The COVID-19 pandemic has often made the due diligence process for business acquisitions more complex and time-consuming. But if you’re buying a company, it’s critical to dedicate your full attention to this part of the M&A process — not only to confirm that the selling business is as valuable as you believe it to be, but to protect against fraud. Plan early to engage a fraud expert to review financial statements and other documents for signs that you could be dealing with a dishonest seller.

Subtle warning signs

When reviewing a seller’s financial statements, forensic experts look for subtle warning signs of fraud. These include excess inventory, a large number of write-offs, an unusually high number of voided discounts for returns, insufficient documentation of sales and increased purchases from new vendors. Another suspicious sign is increased accounts payable and receivable combined with dropping or stagnant revenues and income.

Fishy revenue, cash flow and expense numbers and unreasonable-seeming growth projections warrant further investigation to determine whether financial statements represent fraud or they’re evidence of unintentional errors or mismanagement. The latter is common in smaller companies that don’t have their statements audited by outside experts or that may not have adequate internal financial expertise.

Systematic manipulation

To determine whether unusual income numbers indicate systematic manipulation, experts often consider whether owners or executives had the opportunity to commit fraud. A lack of solid internal controls makes financial statement fraud more likely. Regulatory disapproval, customer complaints and suspicious supplier relationships can also raise red flags. If warranted, a forensic expert may perform background checks on your target company’s principals.

It’s important to note that some accounting practices adopted to present a business in the best light may be perfectly legal. However, if your expert finds evidence of intentional fraud — particularly at the executive level — you’ll probably want to rescind your acquisition offer. In less serious cases, you may simply need to make purchase price adjustments or even change the deal’s structure.

Negotiating protection

An indemnification clause written into the purchase agreement can protect you if a seller lies about matters that affect your acquisition, such as fraud. But negotiating these clauses can be tricky since sellers tend to push for a narrow definition of “fraud” and for limits on liability. The fact remains that if a seller has committed fraud, it’s better to uncover it before the M&A transaction goes through.

Contact us with your questions about M&A fraud and for help evaluating your potential business acquisition.

© 2021 Covenant CPA

Many businesses were unprepared when the novel coronavirus (COVID-19) pandemic required them to close their physical offices and shift to remote operations. Your company, for example, may have had to scramble to set up a virtual private network (VPN) or move files to the cloud. And while adapting to working from home, employees may have let your usual security procedures slide.

From a cybercrime perspective, working from home generally isn’t as safe as working in the office. So you need to look for ways to protect your disbursed workforce and prevent criminals from gaining access to your digital assets.

Here are five ideas:

  1. Invest in education. Require remote employees to participate in security-related training that covers “old-school” phishing scams as well as new COVID-19 variations. As schemes emerge (check the Federal Trade Commission’s website at ftc.gov for the latest), notify employees and remind them what to do if they think they’ve fallen victim to a scam.
  1. Enable automatic updates. To keep the operating systems of employee computers safely patched, remind workers to enable automatic software updates. Also, double-check that every employee-assigned device is fortified with current malware and antivirus software. 
  1. Revisit access privileges. To maintain productivity, most employees need access to the same systems at home as they had in the office. However, consider reviewing which workers have access to certain files, network controls and cloud accounts — and whether they really need access now. Remember that when employees work from home, their partners, children and visitors may have easy access to their computers. To protect your company, ensure systems generate user audit trails that can be followed in the event of a breach.
  1. Protect WiFi connections. While working from home, employees use their personal WiFi connections to access your company’s IT environment. Unfortunately, many people use the default WiFi password or a simple password that hackers can easily break. To foil fraud perpetrators, employees should change it to a complex combination of letters and other characters. If possible, require them to use a VPN with two-factor authentication.
  1. Secure your videoconferences. Most videoconferencing services employ multiple layers of security. But some platforms offer greater protection than others. Before choosing one, perform a simple Google search to read user reviews and security bug reports. Once you’ve selected a service, communicate security protocols before allowing employees to use it for company business.

Finally, provide employees with access to a technical support desk so they can report problems — and get solutions — as quickly as possible. Working from home may be new for a lot of Americans, but fraud is a familiar foe for most. If can be defeated with appropriate knowledge and tools.

© 2020 Covenant CPA