empty. And you know that the phone stopped ringing after that. Think about all that lost revenue, especially when you have employees to pay.
While my client could have sued to get the accounts, it was easier and faster for them to pay a termination fee to buy the accounts from the marketing company. It left my client with an even worse feeling towards the vendor, because they had to pay them to leave.
Now, my client knows better. They own the accounts. Their new marketing company has the necessary editor or admin rights to the accounts. But my client has ultimate control and could kick them out, if necessary.
See Also: Website Legal Audit
What Kind of Accounts Are We Talking About?
There are lots of accounts that are out there in your name or that are vital to your company.
For example, Keila Hill-Trawick of Little Fish Accounting recently mentioned on Threads that business owners should be the primary admin on the QuickBooks account if they are paying for it. And even if the CPA is paying for it, they should be an admin and able to see everything in the company file.
I added some additional accounts that business owners should always maintain ownership of. And then, if you hire people that need access to the accounts you can add access for them:
- All bank and credit cards
- Accounting Systems
- Credit Card Payment Account
- Payroll Processing Account
- Website
- Domain Hosting
- Email system
- Email newsletter account
- Google Ad account
- Social media accounts
- Cloud services
Even accounts like the music that is played in the office should be controlled by the company and not some random employee. After all, how much fun would a terminated and disgruntled employee have playing completely NSFW music on your systems? What would customers or other employees think? Some of the music could even do things like create hostile work environments leading to lawsuits (yes, I dealt with a case where an employee complained that the music playing in the office was discriminatory and created a hostile work environment).
Why Do I Need to Own These Accounts?
Because you, as the business owner are always responsible for the financial well-being of your company. You should have access to see where you stand, able to look at financial statements and other reports, and to be able to spot check the work of the bookkeepers or CPAs that are running the files.
You are also ultimately responsible for business development and keeping new customers coming in. And securing their data and making sure that your employees have the resources to do their jobs. If the accounts are in someone else’s control, you are leaving yourself open to lots of bad possibilities of things not working out.
See Also: Employee or Independent Contractor? New Rules for 2024
Why Can’t I Rely on My Providers to Setup and Own These Accounts?
Ultimately, the reason you want ownership and control over all of these accounts is that you may not continue to use the initial providers forever.
Let’s take QuickBooks for example. I can set it up as your Fractional CFO. But at some point, if we both succeed, you are going to need someone that will work for you full-time. It’s a much smoother transition if you don’t have to rely on me to add the new user and potentially move the admin ownership to someone else.
Now, when working with me, I’ll do that. I consider the fact that you’ve outgrown the Fractional CFO services as a success for both of us.
But other providers, on the other hand, may not have the same philosophy. Maybe they will hold those accounts hostage.
I can’t tell you how many times I’ve heard of businesses having issues with their websites, like the horror story above, because someone else owns the account with the domain and website hosting. Wouldn’t you rather be able to just remove their access and go on with your life when that relationship sours? Or would you like to pay someone like me or another lawyer to have to send demand letters to get your website back?
Basic Accountability
On top of everything else, there’s also a concept of basic accountability. When a provider knows that you can go in and see everything that they’ve done, maybe they will be more honest about their work.
Going back to Keila’s example of owning the QuickBooks account — one of the basic ways and best practices to prevent financial fraud in your business, is for you, as the owner to regularly review the financial statements. But don’t rely on third-party prepared statements. By owning and having access to the QuickBooks account, you can go in a print your own copies of the financial statements. If the third-party statements and the QB reports don’t match, you know there is a problem!
Same thing with email newsletters, if that is a big part of your marketing campaigns. You want to be able to see the underlying data, at least on occasion. If you only look at the raw numbers, you may miss that your marketing manager is adding fake emails to the list, thus skewing the fact that you not in fact growing your list.
Just having the access to double check facts is often enough to increase the accountability. Even better is when you actually do spot check the systems on occasion. Having a couple of questions, like why you had a sudden spike in registrations on one day or why the bounce rate increased, will be totally innocent and often have good explanations (we started a new Facebook ad campaign to drive email registrations or Google/Gmail changed how they deal with newsletters). But now your employees or contractors know that you are keeping an eye on them.
When Should Owners Take Control of These Accounts?
Preferably, every account is setup by the business owner or with their permission and information. In other words, at the inception or very beginning of the account.
But what about those accounts that already exist? Then you should start the process of changing those accounts over to your ownership immediately.
You want to start this process while you are on good terms with your vendors and even employees. Don’t wait for the relationship to sour.
The best day to start is today!
Regularly Review Account Access
Not only should you own the accounts, but you should also regularly review the access to the accounts.
Zero-based trust is the name of the game here. We are only going to give the employees or contractors the access that they need to do their job. No more, no less. And definitely no individuals that don’t need access.
We are also going to regularly review our accounts to make sure that 1) no unauthorized individuals have been added and 2) that we have removed those that no longer need access.
This reduces the risk that disgruntled former employees or contractors can do anything to harm your company. It also reduces the risk that credentials will be hacked and thus allow unauthorized users to access your sensitive systems.
I do this as part of Springboard Legal’s Written Information Security Plan on a regular basis. The specific timing is based on the sensitivity of the particular account as well as changes within the firm. For example, my WISP requires that I review all systems when I terminate an employee.
Risk Mitigation Strategy
Look, you know that as an attorney, it’s been beat into me throughout law school and through actual practice, that I need to reduce risk in my business. It’s makes for a stronger business, that can withstand bumps along the way. And I’m trying to help you make your businesses stronger as well.
From employees leaving to outgrowing vendors, you know that there are going to be times that you need to change who works on your accounts.
It’s much easier when you take a zero-based trust strategy to remove old access and add new access when you are the owner of the account. And if you get locked out, if your name is on the account, it is going to be 100% easier to regain access.
Think about it this way: if your customer acquisition strategy relies on Google ads, why would you let someone else have control of that account? That’s your future customers and future revenue in someone else’s hands.
Now apply that to every account that your company owns.