11 minute read
FOCUS
FIVE PLACES TO BE ON THE LOOKOUT FOR FRAUD
By Christina Solomon, CPA/CVV, CFE, CGMA and Michael J. Devereux II, CPA, CMP, Mueller Prost
Fraud takes on many forms, resulting in substantial financial losses and exposing your company to undue risk. Fraud can be perpetrated by internal sources – those employees, managers and even owners who are implicitly trusted, yet this group historically has caused losses exceeding a median loss of $240,000 per instance of fraud because they are able to circumvent or override existing controls that are in place. Your business also can be targeted by external sources, which may include your suppliers, customers or contractors looking primarily to overcharge for materials or services that may not have been provided, were provided but improperly billed or do not otherwise meet specifications. Furthermore, your employees also may be unwittingly put your business’s confidential information and reputation at risk, by falling victim to attacks by cyber criminals. Because of the varied ways, reasons and opportunities for fraud, a good defense is your best strategy to deter and identify fraud within your company. In this article, we explore five areas to be on the lookout for fraud in your plastics company. The work floor Your employees can commit fraud in many ways, but the greatest opportunity often exists with timekeeping matters and the theft of physical and intangible assets. Timekeeping fraud occurs when an employee mischaracterizes the hours they worked or took as paid leave. Strong internal controls regarding clocking in/out, and supervisory review and approval of leave requests are important to control any potential misuse or abuse by your employees. Brainstorming ways employees can work together to cover for each other, or collude, will help identify weakness in the process that should be strengthened. Automating processes so that key tasks can increase the effectiveness and efficiency of controls that are implemented, along with periodic testing, can ensure that those controls are operating as intended. Your organization’s physical assets are at risk of theft or misuse by your employees. Commonly, one or more employees may identify that certain goods can be taken without notice and sold to third parties on various social media marketplaces. While physical controls, such as surveillance cameras, are an important element to deter and continued on page 16
detect, strong inventory controls are even better. There are two main types of inventory controls. The first is to control the physical movement and access to inventoriable assets, which commonly includes designated locations by inventory type, barcoding and restricted physical access to products with high-dollar value, fungible or at greatest risk of theft. The other type of inventory controls relates to performing cycle counts, periodic inventories and using data analytics to identify unusual trends in the purchasing, usage or scrap of inventoriable goods. Theft and use of intangible assets can occur just as easily. This can range from the theft and sale of the company’s proprietary information to the use of the company’s design software licenses to perform services “on the side.” Internal controls can be developed that can deter and mitigate the use of these assets. The accounting office The accounting office is a hot spot for fraud in any industry, and fraud risks are compounded when one or two trusted employees are responsible for sensitive jobs. The danger is even greater when these same employees have administrative access and password control to manipulate the accounting system, as well as control over financial reports. Over 14% of fraud committed by employees occurs within the accounting department, with a median loss of over $200,000 per instance. Fraud perpetrated by your company’s accounting department can be very complicated and well-concealed, but most often it is hiding in plain sight. The following are common fraud schemes affecting the manufacturing industry and simple strategies to help you identify and deter them. Ghost Employees. An employee with the control to create a new employee in the payroll system, record and submit payroll, and make changes to the payroll master file easily can create a false employee, increase amounts or fail to terminate an employee. Direct deposit or mailing information easily can be updated. While it is a best practice to segregate the duties outlined above, it may not be practical to do so. If this is the case, having another person reconcile the payroll registers between pay periods and/or reviewed against a simple list of verified employees would be advised. In
1 2
continued from page 15 addition, “change” reports, which summarize the additions/ deletions/changes for the pay period, can be a quick and efficient internal control – just be certain that the designated reviewer can run the report on his/her own or that the report is generated by the payroll provider, if applicable, and sent directly by them to the reviewer.
AP Ghost Vendors. Like ghost employee schemes, ghost vendors are a common problem. An employee who has control over both the creation of a vendor in the payables file and the payment of invoices can create a vendor or edit an existing one, receive fake invoices for common goods or services, approve the invoice and pay the bill. To the extent duties cannot be segregated easily, regular scrutiny of your vendor master list – including the frequency and amount paid during the period(s) under review – is a strong mitigating control. In addition, regular maintenance of your vendor file will decrease fraud risks by ensuring that unused vendors are deactivated, active vendors are not duplicative and that active vendors have full and complete contact information.
Other Disbursement Schemes. An employee who has access to check stock or online banking tools often has the access to commit fraud against your company if the need, opportunity and rationalization for the misconduct exist. Such misconduct may include making checks payable to cash or him/herself directly, the payment of personal expenses using online banking tools or misrepresenting the payee or amount on a “blank” check they may present for signature. As mentioned earlier, these schemes are not cleverly concealed and, as are result, often are detected with a careful review of the monthly bank statement, including the check and deposit images.
Meeting Space for
any Event
From the moment you walk into our doors, we’re there to make you feel welcome. Our 198-room hotel offers more than 11,000 square feet of flexible meeting and event space including our beautiful outdoor Blue Cedar Terrace. Give us a call today for a personalized tour!
Holiday Inn Wichita East I-35
549 South Rock Road, Wichita, Kansas 316-686-7131 | www.HolidayInnWichita.com 3 The sales office Your sales staff, given their role and relationship with your organizations’s customers, puts your organization at risk of fraud stemming from that relationship. These frauds commonly are referred to as corruption schemes and may include kickbacks or conflicts of interest. While close relationships between your sales staff and your customers and clients are important, recognizing red flags that may indicate an unusually close relationship, such as taking on responsibilities outside of their normal job duties or excess possessiveness regarding the contract, are important to deter misconduct. Increased fraud risks exist from commission schemes and employee expense reports schemes, both typical types of fraud committed by a sales team.
Commission schemes often inflate the sales amount, quantity or the rate of commission. The schemes also may include collusion with customers to purchase product and return it after the commission is computed or involve sales made to a fictitious company. Aside from behavior red flags that may be present, a company may identify anomalies with its accounts receivables and related discounts/write-offs, customer information irregularities or complaints, and inconsistencies with the employee’s performance and compensation when compared over time or to their peers.
An employee expense reimbursement scheme involves the employee making an improper claim for the reimbursement of expenses. The expenses could be fictitious, personal in nature, overstated or submitted more than once. A good employee reimbursement system should include prior approval for large expenditures and enforcement of submission of receipts as proof of purchase. Generally, expense reimbursement forms are treated as an administrative task and rarely are the forms – and the required receipts – reviewed with the appropriate care to identify mistakes, much less deceit. Using automated expense reporting tools or detailed spreadsheet-based templates can allow for advanced data analysis to help your company identify anomalies and inconsistencies by employees when compared over time or to their peers.
continued from page 16 4
The supply chain
Fraud risks within your supply chain are present and put your organization at unnecessary financial and reputational risk.
Billing Fraud. Billing fraud results when a supplier submits multiple invoices for work that was only incurred once or issues false or inflated invoices. Strong controls over the purchasing cycle – including vendor selection, inventory tracking and diligent three-way matching controls to ensure that discrepancies between purchase orders, packing slips and invoices are identified, investigated and sufficiently resolved before payment are due – strengthen your organization’s internal controls and mitigates the risk of fraud loss from billing discrepancies, whether incidental or intentional.
Misrepresentation of Goods. Fraud involving the misrepresentation of goods occurs when a supplier knowingly misconstrues the products sold or offered. For example, a supplier may knowingly deliver products that fail to meet the contract specifications. This misrepresentation, even if not fraudulent, puts your company at risk for reputational harm and can cause the loss of established or new business, customers and relationships. Ensuring that your contracts have a “right to audit” clause can be an effective tool, if enforced, to identify misrepresentation issues, billing discrepancies or other contractual breeches.
Corruption. The employees responsible for the purchasing of goods used in business processes can collude with vendors to exploit your company. This can take the form of bribes and kickbacks and can come in various forms (e.g. gifts, money, favors, etc.). As a result, your organization may overpay for goods, accept inferior quality products, create a conflict-of-interest or simply create a supply chain that is not properly diversified. Identifying behavioral red flags and having strong purchasing controls, including periodic request from bids, coupled with data analytics will help you identify and mitigate risks associated with supply chain corruption schemes.
5Your employee’s inbox Email has become an essential means of doing business; however, the expectations it sets regarding the immediacy of responses allows cybercriminals to exploit your employees, ultimately leading to the comprise of your company’s most sensitive data. This data can be held for ransom; to gain access to financial and personally identifiable information of your employees, vendors customers necessary to commit identity theft fraud; or can be used to gain illegal access to your company’s propriety processes or intellectual property. The stakes are high, with significant economic losses and exposing your organization to debilitating reputational risks. Cybercriminals use different ways to breach your systems and social engineering techniques to cause your employees to take inappropriate actions. Phishing and other email compromise schemes today are masterful – they look legitimate, are personalized and are carefully worded to create a sense of legitimacy by the sender and create a sense of urgency by the recipient. It has been estimated that up to 90% of successful breaches involve a phishing scheme. Attacks of this nature can result in a myriad of fraud, a few of which are listed below: • Wire transfers to cyber criminals posing as a supplier or key executive. • Installation of key loggers by clicking on an embedded link in an email. These loggers are used to gain access to passwords, account numbers or systems. • The purchase of gift cards and submission of the account information via email.
The best defense strategy to this type of fraud is first acknowledging that it can happen to your company. Your company is not “too small” to be targeted – you have information that is valuable, and your firewalls and information technology controls are not likely to prevent all attacks. Increasing employee training on cyber fraud, particularly phishing schemes, is just as important as instituting password requirements and keeping firewalls and email filters up to date. This training also should include strong practices regarding verifying information before taking action. This could include developing protocols for secondary authorization of wire transfers and verifying instructions with the sender by using contact information in your records, not those listed in the body of the email.
In addition, protecting your company with cyber insurance, developing a proactive incident response plan and testing to ensure information technology controls are in place and functioning as intended are excellent strategies to mitigate your risks and exposure from cyber fraud. F
Michael J. Devereux II, CPA, CMP, is a partner and director of Manufacturing, Distribution & Plastics Industry Services for Mueller Prost. Devereux’s primary focus is on tax incentives and succession planning. He regularly speaks at manufacturing conferences around the country on tax issues. For more information, visit www.muellerprost.com.
Devereux
