New technologies, including artificial intelligence and machine learning, increasingly are being applied to the old problem of occupational fraud. But in most circumstances, common accounting tools — “variance analysis” and “contribution margin” — remain effective in uncovering possible evidence of theft.

Gaps and absences

After your organization finalizes its annual budget, you may perform a variance analysis, reviewing differences between actual and budgeted performance. If, for example, actual wages significantly exceed budgeted wages, the difference could be due to such factors as wage increases, productivity declines or greater downtime. But it could also signal phantom employees on the payroll.

Fraud experts pay particular attention to variances related to inventory and purchase pricing. Supply-related variances could indicate the existence of kickbacks. Or they might suggest fictitious vendors — where payments go to the perpetrator and no inventory is received in exchange.

The absence of variances when they’re expected can also be cause for concern. If the cost of a critical production component has unexpectedly increased, then the actual numbers should show a variance. If no such variance is found, it could be a sign of financial reporting fraud.

Difference between price and costs

The term contribution margin generally refers to the difference between a unit’s sale price and its variable costs. It’s often used to make pricing decisions, calculate the breakeven point and evaluate profitability. But it can also be used to detect fraud.

In general, the contribution margin as a percentage of revenue should remain fairly consistent over time. If the contribution margin is dramatically lower than usual, skimming or inventory theft could be to blame. Just keep in mind that one discrepancy doesn’t equal solid evidence of fraud. It simply indicates that further investigation is warranted.

Discrepancies are just a start

You may have the in-house expertise to expose potential fraud schemes using common accounting tools. But you should take suspicious results to a financial expert. Contact us. We use everything from modern analytic techniques to old-school witness interviews to get to the bottom of financial irregularities.

© 2020 Covenant CPA

The recently released 2020 Association of Certified Fraud Examiner’s (ACFE’s) occupational fraud study, Report to the Nations, reveals that the most common behavioral red flag exhibited by fraud perpetrators is living beyond their means. Also high on the list are financial difficulties and unusually close relationships with vendors and customers.

Some of these signs may be tough to spot if you don’t work closely with an occupational thief. That’s why the ACFE report also looks at correlations between fraud and non-fraud offenses and human resources issues. When these issues are present, supervisors and HR managers may need to increase their scrutiny of an employee.

Recognize red flags

The vast majority (96%) of occupational fraud perpetrators have no previous criminal record and 86% have never been punished or fired by their employers for fraud. This may make identifying the thieves in your midst difficult, but not impossible. The ACFE has found that approximately 85% of perpetrators exhibit at least one behavioral red flag before they’re discovered.

Although a perpetrator may be the friendliest and most cooperative person in the office, many thieves come into conflict with colleagues or fail to follow rules. The survey participants (more than 2,500 defrauded organizations) were asked whether the perpetrator in their cases engaged in any non-fraud-related misconduct before or during the fraud incident. Close to half (45%) responded “yes.” Some of the most common offenses were:

  • Bullying or intimidation of others,
  • Excessive absenteeism, and
  • Excessive tardiness.

A small number also was investigated for sexual harassment and inappropriate Internet use.

In addition to misconduct, some fraud perpetrators exhibited work performance problems. Thirteen percent received poor performance evaluations, 12% feared the loss of their job and 10% were denied a raise or promotion.

Get involved

When misconduct or poor performance leads to disciplinary action, supervisors and HR managers have a golden opportunity to potentially stop fraud in progress. After all, the longer a scheme goes undetected, the more costly it is for the organization. Fraud schemes with a duration of less than six months have a median loss of $50,000, but those with a median duration of 14 months (the typical scheme in the ACFE report) experience losses of around $135,000. 

So if you detect smoke, look for fire. Of course, most underperforming employees aren’t thieves. But it probably pays to observe any worker who routinely flaunts the rules, antagonizes coworkers or lets job responsibilities slip. You may discover other red flags, such as family problems, addiction issues or a lifestyle that isn’t supported by the employee’s salary.

Limit opportunities

Knowing your employees is only part of the solution. You also need comprehensive internal controls to limit opportunities to commit fraud. Contact us for help.

© 2020 Covenant CPA

The novel coronavirus (COVID-19) pandemic has opened the floodgates to scam artists attempting to profit from sick, anxious and financially vulnerable Americans. On the frontlines fighting fraud are the Federal Trade Commission (FTC), U.S. Justice Department (DOJ) and other government agencies. Here are some of the fraud schemes they’re actively investigating —  and the perpetrators they’ve rounded up.

Peddling false hope

The FTC has sent warning letters to almost 100 businesses for making scientifically unsubstantiated claims about their products. Companies from California to Virginia, Indiana to Florida have touted (mostly online or by phone) “treatments” for COVID-19, even though the federal government hasn’t approved any vaccines or cures for the disease.

Letter recipients must stop making deceptive claims immediately and notify the FTC within 48 hours about the actions they’ve taken. Noncompliance can result in a federal court injunction and an order to refund deceived customers. Just last week, the FTC took the seller of a “wellness booster” to court. Originally, the product — capsules containing Vitamin C and herbal extracts — had been marketed as a cancer cure. But the enterprising fraudster pivoted in March 2020 to exploit COVID-19 fears.

Technological accomplices

Producers and marketers of fake cures aren’t the only companies under scrutiny. The FTC, in joint letters with the Federal Communications Commission, has warned several Voice over Internet Protocol (VoIP) service providers for “assisting and facilitating” illegal telemarketing and robocalls related to COVID-19. This is a violation of the FTC’s Telemarketing Sales Rule.

The DOJ has also come down on several VoIP providers for knowingly transmitting robocalls from “government officials.” Although there’s uncertainty about whether VoIP and similar services can be considered liable for the actions of their users, law enforcement officials are clearly serious about taking down those who would exploit the pandemic for personal gain.

Opportunity knocks

Government agencies also have their sights on smaller, opportunistic scams. Recently, the FTC warned consumers to beware of fake COVID-19 testing sites set up in parking lots with realistic looking signs, tents and workers. Not only have these criminals obtained Social Security and credit card numbers from test-seekers, but they may have helped spread contagion through unsanitary contact with them.

And the DOJ is raising the alarm about the role cryptocurrency is playing in many COVID-19 schemes. Everyone from snake-oil sellers to bad-investment promoters are asking their victims to pay with cryptocurrency. Therefore, it should be recognized as a red flag.

How to stay safe

Many fraud schemes present since the start of the COVID-19 crisis in the United States — small business loan scams, charity fraud and attempts to steal stimulus payment checks — also continue apace. Your best defense, as always, is to hang up on suspicious calls, delete fake-looking emails and be wary of any claims that sound too good to be true. If you encounter fraud, report it to ftc.gov.

© 2020 Covenant CPA

Before the novel coronavirus (COVID-19) pandemic struck, employees who suspected occupational fraud in their organizations had multiple options for notifying their employers. For example, they could use interoffice mail to send information anonymously or meet with HR personnel in person.

Reporting options for employees working from home are more limited — particularly if they wish to remain anonymous. The current working environment only highlights the necessity for a fraud hotline or online portal that workers can access anywhere, anytime. If your business doesn’t already offer a confidential reporting mechanism, start thinking about how you can establish one.

Limiting damage

Confidential fraud hotlines are one of the best ways to nab workplace criminals. The Association of Certified Fraud Examiners has determined that the average organization with a hotline discovers fraud within 12 months, versus 18 months for those without hotlines. Hotlines also limit losses — $98,000 less in losses for employers that offer them.

One of the reasons hotlines are important is because, in most cases, subordinates or coworkers know or suspect fraud long before owners or members of upper management do. Yet they may not say anything for fear of reprisal. Anonymity, therefore, is essential.

Getting started

Establishing a hotline doesn’t have to be hard, but it does require some planning. Consider taking the following steps:

Identify an executive sponsor. Your hotline or portal will require a modest expenditure. If you aren’t the company’s owner or a financial decisionmaker, identify an executive sponsor to make the case for the investment.

Develop a project charter. A charter documents the business benefits of deploying a hotline or portal — for example, reducing financial losses and empowering employees.

Form a steering committee. In addition to executives and technology experts, include legal and HR representatives. They can help ensure that the processes you put in place don’t violate employee rights and applicable laws.
 
Review technology options. Determine your business’s needs and identify the vendors that can meet them. Learn which systems similar companies use or ask your financial and legal advisors for suggestions.

Up and running

Once you launch an anonymous reporting channel, make sure you position it so that all employees and other stakeholders can access it easily. If, for example, you company has overseas operations, work with local experts to overcome language, cultural and other barriers that might prevent workers from using a hotline.

And be sure to publicize your reporting mechanism at every appropriate opportunity. Executives might routinely mention it in all-company emails and in public speeches, and you should provide information (and links, if applicable) in your employee handbook and on your intranet. For help putting a hotline or portal in place, contact us.

© 2020 Covenant CPA

Scam artists know how anxious business owners are during the current coronavirus (COVID-19) crisis. They know that as you struggle to meet customer demands, pay employees and stay solvent, you’re more likely to drop your guard and fall for a fraud scheme. The last thing your business needs right now is to suffer additional financial losses. So keep an eye out for the following scams:

Fake suppliers. Whether you’re a manufacturer seeking raw materials or a grocer desperate to keep shelves stocked, you may have trouble getting your usual supplies. If a regular supplier is temporarily — or permanently — shut down, be careful about doing business with unknown vendors. Many authentic-looking websites are, in fact, fronts for criminal operations, and if you place an order with them, you may never receive the goods. Also be wary of cold callers promising to source hard-to-get items. If it sounds too good to be true, it probably is.

Defective goods. Even if you do receive your supply order, there’s a chance its contents will be defective. In early March, an international team of law-enforcement agents arrested 121 criminals around the world who were selling counterfeit surgical masks, hand sanitizer and other in-demand products. Depending on your business, buying defective goods could be an expensive mistake — or a public health emergency.

Payment fraud. Online payment fraud was already growing aggressively. But COVID-19 is expected to throw fuel on the fire as more people turn to home services apps, such as those for food delivery and online learning. Consumers usually don’t pay when their stolen credit cards are used to make purchases. But businesses generally do. You’re likely to be held responsible for fraudulent transactions, as well as possible chargeback fees. So be vigilant about maintaining IT security. Retailers might consider adding an Address Verification Service, which confirms a cardholder’s billing address with the card company.

Google scam. Fake robocalls claiming to come from Google have circulated for several years. Now there’s a COVID-19 twist. The recorded message tells businesses “affected by the coronavirus” that they need to ensure their Google listing is correct so that customers can locate them during the pandemic. If you speak to someone, he or she may ask for payment to list your business or try to gain confidential information. Know that Google never makes unsolicited sales calls. If someone tries to convince you otherwise, hang up.

Unfortunately, these schemes represent only the tip of the iceberg. For the latest on COVID-19-related fraud, visit the Federal Trade Commission’s “Business Center” at ftc.gov/tips-advice/business-center. Or contact us.

© 2020 Covenant CPA

As governments around the globe mobilize to defend their populations from the novel coronavirus (COVID-19), criminals are also mobilizing — to fleece people. These opportunists have already found ways to use the fear and chaos associated with the pandemic to enrich themselves. But you can protect yourself and your business.

Ripe opportunity

Phishing emails that promise valuable information about the virus have been circulating for weeks. Fake COVID-19 websites loaded with malware have also popped up everywhere. And as many Americans start working from home, often on vulnerable home networks and devices that lack the latest security updates, hacking incidents are becoming more common.

The federal government’s plan to send checks to Americans to help boost the economy will almost certainly bring scammers out in force. The Federal Trade Commission has already warned that crooks may try to convince people they must pay a fee to receive their checks from the government — which isn’t true.

Best practices

So how do you protect yourself or your business in these troubled times? Here are a few essentials:

Let phone calls go to voicemail. The best way to fight off phone scammers is to not answer the phone if you don’t recognize the number. But if you do answer, be wary of anyone making promises about, for example, interest-free loans or mortgage payment forbearance. If you need financial help, contact government agencies, charities and financial-service providers directly.

Keep your inbox clean. Along the same lines, exercise caution when opening emails, particularly if you don’t recognize the sender’s name. (Keep in mind, however, that hackers can hijack a friend’s account and send malicious emails to you in that person’s name.) Right now, scammers are likely to use enticing subject lines such as “Cure for COVID-19” or “Make big $$$ working from home.” If you open one of these emails by mistake, don’t click on any links or attachments.

Beware of charity fraud. Charity schemes are a time-tested method for stealing money from generous individuals and companies that just want to help. While you’re encouraged to donate money to organizations fighting COVID-19 and assisting its victims, give only to reputable charities you know. If you aren’t familiar with a nonprofit, ask for its tax ID number and verify it with the IRS. You’re also encouraged to research the organization on watchdog sites such as Charitynavigator.com and Charitywatch.com.

Just say “no”

Most Americans are pulling together to fight COVID-19. However, some criminals view the pandemic as an opportunity to profit, so you need to maintain healthy skepticism. If you’re suspicious, hang up, delete or just say “no.”

© 2020 Covenant CPA

When the value of a stock skyrockets, its investors may think they’ve hit the jackpot. But if the stock in question is part of a “pump-and-dump” scheme, investors may, in fact, lose their shirts. Here’s how to avoid getting taken by this type of investment fraud.

A penny for your stocks

In the typical pump-and-dump scam, a fraud perpetrator buys shares in an inexpensive, relatively illiquid stock (often referred to as a “penny” stock) whose price will react dramatically when trading volume increases. Then the crook makes false or misleading statements to encourage people to sink their savings into the stock and drive up its price. When it hits a certain dollar amount, the fraudster sells, locking in short-term gains and causing the stock to crash. Investors are left with what often are worthless shares.

This summer, the FBI uncovered an international pump-and-dump scheme that netted its perpetrators $15 million in profits over a five-year period. The criminals bought millions of shares in small, thinly traded companies, then staffed call centers to hype the stocks to senior citizens. The scheme might have continued indefinitely if not for the fact that one of the crooks’ “co-conspirators” wasn’t the greedy stockbroker he claimed to be, but an undercover agent.

Hot tips, cold shoulder

As the above case suggests, investment scammers often target seniors with retirement savings to invest. Novice investors who aren’t familiar with how the stock market works are also popular marks. However, even experienced investors can get snared when offered a “hot tip.”

You can help avoid becoming a victim by following some common-sense guidelines. For example, never buy a stock based on an email or telephone solicitation, no matter how compelling the sales pitch. Simply hang up the phone or delete the message.

If you’re intrigued by the sound of an investment, do your research to determine whether the company is 1) legitimate, and 2) a good investment opportunity. Also pay attention to the stock’s trading volume. The more thinly traded a stock, the greater the potential for fraudulent manipulation.

Too good to be true

The bottom line: When an investment sounds too good to be true, it probably is. If you’d like to invest (say, for retirement or other financial goals), but don’t know how to pick stocks or build a portfolio, work with a reputable financial advisor. There are no guarantees in investing, but your advisor can help you steer clear of scams and invest only in securities that meet your criteria.

© 2019 Covenant CPA

When it comes to reducing fraud loss and duration, active detection methods (such as surprise audits or data monitoring) are far more effective than passive methods (such as confessions or notification by police). This was a major finding of the latest Association of Certified Fraud Examiners (ACFE) Report to the Nations: 2018 Global Study on Occupational Fraud and Abuse. Yet many companies fail to use active methods to their full potential.

Active vs. passive detection

The ACFE study found that frauds detected using passive methods tend to last longer and produce larger losses than those detected by such active methods as:

  • IT controls,
  • Data monitoring and analysis,
  • Account reconciliation,
  • Internal audit,
  • Surprise audits,
  • Management review, and
  • Document examination.

These active methods of detection can significantly lower fraud durations and losses. For example, frauds detected by IT controls had a median duration of five months and a median loss of $39,000. By comparison, fraud detected through notification by police had a median duration of 24 months and a median loss of $935,000.

Surprise audits and proactive data monitoring and analysis can be especially effective ways to fight fraud. On average, victim-organizations without these antifraud controls in place reported more than double the fraud losses and their frauds lasted more than twice as long as victim-organizations with these controls in place. Yet only 37% of the organizations in the ACFE study had implemented surprise audits or data monitoring and analysis, however.

Close-up on tips

The ACFE categorized tips — the leading fraud detection method — as “potentially active or passive,” because they may or may not involve proactive efforts designed to identify fraud. Organizations that use hotlines for reporting misconduct detected fraud by tips more often (46% of cases) than those without hotlines (30% of cases).

More than half of tips came from employees, but nearly one-third came from outside parties, such as customers and vendors. To ensure that tips are used as an active detection method, an organization should set up a hotline and promote its use among employees, supply chain partners and others. If possible, users should be able to make anonymous reports.

Don’t wait for fraud to find you

Occupational fraud poses a significant threat to organizations of every type and size. Waiting to react until fraud rears its head can result in serious financial losses. Instead, adopt active detection methods that can be deployed continually. Contact us for help.

© 2019 Covenant CPA

As more people use mobile phones, more fraud perpetrators target these devices. According to Javelin Strategy & Research, between 2017 and 2018 the number of fraudulent mobile-phone accounts opened grew by 78%. Schemes in which thieves open a phone account in your name and use it to access your bank account, sign up for credit cards and gain access to personal information are only some of the recent fraud trends. Fraudsters have plenty of ways to defraud consumers through their phones.

Why they’re vulnerable

One of the reasons mobile phones are so vulnerable is that phone security hasn’t kept pace with traditional computer security. Mobile devices rarely contain comprehensive security measures, and mobile operating systems aren’t updated as frequently as those on personal computers.

Yet users routinely store a wide range of sensitive information — including contact information, emails, text messages, passwords and identification numbers — on their phones. Geolocation software can track where phones are at any time, and various apps can record personally identifiable information. Hackers can target a phone and use it to trick its owner, or the owner’s contacts, into revealing confidential information. Or phones can spread viruses to computers — a big problem for companies with “bring your own device” policies.

How thieves get in

Sometimes attackers obtain physical access to a device. More frequently, a hacker achieves virtual access by, for example, sending a phishing email that coaxes the recipient into clicking a link that installs malware.

Apps can be dangerous, too. A user might install an app that turns out to be malicious or a legitimate app with weaknesses an attacker can exploit. A user could unleash such an attack simply by running the app.

What you can do

Encryption is probably the most highly recommended defense against mobile phone fraud. When data is encrypted, it’s “scrambled” and unreadable to anyone who can’t provide a unique “key” to open it. Two-step authentication is also advisable. This approach adds a layer of authentication by calling the phone or sending a password via text message before allowing the user to log in.

Phone owners should always activate PINs or passwords, and other options such as touch ID and fingerprint sensors if available. Conversely, users should disable Bluetooth and Wi-Fi when not in use, and set Bluetooth-enabled devices to be nondiscoverable.

Also request a freeze on the credit information that’s used to open a mobile-phone account with the National Consumer Telecom & Utilities Exchange. This is a credit reporting agency fed by data supplied by phone companies, pay-TV companies, and utility service providers.

Evolving threats

In only a decade, mobile phones have completely changed our daily lives. Unfortunately, fraud has kept pace with technology. To protect your personal information, you need to be aware of the constantly evolving threats.

© 2019 Covenant CPA

Data analytics is changing the way many businesses operate. It’s also changing how forensic accountants do their jobs, providing fraud experts with the means to mine massive mounds of data like never before.

3 techniques

These analytical techniques are among the most efficient and effective at detecting occupational fraud:

1. Association analysis. This method can help identify suspicious relationships by quantifying the odds of a combination of data points occurring together. In other words, it calculates the likelihood that, if one data point occurs, another will, too. If the combination occurs at an atypical rate, a red flag goes up. For example, association analysis might find that a certain supervisor tends to be on duty when inventory theft occurs.

2. Outlier analysis. Outliers are data points outside the norm for a given data set. In many types of data analysis, outliers are simply disregarded, but these items come in handy for fraud detection. Experts know how to distinguish and respond to different types of outliers.

Contextual outliers are significant in certain contexts but not others. For example, a big jump in wages on a retailer’s financial statements might be notable in April but not in December — when seasonal workers come aboard.

Collective outliers are a collection of data points that aren’t outliers on their own but deviate significantly from the overall data set when considered as a whole. If, for instance, several public company executives sold off substantial blocks of stock in the business on the same day, it might signal suspicious behavior.

3. Cluster analysis. Here, experts group similar data points into a set and then further subdivide them into smaller, more homogeneous clusters. Data points within a cluster are similar to each other and dissimilar to those in other clusters. The greater the similarities within a cluster and the differences between clusters, the easier it is for an expert to develop rules that apply to one cluster but not the others.

Cluster analysis has long been used for market segmentation of consumers. But it can also detect fraud, particularly when combined with outlier analysis. Outlier clusters — those that are farthest from the nearest cluster when clusters are mapped out on a chart — generally merit extra scrutiny for suspicious activity. A fraud expert might, for example, use cluster analysis to evaluate group life insurance claims. The expert would look for clusters of large beneficiary or interest payments, or long lags between submission and payment.

High tech and old school

If you hire experts to uncover suspected fraud in your organization, don’t be surprised if they break out the data analytics tools. But they’ll also likely use some old-school methods — including interviewing employees — to find possible suspects and financial losses. Contact us to discuss at 205-345-9898 and info@covenantcpa.com.

© 2019 CovenantCPA