How experts use data analysis to detect fraud

Data analytics is changing the way many businesses operate. It’s also changing how forensic accountants do their jobs, providing fraud experts with the means to mine massive mounds of data like never before.

3 techniques

These analytical techniques are among the most efficient and effective at detecting occupational fraud:

1. Association analysis. This method can help identify suspicious relationships by quantifying the odds of a combination of data points occurring together. In other words, it calculates the likelihood that, if one data point occurs, another will, too. If the combination occurs at an atypical rate, a red flag goes up. For example, association analysis might find that a certain supervisor tends to be on duty when inventory theft occurs.

2. Outlier analysis. Outliers are data points outside the norm for a given data set. In many types of data analysis, outliers are simply disregarded, but these items come in handy for fraud detection. Experts know how to distinguish and respond to different types of outliers.

Contextual outliers are significant in certain contexts but not others. For example, a big jump in wages on a retailer’s financial statements might be notable in April but not in December — when seasonal workers come aboard.

Collective outliers are a collection of data points that aren’t outliers on their own but deviate significantly from the overall data set when considered as a whole. If, for instance, several public company executives sold off substantial blocks of stock in the business on the same day, it might signal suspicious behavior.

3. Cluster analysis. Here, experts group similar data points into a set and then further subdivide them into smaller, more homogeneous clusters. Data points within a cluster are similar to each other and dissimilar to those in other clusters. The greater the similarities within a cluster and the differences between clusters, the easier it is for an expert to develop rules that apply to one cluster but not the others.

Cluster analysis has long been used for market segmentation of consumers. But it can also detect fraud, particularly when combined with outlier analysis. Outlier clusters — those that are farthest from the nearest cluster when clusters are mapped out on a chart — generally merit extra scrutiny for suspicious activity. A fraud expert might, for example, use cluster analysis to evaluate group life insurance claims. The expert would look for clusters of large beneficiary or interest payments, or long lags between submission and payment.

High tech and old school

If you hire experts to uncover suspected fraud in your organization, don’t be surprised if they break out the data analytics tools. But they’ll also likely use some old-school methods — including interviewing employees — to find possible suspects and financial losses. Contact us to discuss at 205-345-9898 and [email protected].

© 2019 CovenantCPA

Antifraud checklist for construction companies

According to the Association of Certified Fraud Examiners’ Report to the Nations: 2018 Global Study on Occupational Fraud and Abuse, organizations victimized by fraud lose a median $130,000. But construction companies, in particular, are even harder hit, with a median loss of $227,000. What can you do to protect your construction business? Adopt this checklist.

Ways to tighten controls

An effective strategy for minimizing fraud is to tighten your internal controls. Make sure the following are part of your policies and procedures:

Surprise audits and jobsite visits. These visits can not only help detect fraud, but also send a strong message that combating fraud is a priority — which is a powerful deterrent.

Segregation of duties. Avoid situations in which one person handles multiple financial or accounting tasks. For example, the person who processes cash transactions shouldn’t also prepare the company’s bank deposits.

Bank statements. Have monthly bank statements sent to you or a manager independent of the accounting function. Canceled checks should be reviewed for unfamiliar payees and forged signatures.

Purchase monitoring. Name someone other than the purchasing agent — you or an estimator, for instance — to review vendor invoices, purchase orders and other documents. Use prenumbered purchase orders. Physically check materials and supplies to ensure they correspond to what was ordered in terms of quantity and quality.

Kickbacks and bid-rigging. If your company is suddenly winning bids that you haven’t in the past and that seem like a stretch, verify that your bid processes have been followed. Sometimes employees disguise illegal activities as change orders, so be sure to scrutinize each change order.

Budget analysis. Prepare annual budgets — for your company and each job — and regularly compare actual results to budgets. Scrutinize large or unanticipated discrepancies.

Payroll practices. Have someone independent of your accounting department verify the names and pay rates on your payroll. If you don’t already, pay employees using direct deposit, rather than with checks or cash.

Vacation policy. Require full-time employees to take time off every year. Fraud is often exposed when the perpetrator isn’t there to cover it up.

Many benefits

These are just some of the many internal controls contractors should implement to protect their businesses. In addition to preventing and revealing fraud, solid internal controls can help avoid accounting errors, reduce waste and boost cash flow by making billing, purchasing and other processes more efficient. Contact us for more information at 205-345-9898 and [email protected].

© 2019 CovenantCPA

Uncover bogus resumé claims — and prevent bad hires

Job applicants aren’t always honest on their resumés. And if you don’t investigate suspicious claims, you might end up hiring an unqualified and unethical employee — which could lead to financial, productivity and legal liability issues. The resumé fibber might also be more likely to commit occupational fraud.

Here’s how to unearth the three most common resumé falsifications.

1. Deceptive dates

Whether to gloss over a termination, a period of job hopping or time spent out of the workforce, some job seekers “adjust” dates to make their employment history seem more consistent. Look closely at resumés that state employment dates in years, not months. Say an applicant claims she worked at her last job between 2017 and 2018. Her tenure may only have lasted two months — December 2017 until January 2018 — instead of the implied two years.

Confirm an applicant’s precise employment dates with all previous employers. Also make sure that candidates complete your entire job application, informing them that, although a resumé isn’t a legal document, a job application is. Lying on it is cause for immediate dismissal.

2. Fake degrees and shifting majors

Workers applying for a position that requires a specific degree are more likely to lie about their education than other applicants are. If a resumé lists an unfamiliar school, or coursework and years but no degree, dig deeper. A school you’ve never heard of could be a diploma mill. A resumé that simply lists Chemistry, State College, 2002, may indicate that the job seeker completed classes in that subject but didn’t actually receive a degree.

Always check applicants’ educational claims by contacting the degree-granting institution. If you’re suspicious of a school, verify its accreditation with the U.S. Department of Education.

3. Embellished titles, skills and accomplishments

Everyone tries to look their best on a resumé. Some, however, embellish their experience, titles, skill proficiencies or grade point averages with outright lies. There’s no such thing as a perfect job candidate: You may want to flag any resumé that exactly matches all of a position’s qualifications.

You should contact all personal references and speak with previous supervisors or HR staffers, notpeers, to confirm titles and job responsibilities. To elicit the best information, ask open-ended questions, followed by more probing, detailed ones. But be aware that some past employers will give only limited information, such as dates of employment.

Time and money well spent

If you’re quickly checking resumés and conducting interviews, you’re less likely to separate the candidates with real potential from those sporting fake credentials. If time is scarce, outsource this process. It’s money well spent if you can save your company from public embarrassment, legal woes or financial losses due to fraud. Contact us with questions at 205-345-9898 and [email protected].

© 2019 CovenantCPA

Preventing fraud in auto dealerships

To prevent occupational fraud from cutting into your auto dealership’s profits and generating negative publicity, you need a strong internal controls system. And effective controls start with current and accurate financial statements.

It starts in accounting

One sign of weak internal controls is an accounting department that fails to generate a balance sheet and income statement until two or more weeks after month’s end. Accounting should post transactions daily, including new and used vehicle sales, repair orders, invoice payments, payroll and cash receipts.

By 1 p.m. on any given day, you should have access to real-time checkbook balances and other accounting information effective as of 5 p.m. the day before. That way, you might be able to catch the first signs of fraud and use the data to catch the perpetrator.

Tried and true methods

Complex computer passwords, background checks and security cameras are essential to preventing fraud. But sometimes these protections fall by the wayside. Periodically review your safeguards and ensure they’re being used. For example, require employees to change their passwords quarterly, conduct regular inventory counts, engage outside CPAs to perform audits and segregate accounting duties.

As a rule of thumb, employees who record and reconcile transactions should never have access to those assets (including being a signer on bank accounts). Give the segregation of duties a starring role in your internal controls program.

Real life examples

To see how such controls can reduce losses, consider this real-life scam. A parts manager stole $70,000 by selling his employer’s parts and pocketing the cash. The loss could have been reduced if the owner had performed random inventory counts throughout the year, rather than waiting for his CPA to physically verify inventories at year end.

In another case, a dealership caught its cashier stealing by voiding service orders and falsifying deposit slips. The cashier’s responsibilities included collecting cash, issuing receipts to customers, preparing the daily deposit slip and reconciling the daily cash report. A loss of $16,000 might have been prevented if the dealership had segregated these duties.

Another dealer learned that his general manager was wholesaling used cars at a loss to the dealership because he owned a 50% interest in the wholesaler. A better pre-employment screening process might have helped detect such conflicts of interest as well as any criminal history.

Be involved

We can help you bolster your dealership’s internal controls. But your involvement is essential to preventing fraud. Let employees know that you personally review bank statements, order test counts of inventory and examine adjusted journal entries. Knowing that you’re paying attention will discourage most thieves. Contact us for more at 205-345-9898 and [email protected].

© 2019 CovenantCPA

Responding to the nightmare of a data breach

It’s every business owner’s nightmare. Should hackers gain access to your customers’ or employees’ sensitive data, the very reputation of your company could be compromised. And lawsuits might soon follow.

No business owner wants to think about such a crisis, yet it’s imperative that you do. Suffering a data breach without an emergency response plan leaves you vulnerable to not only the damage of the attack itself, but also the potential fallout from your own panicked decisions.

5 steps to take

A comprehensive plan generally follows five steps once a data breach occurs:

1. Call your attorney. He or she should be able to advise you on the potential legal ramifications of the incident and what you should do or not do (or say) in response. Involve your attorney in the creation of your response plan, so all this won’t come out of the blue.

2. Engage a digital forensics investigator. Contact us for help identifying a forensic investigator that you can turn to in the event of a data breach. The preliminary goal will be to answer two fundamental questions: How were the systems breached? What data did the hackers access? Once these questions have been answered, experts can evaluate the extent of the damage.

3. Fortify your IT systems. While investigative and response procedures are underway, you need to proactively prevent another breach and strengthen controls. Doing so will obviously involve changing passwords, but you may also need to add firewalls, create deeper layers of user authentication or restrict some employees from certain systems.

4. Communicate strategically. No matter the size of the company, the communications goal following a data breach is essentially the same: Provide accurate information about the incident in a reasonably timely manner that preserves the trust of customers, employees, investors, creditors and other stakeholders.

Note that “in a reasonably timely manner” doesn’t mean “immediately.” Often, it’s best to acknowledge an incident occurred but hold off on a detailed statement until you know precisely what happened and can reassure those affected that you’re taking specific measures to control the damage.

5. Activate or adjust credit and IT monitoring services. You may want to initiate an early warning system against future breaches by setting up a credit monitoring service and engaging an IT consultant to periodically check your systems for unauthorized or suspicious activity. Of course, you don’t have to wait for a breach to do these things, but you could increase their intensity or frequency following an incident.

Inevitable risk

Data breaches are an inevitable risk of running a business in today’s networked, technology-driven world. Should this nightmare become a reality, a well-conceived emergency response plan can preserve your company’s goodwill and minimize the negative impact on profitability. We can help you budget for such a plan and establish internal controls to prevent and detect fraud related to (and not related to) data breaches. Call or email us today at 205-345-9898 or [email protected].

© 2019 CovenantCPA

Prevent hackers from wiping out your employees’ 401(k) accounts

News of commercial database hackings may seem commonplace in 2019. But while many of these stories focus on hacked bank and credit card accounts, 401(k) plan sponsors and participants probably don’t realize that their plan assets also are at risk.

Employers who offer 401(k) plans to their employees need to take precautions against identity theft. Part of this is educating participants.

Role of sponsors

If your organization sponsors a 401(k) plan, it’s essential that you assess plan service providers’ protection systems and policies. Most providers carry cyberfraud insurance that they extend to plan participants. But there may be limits to this protection if, for example, the provider determines that you (the sponsor) or employees (participants) opened the door to a security breach.

Your plan’s documents may say that participants must adopt the provider’s recommended security practices. These could include checking account information “frequently” and reviewing correspondence from the administrator “promptly.” Make sure you and your employees understand what these terms mean — and follow them.

What participants can do

Traditionally, 401(k) plan participants have been discouraged from worrying about short-term fluctuations and volatility in their accounts, and instead encouraged to focus on the long run. However, lack of regular monitoring can make these accounts vulnerable. Instruct employees to periodically check their account balances and look for signs of unauthorized activity.

Employees also should take the same steps they follow to protect other online accounts. For example:

  • Use strong passwords and change them regularly.
  • Take advantage of two-factor authentication.
  • Don’t use the same login ID and passwords for multiple sites.
  • Don’t allow a browser to store login information.
  • Never share login information.

Such precautions can foil some of the most common retirement plan thieves — relatives and friends — from using their knowledge to gain account access. In one real-life case, a plan participant divorced his wife and moved out of the house. However, he didn’t update his address with his plan provider, change his password or review his balance regularly. His ex-wife cleaned out his more than $40,000 balance.

A few clicks

Without adequate vigilance, anybody can be a few clicks away from cleaning out your employees’ 401(k) accounts. Review your plan documents carefully and educate participants about their responsibilities for monitoring their accounts. Contact us for more information on identity theft at 205-345-9898 or [email protected].

© 2019 CovenantCPA

Fraud fact: Crooks prefer cash

It should come as no surprise that cash is the most popular target of fraud perpetrators. After all, once stolen, cash itself is virtually untraceable. But that doesn’t mean forensic accounting professionals can’t unearth cash fraud schemes — and the crooks behind them.

3 categories

According to the Association of Certified Fraud Examiners, there are three main categories of cash fraud (which includes checks because they’re easily converted to cash):

  1. Theft of cash on hand,
  2. Theft of cash receipts, and
  3. Fraudulent disbursements.

The last category comprises many of the most frequently executed schemes, such as overbilling and “ghost” vendor or employee schemes. For example, overbilling vendors usually submit inflated invoices by overstating the price per unit or the quantity delivered. A dishonest vendor also might submit a legitimate invoice multiple times. Overbilling may involve collusion with employees of the victim organization, who typically receive kickbacks for their assistance.

Employees also can conduct billing fraud on their own, submitting bogus invoices payable to a fictitious vendor and diverting the payments to themselves. Similarly, an employee might set up payroll disbursements to nonexistent ghost employees.

Tracing schemes

Cash can be difficult to trace once it’s in the hands of a thief. But forensic experts usually are able to trace the path that stolen cash took before the fraudster pocketed it. This includes who “touched” the cash and what prompted its flow out of the organization.

Inflated invoices, for example, often leave a trail of red flags. Experts look for invoices that bill for “extra” or “special” charges with no explanation. Other suspicious signs include round dollar amounts, or amounts just below the threshold that requires management’s signoff, and discrepancies between invoice amounts and purchase orders, contracts or inventory counts.

If forensic experts suspect that fictitious billing has occurred, they often investigate accounts with no tangible deliverables — such as those for consulting, commissions and advertising — and check vendor addresses against employee addresses. Invoices with consecutive numbers or payable to post office boxes receive extra scrutiny.

Returned checks can supply useful information, too. Fraud perpetrators are more likely to cash checks, whereas legitimate businesses typically deposit them and rarely endorse checks to third parties.

To trace ghost employee schemes, experts examine payroll lists, withholding forms, employment applications, personnel files and other documents. The information collected from these sources may provide vital links between actual and ghost employees that wouldn’t otherwise be apparent.

To catch a thief

Strong internal controls are instrumental in preventing cash-type schemes. But even the strongest controls sometimes fail to prevent a determined fraudster. If that happens, we can help your business ferret out the fraud and track down the perp. Call or email us today for help– 205-345-9898 or [email protected].

© 2019CovenantCPA

Litigation Support

5 ways to prevent fraud in your law firm

Because they foster a collegial, trusting environment, law firms can be more vulnerable to fraud than many other types of businesses. Enforcing internal controls may simply seem unnecessary in an office of professionals dedicated to the law. Unfortunately, occupational thieves can take advantage of such complacency.

A law firm’s accounting department — payroll and accounts payable and receivable — may be particularly vulnerable. To protect against financial losses and possible public embarrassment, implement and enforce five basic controls:

1. Screen employees. Require all prospective employees, regardless of level, to complete an employment application with written authorization permitting your firm to verify information provided. Then, call references and conduct background checks (or hire a service to do it). These checks search criminal and court records, pull applicants’ credit reports and driving records, and verify their Social Security numbers.

2. Use fraud-resistant documents. The design of financial documents can help ensure proper authorization of transactions, completeness of transaction histories and adherence to other control elements. For example, use prenumbered payment vouchers that a designated partner must approve.

3. Require authorization. Authorization procedures can help prevent transactions from occurring without proper approval. In the example above, the designated partner is the authorizing party. This control is effective because the partner is in a position to know what the transactions are and how they pertain to your firm’s clients. Similarly, restrict access by maintaining current signature cards at your bank and by protecting accounting and billing systems with difficult passwords.

4. Segregate duties. Some smaller firms assign the same person to open mail, make bank deposits, record book entries and reconcile monthly bank statements. In this environment, fraud’s not only possible — it’s likely. It’s critical that your firm distribute these tasks to two or more people.

5. Provide independent oversight. A designated partner should open all bank statements. Even if the partner doesn’t review every item individually, employees will get the message that transactions will be verified. Someone outside the accounting department, such as your firm’s CPA, might also review transactions as they’re processed and financial statements at the close of accounting cycle reconciliations.

Even if your firm is like family — especially if your firm is like family — you need to reduce fraud opportunities by strengthening internal controls. If you aren’t sure if your policies are adequate, or if you’ve experienced a fraud incident, contact us at 205-345-9898 or [email protected].

© 2019 CovenantCPA

How fraud can scuttle the purchase of your dream home

Buying a home is stressful enough without also having to worry about potential fraud. Unfortunately, real estate fraud is surging. According to Realtor magazine, scams targeting the industry rose 1,100% from 2015 to 2017, resulting in losses of more than $1.6 billion.

Home closing wire fraud should be of particular concern for prospective homebuyers. When schemes are successful, criminals can make off with buyers’ hard-earned down payments — several hundred thousand dollars’ worth in some cases. Here’s how to avoid losing the home of your dreams and the money with which to buy it.

The scoop

Home closing wire fraud involves hackers who typically use real estate agents’ email accounts to trick homebuyers into wiring money. Perpetrators send phishing messages containing links that, if clicked on, install malware. The hackers then infiltrate the agent’s email account and send messages to clients who are about to close on a home. Emails instruct buyers to wire closing funds to a specified account. Once the money is wired, the crooks quickly liquidate it. In most cases, the wired money isn’t recoverable.

Hackers also may target the email accounts of title companies, lenders, attorneys and sellers, and the process is the same. The criminals monitor emails to learn details about potential homebuyers and deals in progress and to learn how to create messages that will look and sound like they’re coming from a buyer’s agent or other real estate professional.

Group effort

Preventing home closing wire fraud must be a group effort. Homebuyers need to scrutinize emails they receive from their agents, attorneys and title companies. And those professionals need to ensure their accounts aren’t hacked in the first place.

Prospective buyers should ask their agents whether they’re aware of wire fraud scams and how they protect against them. For example, does the real estate company train agents to spot fraudulent emails? What type of firewall, antivirus and antimalware software does it use?

Many companies go to great lengths to prevent this type of fraud. They may, for example:

  • Prohibit their agents from emailing wiring instructions,
  • Require buyers to pay closing costs with a cashier’s check rather than a wire transfer, and
  • Employ cloud-based systems to screen emails and provide an extra layer of protection for confidential information.

At the very least, homebuyers should call their agents (or other real estate industry senders) to confirm the legitimacy of any message containing fund transfer or other potentially fraudulent instructions.

Natural target

Home purchases involve large sums, which makes them a natural target for fraudsters. Awareness of fraud schemes is the first step to avoid becoming a victim of them.

Contact us at 205-345-9898 or [email protected].

© 2019 CovenantCPA

Is return fraud cutting into your store’s profits?

For brick-and-mortar retailers, return fraud can be a serious financial threat. There are several types of schemes. But when they’re successful, they all end the same way: Stores issue refunds that they shouldn’t have. Here’s what to look for and how to limit losses.

Myriad schemes

Return fraud perpetrators could be customers, employees or even a criminal gang working with employee accomplices. In perhaps the most common scheme, an individual steals merchandise, and then returns it and insists on a cash refund, despite the lack of a receipt. Or a criminal steals merchandise from one retailer and then returns it to another for a cash refund.

Some thieves do supply receipts — but they’re fake. The “customer” hands over an altered or completely counterfeit receipt that the original payment was made in cash. The retailer then issues a full cash refund.

Other return fraud schemes might involve:

Stolen cards. The thief makes a purchase using a stolen credit card. He or she then returns the merchandise, usually on the same day (before the actual cardholder disputes the charge). The goal is a full cash refund.

Damaged goods. Instead of returning merchandise in new, as-sold condition, customers return items that are worn, damaged or broken. They distract the employee processing the refund from closely scrutinizing the merchandise with conversation or other diversions.

Crooked workers. An employee discounts merchandise and sells it to an accomplice who subsequently returns it to the same employee for a refund at full price. Workers might also steal merchandise and then instruct their accomplices to return it without a receipt for a cash refund.

Reducing crime

You can reduce the incidence of return fraud by making it hard for thieves to get their hands on cash. Issue refunds only when they’re accompanied by an original receipt and only to credit cards. Scan receipts into your point of sale system to ensure they were produced by your store’s registers. If a purchase wasn’t made with a credit card — or if the customer doesn’t have the card on hand — refund it with a store credit. You may also want to ask the customer to produce identification.

To help limit employee-perpetrated return fraud, install security cameras, ensure strong management oversight and provide a confidential fraud reporting hotline. In addition, monitor the frequency and value of returns processed by individual cashiers and investigate employees with higher-than-average return numbers.

Walking a thin line

Although you don’t want to encourage crooks, you may think a generous return policy is essential to providing superior customer service. So that you don’t alienate legitimate customers, state your return policies clearly at every cash register and on every receipt. And contact us for help writing a policy that balances all your priorities. 205-345-9898 or [email protected].

© 2019 CovenantCPA