Reports started trickling into state agricultural agencies in July: Consumers were worried about strange seed packets they had received in the mail. The unsolicited goods weren’t labeled and appeared to be sent from China. In a year already fraught with anxiety and paranoia, the story quickly made headlines.
Perhaps this was the first you’d heard of a scam known as “brushing,” in which some third-party e-commerce sellers set up fake buyer accounts and ship unordered goods (in this case, seeds) to “customers.” Why would they do this? Read on.
A growing fraud
Brushing scammers set up fake accounts with Amazon, eBay and other online platforms so that they can order their own merchandise, ship it to a real address and then post glowing reviews that bolster their ratings. The ultimate objective, of course, is to attract more buyers for their goods.
According to the U.S. Department of Agriculture (USDA), the seeds people received this summer seem to be part of a brushing scheme. (The USDA is continuing to investigate, but at this time, the seeds don’t appear to be dangerous or capable of producing invasive plants.) However, this isn’t the first time Americans have received unordered merchandise from unknown companies. Over the past couple of years, consumers have been surprised by gifts of everything from flashlights to hand warmers to Bluetooth speakers.
Considering that you aren’t obliged to pay for or send back merchandise you didn’t order, this may not seem like a big deal. However, it suggests that personal information has been disclosed or compromised. So if you receive one of their packages, brushers have — at the very least — your name and home address and may also have your phone number and email address. And, as the Federal Trade Commission (FTC) warns, these fraudsters may have set up fake accounts in your name on multiple websites — or even hacked your legitimate accounts.
Nip it in the bud
How can you prevent dishonest businesses from burnishing their own reputations at the possible expense of yours?
- Report a suspicious package to the online retailer or platform (if you know what it is).
- Check your accounts for suspicious activity and change your passwords.
- If it appears accounts have been compromised, review your bank and credit card statements and credit reports. Consider freezing them to prevent fraud perpetrators from opening new accounts in your name.
- File a report with the FTC at ftc.gov/complaint.
Remember that it’s always possible a seller simply sent you something by mistake. Or a friend may have ordered a gift and forgotten to enclose a message to you. So do a little snooping before jumping to conclusions. But if it still seems your mystery package is part of a brushing scam, don’t just brush it off. Report the “gift” and make sure your accounts are secure.
© 2020 Covenant CPA
When business owners suspect that an employee is stealing assets or manipulating financial results, it’s time to call a fraud expert to investigate. Although the complexity of the incident will determine the investigation’s scope, there are three basic steps forensic accountants generally follow to build a fraud case that can stand up in court.
1. Conducting interviews
Fraud interviewers know how to spot warning signs, detect deception and pin down suspicions when talking with suspects and their coworkers. But they usually start with management interviews, by asking owners, executives and audit committee members what they know about:
- Possible fraud ploys,
- The company’s fraud risks, and
- Internal controls that have been implemented to mitigate specific fraud risks or to generally help prevent, deter and detect fraud.
An expert may interview not only your company’s management and audit committee, but also anyone who can provide information about financial fraud risks. These interviews might include employees involved in initiating, recording or processing complex or unusual transactions, as well as operating personnel not directly involved in the financial reporting process.
When interviewing suspects and potential witnesses, experts encourage interviewees to do most of the talking and use silence as a tool to elicit information. Before concluding the interview, they confirm the information they’ve gathered.
2. Gathering evidence
Fraud experts also collect physical and digital evidence of possible fraud from the company’s internal sources. Examples include personnel files, phone and email records, security camera recordings, and physical and IT system access records.
Locating this evidence may require computer forensic examinations. Expect your expert to ask to access your accounting system to search for suspicious journal entries, credits, reversals and overridden controls. Experts may also collect external sources of evidence, such as public records, customer and vendor information, media reports and private detective reports.
3. Analyzing facts
Fraud specialists have been trained to review and categorize internal and external evidence, conduct computer-assisted data analysis and test various hypotheses. Rather than rely on gut instinct, your expert will formally document every step in the investigation and follow formal procedures to ensure a comprehensive investigation.
When experts finish conducting interviews and gathering evidence, they report their findings. You and your attorney may determine the appropriate format for a report and how distribution will be affected by the need to protect legal privileges and avoid defamation.
Avoid a botched investigation
A proper investigation is essential to building a strong fraud case. Indeed, botched investigations could prevent your company from recouping losses and prosecuting the perpetrator. Contact us if you suspect fraud in your organization.
© 2020 Covenant CPA
With a median loss of $954,000, financial statement fraud is the costliest type of white-collar crime, according to the Association of Certified Fraud Examiners. Fortunately, auditors and forensic accountants may be able to detect inflated income and other financial manipulation by testing journal entries.
Unearthing suspicious entries
Financial statement frauds come in many forms. For example, out-of-period revenue can be recorded to inflate revenue. Repair costs can be improperly capitalized as fixed assets to boost earnings. Accounts payable can be understated by recording post-closing journal entries to income. Or expenses can be reclassified to reserves and intercompany accounts, thereby increasing earnings.
To detect these types of scams, auditors:
- Learn about the company’s financial reporting process and controls over journal entries,
- Identify and select journal entries and other adjustments for testing,
- Determine the timing of the testing, and
- Interview individuals involved in the financial reporting process about inappropriate or unusual activity relating to the processing of journal entries.
Financial statement auditors may call on forensic accounting experts when they notice significant irregularities in a company’s financial records.
Testing journal entries
There generally are several common denominators among fraudulent journal entries. Experts look out for entries that are made:
- To unrelated, unusual or seldom-used accounts,
- By individuals who typically don’t make journal entries,
- At the end of the period or as post-closing entries that have little or no explanation or description,
- Before or during the preparation of the financial statements without account numbers, and
- To accounts that contain transactions that are complex or unusual in nature and that have significant estimates and period-end adjustments.
Other red flags include adjustments for intercompany transfers and entries for amounts made just below the individual’s approval threshold or containing large, round-dollar amounts.
Technology tools are critical. Computerized testing enables auditors to evaluate entire datasets, thus reducing the risk of overlooking critical evidence. Such testing also allows fraud experts to devote more time to other aspects of an investigation, such as gathering information about the business and interviewing employees. Computerized testing can prove particularly helpful in situations where manual testing is largely ineffective — for example, when entries exist only in an electronic format and the desired data must be extracted.
Technology and expertise
Computer-assisted journal entry testing doesn’t replace a skilled auditor or fraud expert. Instead, these tools free up the expert’s time. Contact us about examining your company’s financial statements for signs of fraudulent activity.
© 2020 Covenant CPA
Because the average investment account boasts a much larger balance that a typical checking or savings account, cybercriminals are particularly interested in hacking them. Financial institutions are largely responsible for ensuring the security of these accounts, but business customers and consumers also should adopt defensive measures. Here are five recommendations.
- Select two-step authentication. Most financial service providers give customers the option of using a two-step verification process to prevent unauthorized access to their accounts. A two-step approach requires you both to log in to your account with a password and to verify your identity with, for example, a one-time code sent to your mobile phone.
- Choose complex and unique passwords. Criminals often gain access to bank and investment accounts thanks to weak passwords — or because an accountholder uses the same password for multiple accounts. Make sure you use complex, unique passwords with upper- and lower-case letters, special characters and numbers for every investment account you maintain.
- Establish account alerts. In addition to reviewing your monthly account statement for unauthorized transactions, request that your investment institution notifies you via email or text of all account activity. For example, the financial company should confirm buy or sell orders or transfer requests. If you receive a message regarding a transaction or transfer you didn’t authorize, contact your investment company immediately.
- Consider biometrics. Certain devices, including many mobile phones and some laptops, support the use of biometrics, such as face recognition or fingerprint scans. Using biometrics can seem inconvenient at first, but criminals find it almost impossible to foil this unique form of verification.
- Exercise caution with emails. To prevent the installation of malware that can steal account passwords, open emails with caution. If you receive an email from a business or service provider, don’t click on any links. Instead, type in the business’s website address and log in to your account that way. If the spelling, grammar and structure of an email appears unprofessional or suspicious, delete the email and remove it from your deleted email folder. Finally, keep antivirus and malware detection software updated.
Protecting investment accounts takes a multi-layered approach — and constant vigilance. Although your financial service provider likely uses state-of-the-art security to fend off cybercriminals, you also must do your part.
© 2020 Covenant CPA
When Congress authorized an additional $600 in monthly unemployment benefits as part of the CARES Act, out-of-work Americans weren’t the only ones it helped. Criminals have descended like locusts on state unemployment insurance agencies, using stolen identities to fraudulently claim both standard benefits and the additional funds administered by the Pandemic Unemployment Assistance (PUA) program. States have lost hundreds of millions of dollars. Individuals have also suffered, as government efforts to control fraud have clogged up benefit systems and delayed payments to the jobless.
Washington state was the first to experience a COVID-19 outbreak and has since estimated losses of $650 million to unemployment insurance fraud. According to the Secret Service, a scam was detected when someone noticed that multiple direct deposits of benefits had been made to individuals residing out of state. These deposits were subsequently transferred overseas — likely by organized crime gangs.
But Washington is hardly alone. Many other states have discovered fraud. In May, Rhode Island’s labor agency reported that it had almost as many illegitimate unemployment insurance claims as legitimate ones. And widescale fraud in Michigan forced that state to stop payment on nearly 20% of unemployment claims pending review.
If you’re currently employed and receive an unemployment benefit check or debit card or a letter confirming an application for unemployment benefits, immediately contact your state. If you can’t get ahold of your state agency (a problem encountered by thousands of potential fraud victims), report your suspicions to police and the Federal Trade Commission (FTC) at identitytheft.gov. Your identity has likely been stolen and sold to criminals on the dark web. Be sure to request copies of your credit reports and review them for illegitimate activity.
Businesses can help fight unemployment insurance fraud, too. The FTC suggests that companies:
- Ask employees to speak up if they suspect their identities are being used to perpetrate unemployment insurance fraud,
- Direct HR to flag state unemployment agency notices about currently employed workers,
- Report suspected fraud to a state agency — preferably via its website,
- Provide a copy of the documentation to affected employees and let them know if the state requires them to also make a report,
- Bolster cybersecurity to prevent the loss of personal data that could be used to commit fraud.
This last tip is particularly important if your employees currently are working from home.
An easy target
The pandemic has probably unleashed more fraud activity than any other recent event. Even though PUA program payments were due to expire on July 25, state unemployment benefits are too easy and lucrative a target for fraudsters to pass up. But you can do your part to help disrupt these schemes.
© 2020 Covenant CPA
Skimming isn’t the biggest fraud threat for most businesses. The theft of cash receipts represents only 11% of asset appropriation schemes, according to the Association of Certified Fraud Examiners’ 2020 Report to the Nations. But with a median loss of $47,000, your business will likely feel the pain if it becomes a victim of skimming. Here’s what you need to know to prevent it.
Skimming occurs when an employee steals an incoming payment before it’s recorded. In the most basic skimming scheme, a worker sells goods or services to a customer, collects payment and pockets the money without recording the sale. If the customer receives goods but no sale is recorded, skimming will cause a discrepancy between physical inventory counts and the company’s inventory ledger.
Crooked employees can also skim receivables. This generally is harder to pull off, because overdue accounts appear on the accounts receivable aging schedule. Perpetrators may try to cover their thefts by “lapping,” or borrowing money from one account to make up for a shortage in another.
What to look for
To detect skimming, look for infrequent bank deposits and consistent bank balance fluctuations as well as frequent shortages of cash on hand. If you suspect skimming, we can help you perform physical inventory counts to check if inventory levels match recorded sales. We can also review journal entries for false credits to inventory; irregular entries to cash accounts; and write-offs of lost, stolen, or obsolete inventory.
Your business can help prevent skimming by segregating employee duties. No one person should be responsible for collecting, recording, reconciling and depositing cash receipts. Instead, split up those duties among multiple employees.
Also consider implementing these other preventive measures:
- Monitor spaces where employees handle cash with visible video cameras,
- Require daily bank deposits,
- Investigate no-sale and voided transactions,
- Reconcile cash deposits to all cash and checks received,
- Regularly reconcile inventory records to look for shrinkage, and
- Provide an anonymous tip hotline for employees, customers and vendors.
Certain organizations are more vulnerable to skimming. Small companies (those with less than 100 employees) and those in the education, real estate, and transportation and warehousing fields experience higher rates of skimming and may want to take extra precautions. Whatever your industry, contact us at the first sign of fraud.
© 2020 Covenant CPA
New technologies, including artificial intelligence and machine learning, increasingly are being applied to the old problem of occupational fraud. But in most circumstances, common accounting tools — “variance analysis” and “contribution margin” — remain effective in uncovering possible evidence of theft.
Gaps and absences
After your organization finalizes its annual budget, you may perform a variance analysis, reviewing differences between actual and budgeted performance. If, for example, actual wages significantly exceed budgeted wages, the difference could be due to such factors as wage increases, productivity declines or greater downtime. But it could also signal phantom employees on the payroll.
Fraud experts pay particular attention to variances related to inventory and purchase pricing. Supply-related variances could indicate the existence of kickbacks. Or they might suggest fictitious vendors — where payments go to the perpetrator and no inventory is received in exchange.
The absence of variances when they’re expected can also be cause for concern. If the cost of a critical production component has unexpectedly increased, then the actual numbers should show a variance. If no such variance is found, it could be a sign of financial reporting fraud.
Difference between price and costs
The term contribution margin generally refers to the difference between a unit’s sale price and its variable costs. It’s often used to make pricing decisions, calculate the breakeven point and evaluate profitability. But it can also be used to detect fraud.
In general, the contribution margin as a percentage of revenue should remain fairly consistent over time. If the contribution margin is dramatically lower than usual, skimming or inventory theft could be to blame. Just keep in mind that one discrepancy doesn’t equal solid evidence of fraud. It simply indicates that further investigation is warranted.
Discrepancies are just a start
You may have the in-house expertise to expose potential fraud schemes using common accounting tools. But you should take suspicious results to a financial expert. Contact us. We use everything from modern analytic techniques to old-school witness interviews to get to the bottom of financial irregularities.
© 2020 Covenant CPA
Machine learning increasingly is being used to discover fraud schemes. With this type of artificial intelligence (AI), the technology learns or improves in accuracy through experience, rather than through additional programming. If you already use AI in your business, you’re probably somewhat familiar with how machine learning works. But here’s a quick overview of its application in fraud detection.
New approaches needed
More and more, businesses rely on digitization to deliver the goods and services their customers want. Unfortunately, digitization also makes it easier both for cybercriminals and stakeholders, such as employees, vendors and customers, to steal. Preventing fraud in the digital age requires new approaches.
Machine learning is one such approach. Traditional rules-based fraud detection software flags transactions — such as purchase orders of a certain type or over a certain amount — that are suspicious according to static rules. On the other hand, fraud detection software that includes machine learning uses large sets of historical data to “learn,” or create algorithms about the patterns associated with new fraud schemes, enabling it to detect fraud in the future.
Step by step
For a machine to learn, its users must follow certain procedures. After the software is enabled to capture historical transaction data — and the more data, the better — the company using it reviews the data to ensure it presents an accurate picture of transactions. The software then applies algorithms to identify potentially suspicious items. This process creates the first fraud detection model. The software analyzes the same set of data repeatedly and produces new models for the company to review. The company provides feedback on each model to help the software develop better algorithms.
Through this process, the model learns what constitutes fraud and the number of false positives should drop significantly. In the end, the company selects the most accurate fraud detection model to put into production.
If you have the technical capabilities, you may be able to develop a customized machine learning program for fraud detection in-house. We can help if you don’t. Contact us.
© 2020 Covenant CPA
The recently released 2020 Association of Certified Fraud Examiner’s (ACFE’s) occupational fraud study, Report to the Nations, reveals that the most common behavioral red flag exhibited by fraud perpetrators is living beyond their means. Also high on the list are financial difficulties and unusually close relationships with vendors and customers.
Some of these signs may be tough to spot if you don’t work closely with an occupational thief. That’s why the ACFE report also looks at correlations between fraud and non-fraud offenses and human resources issues. When these issues are present, supervisors and HR managers may need to increase their scrutiny of an employee.
Recognize red flags
The vast majority (96%) of occupational fraud perpetrators have no previous criminal record and 86% have never been punished or fired by their employers for fraud. This may make identifying the thieves in your midst difficult, but not impossible. The ACFE has found that approximately 85% of perpetrators exhibit at least one behavioral red flag before they’re discovered.
Although a perpetrator may be the friendliest and most cooperative person in the office, many thieves come into conflict with colleagues or fail to follow rules. The survey participants (more than 2,500 defrauded organizations) were asked whether the perpetrator in their cases engaged in any non-fraud-related misconduct before or during the fraud incident. Close to half (45%) responded “yes.” Some of the most common offenses were:
- Bullying or intimidation of others,
- Excessive absenteeism, and
- Excessive tardiness.
A small number also was investigated for sexual harassment and inappropriate Internet use.
In addition to misconduct, some fraud perpetrators exhibited work performance problems. Thirteen percent received poor performance evaluations, 12% feared the loss of their job and 10% were denied a raise or promotion.
When misconduct or poor performance leads to disciplinary action, supervisors and HR managers have a golden opportunity to potentially stop fraud in progress. After all, the longer a scheme goes undetected, the more costly it is for the organization. Fraud schemes with a duration of less than six months have a median loss of $50,000, but those with a median duration of 14 months (the typical scheme in the ACFE report) experience losses of around $135,000.
So if you detect smoke, look for fire. Of course, most underperforming employees aren’t thieves. But it probably pays to observe any worker who routinely flaunts the rules, antagonizes coworkers or lets job responsibilities slip. You may discover other red flags, such as family problems, addiction issues or a lifestyle that isn’t supported by the employee’s salary.
Knowing your employees is only part of the solution. You also need comprehensive internal controls to limit opportunities to commit fraud. Contact us for help.
© 2020 Covenant CPA
Several major companies have already filed for bankruptcy during the novel coronavirus (COVID-19) crisis and many more large and small businesses are expected to follow suit. If you’re a creditor of a company that’s liquidating, it may be challenging to get back what you’re owed. That’s where a solvency opinion can help. An expert determines whether the company could meet its long-term interest and repayment obligations when it made — or didn’t make — payments to creditors.
Examining the subject
Solvency experts consider many issues when examining a business. But ultimately, the outcome of three tests enable an expert to determine solvency:
1. Balance sheet. At the time of the transaction at issue, did the subject’s asset value exceed its liability value? Assets are generally valued at fair market value, rather than at book value. The latter is typically based on historic cost, and fixed assets (such as vehicles and equipment) may be reduced by annual depreciation expense. But the balance sheet is just a starting point. Adjustments may be needed to balance sheet items so that they more accurately reflect the fair market value of assets.
2. Cash flow. This test examines whether the subject incurred debts that were beyond its ability to pay as they matured. It involves analysis of a series of projections of future financial performance. Experts consider a range of scenarios. These include management’s growth expectations, lower-than-expected growth, and no growth — as well as past performance, current economic conditions and future prospects.
3. Adequate capital. The final test determines whether a company has adequate capital and is likely to survive in the normal course of business, bearing in mind reasonable fluctuations in the future. In addition to looking at the value of net equity and cash flow, experts consider factors such as asset volatility, debt repayment schedules and available credit.
Companies generally are considered solvent by solvency experts if they pass all three of these tests.
Courts typically presume that a company is insolvent unless a party to litigation proves otherwise. You can bolster your position with a comprehensive solvency analysis performed by a qualified expert. Contact us for more information about obtaining one.
© 2020 Covenant CPA