Category Archives for "Fraud"

Payment fraud tests
Apr 24

Payment Fraud Tests: Five Powerful Ideas

By Charles Hall | Auditing , Fraud

Are you looking for payment fraud tests? Ways to detect fraudulent payments and create unpredictable tests. Here’s your article.

You are leading the audit team discussion concerning disbursements, and a staff member asks, “Why don’t we ever perform fraud tests? It seems like we never introduce elements of unpredictability.”

You respond by saying, “Yes, I know the audit standards require unpredictable tests, but I’m not sure what else to do. Any fresh ideas?”

The staff member sheepishly responds, “I’m not sure.”

And you are thinking, “What can we do?”

Man looking for payment fraud

Five Payment Fraud Tests

Here are five payment fraud tests that you can perform in most any audit.

1. Test for duplicate payments

Why test for duplicate payments?

Theft may occur as the accounts payable clerk generates the same check twice, stealing and converting the second check to cash. The second check may be created in a separate check batch, a week or two later. This threat increases if (1) checks are signed electronically or (2) the check-signer does not normally examine supporting documentation and the payee name.

How can you test for duplicate payments?

Obtain a download of the full check register in Excel. Sort by dollar amount and vendor name. Then investigate same-dollar payments with same-vendor names above a certain threshold (e.g., $25,000).

2. Review the accounts payable vendor file for similar names

Why test for similar vendor names?

Fictitious vendor names may mimic real vendor names (e.g., ABC Company is the real vendor name while the fictitious name is ABC Co.). Additionally, the home address of the accounts payable clerk is assigned to the fake vendor (alternatively, P.O. boxes might be used).

The check-signer will probably not recognize the payee name as fictitious.

How can you test for similar vendor names?

Obtain a download of all vendor names in Excel. Sort by name and visually compare any vendors with similar names. Investigate any near-matches.

3. Check for fictitious vendors

Why test for fictitious vendors?

The accounts payable clerk may add a fictitious vendor. What address will be entered for the fictitious vendor? You guessed it: the payable clerk’s home address (or P.O. Box).

Pay particular attention to new vendors that provide services (e.g., consulting) rather than physical products (e.g., inventory). Physical products leave audit trails; services, less so.

How can you test for fictitious vendors?

Obtain a download in Excel of new vendors and their addresses for a period of time (e.g., month or quarter). Google the business addresses to check for validity. If necessary, call the vendor. Or ask someone familiar with vendors to review the list (preferably someone without vendor set-up capabilities).

YouTube player

4. Compare vendor and payroll addresses

Why compare vendor and payroll addresses?

Those with vendor-setup ability can create fictitious vendors associated with their own home address. If you compare all addresses in the vendor file with addresses in the payroll file, you may find a match. (Careful – sometimes the match is legitimate, such as travel checks being processed through accounts payable.) Investigate any suspicious matches.

How can you test for the same vendor and payroll addresses?

Obtain a download in Excel of (1) vendor names and addresses and (2) payroll names and addresses. Merge the two files; sort the addresses and visually inspect for matches.

5. Scan all checks for proper signatures and payees

Why test checks for proper signatures and payees?

Fraudsters will forge signatures or complete checks with improper payees such as themselves.

How can you test for proper signatures and payees?

Pick a period of time (e.g., two months), obtain the related bank statements, and scan the checks for appropriate signatures and payees. Also, consider scanning endorsements (if available).

Your Payment Fraud Tests

Those are a few of my payment fraud tests. Please share yours.

Need additional ideas regarding how fraud might occur. Check out my post: 25 Ways Fraud Happens.

My fraud book provides more insights into why fraud occurs, how to detect it, and–most importantly–how to prevent it. See The Little Book of Local Government Fraud Prevention. The book focuses on local government fraud, but most of the information is equally applicable to small businesses.

church theft
Jan 22

Preventing Church Theft: Tips and Best Practices

By Charles Hall | Asset Misappropriation

Church theft happens, and it’s not uncommon–though I wish it was.

Pastors, deacons, church members, priests, and even nuns steal. Yes, they do. Every time I see an article about this, I shake my head. But they are flawed human beings just like me. So theft happens in churches, synagogues, and other places of worship.

In this article, I explain why fraud is (more) common in the places you least expect. And I provide tips for preventing theft. 

church theft

Theft of Church Offerings

My mother gave me nickels and dimes to put in the offering plate as a kid, but I never thought about where they went. In my mind, maybe to God or Heaven. But no, they went to a church bank account to pay the expenses of our place of worship. And, thankfully, there were no thefts (that I know of).

But over the years, I’ve seen thefts from churches, synagogues, parishes, church schools, seminaries, campus ministries, relief agencies, and Bible colleges.

Why?

People are Flawed

As I said earlier, first, people are flawed, even religious folks. As I’m fond of saying, “Why is ‘Thou shalt not steal’ one of the Ten Commandments? Because people steal.”

Too Much Trust

Secondly, religious persons (and I’m one) tend to be too trusting. We think that because someone works for a ministry or a church-affiliated organization, they are always honest. While this is largely true, some religious people steal, especially when no one is paying attention to what they do. In other words, when there are no internal controls and no oversight.

Ironically, when religious bodies place too much trust in people, they tempt those pastors, priests, deacons, and others. Religious people usually don’t plan to steal but realize–after years of being in a position–they can. After all, no one is watching because trust is over-abundant. And since we can rationalize our actions, we do things we know we should not. No different than any other temptation.

Don’t Tempt Your People

Religious bodies do their people a favor by creating and maintaining proper internal controls. Yes, a favor. Temptation goes down because there are multiple eyes on the processes, as there should be.

I sometimes hear people say that a church is not a business, but a ministry, as though sound business practices are not necessary in a religious environment. My rejoinder is we need to be good stewards of the funds entrusted to us (funds that can be used for wonderful purposes). Ministries lose the trust of their contributors when theft occurs. So, churches need to institute sound internal controls. 

Church theft is common due to the nature of cash flowing into a place of worship. 

The Church Cash Problem

Most religious institutions receive cash contributions to support their missions. And that’s wonderful, but if you’re a fraud prevention guy like me, that’s problematic. Cash, especially physical currencies (like that received during church services), is easily stolen. So, all religious bodies need to review how cash comes into a church body to see if there are internal controls all along the way.

Monies coming in during church services, mail, or any other way need to make it to the bank account safely. So, consider how funds come into your places of worship or support organizations. And make sure multiple people are involved in the collection and deposit process, what we commonly refer to as segregation of duties.

For instance, multiple people (e.g., ushers or deacons) should count funds collected during a church service, and a count sheet should be signed by those present. Later, someone other than the count team should compare the count sheet to the bank deposit. Enter all contributions in the accounting software and periodically provide statements to those persons. The person making these bookkeeping entries should not be on the count team or have any access to cash. Why? The church bookkeeper could steal money but still make entries to the contributions software. Then, the contributor receives a periodic statement reflecting the amount given, but the money doesn’t make it into the church bank account.

In addition to considering regular church services receipts, think about those that are outside your normal processes. For instance, people might drop by the church during the week and provide a contribution to the bookkeeper. 

Church Cash Outflows

While theft of cash inflows is more common, funds can be stolen as they are disbursed. So, be sure you review your payment controls. Again, you want multiple people involved in the process. For example, the persons signing the checks should not be the person entering those transactions in the bookkeeping system. And it’s preferable for the person reconciling the bank account to not sign checks. Then, the person reconciling the bank statement can review the cleared checks for appropriate payees. 

Additionally, make sure your controls over credit cards are strong as well. Support (e.g., receipts) should be provided for each credit card charge, and the person using the card should not be the same person reviewing transactions for appropriateness. 

Obviously, religious bodies also need appropriate payroll controls to ensure those funds are paid to the right persons and in the correct amount.  

Church Theft

In summary, religious bodies need internal controls, just like any entity that receives and spends money. Placing too much trust in religious people is a mistake and can increase church theft. So, protect your church and your people by implementing sound internal controls for funds flowing into and out of your place of worship.  

white collar crime
Dec 11

Stop White-Collar Crime: Prevent Fraud in Your Business

By Charles Hall | Fraud

Chances are white-collar crime is occurring in your business as you read this–or at least within the last thirty days. Those you trust may be taking you for a ride. Therefore, you need to know how to prevent white-collar crime.

Below I provide you with plenty of free understandable resources to help you stop fraud. Take a look. 

white-collar crime

White Collar Crime Happens!

For most organizations, it’s not a matter of if fraud will occur, it’s a question of how much will be taken. The Association of Certified Fraud Examiners’ biennial survey shows that the average business loses 5% of its revenues to fraud. Imagine adding that amount to your bottom line, because when theft occurs, your net income is reduced by the amount stolen.

No One Steals from My Business

Most business owners, board members, governments, and nonprofits think “fraud may happen in other organizations, but not in our place. Our people are honest.” Well, let me say I’ve seen plenty of “honest” people steal.

In almost every fraud I’ve seen, the business owners and fellow employees are greatly surprised by the theft, usually by a trusted employee

And these trusted people steal because they can. You may be thinking, “What?” Let me repeat, the reason people steal is because they can. In fraud prevention parlance, we call it “opportunity.”

Fraud Cycle

And, how do trusted employees steal? Here’s the typical cycle:

  • We hire a likable, trustworthy person
  • The employee serves the organization well
  • He moves to higher positions (where he has greater opportunity to steal)
  • No one monitors the employee because he is honest–or at least, he appears that way
  • The employee believes he can steal without detection
  • Small amounts of money are taken to test the water
  • Larger amounts are taken when he is sure no one is watching

So, the employee goes from trusted employee to fraudster. The transformation occurs gradually. Then when the discovery of fraud occurs, everyone is shocked.

Examples of People Who Steal

And what kinds of persons commit white-collar crime?

I have seen the following individuals take money:

  • Chief executive officer
  • Board member
  • Pastor
  • Church secretary
  • Healthcare executive
  • A lady who was dying
  • Doctor
  • College president
  • Swim club volunteer
  • Seminary Foundation employee
  • School principal

I could go on, but you get my point. People who we think would never steal, do.

So, how can we prevent–or at least lessen–the threat of fraud? Transparency is a key.

Transparency Lessens Fraud

If transparency is important, why don’t businesses create it?

Small businesses often lack the ability to segregate accounting duties, and this lack of segregation creates opportunities for theft. Why? One employee controls several critical accounting processes, resulting in the ability to steal without detection.

To lessen the possibility of fraud, we must create transparency in accounting processes. Employees are less likely to steal when their actions are visible to others. That’s why segregation of duties is necessary: more eyes see the accounting activity, making theft more difficult to occur without detection. But even if an organization has few employees, it’s possible to create transparency and lessen the threat of theft

YouTube player

Stop White-Collar Crime

CPA Hall Talk provides you with fraud prevention information to help you stop white-collar crime.

While I can’t visit everyone that needs fraud prevention assistance, I can provide (free) information about how theft occurs and how you can lessen the threat of fraud.

Here are some of my fraud prevention posts (each with a clickable link):

I hope you find these articles helpful in fighting white-collar crime in your organization. 

Gift a bribe
Oct 30

When is a Gift a Bribe?

By Charles Hall | Auditing , Corruption

When is a gift a bribe?

Vendors often give sporting event tickets to clients. Or maybe they take them out for a nice dinner. Others might pay for a trip to Vegas.

So, at what point does a gift become a bribe? A friend of mine recently asked me this question. He said, "I give football tickets to clients. Is that a bribe?" I responded, "Maybe not, but if you give them season-long tickets, probably yes." (Such tickets cost several thousand dollars.) My friend followed with, "What if I go to every game with them?" My answer was, "That makes no difference." And doing so could be worse.

Cozy Vendor Relationships

20% of the 2022 fraud cases in the ACFE's recent study revealed "unusually close association with a vendor" as a red flag.

I've lost count of the fraud cases involving close vendor-client relationships. For example, the vendor and client might take annual family vacations together (think Aspen ski trip), with the former footing the bill.

I once spoke at a conference with vendors in the audience. One of them asked, "What can vendors give?" I responded, "I can't give you a list, but I would never give cash." He wanted a list of acceptable gifts. So, here's one: planes, trains, and automobiles. Yes, I'm trying to be funny, though I know of one vacation home gifted to a CEO. Why? So, a construction company could win a bid.

Some presents (like a vacation home) are obviously a bribe, but lower-cost ones are more difficult to define.

Gifts as bribes

Gray Gift Decisions

You may wonder, "How can I know when a gift is okay?" There's no easy answer to this question. But consider these scenarios. A vendor offers one of the following to you:

-A sleeve of golf balls
-Takes you to play golf
-Pays for you to attend a PGA tournament at Pebble Beach and all expenses for a week-long trip (including your spouse and children)
-Pays your annual dues at your local country club (cost is $25,000 annually)

I'll take the sleeve of balls and play golf, but I'm uncomfortable with the other two.

Front Page Litmus Test

When there is a gray ethical decision, I always say, "Put it on the front page of the paper and see how you feel." If you're comfortable with it, you're probably okay. If not, then don't do it. Another step you might take is to ask an honest friend what they think, someone who has no vested interest. (If you're unwilling to ask your friend the question, your conscience is probably telling you, "This is not okay.")

Most vendors want to give gifts without crossing the line (they want to avoid going to jail). But the line is not usually defined, and naming particulars can be futile. After all, how many things could be on such a list? So, creating a list of proper (or improper) gifts may not work.

So, how do we know if a gift is a bribe?

Quid Pro Quo

In the context of bribery, the concept of "quid pro quo" plays a significant role. This Latin phrase means a direct exchange, where something is given with the expectation of receiving something in return. To determine if a gift can be considered a bribe, one key question is: Was the gift given with the expectation of receiving something in return?

It's easier to argue that a gift is not a bribe if it's small or of low value. In such cases, it may appear more like a token of appreciation than an inducement for a particular action. However, when a vendor gives an expensive gift, it becomes much more challenging to assert that there's no expectation of something in return. Expensive gifts raise red flags and make it more likely that the present is, in fact, a bribe.

So, your company should create a gift policy, defining what is acceptable and unacceptable.

Gift Policies

Gift policies should limit amounts to a specific dollar amount, such as $100 annually. As I said earlier, cash (at least, in my mind) is never an acceptable gift.

The gift policy might provide examples of proper activity with a vendor, such as playing golf together once or twice a year. It might also provide examples of improper actions, such as going on vacations with vendors.

You could list unacceptable gifts, but this is challenging. I would instead define inappropriate gifts in terms of dollars. Doing so is a blanket covering all types of activity.

Moreover, consider including actions the company might take if the employee violates the policy. You may want to say that violations could lead to the loss of their job. But, consult with your legal advisors about the written policy.

And remember to communicate the policy.

Communicate the Gift Policy

Give your written gift policy to new employees, and discuss the importance of transparency regarding vendor gifts. Additionally, remind existing employees of the policy. You might do so in annual training classes.

So, should companies require written disclosure of gifts received?

Gift Disclosure Forms

Companies might also require a signed disclosure form once a year where employees provide details of what they receive from vendors. (Here’s a sample disclosure form.) Additionally, provide such disclosures to your compliance department if you have one. If not, consider giving these to the company owner.

And who might you require to complete such a disclosure form? Anyone with the power to purchase, whether a person issuing a purchase order, a department head authorizing payments, or someone signing checks--anyone able to pay a vendor (or cause a vendor to be paid).

Again, consult with your legal advisors about your disclosure form and processes.

So, is bribery a significant threat to most businesses?

Bribery is Real

ACFE fraud surveys continue to reveal that bribery is one of the leading causes of fraud. 50% of the ACFE's 2022 fraud cases involved corruption (bribery is a form of corruption). Why is this so?

Because it's easy for employees to receive illegal payments (or gifts) without anyone's knowledge, but make no mistake: This activity adversely affects the employer. How? The vendors usually pass the bribe cost to the company through inflated prices or substandard goods. Strangely enough, the vendor often sees a bribe as a cost of doing business, albeit an illegal one.

earnings manipulation
Aug 22

Accounting Tricks Used to Inflate Earnings

By Charles Hall | Financial Statement Fraud

Companies can inflate earnings easily with accounting tricks such as cookie jar reserves.

This article explores how businesses inflate profits and sometimes decrease them, depending on the company’s desires. 

Today, I show you how fraudsters alter financial statements to magically transform a company’s appearance. Then, you will know how to detect these tricks.

earnings manipulation

Inflate Earnings

Companies can inflate earnings by:

  • Accruing fictitious income at year-end with journal entries
  • Recognizing sales for products that have not been shipped
  • Inflating sales to related parties
  • Recognizing revenue in the present year that occurs in the next year (leaving the books open too long)
  • Recognizing shipments to a re-seller that is not financially viable (knowing the products will be returned)
  • Accruing projected sales that have not occurred
  • Intentionally understating receivable allowances

Think about it: A company can significantly inflate earnings with just one journal entry at the end of the year. How easy is that?

You may be thinking, “But no one is stealing anything.” Yes, true, but the purpose of manipulating earnings might be to increase the company’s stock price. Once the price goes up, the company executives sell their stock and make their profits. Then, the company can, in the subsequent period, reverse the prior period’s inflated entries.

Inflate Earnings: Control Weakness

Such chicanery usually flows from unethical owners, board members, or management. The “tone at the top” is not favorable. These types of accounting tricks typically don’t happen in a vacuum. Usually, the top brass demands “higher profits,” often not dictating the particulars. Then, years later, they plead ignorance once the fraud is detected, saying their lieutenants worked alone.

Such possibilities are why the control environment, an entity-level control, is so important. Ethical leadership is foundational to a company’s health. Additionally, controls such as codes of conduct and conflict of interest statements matter. 

So, how can companies lessen the risk of earnings manipulation?

Inflate Earnings: Lower the Risk

Transparency is the remedy to someone inflating earnings. 

This sentence sounds simple, but transparency usually removes the temptation to inflate earnings. When fraudsters believe they’ll get caught, they usually will not act.

A robust internal audit department can put some fear in the heart of fraudsters and provide additional transparency. The board should hire internal auditors who report directly to them. Moreover, the company’s internal auditors should know that the board has their back. 

But what if board members don’t desire transparency such as the WorldCom fraud? Consider removing them, if possible. 

Now, let’s consider whether a company might desire decreased earnings. 

Deflate Earnings (Cookie Jar Reserves)

Though much less likely, some businesses fraudulently decrease their earnings. Why? The company may want to save current year earnings for future periods, especially if highly profitable in the current period.

For example, what if a company bases bonuses on profits and has high current-year earnings? Then management might defer some of the profits to the following period (to increase the possibility of bonuses in the next year).

Deferring earnings is called a cookie jar reserve.

For example, if a company’s allowance for uncollectible receivables is acceptable within a range (say 1% to 2% of receivables), it might use the higher percent in the current year. The higher reserve decreases current-year earnings (the allowance is credited, and bad debt expense is debited, increasing expenses and decreasing net income). Then, the following year, the company might use 1% to increase earnings (even though 1.75% might be more appropriate).

Such actions are called smoothing.

Inflate Earnings Summary

So, as an auditor, know whether your audit client desires higher or lower profits–or whether they want the numbers to fall honestly

And be aware of fraud incentives such as management bonuses. Then, audit accordingly. 

How to Audit Journal Entries

If you want to know how to audit for potential fraudulent journal entries used to inflate earnings, see Get a Grip on Journal Entry Testing.

1 2 3 10
>