According to data company Dun & Bradstreet, business identity theft increased more than 250% in the first half of 2020. You can thank the pandemic — and the government’s release of relief and recovery funds to qualified U.S. businesses — for this remarkable number. In a more typical year, crooks use stolen business identities to file fraudulent tax returns, apply for credit and empty bank accounts. However they might try to use your company’s information, there are steps you can take to reduce the risk.
Protecting sensitive information
Thieves often use malware to infect computers and gather sensitive data from businesses. They also create fake websites that trick employees into entering login and password information. To protect against these tactics, deploy patches when prompted and maintain up-to-date security software. Store all sensitive digital files such as financial statements, invoices, bank statements and aging schedules in secure, password-protected locations.
Also, secure paper documents in locked file cabinets. When you no longer need sensitive paper documents, destroy them using a cross-cutting shredder. If you need to shred a significant volume of paper, hire a reputable service to destroy documents on your premises.
Regularly review records
So that you can act on suspicious activity before it leads to financial losses and reputation damage, monitor official records and other public information. For example, keep an eye on your business credit as well as the personal credit reports of owners. Also regularly review business records and professional license information with state, county and city registrar offices.
Bank accounts deserve special attention. Reconciling bank accounts daily is your best bet. If a fraudulent transaction posts to your business’s account, you must notify your bank within a certain time period to not be liable for the transaction. Also note that criminals often use wires to move stolen money overseas and beyond the reaches of U.S. law enforcement. If you never send wires, instruct your bank to block that capability from your accounts.
Don’t forget employees
Finally, don’t forget to involve employees in your fight against business identity theft. Coach everyone from executives to rank-and-file workers about the threats facing your company and how they can do their part to ensure sensitive data doesn’t fall into the wrong hands. Contact us for help strengthening your internal controls.
© 2020 Covenant CPA
Skimming isn’t the biggest fraud threat for most businesses. The theft of cash receipts represents only 11% of asset appropriation schemes, according to the Association of Certified Fraud Examiners’ 2020 Report to the Nations. But with a median loss of $47,000, your business will likely feel the pain if it becomes a victim of skimming. Here’s what you need to know to prevent it.
Skimming occurs when an employee steals an incoming payment before it’s recorded. In the most basic skimming scheme, a worker sells goods or services to a customer, collects payment and pockets the money without recording the sale. If the customer receives goods but no sale is recorded, skimming will cause a discrepancy between physical inventory counts and the company’s inventory ledger.
Crooked employees can also skim receivables. This generally is harder to pull off, because overdue accounts appear on the accounts receivable aging schedule. Perpetrators may try to cover their thefts by “lapping,” or borrowing money from one account to make up for a shortage in another.
What to look for
To detect skimming, look for infrequent bank deposits and consistent bank balance fluctuations as well as frequent shortages of cash on hand. If you suspect skimming, we can help you perform physical inventory counts to check if inventory levels match recorded sales. We can also review journal entries for false credits to inventory; irregular entries to cash accounts; and write-offs of lost, stolen, or obsolete inventory.
Your business can help prevent skimming by segregating employee duties. No one person should be responsible for collecting, recording, reconciling and depositing cash receipts. Instead, split up those duties among multiple employees.
Also consider implementing these other preventive measures:
- Monitor spaces where employees handle cash with visible video cameras,
- Require daily bank deposits,
- Investigate no-sale and voided transactions,
- Reconcile cash deposits to all cash and checks received,
- Regularly reconcile inventory records to look for shrinkage, and
- Provide an anonymous tip hotline for employees, customers and vendors.
Certain organizations are more vulnerable to skimming. Small companies (those with less than 100 employees) and those in the education, real estate, and transportation and warehousing fields experience higher rates of skimming and may want to take extra precautions. Whatever your industry, contact us at the first sign of fraud.
© 2020 Covenant CPA
According to the Association of Certified Fraud Examiners’ Report to the Nations: 2018 Global Study on Occupational Fraud and Abuse, organizations victimized by fraud lose a median $130,000. But construction companies, in particular, are even harder hit, with a median loss of $227,000. What can you do to protect your construction business? Adopt this checklist.
Ways to tighten controls
An effective strategy for minimizing fraud is to tighten your internal controls. Make sure the following are part of your policies and procedures:
Surprise audits and jobsite visits. These visits can not only help detect fraud, but also send a strong message that combating fraud is a priority — which is a powerful deterrent.
Segregation of duties. Avoid situations in which one person handles multiple financial or accounting tasks. For example, the person who processes cash transactions shouldn’t also prepare the company’s bank deposits.
Bank statements. Have monthly bank statements sent to you or a manager independent of the accounting function. Canceled checks should be reviewed for unfamiliar payees and forged signatures.
Purchase monitoring. Name someone other than the purchasing agent — you or an estimator, for instance — to review vendor invoices, purchase orders and other documents. Use prenumbered purchase orders. Physically check materials and supplies to ensure they correspond to what was ordered in terms of quantity and quality.
Kickbacks and bid-rigging. If your company is suddenly winning bids that you haven’t in the past and that seem like a stretch, verify that your bid processes have been followed. Sometimes employees disguise illegal activities as change orders, so be sure to scrutinize each change order.
Budget analysis. Prepare annual budgets — for your company and each job — and regularly compare actual results to budgets. Scrutinize large or unanticipated discrepancies.
Payroll practices. Have someone independent of your accounting department verify the names and pay rates on your payroll. If you don’t already, pay employees using direct deposit, rather than with checks or cash.
Vacation policy. Require full-time employees to take time off every year. Fraud is often exposed when the perpetrator isn’t there to cover it up.
These are just some of the many internal controls contractors should implement to protect their businesses. In addition to preventing and revealing fraud, solid internal controls can help avoid accounting errors, reduce waste and boost cash flow by making billing, purchasing and other processes more efficient. Contact us for more information at 205-345-9898 and firstname.lastname@example.org.
© 2019 CovenantCPA
It should come as no surprise that cash is the most popular target of fraud perpetrators. After all, once stolen, cash itself is virtually untraceable. But that doesn’t mean forensic accounting professionals can’t unearth cash fraud schemes — and the crooks behind them.
According to the Association of Certified Fraud Examiners, there are three main categories of cash fraud (which includes checks because they’re easily converted to cash):
- Theft of cash on hand,
- Theft of cash receipts, and
- Fraudulent disbursements.
The last category comprises many of the most frequently executed schemes, such as overbilling and “ghost” vendor or employee schemes. For example, overbilling vendors usually submit inflated invoices by overstating the price per unit or the quantity delivered. A dishonest vendor also might submit a legitimate invoice multiple times. Overbilling may involve collusion with employees of the victim organization, who typically receive kickbacks for their assistance.
Employees also can conduct billing fraud on their own, submitting bogus invoices payable to a fictitious vendor and diverting the payments to themselves. Similarly, an employee might set up payroll disbursements to nonexistent ghost employees.
Cash can be difficult to trace once it’s in the hands of a thief. But forensic experts usually are able to trace the path that stolen cash took before the fraudster pocketed it. This includes who “touched” the cash and what prompted its flow out of the organization.
Inflated invoices, for example, often leave a trail of red flags. Experts look for invoices that bill for “extra” or “special” charges with no explanation. Other suspicious signs include round dollar amounts, or amounts just below the threshold that requires management’s signoff, and discrepancies between invoice amounts and purchase orders, contracts or inventory counts.
If forensic experts suspect that fictitious billing has occurred, they often investigate accounts with no tangible deliverables — such as those for consulting, commissions and advertising — and check vendor addresses against employee addresses. Invoices with consecutive numbers or payable to post office boxes receive extra scrutiny.
Returned checks can supply useful information, too. Fraud perpetrators are more likely to cash checks, whereas legitimate businesses typically deposit them and rarely endorse checks to third parties.
To trace ghost employee schemes, experts examine payroll lists, withholding forms, employment applications, personnel files and other documents. The information collected from these sources may provide vital links between actual and ghost employees that wouldn’t otherwise be apparent.
To catch a thief
Strong internal controls are instrumental in preventing cash-type schemes. But even the strongest controls sometimes fail to prevent a determined fraudster. If that happens, we can help your business ferret out the fraud and track down the perp. Call or email us today for help– 205-345-9898 or email@example.com.
While the Tax Cuts and Jobs Act (TCJA) reduces most income tax rates and expands some tax breaks, it limits or eliminates several itemized deductions that have been valuable to many individual taxpayers. Here are five deductions you may see shrink or disappear when you file your 2018 income tax return:
1. State and local tax deduction. For 2018 through 2025, your total itemized deduction for all state and local taxes combined — including property tax — is limited to $10,000 ($5,000 if you’re married and filing separately). You still must choose between deducting income and sales tax; you can’t deduct both, even if your total state and local tax deduction wouldn’t exceed $10,000.
2. Mortgage interest deduction. You generally can claim an itemized deduction for interest on mortgage debt incurred to purchase, build or improve your principal residence and a second residence. Points paid related to your principal residence also may be deductible. For 2018 through 2025, the TCJA reduces the mortgage debt limit from $1 million to $750,000 for debt incurred after Dec. 15, 2017, with some limited exceptions.
3. Home equity debt interest deduction. Before the TCJA, an itemized deduction could be claimed for interest on up to $100,000 of home equity debt used for any purpose, such as to pay off credit cards (for which interest isn’t deductible). The TCJA effectively limits the home equity interest deduction for 2018 through 2025 to debt that would qualify for the home mortgage interest deduction.
4. Miscellaneous itemized deductions subject to the 2% floor. This deduction for expenses such as certain professional fees, investment expenses and unreimbursed employee business expenses is suspended for 2018 through 2025. If you’re an employee and work from home, this includes the home office deduction. (Business owners and the self-employed may still be able to claim a home office deduction against their business or self-employment income.)
5. Personal casualty and theft loss deduction. For 2018 through 2025, this itemized deduction is suspended except if the loss was due to an event officially declared a disaster by the President.
Be aware that additional rules and limits apply to many of these deductions. Also keep in mind that the TCJA nearly doubles the standard deduction. The combination of a much larger standard deduction and the reduction or elimination of many itemized deductions means that, even if itemizing has typically benefited you in the past, you might be better off taking the standard deduction when you file your 2018 return. Please contact us with any questions you have at 205-345-9898.
© 2019 Covenant CPA
Charities typically receive most of their donations during the holidays and at year end. It’s critical for these organizations to be on the lookout for fraud throughout the year, but even more so during the busy season. Here are some fraud schemes nonprofits should watch out for and how they can use internal controls to protect against financial losses.
Culture of trust
Charities generally are staffed by people who believe strongly in their missions, which contributes to a culture of trust. Unfortunately, such trust makes nonprofits vulnerable to certain types of fraud. For example, if managers don’t supervise staffers who accept cash donations, it provides an opportunity for them to skim cash. Skimming is even more likely to occur if a nonprofit doesn’t perform background checks on employees and volunteers who’ll be handling money.
However, skimming isn’t the most common type of fraud scheme in the nonprofit sector. According to the Association of Certified Fraud Examiners, religious, charitable and social services organizations are most likely to fall prey to billing schemes. Falsified expense reports and credit card abuse are also common in nonprofits.
Internal controls matter
Even small nonprofits that consider their employees and volunteers “family” need to establish and enforce internal controls. Such procedures must be followed regardless of how busy staffers are processing donations and completing year-end duties.
Possibly the most important control to prevent occupational fraud is segregation of duties. To reduce opportunities for any one person to steal, multiple employees should be involved in processing payables and receivables. For example, every incoming invoice should be reviewed by the staffer who instigated it to confirm the amount and that the goods or services were received. A different employee should be responsible for writing the check.
And don’t forget to protect electronic records that include data on donors, vendors and employees. Staff members should be given access only to the information and programs required for their job. And all sensitive information should be password-protected.
Caution with special events
Many nonprofits depend on money raised from a big annual gala or other special event at year end. During crowded, chaotic fundraisers, you’ll want to discourage supporters from making cash payments. Instead, presell or preregister event participants to limit access to cash on the day of the event. If you decide to accept cash at the door, try to assign cash-related duties to paid employees or board members, rather than unsupervised volunteers.
For more tips on preventing fraud in your nonprofit, contact us. We can help you reinforce internal controls, as well as investigate suspected theft. Call us today at 205-345-9898.
© 2018 Covenant CPA
Many retail businesses implement careful controls over the use of their cash registers. For this reason, register-disbursement schemes are among the least costly types of cash frauds. Without such controls, however, businesses risk significant losses. Here’s how to make sure your company is doing everything it can to prevent this type of fraud.
Issuing fictitious refunds and falsely voiding sales are a couple of common ways employees steal money. Both methods involve paying out cash without a corresponding return of inventory and usually result in abnormally high inventory shrinkage levels.
But high shrinkage is just one way to spot cash register disbursement fraud. Other red flags include:
- Disparities between gross and net sales,
- Decreasing net sales (increasing sales returns and allowances),
- Decreasing cash sales relative to credit card sales,
- Forged or missing void or refund documents,
- Increasing void or refund transactions by individual employees, and
- Multiple refunds or voids just under the review limit.
Any of these warning signs may warrant investigation. A fraud expert can help you determine whether discrepancies have innocent explanations or indicate a more serious problem.
Your business can prevent cash register theft by taking preventive measures. These include having written ethics policies and providing employees with antifraud training. In many cases of register theft, several employees are aware that it’s happening. So be sure to provide a confidential hotline or other means for employees to report unethical behavior without fear of reprisal.
Your fraud detection and deterrence program should also include training internal auditors to regularly perform horizontal analysis of income statements. Horizontal analysis — which compares financial statement line items from one period to the next — can identify suspicious trends, such as an increasing number of cash refunds.
Taking these simple steps can prevent significant losses. But signs of extensive cash register theft usually indicate bigger issues. Contact us. We can help you nip theft in the bud by strengthening internal controls and, when necessary, assemble evidence for criminal prosecutions and civil lawsuits. Call us today at 205-345-9898.
© 2018 Covenant CPA
To head off employee theft, businesses need to know what crooked employees are most likely to steal. The number one preference is cash. But if that’s off limits, the next choice is something expensive that they can use outside work. And, of course, the most costly and useful items in most offices are laptop and desktop computers and other technological devices.
How can your company protect its technology assets from theft? First, consider adding security plates and indelible markings. These additions can help you track stolen equipment, inhibit resale and discourage thieves from ever trying to steal.
Security software also can track a stolen computer online. As soon as the thief connects to the Internet, its software contacts the security firm’s monitoring system, which traces the machine’s current IP address. To locate a physical address, firms use GPS and Wi-Fi tracking. However, there can be legal obstacles to obtaining the actual address of a thief.
Most computers and mobile devices can also be tracked by sites and apps such as Google, Facebook and Dropbox, which capture the IP addresses of users when they log into their accounts. Apple products can be tracked using iCloud.
Fasten it down
To keep laptop and desktop computers where they belong, you can lock them down with cables and attach motion sensor alarms. If you store numerous laptops on your premises, consider locking them in heavy-duty cabinets or carts when not in use.
To deter desktop computer theft, consider a locked steel case bolted to the desktop. If you prefer not to drill holes in furniture, you can attach super-strength adhesive security pads to desks or other furniture to prevent thieves from lifting the equipment off the surface.
Keep it safe
It’s worth the effort to add extra security and keep your company’s assets where they belong. Also make sure that your business insurance provides adequate coverage for computer losses. Contact us for more information at 205-345-9898.
© 2018 Covenant CPA
Tax identity theft may seem like a problem only for individual taxpayers. But, according to the IRS, increasingly businesses are also becoming victims. And identity thieves have become more sophisticated, knowing filing practices, the tax code and the best ways to get valuable data.
How it works
In tax identity theft, a taxpayer’s identifying information (such as Social Security number) is used to fraudulently obtain a refund or commit other crimes. Business tax identity theft occurs when a criminal uses the identifying information of a business to obtain tax benefits or to enable individual tax identity theft schemes.
For example, a thief could use an Employer Identification Number (EIN) to file a fraudulent business tax return and claim a refund. Or a fraudster may report income and withholding for fake employees on false W-2 forms. Then, he or she can file fraudulent individual tax returns for these “employees” to claim refunds.
The consequences can include significant dollar amounts, lost time sorting out the mess and damage to your reputation.
There are some red flags that indicate possible tax identity theft. For example, your business’s identity may have been compromised if:
- Your business doesn’t receive expected or routine mailings from the IRS,
- You receive an IRS notice that doesn’t relate to anything your business submitted, that’s about fictitious employees or that’s related to a defunct, closed or dormant business after all account balances have been paid,
- The IRS rejects an e-filed return or an extension-to-file request, saying it already has a return with that identification number — or the IRS accepts it as an amended return,
- You receive an IRS letter stating that more than one tax return has been filed in your business’s name, or
- You receive a notice from the IRS that you have a balance due when you haven’t yet filed a return.
Keep in mind, though, that some of these could be the result of a simple error, such as an inadvertent transposition of numbers. Nevertheless, you should contact the IRS immediately if you receive any notices or letters from the agency that you believe might indicate that someone has fraudulently used your Employer Identification Number.
Businesses should take steps such as the following to protect their own information as well as that of their employees:
- Provide training to accounting, human resources and other employees to educate them on the latest tax fraud schemes and how to spot phishing emails.
- Use secure methods to send W-2 forms to employees.
- Implement risk management strategies designed to flag suspicious communications.
Of course identity theft can go beyond tax identity theft, so be sure to have a comprehensive plan in place to protect the data of your business, your employees and your customers. If you’re concerned your business has become a victim, or you have questions about prevention, please contact us at 205-345-9898.
© 2018 Covenant CPA