Job applicants aren’t always honest on their resumés. And if you don’t investigate suspicious claims, you might end up hiring an unqualified and unethical employee — which could lead to financial, productivity and legal liability issues. The resumé fibber might also be more likely to commit occupational fraud.

Here’s how to unearth the three most common resumé falsifications.

1. Deceptive dates

Whether to gloss over a termination, a period of job hopping or time spent out of the workforce, some job seekers “adjust” dates to make their employment history seem more consistent. Look closely at resumés that state employment dates in years, not months. Say an applicant claims she worked at her last job between 2017 and 2018. Her tenure may only have lasted two months — December 2017 until January 2018 — instead of the implied two years.

Confirm an applicant’s precise employment dates with all previous employers. Also make sure that candidates complete your entire job application, informing them that, although a resumé isn’t a legal document, a job application is. Lying on it is cause for immediate dismissal.

2. Fake degrees and shifting majors

Workers applying for a position that requires a specific degree are more likely to lie about their education than other applicants are. If a resumé lists an unfamiliar school, or coursework and years but no degree, dig deeper. A school you’ve never heard of could be a diploma mill. A resumé that simply lists Chemistry, State College, 2002, may indicate that the job seeker completed classes in that subject but didn’t actually receive a degree.

Always check applicants’ educational claims by contacting the degree-granting institution. If you’re suspicious of a school, verify its accreditation with the U.S. Department of Education.

3. Embellished titles, skills and accomplishments

Everyone tries to look their best on a resumé. Some, however, embellish their experience, titles, skill proficiencies or grade point averages with outright lies. There’s no such thing as a perfect job candidate: You may want to flag any resumé that exactly matches all of a position’s qualifications.

You should contact all personal references and speak with previous supervisors or HR staffers, notpeers, to confirm titles and job responsibilities. To elicit the best information, ask open-ended questions, followed by more probing, detailed ones. But be aware that some past employers will give only limited information, such as dates of employment.

Time and money well spent

If you’re quickly checking resumés and conducting interviews, you’re less likely to separate the candidates with real potential from those sporting fake credentials. If time is scarce, outsource this process. It’s money well spent if you can save your company from public embarrassment, legal woes or financial losses due to fraud. Contact us with questions at 205-345-9898 and info@covenantcpa.com.

© 2019 CovenantCPA

To prevent occupational fraud from cutting into your auto dealership’s profits and generating negative publicity, you need a strong internal controls system. And effective controls start with current and accurate financial statements.

It starts in accounting

One sign of weak internal controls is an accounting department that fails to generate a balance sheet and income statement until two or more weeks after month’s end. Accounting should post transactions daily, including new and used vehicle sales, repair orders, invoice payments, payroll and cash receipts.

By 1 p.m. on any given day, you should have access to real-time checkbook balances and other accounting information effective as of 5 p.m. the day before. That way, you might be able to catch the first signs of fraud and use the data to catch the perpetrator.

Tried and true methods

Complex computer passwords, background checks and security cameras are essential to preventing fraud. But sometimes these protections fall by the wayside. Periodically review your safeguards and ensure they’re being used. For example, require employees to change their passwords quarterly, conduct regular inventory counts, engage outside CPAs to perform audits and segregate accounting duties.

As a rule of thumb, employees who record and reconcile transactions should never have access to those assets (including being a signer on bank accounts). Give the segregation of duties a starring role in your internal controls program.

Real life examples

To see how such controls can reduce losses, consider this real-life scam. A parts manager stole $70,000 by selling his employer’s parts and pocketing the cash. The loss could have been reduced if the owner had performed random inventory counts throughout the year, rather than waiting for his CPA to physically verify inventories at year end.

In another case, a dealership caught its cashier stealing by voiding service orders and falsifying deposit slips. The cashier’s responsibilities included collecting cash, issuing receipts to customers, preparing the daily deposit slip and reconciling the daily cash report. A loss of $16,000 might have been prevented if the dealership had segregated these duties.

Another dealer learned that his general manager was wholesaling used cars at a loss to the dealership because he owned a 50% interest in the wholesaler. A better pre-employment screening process might have helped detect such conflicts of interest as well as any criminal history.

Be involved

We can help you bolster your dealership’s internal controls. But your involvement is essential to preventing fraud. Let employees know that you personally review bank statements, order test counts of inventory and examine adjusted journal entries. Knowing that you’re paying attention will discourage most thieves. Contact us for more at 205-345-9898 and info@covenantcpa.com.

© 2019 CovenantCPA

It’s every business owner’s nightmare. Should hackers gain access to your customers’ or employees’ sensitive data, the very reputation of your company could be compromised. And lawsuits might soon follow.

No business owner wants to think about such a crisis, yet it’s imperative that you do. Suffering a data breach without an emergency response plan leaves you vulnerable to not only the damage of the attack itself, but also the potential fallout from your own panicked decisions.

5 steps to take

A comprehensive plan generally follows five steps once a data breach occurs:

1. Call your attorney. He or she should be able to advise you on the potential legal ramifications of the incident and what you should do or not do (or say) in response. Involve your attorney in the creation of your response plan, so all this won’t come out of the blue.

2. Engage a digital forensics investigator. Contact us for help identifying a forensic investigator that you can turn to in the event of a data breach. The preliminary goal will be to answer two fundamental questions: How were the systems breached? What data did the hackers access? Once these questions have been answered, experts can evaluate the extent of the damage.

3. Fortify your IT systems. While investigative and response procedures are underway, you need to proactively prevent another breach and strengthen controls. Doing so will obviously involve changing passwords, but you may also need to add firewalls, create deeper layers of user authentication or restrict some employees from certain systems.

4. Communicate strategically. No matter the size of the company, the communications goal following a data breach is essentially the same: Provide accurate information about the incident in a reasonably timely manner that preserves the trust of customers, employees, investors, creditors and other stakeholders.

Note that “in a reasonably timely manner” doesn’t mean “immediately.” Often, it’s best to acknowledge an incident occurred but hold off on a detailed statement until you know precisely what happened and can reassure those affected that you’re taking specific measures to control the damage.

5. Activate or adjust credit and IT monitoring services. You may want to initiate an early warning system against future breaches by setting up a credit monitoring service and engaging an IT consultant to periodically check your systems for unauthorized or suspicious activity. Of course, you don’t have to wait for a breach to do these things, but you could increase their intensity or frequency following an incident.

Inevitable risk

Data breaches are an inevitable risk of running a business in today’s networked, technology-driven world. Should this nightmare become a reality, a well-conceived emergency response plan can preserve your company’s goodwill and minimize the negative impact on profitability. We can help you budget for such a plan and establish internal controls to prevent and detect fraud related to (and not related to) data breaches. Call or email us today at 205-345-9898 or info@covenantcpa.com.

© 2019 CovenantCPA

News of commercial database hackings may seem commonplace in 2019. But while many of these stories focus on hacked bank and credit card accounts, 401(k) plan sponsors and participants probably don’t realize that their plan assets also are at risk.

Employers who offer 401(k) plans to their employees need to take precautions against identity theft. Part of this is educating participants.

Role of sponsors

If your organization sponsors a 401(k) plan, it’s essential that you assess plan service providers’ protection systems and policies. Most providers carry cyberfraud insurance that they extend to plan participants. But there may be limits to this protection if, for example, the provider determines that you (the sponsor) or employees (participants) opened the door to a security breach.

Your plan’s documents may say that participants must adopt the provider’s recommended security practices. These could include checking account information “frequently” and reviewing correspondence from the administrator “promptly.” Make sure you and your employees understand what these terms mean — and follow them.

What participants can do

Traditionally, 401(k) plan participants have been discouraged from worrying about short-term fluctuations and volatility in their accounts, and instead encouraged to focus on the long run. However, lack of regular monitoring can make these accounts vulnerable. Instruct employees to periodically check their account balances and look for signs of unauthorized activity.

Employees also should take the same steps they follow to protect other online accounts. For example:

  • Use strong passwords and change them regularly.
  • Take advantage of two-factor authentication.
  • Don’t use the same login ID and passwords for multiple sites.
  • Don’t allow a browser to store login information.
  • Never share login information.

Such precautions can foil some of the most common retirement plan thieves — relatives and friends — from using their knowledge to gain account access. In one real-life case, a plan participant divorced his wife and moved out of the house. However, he didn’t update his address with his plan provider, change his password or review his balance regularly. His ex-wife cleaned out his more than $40,000 balance.

A few clicks

Without adequate vigilance, anybody can be a few clicks away from cleaning out your employees’ 401(k) accounts. Review your plan documents carefully and educate participants about their responsibilities for monitoring their accounts. Contact us for more information on identity theft at 205-345-9898 or info@covenantcpa.com.

© 2019 CovenantCPA

It should come as no surprise that cash is the most popular target of fraud perpetrators. After all, once stolen, cash itself is virtually untraceable. But that doesn’t mean forensic accounting professionals can’t unearth cash fraud schemes — and the crooks behind them.

3 categories

According to the Association of Certified Fraud Examiners, there are three main categories of cash fraud (which includes checks because they’re easily converted to cash):

  1. Theft of cash on hand,
  2. Theft of cash receipts, and
  3. Fraudulent disbursements.

The last category comprises many of the most frequently executed schemes, such as overbilling and “ghost” vendor or employee schemes. For example, overbilling vendors usually submit inflated invoices by overstating the price per unit or the quantity delivered. A dishonest vendor also might submit a legitimate invoice multiple times. Overbilling may involve collusion with employees of the victim organization, who typically receive kickbacks for their assistance.

Employees also can conduct billing fraud on their own, submitting bogus invoices payable to a fictitious vendor and diverting the payments to themselves. Similarly, an employee might set up payroll disbursements to nonexistent ghost employees.

Tracing schemes

Cash can be difficult to trace once it’s in the hands of a thief. But forensic experts usually are able to trace the path that stolen cash took before the fraudster pocketed it. This includes who “touched” the cash and what prompted its flow out of the organization.

Inflated invoices, for example, often leave a trail of red flags. Experts look for invoices that bill for “extra” or “special” charges with no explanation. Other suspicious signs include round dollar amounts, or amounts just below the threshold that requires management’s signoff, and discrepancies between invoice amounts and purchase orders, contracts or inventory counts.

If forensic experts suspect that fictitious billing has occurred, they often investigate accounts with no tangible deliverables — such as those for consulting, commissions and advertising — and check vendor addresses against employee addresses. Invoices with consecutive numbers or payable to post office boxes receive extra scrutiny.

Returned checks can supply useful information, too. Fraud perpetrators are more likely to cash checks, whereas legitimate businesses typically deposit them and rarely endorse checks to third parties.

To trace ghost employee schemes, experts examine payroll lists, withholding forms, employment applications, personnel files and other documents. The information collected from these sources may provide vital links between actual and ghost employees that wouldn’t otherwise be apparent.

To catch a thief

Strong internal controls are instrumental in preventing cash-type schemes. But even the strongest controls sometimes fail to prevent a determined fraudster. If that happens, we can help your business ferret out the fraud and track down the perp. Call or email us today for help– 205-345-9898 or info@covenantcpa.com.

© 2019CovenantCPA

Because they foster a collegial, trusting environment, law firms can be more vulnerable to fraud than many other types of businesses. Enforcing internal controls may simply seem unnecessary in an office of professionals dedicated to the law. Unfortunately, occupational thieves can take advantage of such complacency.

A law firm’s accounting department — payroll and accounts payable and receivable — may be particularly vulnerable. To protect against financial losses and possible public embarrassment, implement and enforce five basic controls:

1. Screen employees. Require all prospective employees, regardless of level, to complete an employment application with written authorization permitting your firm to verify information provided. Then, call references and conduct background checks (or hire a service to do it). These checks search criminal and court records, pull applicants’ credit reports and driving records, and verify their Social Security numbers.

2. Use fraud-resistant documents. The design of financial documents can help ensure proper authorization of transactions, completeness of transaction histories and adherence to other control elements. For example, use prenumbered payment vouchers that a designated partner must approve.

3. Require authorization. Authorization procedures can help prevent transactions from occurring without proper approval. In the example above, the designated partner is the authorizing party. This control is effective because the partner is in a position to know what the transactions are and how they pertain to your firm’s clients. Similarly, restrict access by maintaining current signature cards at your bank and by protecting accounting and billing systems with difficult passwords.

4. Segregate duties. Some smaller firms assign the same person to open mail, make bank deposits, record book entries and reconcile monthly bank statements. In this environment, fraud’s not only possible — it’s likely. It’s critical that your firm distribute these tasks to two or more people.

5. Provide independent oversight. A designated partner should open all bank statements. Even if the partner doesn’t review every item individually, employees will get the message that transactions will be verified. Someone outside the accounting department, such as your firm’s CPA, might also review transactions as they’re processed and financial statements at the close of accounting cycle reconciliations.

Even if your firm is like family — especially if your firm is like family — you need to reduce fraud opportunities by strengthening internal controls. If you aren’t sure if your policies are adequate, or if you’ve experienced a fraud incident, contact us at 205-345-9898 or info@covenantcpa.com.

© 2019 CovenantCPA

Buying a home is stressful enough without also having to worry about potential fraud. Unfortunately, real estate fraud is surging. According to Realtor magazine, scams targeting the industry rose 1,100% from 2015 to 2017, resulting in losses of more than $1.6 billion.

Home closing wire fraud should be of particular concern for prospective homebuyers. When schemes are successful, criminals can make off with buyers’ hard-earned down payments — several hundred thousand dollars’ worth in some cases. Here’s how to avoid losing the home of your dreams and the money with which to buy it.

The scoop

Home closing wire fraud involves hackers who typically use real estate agents’ email accounts to trick homebuyers into wiring money. Perpetrators send phishing messages containing links that, if clicked on, install malware. The hackers then infiltrate the agent’s email account and send messages to clients who are about to close on a home. Emails instruct buyers to wire closing funds to a specified account. Once the money is wired, the crooks quickly liquidate it. In most cases, the wired money isn’t recoverable.

Hackers also may target the email accounts of title companies, lenders, attorneys and sellers, and the process is the same. The criminals monitor emails to learn details about potential homebuyers and deals in progress and to learn how to create messages that will look and sound like they’re coming from a buyer’s agent or other real estate professional.

Group effort

Preventing home closing wire fraud must be a group effort. Homebuyers need to scrutinize emails they receive from their agents, attorneys and title companies. And those professionals need to ensure their accounts aren’t hacked in the first place.

Prospective buyers should ask their agents whether they’re aware of wire fraud scams and how they protect against them. For example, does the real estate company train agents to spot fraudulent emails? What type of firewall, antivirus and antimalware software does it use?

Many companies go to great lengths to prevent this type of fraud. They may, for example:

  • Prohibit their agents from emailing wiring instructions,
  • Require buyers to pay closing costs with a cashier’s check rather than a wire transfer, and
  • Employ cloud-based systems to screen emails and provide an extra layer of protection for confidential information.

At the very least, homebuyers should call their agents (or other real estate industry senders) to confirm the legitimacy of any message containing fund transfer or other potentially fraudulent instructions.

Natural target

Home purchases involve large sums, which makes them a natural target for fraudsters. Awareness of fraud schemes is the first step to avoid becoming a victim of them.

Contact us at 205-345-9898 or info@covenantcpa.com.

© 2019 CovenantCPA

For brick-and-mortar retailers, return fraud can be a serious financial threat. There are several types of schemes. But when they’re successful, they all end the same way: Stores issue refunds that they shouldn’t have. Here’s what to look for and how to limit losses.

Myriad schemes

Return fraud perpetrators could be customers, employees or even a criminal gang working with employee accomplices. In perhaps the most common scheme, an individual steals merchandise, and then returns it and insists on a cash refund, despite the lack of a receipt. Or a criminal steals merchandise from one retailer and then returns it to another for a cash refund.

Some thieves do supply receipts — but they’re fake. The “customer” hands over an altered or completely counterfeit receipt that the original payment was made in cash. The retailer then issues a full cash refund.

Other return fraud schemes might involve:

Stolen cards. The thief makes a purchase using a stolen credit card. He or she then returns the merchandise, usually on the same day (before the actual cardholder disputes the charge). The goal is a full cash refund.

Damaged goods. Instead of returning merchandise in new, as-sold condition, customers return items that are worn, damaged or broken. They distract the employee processing the refund from closely scrutinizing the merchandise with conversation or other diversions.

Crooked workers. An employee discounts merchandise and sells it to an accomplice who subsequently returns it to the same employee for a refund at full price. Workers might also steal merchandise and then instruct their accomplices to return it without a receipt for a cash refund.

Reducing crime

You can reduce the incidence of return fraud by making it hard for thieves to get their hands on cash. Issue refunds only when they’re accompanied by an original receipt and only to credit cards. Scan receipts into your point of sale system to ensure they were produced by your store’s registers. If a purchase wasn’t made with a credit card — or if the customer doesn’t have the card on hand — refund it with a store credit. You may also want to ask the customer to produce identification.

To help limit employee-perpetrated return fraud, install security cameras, ensure strong management oversight and provide a confidential fraud reporting hotline. In addition, monitor the frequency and value of returns processed by individual cashiers and investigate employees with higher-than-average return numbers.

Walking a thin line

Although you don’t want to encourage crooks, you may think a generous return policy is essential to providing superior customer service. So that you don’t alienate legitimate customers, state your return policies clearly at every cash register and on every receipt. And contact us for help writing a policy that balances all your priorities. 205-345-9898 or info@covenantcpa.com.

© 2019 CovenantCPA

Your board’s audit committee is a first line of defense against fraud. But to be effective, committee members need to do more than simply review financial statements and audit results.

Members should also adopt the following best practices:

Conduct risk assessments. Identify the types of risks faced by your company and their likelihood of occurrence. These assessments should include an evaluation of existing internal controls.

Be knowledgeable. Become familiar with relevant accounting issues and recent developments. Also ask questions and challenge management on the accounting for complex transactions. If your company’s industry has specialized accounting rules, consider consulting outside specialists.

Communicate with external auditors. Regularly touch base with outside auditors, because the external audit team performs many fraud prevention functions. Schedule formal meetings before the audit to elicit input on issues auditors should examine and after the audit is complete to follow up on those issues.

Verify compliance. Confirm that management is performing annual reviews of your company’s compliance programs and reporting systems. Also become familiar with ethics requirements, such as those in the Dodd-Frank Act, the Foreign Corrupt Practices Act and any applicable whistleblower laws.

Set the tone. Employees can’t reasonably be expected to abide by antifraud standards and processes if they don’t see proper behavior modeled and reinforced from the top of the organizational chart. Your committee can help foster a culture of accountability and integrity by establishing anonymous reporting mechanisms and requiring prompt investigation of, and follow-up on, whistleblower complaints.

Reach out. Don’t restrict internal communications to upper management or the CFO. Reach out to lower-level employees, too, so those employees feel comfortable reporting concerns and suspicions.

Audit committee members have a fiduciary duty to protect investors, lenders and other stakeholders from fraud. Contact us if you have questions about following best practices. We can also help you stay on top of fraud trends and compliance requirements. 205-345-9898 info@covenantcpa.com.

© 2019 CovenantCPA

In the restaurant industry, where long hours and thin profit margins are the norm, owners and managers often lack the time and resources to focus on fraud. Unfortunately, restaurants can provide crooked employees, customers and vendors with plenty of opportunities to steal. So you need to be able to recognize fraud threats — and nip them in the bud before they lead to heavy financial losses.

Opportunity on the house

Many restaurants have high transaction volumes but lack the technology linking point-of-sale, inventory and accounting systems. This leaves gaps for fraudsters to exploit. Employees could, for example, provide food and drinks to friends without entering the sales — or ring up only a portion of friends’ bills. They might issue voids or refunds when there was no original sale and pocket the proceeds. Or they could overcharge customers by, say, charging for premium beverages but serving cheaper alternatives.

Although it’s less common, intangible property theft is another risk. Your restaurant may use proprietary recipes and confidential marketing plans to compete in the dog-eat-dog world of food service. If a departing employee takes such secrets to a rival, it could threaten your restaurant’s survival.

Back-office book cooking

Owners often employ bookkeepers to manage back-office operations but may neglect to give proper oversight. Such an environment provides criminals — or even ordinary people experiencing unusual financial pressures — with opportunities to cook the books. In one frequently seen scheme, the bookkeeper creates a fake vendor account, submits and approves fraudulent invoices, then directs payments to a bank account he or she controls.

Even when bookkeepers are honest, the invoices they process may not be. It can be hard for managers to keep track of the daily stream of food, beverage and supply deliveries. Vendors might exploit such chaos by inflating their bills to reflect more or pricier items than they actually delivered. When vendors collude with restaurant employees, particularly receiving or accounting staff, theft can exact a heavy financial toll.

Ingredients for success

Successfully combatting restaurant fraud takes a multipronged approach. If you haven’t already:

  • Integrate your accounting, inventory and sales systems,
  • Use loss prevention technology to detect suspicious transactions such as excessive voids,
  • Process credit cards with EMV (chip) readers,
  • Conduct background checks on new hires,
  • Train supervisors to recognize red flags,
  • Set up a confidential fraud reporting hotline, and
  • Install video surveillance throughout your restaurant.

Also engage a CPA to review your financial records at least once a year for errors and discrepancies, and consider having this outside expert conduct occasional surprise audits. Contact us for assistance at 205-345-9898 or info@covenantcpa.com.

© 2019 Covenant CPA