According to the Association of Certified Fraud Examiners’ Report to the Nations: 2018 Global Study on Occupational Fraud and Abuse, organizations victimized by fraud lose a median $130,000. But construction companies, in particular, are even harder hit, with a median loss of $227,000. What can you do to protect your construction business? Adopt this checklist.
Ways to tighten controls
An effective strategy for minimizing fraud is to tighten your internal controls. Make sure the following are part of your policies and procedures:
Surprise audits and jobsite visits. These visits can not only help detect fraud, but also send a strong message that combating fraud is a priority — which is a powerful deterrent.
Segregation of duties. Avoid situations in which one person handles multiple financial or accounting tasks. For example, the person who processes cash transactions shouldn’t also prepare the company’s bank deposits.
Bank statements. Have monthly bank statements sent to you or a manager independent of the accounting function. Canceled checks should be reviewed for unfamiliar payees and forged signatures.
Purchase monitoring. Name someone other than the purchasing agent — you or an estimator, for instance — to review vendor invoices, purchase orders and other documents. Use prenumbered purchase orders. Physically check materials and supplies to ensure they correspond to what was ordered in terms of quantity and quality.
Kickbacks and bid-rigging. If your company is suddenly winning bids that you haven’t in the past and that seem like a stretch, verify that your bid processes have been followed. Sometimes employees disguise illegal activities as change orders, so be sure to scrutinize each change order.
Budget analysis. Prepare annual budgets — for your company and each job — and regularly compare actual results to budgets. Scrutinize large or unanticipated discrepancies.
Payroll practices. Have someone independent of your accounting department verify the names and pay rates on your payroll. If you don’t already, pay employees using direct deposit, rather than with checks or cash.
Vacation policy. Require full-time employees to take time off every year. Fraud is often exposed when the perpetrator isn’t there to cover it up.
These are just some of the many internal controls contractors should implement to protect their businesses. In addition to preventing and revealing fraud, solid internal controls can help avoid accounting errors, reduce waste and boost cash flow by making billing, purchasing and other processes more efficient. Contact us for more information at 205-345-9898 and firstname.lastname@example.org.
© 2019 CovenantCPA
Job applicants aren’t always honest on their resumés. And if you don’t investigate suspicious claims, you might end up hiring an unqualified and unethical employee — which could lead to financial, productivity and legal liability issues. The resumé fibber might also be more likely to commit occupational fraud.
Here’s how to unearth the three most common resumé falsifications.
1. Deceptive dates
Whether to gloss over a termination, a period of job hopping or time spent out of the workforce, some job seekers “adjust” dates to make their employment history seem more consistent. Look closely at resumés that state employment dates in years, not months. Say an applicant claims she worked at her last job between 2017 and 2018. Her tenure may only have lasted two months — December 2017 until January 2018 — instead of the implied two years.
Confirm an applicant’s precise employment dates with all previous employers. Also make sure that candidates complete your entire job application, informing them that, although a resumé isn’t a legal document, a job application is. Lying on it is cause for immediate dismissal.
2. Fake degrees and shifting majors
Workers applying for a position that requires a specific degree are more likely to lie about their education than other applicants are. If a resumé lists an unfamiliar school, or coursework and years but no degree, dig deeper. A school you’ve never heard of could be a diploma mill. A resumé that simply lists Chemistry, State College, 2002, may indicate that the job seeker completed classes in that subject but didn’t actually receive a degree.
Always check applicants’ educational claims by contacting the degree-granting institution. If you’re suspicious of a school, verify its accreditation with the U.S. Department of Education.
3. Embellished titles, skills and accomplishments
Everyone tries to look their best on a resumé. Some, however, embellish their experience, titles, skill proficiencies or grade point averages with outright lies. There’s no such thing as a perfect job candidate: You may want to flag any resumé that exactly matches all of a position’s qualifications.
You should contact all personal references and speak with previous supervisors or HR staffers, notpeers, to confirm titles and job responsibilities. To elicit the best information, ask open-ended questions, followed by more probing, detailed ones. But be aware that some past employers will give only limited information, such as dates of employment.
Time and money well spent
If you’re quickly checking resumés and conducting interviews, you’re less likely to separate the candidates with real potential from those sporting fake credentials. If time is scarce, outsource this process. It’s money well spent if you can save your company from public embarrassment, legal woes or financial losses due to fraud. Contact us with questions at 205-345-9898 and email@example.com.
© 2019 CovenantCPA
When people hear the term “forensic science,” they usually think “CSI.” What comes to mind when you hear the term “forensic accounting”? Similar to forensic scientists offering opinions about scientific matters, forensic accountants may be called on to investigate and serve as financial experts in commercial litigation. Here’s how.
Who they are
Forensic accountants specialize in conducting fraud audits and investigations to detect irregularities and troubling trends, looking for both telltale and subtle signs of white collar crime. Certified fraud examiners (CFEs) are specially trained in fraud discovery, recognition, documentation and prevention. They’re also generally knowledgeable about human behavioral factors and motivations that contribute to the commission of fraud, such as the ability to rationalize fraudulent conduct.
Often, forensic accountants are retained to detect misrepresentations of financial data or to locate missing funds. It’s important to investigate fraud suspicions as early as possible to help mitigate potential losses.
What to expect
When you or your attorney engages a forensic accountant, you can expect the expert to work closely with you to tailor an investigation to the situation at hand. Depending on the type of fraud suspected, the investigation may be performed on a comprehensive, companywide or random, spot-check basis.
Forensic accountants work to determine the scope of the fraud, including its duration and participants. Investigations typically require extensive document review. In a case involving asset misappropriation, for example, experts might search for forged documents.
They also look for evidence of compliance — or noncompliance — with Generally Accepted Accounting Principles (GAAP). Of course, GAAP compliance doesn’t guarantee legitimate accounting, so an investigation might also focus on specific areas that wouldn’t necessarily be caught in an audit, such as the use of assets at the operational level. Are they being used as intended or for the benefit of an employee? Are all of the assets accounted for?
When to expand the scope
Special investigations also can be effective in uncovering high-level financial fraud. A board usually receives its financial and operational information from a company’s executives. Investigations enable board members to get deeper, more detailed information without going through management. Experts can interview individuals “in the trenches” and review raw data, and then communicate their findings directly to the board.
Fraud investigations might be used to monitor the activities of top executives — even if only for policy lapses. Management members often are given greater latitude and may be tempted to bend the rules. When this occurs, it can influence a company’s ethical environment and encourage other employees to disregard policies or commit fraud.
When to call
If you suspect a financial impropriety, contact us. We can help minimize fraud losses, preserve confidentiality and admissibility of evidence, and possibly even reduce litigation costs. Call us at 205-345-9898, or email us at firstname.lastname@example.org.
© 2019 CovenantCPA
To prevent occupational fraud from cutting into your auto dealership’s profits and generating negative publicity, you need a strong internal controls system. And effective controls start with current and accurate financial statements.
It starts in accounting
One sign of weak internal controls is an accounting department that fails to generate a balance sheet and income statement until two or more weeks after month’s end. Accounting should post transactions daily, including new and used vehicle sales, repair orders, invoice payments, payroll and cash receipts.
By 1 p.m. on any given day, you should have access to real-time checkbook balances and other accounting information effective as of 5 p.m. the day before. That way, you might be able to catch the first signs of fraud and use the data to catch the perpetrator.
Tried and true methods
Complex computer passwords, background checks and security cameras are essential to preventing fraud. But sometimes these protections fall by the wayside. Periodically review your safeguards and ensure they’re being used. For example, require employees to change their passwords quarterly, conduct regular inventory counts, engage outside CPAs to perform audits and segregate accounting duties.
As a rule of thumb, employees who record and reconcile transactions should never have access to those assets (including being a signer on bank accounts). Give the segregation of duties a starring role in your internal controls program.
Real life examples
To see how such controls can reduce losses, consider this real-life scam. A parts manager stole $70,000 by selling his employer’s parts and pocketing the cash. The loss could have been reduced if the owner had performed random inventory counts throughout the year, rather than waiting for his CPA to physically verify inventories at year end.
In another case, a dealership caught its cashier stealing by voiding service orders and falsifying deposit slips. The cashier’s responsibilities included collecting cash, issuing receipts to customers, preparing the daily deposit slip and reconciling the daily cash report. A loss of $16,000 might have been prevented if the dealership had segregated these duties.
Another dealer learned that his general manager was wholesaling used cars at a loss to the dealership because he owned a 50% interest in the wholesaler. A better pre-employment screening process might have helped detect such conflicts of interest as well as any criminal history.
We can help you bolster your dealership’s internal controls. But your involvement is essential to preventing fraud. Let employees know that you personally review bank statements, order test counts of inventory and examine adjusted journal entries. Knowing that you’re paying attention will discourage most thieves. Contact us for more at 205-345-9898 and email@example.com.
© 2019 CovenantCPA
In its 2018 Report to the Nations on Occupational Fraud and Abuse, the Association of Certified Fraud Examiners (ACFE) reported that owners and executives accounted for only 19% of all fraud cases. Yet they caused a median loss of $850,000, vs. a median of $100,000 for rank-and-file employees.
Executive thieves get away with more because they have greater access to assets and can more easily override internal controls. Their schemes also tend to continue for longer periods before detection — an average of two years vs. one year for nonmanager employee schemes. So it’s critical to spot the signs of executive fraud and nab these high-placed thieves.
Greater authority = greater damage
Traditional preventive measures, such as background checks, may be ineffective when it comes to executive fraud because many of these perpetrators are first-time offenders. Fortunately, their schemes tend to raise red flags. Crooked executives often are reluctant to cooperate with internal investigations and outside auditors and may show disrespect for regulators. Sometimes, they offer unreasonable responses to reasonable questions or become agitated or annoyed when probed about financial discrepancies.
Often, their lifestyles betray them. A thieving executive may begin spending extravagantly on expensive cars and vacations. Or a formerly fiscally healthy individual may appear to be mired in debt and have credit problems. In some cases, the motivation for fraud is a substance abuse or gambling problem.
Vulnerabilities create opportunities
Weak internal controls make fraud easier for executives to perpetrate. Vulnerable organizations may have minimal or no segregation of duties, little external audit oversight, a lax or inexperienced accounting staff and excessive trust in key executives. Environments where all decisions are made by an individual or small group are also at higher risk. And companies in financial distress provide particularly fertile ground for fraud perpetrators.
Some executives commit fraud for what they believe is the benefit of the company. Financial weakness, out-of-control expenses, tax adjustments by the IRS, credit difficulties and pressure to meet budgets and earnings projections can all motivate an executive to do “whatever it takes” to prop up the company. When bottom-line results seem too good to be true, that just may be the case.
Tone at the top
Executive fraud can have devastating financial consequences and harm your company’s reputation with shareholders and the public. Also, it sets the ethical tone for the entire organization. Employees who know or suspect their superiors are dishonest are more likely to cut corners — or steal — themselves. So if you suspect fraud in your organization or need to bolster your internal controls, contact us at 205-345-9898 or firstname.lastname@example.org.
© 2019 CovenantCPA
It’s every business owner’s nightmare. Should hackers gain access to your customers’ or employees’ sensitive data, the very reputation of your company could be compromised. And lawsuits might soon follow.
No business owner wants to think about such a crisis, yet it’s imperative that you do. Suffering a data breach without an emergency response plan leaves you vulnerable to not only the damage of the attack itself, but also the potential fallout from your own panicked decisions.
5 steps to take
A comprehensive plan generally follows five steps once a data breach occurs:
1. Call your attorney. He or she should be able to advise you on the potential legal ramifications of the incident and what you should do or not do (or say) in response. Involve your attorney in the creation of your response plan, so all this won’t come out of the blue.
2. Engage a digital forensics investigator. Contact us for help identifying a forensic investigator that you can turn to in the event of a data breach. The preliminary goal will be to answer two fundamental questions: How were the systems breached? What data did the hackers access? Once these questions have been answered, experts can evaluate the extent of the damage.
3. Fortify your IT systems. While investigative and response procedures are underway, you need to proactively prevent another breach and strengthen controls. Doing so will obviously involve changing passwords, but you may also need to add firewalls, create deeper layers of user authentication or restrict some employees from certain systems.
4. Communicate strategically. No matter the size of the company, the communications goal following a data breach is essentially the same: Provide accurate information about the incident in a reasonably timely manner that preserves the trust of customers, employees, investors, creditors and other stakeholders.
Note that “in a reasonably timely manner” doesn’t mean “immediately.” Often, it’s best to acknowledge an incident occurred but hold off on a detailed statement until you know precisely what happened and can reassure those affected that you’re taking specific measures to control the damage.
5. Activate or adjust credit and IT monitoring services. You may want to initiate an early warning system against future breaches by setting up a credit monitoring service and engaging an IT consultant to periodically check your systems for unauthorized or suspicious activity. Of course, you don’t have to wait for a breach to do these things, but you could increase their intensity or frequency following an incident.
Data breaches are an inevitable risk of running a business in today’s networked, technology-driven world. Should this nightmare become a reality, a well-conceived emergency response plan can preserve your company’s goodwill and minimize the negative impact on profitability. We can help you budget for such a plan and establish internal controls to prevent and detect fraud related to (and not related to) data breaches. Call or email us today at 205-345-9898 or email@example.com.
© 2019 CovenantCPA
News of commercial database hackings may seem commonplace in 2019. But while many of these stories focus on hacked bank and credit card accounts, 401(k) plan sponsors and participants probably don’t realize that their plan assets also are at risk.
Employers who offer 401(k) plans to their employees need to take precautions against identity theft. Part of this is educating participants.
Role of sponsors
If your organization sponsors a 401(k) plan, it’s essential that you assess plan service providers’ protection systems and policies. Most providers carry cyberfraud insurance that they extend to plan participants. But there may be limits to this protection if, for example, the provider determines that you (the sponsor) or employees (participants) opened the door to a security breach.
Your plan’s documents may say that participants must adopt the provider’s recommended security practices. These could include checking account information “frequently” and reviewing correspondence from the administrator “promptly.” Make sure you and your employees understand what these terms mean — and follow them.
What participants can do
Traditionally, 401(k) plan participants have been discouraged from worrying about short-term fluctuations and volatility in their accounts, and instead encouraged to focus on the long run. However, lack of regular monitoring can make these accounts vulnerable. Instruct employees to periodically check their account balances and look for signs of unauthorized activity.
Employees also should take the same steps they follow to protect other online accounts. For example:
- Use strong passwords and change them regularly.
- Take advantage of two-factor authentication.
- Don’t use the same login ID and passwords for multiple sites.
- Don’t allow a browser to store login information.
- Never share login information.
Such precautions can foil some of the most common retirement plan thieves — relatives and friends — from using their knowledge to gain account access. In one real-life case, a plan participant divorced his wife and moved out of the house. However, he didn’t update his address with his plan provider, change his password or review his balance regularly. His ex-wife cleaned out his more than $40,000 balance.
A few clicks
Without adequate vigilance, anybody can be a few clicks away from cleaning out your employees’ 401(k) accounts. Review your plan documents carefully and educate participants about their responsibilities for monitoring their accounts. Contact us for more information on identity theft at 205-345-9898 or firstname.lastname@example.org.
© 2019 CovenantCPA
It should come as no surprise that cash is the most popular target of fraud perpetrators. After all, once stolen, cash itself is virtually untraceable. But that doesn’t mean forensic accounting professionals can’t unearth cash fraud schemes — and the crooks behind them.
According to the Association of Certified Fraud Examiners, there are three main categories of cash fraud (which includes checks because they’re easily converted to cash):
- Theft of cash on hand,
- Theft of cash receipts, and
- Fraudulent disbursements.
The last category comprises many of the most frequently executed schemes, such as overbilling and “ghost” vendor or employee schemes. For example, overbilling vendors usually submit inflated invoices by overstating the price per unit or the quantity delivered. A dishonest vendor also might submit a legitimate invoice multiple times. Overbilling may involve collusion with employees of the victim organization, who typically receive kickbacks for their assistance.
Employees also can conduct billing fraud on their own, submitting bogus invoices payable to a fictitious vendor and diverting the payments to themselves. Similarly, an employee might set up payroll disbursements to nonexistent ghost employees.
Cash can be difficult to trace once it’s in the hands of a thief. But forensic experts usually are able to trace the path that stolen cash took before the fraudster pocketed it. This includes who “touched” the cash and what prompted its flow out of the organization.
Inflated invoices, for example, often leave a trail of red flags. Experts look for invoices that bill for “extra” or “special” charges with no explanation. Other suspicious signs include round dollar amounts, or amounts just below the threshold that requires management’s signoff, and discrepancies between invoice amounts and purchase orders, contracts or inventory counts.
If forensic experts suspect that fictitious billing has occurred, they often investigate accounts with no tangible deliverables — such as those for consulting, commissions and advertising — and check vendor addresses against employee addresses. Invoices with consecutive numbers or payable to post office boxes receive extra scrutiny.
Returned checks can supply useful information, too. Fraud perpetrators are more likely to cash checks, whereas legitimate businesses typically deposit them and rarely endorse checks to third parties.
To trace ghost employee schemes, experts examine payroll lists, withholding forms, employment applications, personnel files and other documents. The information collected from these sources may provide vital links between actual and ghost employees that wouldn’t otherwise be apparent.
To catch a thief
Strong internal controls are instrumental in preventing cash-type schemes. But even the strongest controls sometimes fail to prevent a determined fraudster. If that happens, we can help your business ferret out the fraud and track down the perp. Call or email us today for help– 205-345-9898 or email@example.com.
Because they foster a collegial, trusting environment, law firms can be more vulnerable to fraud than many other types of businesses. Enforcing internal controls may simply seem unnecessary in an office of professionals dedicated to the law. Unfortunately, occupational thieves can take advantage of such complacency.
A law firm’s accounting department — payroll and accounts payable and receivable — may be particularly vulnerable. To protect against financial losses and possible public embarrassment, implement and enforce five basic controls:
1. Screen employees. Require all prospective employees, regardless of level, to complete an employment application with written authorization permitting your firm to verify information provided. Then, call references and conduct background checks (or hire a service to do it). These checks search criminal and court records, pull applicants’ credit reports and driving records, and verify their Social Security numbers.
2. Use fraud-resistant documents. The design of financial documents can help ensure proper authorization of transactions, completeness of transaction histories and adherence to other control elements. For example, use prenumbered payment vouchers that a designated partner must approve.
3. Require authorization. Authorization procedures can help prevent transactions from occurring without proper approval. In the example above, the designated partner is the authorizing party. This control is effective because the partner is in a position to know what the transactions are and how they pertain to your firm’s clients. Similarly, restrict access by maintaining current signature cards at your bank and by protecting accounting and billing systems with difficult passwords.
4. Segregate duties. Some smaller firms assign the same person to open mail, make bank deposits, record book entries and reconcile monthly bank statements. In this environment, fraud’s not only possible — it’s likely. It’s critical that your firm distribute these tasks to two or more people.
5. Provide independent oversight. A designated partner should open all bank statements. Even if the partner doesn’t review every item individually, employees will get the message that transactions will be verified. Someone outside the accounting department, such as your firm’s CPA, might also review transactions as they’re processed and financial statements at the close of accounting cycle reconciliations.
Even if your firm is like family — especially if your firm is like family — you need to reduce fraud opportunities by strengthening internal controls. If you aren’t sure if your policies are adequate, or if you’ve experienced a fraud incident, contact us at 205-345-9898 or firstname.lastname@example.org.
© 2019 CovenantCPA