Charities typically receive most of their donations during the holidays and at year end. It’s critical for these organizations to be on the lookout for fraud throughout the year, but even more so during the busy season. Here are some fraud schemes nonprofits should watch out for and how they can use internal controls to protect against financial losses.
Culture of trust
Charities generally are staffed by people who believe strongly in their missions, which contributes to a culture of trust. Unfortunately, such trust makes nonprofits vulnerable to certain types of fraud. For example, if managers don’t supervise staffers who accept cash donations, it provides an opportunity for them to skim cash. Skimming is even more likely to occur if a nonprofit doesn’t perform background checks on employees and volunteers who’ll be handling money.
However, skimming isn’t the most common type of fraud scheme in the nonprofit sector. According to the Association of Certified Fraud Examiners, religious, charitable and social services organizations are most likely to fall prey to billing schemes. Falsified expense reports and credit card abuse are also common in nonprofits.
Internal controls matter
Even small nonprofits that consider their employees and volunteers “family” need to establish and enforce internal controls. Such procedures must be followed regardless of how busy staffers are processing donations and completing year-end duties.
Possibly the most important control to prevent occupational fraud is segregation of duties. To reduce opportunities for any one person to steal, multiple employees should be involved in processing payables and receivables. For example, every incoming invoice should be reviewed by the staffer who instigated it to confirm the amount and that the goods or services were received. A different employee should be responsible for writing the check.
And don’t forget to protect electronic records that include data on donors, vendors and employees. Staff members should be given access only to the information and programs required for their job. And all sensitive information should be password-protected.
Caution with special events
Many nonprofits depend on money raised from a big annual gala or other special event at year end. During crowded, chaotic fundraisers, you’ll want to discourage supporters from making cash payments. Instead, presell or preregister event participants to limit access to cash on the day of the event. If you decide to accept cash at the door, try to assign cash-related duties to paid employees or board members, rather than unsupervised volunteers.
For more tips on preventing fraud in your nonprofit, contact us. We can help you reinforce internal controls, as well as investigate suspected theft. Call us today at 205-345-9898.
© 2018 Covenant CPA
Many retail businesses implement careful controls over the use of their cash registers. For this reason, register-disbursement schemes are among the least costly types of cash frauds. Without such controls, however, businesses risk significant losses. Here’s how to make sure your company is doing everything it can to prevent this type of fraud.
Issuing fictitious refunds and falsely voiding sales are a couple of common ways employees steal money. Both methods involve paying out cash without a corresponding return of inventory and usually result in abnormally high inventory shrinkage levels.
But high shrinkage is just one way to spot cash register disbursement fraud. Other red flags include:
- Disparities between gross and net sales,
- Decreasing net sales (increasing sales returns and allowances),
- Decreasing cash sales relative to credit card sales,
- Forged or missing void or refund documents,
- Increasing void or refund transactions by individual employees, and
- Multiple refunds or voids just under the review limit.
Any of these warning signs may warrant investigation. A fraud expert can help you determine whether discrepancies have innocent explanations or indicate a more serious problem.
Your business can prevent cash register theft by taking preventive measures. These include having written ethics policies and providing employees with antifraud training. In many cases of register theft, several employees are aware that it’s happening. So be sure to provide a confidential hotline or other means for employees to report unethical behavior without fear of reprisal.
Your fraud detection and deterrence program should also include training internal auditors to regularly perform horizontal analysis of income statements. Horizontal analysis — which compares financial statement line items from one period to the next — can identify suspicious trends, such as an increasing number of cash refunds.
Taking these simple steps can prevent significant losses. But signs of extensive cash register theft usually indicate bigger issues. Contact us. We can help you nip theft in the bud by strengthening internal controls and, when necessary, assemble evidence for criminal prosecutions and civil lawsuits. Call us today at 205-345-9898.
© 2018 Covenant CPA
To head off employee theft, businesses need to know what crooked employees are most likely to steal. The number one preference is cash. But if that’s off limits, the next choice is something expensive that they can use outside work. And, of course, the most costly and useful items in most offices are laptop and desktop computers and other technological devices.
How can your company protect its technology assets from theft? First, consider adding security plates and indelible markings. These additions can help you track stolen equipment, inhibit resale and discourage thieves from ever trying to steal.
Security software also can track a stolen computer online. As soon as the thief connects to the Internet, its software contacts the security firm’s monitoring system, which traces the machine’s current IP address. To locate a physical address, firms use GPS and Wi-Fi tracking. However, there can be legal obstacles to obtaining the actual address of a thief.
Most computers and mobile devices can also be tracked by sites and apps such as Google, Facebook and Dropbox, which capture the IP addresses of users when they log into their accounts. Apple products can be tracked using iCloud.
Fasten it down
To keep laptop and desktop computers where they belong, you can lock them down with cables and attach motion sensor alarms. If you store numerous laptops on your premises, consider locking them in heavy-duty cabinets or carts when not in use.
To deter desktop computer theft, consider a locked steel case bolted to the desktop. If you prefer not to drill holes in furniture, you can attach super-strength adhesive security pads to desks or other furniture to prevent thieves from lifting the equipment off the surface.
Keep it safe
It’s worth the effort to add extra security and keep your company’s assets where they belong. Also make sure that your business insurance provides adequate coverage for computer losses. Contact us for more information at 205-345-9898.
© 2018 Covenant CPA
Tax identity theft may seem like a problem only for individual taxpayers. But, according to the IRS, increasingly businesses are also becoming victims. And identity thieves have become more sophisticated, knowing filing practices, the tax code and the best ways to get valuable data.
How it works
In tax identity theft, a taxpayer’s identifying information (such as Social Security number) is used to fraudulently obtain a refund or commit other crimes. Business tax identity theft occurs when a criminal uses the identifying information of a business to obtain tax benefits or to enable individual tax identity theft schemes.
For example, a thief could use an Employer Identification Number (EIN) to file a fraudulent business tax return and claim a refund. Or a fraudster may report income and withholding for fake employees on false W-2 forms. Then, he or she can file fraudulent individual tax returns for these “employees” to claim refunds.
The consequences can include significant dollar amounts, lost time sorting out the mess and damage to your reputation.
There are some red flags that indicate possible tax identity theft. For example, your business’s identity may have been compromised if:
- Your business doesn’t receive expected or routine mailings from the IRS,
- You receive an IRS notice that doesn’t relate to anything your business submitted, that’s about fictitious employees or that’s related to a defunct, closed or dormant business after all account balances have been paid,
- The IRS rejects an e-filed return or an extension-to-file request, saying it already has a return with that identification number — or the IRS accepts it as an amended return,
- You receive an IRS letter stating that more than one tax return has been filed in your business’s name, or
- You receive a notice from the IRS that you have a balance due when you haven’t yet filed a return.
Keep in mind, though, that some of these could be the result of a simple error, such as an inadvertent transposition of numbers. Nevertheless, you should contact the IRS immediately if you receive any notices or letters from the agency that you believe might indicate that someone has fraudulently used your Employer Identification Number.
Businesses should take steps such as the following to protect their own information as well as that of their employees:
- Provide training to accounting, human resources and other employees to educate them on the latest tax fraud schemes and how to spot phishing emails.
- Use secure methods to send W-2 forms to employees.
- Implement risk management strategies designed to flag suspicious communications.
Of course identity theft can go beyond tax identity theft, so be sure to have a comprehensive plan in place to protect the data of your business, your employees and your customers. If you’re concerned your business has become a victim, or you have questions about prevention, please contact us at 205-345-9898.
© 2018 Covenant CPA