Over the past year, most businesses have been forced to contend with multiple crises, including COVID-19, social unrest and financial challenges. The last thing you need right now is a fraud incident. But if your company is defrauded, you can help mitigate the damage with a fraud contingency plan.
Identifying likely scenarios
No contingency plan can cover every possibility, but yours should be as wide-ranging as possible. Work with your senior management team and financial advisors to devise as many fraud scenarios as you can dream up. Consider how your internal controls could be breached — whether the perpetrator is a relatively new hire, an experienced department manager, a high-ranking executive or an outside party.
Next, decide which scenarios are most likely to occur given such factors as your industry and size. For example, retailers are particularly vulnerable to skimming. And small businesses without adequate segregation of duties may be at greater risk for theft in accounts payable. Also identify the schemes that would be most damaging to your business. Consider this from both a financial and a public relations standpoint.
As you write your plan, assign responsibilities to specific individuals. When fraud is suspected, one person should lead the investigation and coordinate with staff and any third-party investigators. Put other employees to work where they can be most effective. For example, your IT manager may be tasked with preventing loss of electronic records and your head of human resources may be responsible for maintaining employee morale.
You’ll also want to define the objectives of any fraud investigation. Some companies want only to fire the person responsible, mitigate the damage and keep news of the incident from leaking. Others may want to seek prosecution of offenders as examples to others or to recover stolen funds. Your fraud contingency plan should include information on who will work with law enforcement and how they will do so.
Employee communications are particularly important during a fraud investigation. Staff members who don’t know what’s going on will speculate. Although you should consult legal and financial advisors before releasing any information, aim to be as honest with your employees as you can. It’s equally important to make your response visible so that employees know you take fraud seriously.
Also designate someone to manage external communications. This person should be prepared to deflect criticism and defend your company’s stability, as well as control the flow of information to the outside world.
Taking swift action
A fraud contingency plan isn’t designed to prevent fraud. Instead, it’s a blueprint for taking swift and effective action should fraud occur. To reduce the risk of theft, you’ll need to ensure that you have strong internal controls. Contact us for help with both plans.
© 2021 Covenant CPA
Whew, you made it through 2020! But don’t rest easy yet. Unfortunately, fraud perpetrators enjoyed a profitable year, and there are signs they may continue to feed off Americans as long as the pandemic is active. Here are several scams to watch for in 2021.
Struggling small-business owners have welcomed last month’s 11th hour extension of the Paycheck Protection Program (PPP). They aren’t alone: Fraudsters skilled at falsifying loan applications are also likely rubbing their hands in anticipation.
The Justice Department has brought charges against at least 80 individuals for stealing $127 million from the first PPP. Law enforcement expects to charge more (likely many more) con artists as evidence is uncovered. Indeed, the House Select Subcommittee on the Coronavirus Crisis claims that at least $14 billion in PPP loans were improper. Not all of these cases were outright fraud, but there’s evidence that some business owners and lenders ignored PPP guidelines.
To help prevent further misuse of these loans, $50 million has been allocated to the Small Business Administration for PPP fraud prevention and audits. To avoid unnecessary scrutiny or legal trouble, business borrowers should make sure they understand all eligibility requirements for PPP loans and are qualified before applying.
Consumer scams related to the pandemic also are still going strong. Even before COVID-19 vaccinations gained FDA approval, fraudsters conned many Americans (primarily via email and online ads) into paying for nonexistent cures and preventive treatments.
This past month, the FBI and several other federal agencies warned that perpetrators are now advertising COVID-19 vaccine “early access” for those willing to pay a fee or submit medical and other personal information. Make no mistake: These are fraud schemes. To receive a vaccine, visit the Food and Drug Administration (fda.gov) or Centers for Disease Control and Prevention (cdc.gov) websites or consult your physician to learn when you will be eligible.
Fraudsters took note when many Americans adopted pets to provide companionship during the pandemic. The Federal Trade Commission is warning about fake ads picturing puppies, kittens and other pets for sale or adoption. The fraudsters typically first request an amount that sounds reasonable up front. Once they receive that, they ask for more and more … for vet bills, health certificates, shipping and anything else they can come up with. Needless to say, there are no actual pets.
You can avoid falling for such scams by performing extensive due diligence. For example, get the name and address of the seller (and verify them) and arrange for a videoconference to see the pet in the possession of the seller. Even better, adopt an animal from a shelter you can visit in person.
There are a lot of fraud threats out there these days. For help combating consumer and business fraud, contact us.
© 2021 Covenant CPA
In one recent cybercrime scheme, a mortgage company employee accessed his employer’s records without authorization, then used stolen customer lists to start his own mortgage business. The perpetrator hacked the protected records by sending an email containing malware to a coworker.
This particular dishonest worker was caught. But your company may not be so lucky. One of your employees’ cybercrime schemes could end in financial losses or competitive disadvantages due to corporate espionage.
Why would trusted employees steal from the hand that feeds them? They could be working for a competitor or seeking revenge for perceived wrongs. Sometimes coercion by a third party or the need to pay gambling or addiction-related debts comes into play.
Although there are no guarantees that you’ll be able to foil every hacking scheme, your business can minimize the risk of insider theft by implementing several best practices:
Restrict IT use. Your IT personnel should take proactive measures to restrict or monitor employee use of email accounts, websites, peer-to-peer networking, Instant Messaging protocols and File Transfer Protocol.
Remove access. When employees leave the company, immediately remove them from all access lists and ask them to return their means of access to secure accounts. Provide them with copies of any signed confidentiality agreements as a reminder of their legal responsibilities for maintaining data confidentiality.
Don’t neglect physical assets. Some data thefts occur the old-fashioned way — with employees absconding with materials after hours or while no one is looking. Typically, a crooked employee will print or photocopy documents and remove them from the workplace hidden in a briefcase or bag. Some dishonest employees remove files from cabinets, desks or other storage locations. Controls such as locks, surveillance cameras and restrictions to access can help prevent and deter theft.
Treat workers well. Create a positive work environment and treat employees fairly and with respect. This can encourage loyalty and trust, thereby minimizing potential motives for employee theft.
In addition to the previously named threats, your office’s wireless communication networks — including Wi-Fi, Bluetooth and cellular — can increase fraud risk. Fraud perpetrators can, for example, use mobile devices to gain access to sensitive information. One way to deter such activities is to restrict Wi-Fi to employees with special passwords or biometric access.
For more tips on preventing employee-originated cybercrime, or if you suspect a fraud scheme is underway, contact us for help.
© 2020 Covenant CPA
For most retailers, this is the most profitable season of the year. However, customer returns in January can cut deeply into December revenues — particularly if the returns are fraudulent. U.S. retailers suffer annual losses of $18.4 billion from fraudulent returns, according to data analytics company Appriss and the National Retail Federation (NRF). And as antifraud technology company Signifyd has found, the pandemic is encouraging higher retail return rates — as much as 80% higher than before COVID-19 hit. Such a shift is likely to mean even more fraud.
Old dog, new tricks
Return fraud isn’t new. Dishonest customers have long “returned” items they stole or purchased elsewhere for less to stores willing to issue full cash refunds. But growth in online sales has magnified return fraud risk for retailers. The NRF reports that 38% of retailers have observed an increase in the number of buy online, return in-store transactions. And of these retailers, 29% reported an increase in fraudulent returns.
However, retailers that allow shipped returns face even greater risk of losses. In one common scheme, customers buy expensive items, then ship back cheap knockoffs or random objects that approximate the size and weight of the original merchandise. If a retailer issues a refund before its employees open and inspect the returned item, the business probably will end up out-of-pocket.
Entire networks dedicated to return fraud have sprung up on the Web. Many offer to help consumers profit off real purchases by making phony returns. In times of financial insecurity, such siren calls may convince ordinarily honest people to become fraud perpetrators.
How to act
It’s critical that you use up-to-date return and inventory management systems designed to prevent fraud and shrinkage. But perhaps the most important way to fight return fraud is with a formal merchandise return policy that specifies:
- A timeframe for returns — for example, 30 or 60 days from the purchase,
- Any required documentation, such as the original receipt,
- Whether returns are eligible for a cash refund or only store credit,
- Whether the return must include the original packaging,
- Whether returns must be made in person, even if merchandise was purchased online,
- The condition of the returned goods (most retailers prefer “as new” or “as sold”),
- What customer information you need, such as address and phone number, and
- A reason for the return.
You may only want to accept returns if the merchandise is defective. But of course, many customers expect flexible return policies and may take their business elsewhere if yours is too rigid.
Post your return policy at registers, on receipts and on your website. Require that a manager approves any exception made to this return policy.
You can’t afford it
Depending on the size of your business, return fraud could cost you thousands or millions of dollars, an amount you can’t afford during this uncertain time — or anytime. Make sure your return policy is airtight and that employees consistently apply it. Contact us for help with fraud or unusual financial losses.
© 2020 Covenant CPA
Most fraud-prevention guidance advises owners and manager to monitor employees. But what exactly does this mean? Are you legally entitled to monitor employee computer use? What about security cameras in the workspace? Can you search an employee’s desk if you suspect the person is hiding something? The simple answer is that to stay on the right side of the law, your business must be careful about invading employee privacy.
Many employment laws apply to employees’ privacy rights. In general, they attempt to balance employers’ interests in minimizing losses and injuries and maximizing production with employees’ interests in being free from intrusion into their private affairs.
By adopting and clearly communicating employment policies, your company can, within limits, establish its authority to conduct searches and surveillance that might otherwise be deemed intrusive. But before you communicate your policies, check with your attorney to ensure they don’t violate any federal or state laws.
In most cases, federal law allows employers to monitor employees’ use of company-owned electronic devices (including tracking web use) without their knowledge. But you need to have a legitimate business reason to do so—for example, to prevent losses from fraud. You’re also generally allowed to read both work-related and private employee emails if they’re accessed on work devices.
If your company clearly states a policy to monitor communications, an employee is usually considered to have consented by remaining in the job or by using electronic devices. Keep in mind that some state laws may have more restrictive consent rules.
In general you can also monitor business-related phone conversations to and from the workplace. However, you can’t monitor personal calls and must hang up as soon as it’s apparent the call isn’t work-related. There’s one exception to this rule: if the employee has given you permission to listen in.
As for camera surveillance, you’re allowed to install cameras in your company’s offices or production areas, but usually not in “private” areas such as restrooms and locker rooms. And surveillance records must be kept confidential. Only individuals who must know the information to properly perform their duties should have access to evidence of possible wrongdoing.
Physical searches require more care. If possible, you should consult with your attorney before performing a body search. When searching a worker, don’t threaten or apply physical force or restrain or otherwise prevent the employee from leaving the workplace. Aside from possible referral to law enforcement, keep any physical search results confidential to prevent leaks that could form the basis for libel or slander suits.
Threat is real
The threat of lawsuits for violating employee rights is real and such litigation can end up being very expensive. So, of course, is the risk of fraud losses. To walk this thin line, work with your attorney, and if you suspect fraud, enlist the help of a forensic accounting expert.
© 2020 Covenant CPA
Americans generally feel generous during the holidays and usually are eager to donate to worthy charitable causes. At the same time, they’re so busy and rushed with holiday activities they don’t necessarily vet charities that ask for support. Fraud perpetrators masquerading as nonprofits usually find easy pickings.
Charity scammers use every available channel to defraud charitable donors — door-to-door appeals, telemarketing campaigns, email messages, slick looking websites and even through social media “friends.” To ensure your donations reach the genuinely needy, exercise healthy skepticism and take precautions.
Know your nonprofit
The best and easiest way to avoid becoming a charity scam victim is to donate only to charities you already know and trust. However, by doing this, it’s possible you could exclude new or lesser-known charities from consideration. So if you want to donate to an unknown group, ask the organization to provide as much information as possible — including its tax ID number. Then verify the charity’s status with the IRS and its activities and financials on watchdog sites such as charitynavigator.com and charitywatch.com.
Also make sure you understand how the charity intends to use your donation. This is just as true for established nonprofits. If it isn’t clear where your donation will go or if the charity’s representative seems to dodge the question, walk away.
Here are some other tips to help you avoid becoming a charity fraud victim:
Don’t answer suspicious calls. Caller ID makes it easy to ignore calls from numbers you don’t recognize. Unfortunately, perpetrators may mask their phone numbers with the names and numbers of legitimate charities. The simple solution: Tell the caller you don’t donate money over the phone and hang up.
Ignore suspicious emails. Don’t open unfamiliar and unsolicited emails or click on any links they include.
Avoid in-person sales pitches. Place a “No Solicitors” sign at your front door to discourage con artists. If you inadvertently open the door to a stranger, inform the person that you don’t donate to charities unless they send information in the mail. Fake charities usually won’t.
Don’t bend to pressure. No matter how compelling the sales pitch, or how “urgent” the charity’s need, take time to review and research it. Tell solicitors that you’ll get back to them later. Be particularly wary about pitches in the aftermath of natural disasters and other emergencies.
Donate with credit cards. Using credit cards to make charitable donations provides a level of protection because you usually can dispute fraudulent charges. If you discover a discrepancy when reviewing monthly statements, contact the charity and your credit card company immediately. Debit cards generally offer less protection against unauthorized charges. And paper checks are easy to counterfeit.
Charity fraud is a particularly heinous crime because it hurts both the charitably inclined and those in need of help. If you suspect someone is perpetrating a scheme, stay away from the fraudster and report the person to law enforcement.
© 2020 Covenant CPA
According to data company Dun & Bradstreet, business identity theft increased more than 250% in the first half of 2020. You can thank the pandemic — and the government’s release of relief and recovery funds to qualified U.S. businesses — for this remarkable number. In a more typical year, crooks use stolen business identities to file fraudulent tax returns, apply for credit and empty bank accounts. However they might try to use your company’s information, there are steps you can take to reduce the risk.
Protecting sensitive information
Thieves often use malware to infect computers and gather sensitive data from businesses. They also create fake websites that trick employees into entering login and password information. To protect against these tactics, deploy patches when prompted and maintain up-to-date security software. Store all sensitive digital files such as financial statements, invoices, bank statements and aging schedules in secure, password-protected locations.
Also, secure paper documents in locked file cabinets. When you no longer need sensitive paper documents, destroy them using a cross-cutting shredder. If you need to shred a significant volume of paper, hire a reputable service to destroy documents on your premises.
Regularly review records
So that you can act on suspicious activity before it leads to financial losses and reputation damage, monitor official records and other public information. For example, keep an eye on your business credit as well as the personal credit reports of owners. Also regularly review business records and professional license information with state, county and city registrar offices.
Bank accounts deserve special attention. Reconciling bank accounts daily is your best bet. If a fraudulent transaction posts to your business’s account, you must notify your bank within a certain time period to not be liable for the transaction. Also note that criminals often use wires to move stolen money overseas and beyond the reaches of U.S. law enforcement. If you never send wires, instruct your bank to block that capability from your accounts.
Don’t forget employees
Finally, don’t forget to involve employees in your fight against business identity theft. Coach everyone from executives to rank-and-file workers about the threats facing your company and how they can do their part to ensure sensitive data doesn’t fall into the wrong hands. Contact us for help strengthening your internal controls.
© 2020 Covenant CPA
Management overrides of internal controls can make your company more vulnerable to fraud. This is true even when managers have innocent intentions — for example, they don’t feel they have time to follow proper accounts payable procedures because a vendor is requesting immediate payment. Your company is at even higher risk of fraud losses if a senior manager intentionally ignores the rules to manipulate financial statements.
Management overrides of financial controls can be difficult to detect. However, there are several warning signs that a manager isn’t fully adhering to the policies and procedures your organization has adopted. For instance, a manager may fail to call attention to business risks or dispute an auditor’s findings regarding his or her department. A senior manager may be unwilling to discuss issues that could require financial adjustments or insist on releasing overly optimistic reports on current or future performance.
Such behavior doesn’t prove that fraud is occurring. However, it suggests that you need to improve or open new paths of communication and consider retraining managers on the importance of internal controls. If you do suspect fraud, you must be willing to investigate — regardless of whom it might implicate.
To prevent management overrides, build a culture that encourages honesty and supports employees who speak up when they suspect something’s wrong. Think about whether your managers experience pressure that unwittingly encourages fraud. For example, if your industry has seen increased business failures, some employees may think they need to keep profits at specified levels. They might also feel stressed if their compensation depends on achieving stretch goals for cash flow or operating results.
Employees a level or two below senior managers are most likely to observe management overrides. Give them access to a confidential hotline and they’re more likely to report fraud before it seriously harms your business. And if you extend your hotline to vendors and customers, you’ll increase your chances for learning of improprieties early.
A difficult year
This year has been challenging for businesses of every size and in every sector. With many employees working from home and some companies downsizing, managers may be tempted to take short cuts they wouldn’t under ordinary circumstances. Or worse, managers with access to financial statements may feel pressure to fudge numbers to improve your company’s public profile or boost their own compensation. We can help identify flaws in your fraud-prevention program and design policies that even those bent on fraud will have trouble overriding.
© 2020 Covenant CPA
Ghost stories can be good fun, particularly this time of year. Ghost employees, on the other hand, are trouble for employers. They may be just as fictional as the paranormal activities in your favorite scary book or movie, but if you have ghost employees on your payroll, you have fraud. And if you have fraud, you have potentially significant financial losses.
Anatomy of a scheme
Ghost employee schemes usually are perpetrated by employees who have easy access to payroll records. If your company’s internal controls are loose enough to be exploited, a greedy or disgruntled staffer could invent an employee, put this “person” on the payroll and direct deposit paychecks to a bank account in the ghost’s name.
It may seem like it would be easier to hide ghost employees in large companies. In fact, small businesses, where a single employee may handle all the payroll accounting, are more vulnerable. In some cases, perpetrators enlist friends or relatives to forge endorsements or deposit checks. In others, no assistance is necessary. The thief simply exploits weaknesses in the payroll system.
Look for traces
Ghost employees are just one way for dishonest employees to manipulate your payroll system. Perhaps the easiest scam to perpetrate is to overpay withholding or payroll taxes. The government sends a refund to your company, and the employee deposits it in an account in his or her name. Other methods of defrauding your payroll system include falsifying hours, increasing commission rates and filing false workers’ compensation claims.
The good news is that ghost and other payroll schemes usually leave traces. Look for:
- Paychecks with no tax, Social Security, health insurance or retirement plan deductions,
- Dual endorsements on paychecks, and
- Duplicate names, addresses or Social Security numbers in payroll records.
Also scrutinize higher-than-budgeted payroll expenses, and unusual spikes in the number of payroll checks presented for payment.
To prevent this type of fraud, segregate your business’s payroll duties. If one employee writes checks, reconciles statements and keeps the books, that employee may be tempted to steal. Divide the duties among more than one employee. You might also consider outsourcing your payroll process. If that’s not practical, make sure your computer system is secure and that all records are password-protected and access-limited.
How we can help
Ghost employees go unnoticed in many companies because employees are trusted too much and internal controls are only haphazardly applied — if they exist at all. We can audit your internal controls and suggest improvements to prevent losses. And if you suspect a ghost employee is haunting your business, contact us immediately.
© 2020 Covenant CPA
Forensic accountants are engaged for a wide variety of assignments, among them investigating fraud, auditing internal controls and quantifying damages associated with legal disputes. All of these require attention to detail and a diverse set of skills including mathematical, technological, legal and investigative. But the accounting landscape and client needs are constantly changing. Here’s how the profession has adapted to digitization in the 21st century and how it’s applying the latest technological solutions.
Embracing the digital revolution
Technology has radically changed how forensic accountants do their jobs. Businesses used to be awash in paper. Today, most companies run on a digital backbone and discourage employees from printing to save money and reduce environmental damage. Consequently, forensic accountants must be able to gather, analyze and make sense of vast amounts of electronic data.
In addition to processing company data to, for example, calculate financial ratios, build spreadsheets and determine legal damages, many experts routinely attempt to recover data that perpetrators have deliberately deleted. During an investigation, a forensic accountant might:
- Search for and piece together deleted files,
- Analyze suspicious user activity on company servers,
- Identify relevant electronic files within a company’s network, and
- View suspected perpetrators’ social media accounts.
Newer developments, such as cloud-based storage solutions and a shift from working in offices to working remotely, mean that forensic accountants now must look outside the traditional confines of a company’s IT perimeter.
Glimpse of the future
As for the future, artificial intelligence (AI) increasingly looks like it will play a significant role. Most forensic accountants must harness vast amounts of electronic data to do their jobs. Expenses associated with a forensic investigation can quickly add up.
AI and machine learning enable forensic accountants to continue to deliver cost-effective services. These tools allow experts to analyze large data sets faster and can even “make decisions” such as determine what constitutes a suspicious invoice and flag those records. Or AI might review a set of contracts, seeking certain words or features that suggest higher risk. In general, the more records an AI system reviews over time, the more it “learns” and the higher its accuracy rate.
Other technologies predicted to play a greater role in forensic accounting in the future include predictive analytics, blockchain, robotics and bots. But whatever tools forensic accountants use, the underlying issues — fraud and legal disputes — remain basically the same. If you or your business is grappling with these issues, contact us.
© 2020 Covenant CPA