Jun 18

Steal Like a Boss (and Feel Good About It)

Can you steal like a boss? White collar crime takes special skills and thoughts. Do you have what it takes? Here’s my tongue-in-cheek look at how I would steal.

Six Steps to Steal Like a Boss

To steal, I need to:

Be Believable
Have a Cause
Calm My Conscience
Develop My Plan
Execute My Plan
If Caught, Settle Out of Court

1. Be Believable

Look trustworthy. The more age, experience, and education I have, the better. The longer I work for the organization, the more I am trusted.

And while I’m at it, I’ll do what I can to move to positions of higher authority which will provide me with greater opportunities. Being in authority enables me to steal like a boss.

If possible, I will gain the ability to authorize or initiate purchases. Kickbacks (paid to those who authorize payments) are difficult to detect, even by professional fraud examiners, and the dollars can be significant. Like taking candy from a baby.

But before I steal, I need motivation.

2. Have a Cause

Any financial pressure will do–a gambling or drug habit, an affair, medical bills, or maybe I just want to appear more successful than I am. If I don’t have a need, I will create one. I am my own cause.

My unshareable need (cause) must not be known by others lest they suspect my need for cash.

One problem I must take care of before I steal is my conscience.

3. Calm My Conscience

I hate when that little voice starts talking: “Charles, you can’t do this. You’ll embarrass your wife.” It takes skill and fortitude, but I must calm my conscience. All the more reason to have a cause (see point 2.). The nobler I can make my reasons, the better. Something like, “I’ve earned this. The company should realize my greatness and provide me with appropriate compensation. I have three kids in college, and they need my support. You know I want to be a good provider for my family.”

I may need to start ~~stealing~~ borrowing or compensating myself in small amounts and then build up. Such wise reasoning will make it easier to calm my conscience.

Thinking correctly is important. When that little voice speaks, I will rephrase the words. I know I can. After all, I’ve done so for years.

Now I need to develop a plan.

4. Develop My Plan

I will pay attention to control weaknesses.

Our auditors have told us for years that we lack appropriate segregation of duties in regard to purchasing. Opportunity awaits.

If I am going to ~~steal~~ be compensated appropriately, I need to make it worth my while. Be bold. Think big. I have noticed that one of our key vendors has been very kind to me, a free week-long trip to Vegas for the last three years.

A key contract renewal is coming up. The vendor should be more generous to me. Besides, last year the CFO received a nicer trip than I did (two weeks in Austria). And ~~bribes~~ gifts don’t hurt anyone; the vendor pays for them (though I have noticed the vendor’s pricing seems to be increasing…actually, exploding).

It’s game time. I need to “just do it.” But how?

5. Execute My Plan

~~Take~~ I must compensate myself in a steady under-the-radar kind of way. Most folks get greedy. I must be diligent to work in a measured way, not ~~taking~~ receiving noticeable amounts. Greed is my enemy. Excess might land me on the front page of the paper.

Also, I think I can ~~steal~~ borrow money from the receipts cycle since I am in charge of daily deposits and all related accounting duties. This might cost me my vacation though. I need to be on the job to continue to ~~hide~~ perform my duties. But if the ~~funds taken~~ compensation is enough, it might be worth it.

But what if my actions become known to others?

6. If I Get Caught, Settle Out of Court

If ~~I am discovered~~ someone notices that I have borrowed funds, then I may have to beg for forgiveness and promise to pay it back. And, of course, I need to make sure the company understands my concern for its reputation. News like this does not support the company’s mission statement: Honesty and Compassion for Those We Serve.

I don’t need a criminal record, especially if I need to ~~steal~~ borrow funds from my next employer. It is comforting to know that in many cases companies don’t prosecute for fear of public embarrassment.

More Fraud Information

You’ll find more information about fraud prevention in my book: The Little Book of Local Government Fraud Prevention.

See my series of fraud articles at White Collar Crime is Knocking at Your Door.

Jun 11

2018 ACFE Fraud Report to the Nations

By Charles Hall | Fraud

Here are key findings from the 2018 ACFE Fraud Report. The survey is titled the 2018 Report to the Nations.

Every two years the Association of Certified Fraud Examiners (ACFE) issues a fraud report based on hundreds of actual fraud cases. The report provides great insights into how fraud occurs (the method), the persons stealing (the fraudster), and the damage (the amount of losses).

If you are an auditor (internal or external), then you need to be familiar with the findings in this report. Understanding how theft occurs will enable you to detect and prevent it in the future.

Here are key points from the report.

2018 ACFE Fraud Report Findings

Share0

Tweet0

Organizations lose 5% of their revenues to fraud
The median duration of a fraud was 16 months
The median loss per case was $130,000
The median loss per case when owners or executives were involved was $850,000
Businesses with a 100 or fewer employees suffered a median loss per case of $200,000
Businesses with more than 100 employees suffered a median loss per case of $104,000
In 40% of the cases, tips were the initial detection method (53% of the tips came from employees of the organization; 32% of the tips came from vendors, customers, and competitors)
Fraud losses were 50% smaller for organizations with fraud hotlines
Only 4% of the fraudsters had a prior fraud conviction
Occupational fraud was committed in the following categories: (1) asset misappropriation (89%), (2) corruption (38%), and (3) financial statement fraud (10%) -- in some cases, the fraudster used multiple schemes
The median losses were (1) $114,ooo for asset misappropriation, (2) $250,000 for corruption, and (3) $800,000 for financial statement fraud
70% of corruption cases were committed by someone in a position of authority
82% of corruption cases were committed by males
50% of corruption cases were detected by a tip
Internal control weaknesses led to nearly half of the fraud
Small businesses typically have fewer anti-fraud controls than larger organizations, leaving them more vulnerable
Data monitoring/analysis and surprise audits were correlated with the largest reductions in fraud losses and duration (yet only 37% of victim organizations implemented these controls)
A majority of the victim organizations recovered nothing
Fraudsters that were with the company for more than five years stole an average of $200,000
Fraudsters that were with a company for less than five years stole an average of $100,000
The industries with the highest levels of fraud were (1) Banking and Financial, (2) Manufacturing, (3) Governments, and (4) Health Care
The departments with the highest level of fraud were (1) Accounting (14%), (2) Operations (14%), (3) Sales (12%), and (4) Executive/upper management (11%)
69% of frauds were commented by males with a median loss of $156,000 (the median loss from female thefts was $89,000)
61% of the fraud cases involved someone with a university degree or postgraduate degree
When one fraudster was involved, the median loss was $74,000
When two fraudsters were involved, the median loss was $150,000
When three or more fraudsters were involved, the median loss was $339,000
Living beyond their means was the primary behavioral red flag (41% of cases)

89%

of fraud from asset misappropriations

Get Your Free Copy of ACFE Report

You can download the full ACFE Report to the Nations here. It's free.

Join the ACFE

I have been a member of the Association of Certified Fraud Examiners since 2004. Why? Because I want to be a better auditor. And I have found that the ACFE has given me a much greater understanding of how fraud happens and how to prevent it. The organization has made me a much better auditor. Consider joining this organization. (You can join without becoming a Certified Fraud Examiner (CFE), though I recommend doing that as well. Learn more about becoming a CFE.) You'll be glad you did.

CPA Hall Talk Fraud Articles

For more information about fraud, see White Collar Crime is Knocking at Your Door. There you will see a list of fraud-related articles that I have written.

Jul 25

Internal Control Weakness Reporting

By Charles Hall | Auditing

Auditors often fail to capture and communicate internal control weaknesses, even though such communications are required by the audit standards.

But making our clients aware of control weaknesses can help them. How? It allows them to improve their accounting system. The result: prevention of future fraud and errors.

In this article, I’ll show you how to capture and communicate internal control deficiencies. By doing so, you’ll add value to your audit services and you’ll help your client protect their business.

At the end of the post, you’ll also see a video that summarizes this information.

A Common End-of-Audit Problem

You are concluding another audit, and it’s time to consider whether you will issue a letter communicating internal control deficiencies. A month ago you noticed some control issues in accounts payable, but presently you’re not sure how to describe them. You hesitate to call the client to rehash the now-cold walkthrough. After all, the client thinks you’re done. But you know that boiler-plate language will not clearly communicate the weakness or tell the client how to fix the problem. Now you’re kicking yourself for not taking more time to document the control weakness (back when you initially saw it).

Here’s a post to help you capture and document internal control issues as you audit.

Capture and Communicate Internal Control Deficiencies

Today, we’ll take a look at the following control weakness objectives:

How to discover them
How to capture them
How to communicate them

As we begin, let’s define three types of weaknesses:

Material weaknesses – A deficiency, or a combination of deficiencies, in internal control, such that there is a reasonable possibility that a material misstatement of the entity’s financial statements will not be prevented, or detected and corrected, on a timely basis.
Significant deficiencies – A deficiency, or a combination of deficiencies, in internal control that is less severe than a material weakness yet important enough to merit attention by those charged with governance.
Other deficiencies – For purposes of this blog post, we’ll define other deficiencies as those less than material weaknesses or significant deficiencies.

As we look at these definitions, we see that categorizing control weaknesses is subjective. Notice the following terms:

Reasonable possibility
Material misstatement
Less severe
Merits attention by those charged with governance

Now let’s take a look at discovering, capturing, and communicating control weaknesses.

1. Discover Control Weaknesses

Capture control weaknesses as you perform the audit. You might identify control weaknesses in the following audit stages:

Planning – Risk assessment and walkthroughs
Fieldwork – Transaction-level work
Conclusion – Wrapping up

A. Planning Stage

You will discover deficiencies as you perform walkthroughs which are carried out in the early stages of the engagement. Correctly performed walkthroughs allow you to see process shortcomings and where duties are overly concentrated (what auditors refer to as a lack of segregation of duties).

Segregation of Duties

Are accounting duties appropriately segregated with regard to:

Custody of assets
Reconciliations
Authorization
Bookkeeping

Notice the first letters of these words spell CRAB (I know it’s cheesy, but it helps me remember).

Auditors often make statements such as, “Segregation of duties is not possible due to the limited number of employees.”

I fear such statements are made only to protect the auditor (should fraud occur in the future). It is better that we be specific about the control weakness and what the potential impact might be. For example:

The accounts payable clerk can add new vendors to the vendor file. Since checks are signed electronically as they are printed, there is a possibility that fictitious vendors could be added and funds stolen. Such amounts could be material.

Such a statement tells the client what the problem is, where it is, and the potential damage.

Fraud: A Cause of Misstatements

While I just described how a lack of segregation of duties can open the door to theft, the same idea applies to financial statement fraud (or cooking the books). When one person controls the reporting process, there is a higher risk of financial statement fraud. Appropriate segregation lessens the chance that someone will manipulate the numbers.

Within each transaction cycle, accounting duties need to be performed by different people. Doing so lessens the possibility of theft. If one person performs multiple duties, ask yourself, “Is there any way this person could steal funds?” If yes, then the client should add a control in the form of a second-person review.

If possible, the client should have a second person examine reports or other supporting documentation. How often should the review be performed? Daily, if possible. If not daily, as often as possible. Regardless, a company should not allow someone with the ability to steal to work alone without review. The fear of detection lessens fraud.

If a transaction cycle lacks segregation of duties, then consider the potential impact from the control weakness. Three possible impacts exist:

Theft that is material (material weakness)
Theft that is not material but which deserves the attention of management and the board anyway (significant deficiency)
Theft of insignificant amounts (other deficiency)

My experience has been that if any potential theft area exists, the board wants to know about it. But this is a decision you will make as the auditor.

Errors: Another Cause of Misstatements

While auditors should consider control weaknesses that allow fraud, we should also consider whether errors can lead to potential misstatements. So, ask questions such as:

Do the monthly financial statements ever contain errors?
Are invoices mistakenly omitted from the payable system?
Do employees forget to obtain purchase order numbers prior to buying goods?
Do bookkeepers fail to reconcile the bank statements on a timely basis?

B. Fieldwork Stage

While it is more likely you will discover process control weaknesses in the planning stage of an audit, the results of control deficiencies sometimes surface during fieldwork. How? Audit journal entries. What are audit entries but corrections? And corrections imply a weakness in the accounting system.

When an auditor makes a material journal entry, it’s difficult to argue that a material weakness does not exist. We know the error is “reasonably possible” (it happened). We also know that prevention did not occur on a timely basis.

C. Conclusion Stage

When concluding the audit, review all of the audit entries to see if any are indicators of control weaknesses. Also, review your internal control deficiency work papers (more on this in a moment). If you have not already done so, discuss the noted control weaknesses with management.

Your firm may desire to have a policy that only managers or partners make these communications. Why? Management can see the auditor’s comments as a criticism of their own work. After all, they designed the accounting system (or at least they oversee it). So, these discussions can be a little challenging.

Now let’s discuss how to capture control weaknesses.

2. Capture Internal Control Weaknesses

So, how do you capture the control deficiencies?

First, and most importantly, document internal control deficiencies as you see them.

Why should you document control weaknesses when you initially see them?

You may not be on the engagement when it concludes (because you are working elsewhere) or
You may not remember the issue (weeks later).

Second, create a standard form (if you don’t already have one) to capture control weaknesses.

Internal Control Capture Form

What should be in the internal control form? At a minimum include the following:

Check-mark boxes for:
- Significant deficiency
- Material weakness
- Other control deficiency
- Other issues (e.g., violations of laws or regulations)
Whether the probability of occurrence is at least reasonably possible and whether the magnitude of the potential misstatement is material
Description of the deficiency and the verbal or written communications to the client; also the client’s response
The cause of the condition
The potential effect of the condition
Recommendation to correct the issue
Person identifying the issue and the date of discovery
Whether the issue is a repeat from the prior year
An area for the partner to sign off that he or she agrees with the description of the deficiency and the category assigned to it (e.g., material weakness)
Reference to related documentation in the audit file

After capturing the weaknesses, it’s time to communicate them.

3. Communicate Control Weaknesses

Material weaknesses and significant deficiencies must be communicated in writing to management and those charged with governance. Other deficiencies can be given verbally to management, but you must document those discussions in your work papers.

Provide a draft of any written communications to management before issuing your final letter. That way if something is incorrect (your client will let you know), you can make it right–before it’s too late. Additionally, discuss the control weakness with relevant personnel when you initially discover it. You don’t want to surprise the client with adverse communications in the written internal control letter.

Internal Control Video Summary

Here’s a video that summarizes the information above.

Summary

The main points in capturing and communicating internal control deficiencies are:

Capture control weaknesses as soon as you see them
Develop a form to document the control weaknesses
Communicate significant deficiencies and material weaknesses in writing

These communications can be somewhat challenging since you’re telling management they need to make improvements. So make sure all information is correct and let your senior personnel do the communicating.

How Do You Capture and Report Control Deficiencies?

Whew! We’ve covered a lot of ground today. How do you capture and report control deficiencies? I’m always looking for new ideas: Please share.

Nov 25

Providing Fraud Prevention Services to Compilation Clients

By Charles Hall | Fraud

This post discusses CPAs providing fraud prevention services to compilation clients. If you haven’t done so in the past, it could be a new revenue stream for your firm.

The Greater Risk for Your Client

How many clients do you provide compilation services to? For most small- to medium-sized CPA firms, the answer is usually many. Now let me ask you another question.

What is the greater risk for your client?

Financial statements are misstated or
A trusted bookkeeper (or someone else) is stealing substantial sums of money from the business

You say, “But I’m not engaged to look for potential theft or prevent it.” Regarding compilation engagements, you are right. Notice, however, my question is about your client.

I find that most compiled financial statements are basically correct—often because of the CPA’s involvement. The risk of material misstatement is driven down, and obviously, this is a good thing, but what about the potential for theft?

It seems to me that CPAs seldom talk with their compilation clients about the potential of fraud, even though we know, for instance, that the client’s accounting staff consists of one bookkeeper. So, we are aware that the client’s accounting system lacks segregation of duties.

When fraud happens, clients will sometimes say, “my CPA is responsible”—even though compilations are not designed to prevent (or detect) fraud. Therefore, we must clearly define the services we are providing.

Defining Your Compilation Service

Here are two questions to consider in defining your compilation engagements when you are not providing fraud prevention services.

Do you obtain a signed compilation engagement letter?
Do you verbally explain the limits of your engagements (that you are not providing fraud prevention or detection services)?

These two actions lessen your risk.

If, however, you desire to provide fraud prevention services in addition to the compilation, then include appropriate language in your engagement letter to cover the additional service or use a separate engagement letter to address the fraud prevention work. More about this in a moment.

Fraud Prevention and Compilation Services

Do you ever suggest to your client that he or she have you (or someone else trained in fraud prevention) review the accounting system and make fraud prevention suggestions? Here is where I believe you can add value to the compilation service. I also believe it is largely an untapped source of revenue for small- to medium-sized CPA firms.

Obviously, you need to understand internal controls and fraud prevention prior to providing fraud prevention services. If you don’t have that knowledge, you can obtain it from organizations such as the Association of Certified Fraud Examiners.

If you provide fraud prevention services, you need to create an engagement letter that addresses the boundaries of your work. It is wise to say what you are providing and, more importantly, what you are not providing.

I normally state that I am providing the additional fraud prevention service to mitigate fraud risk and that the additional work does not provide absolute assurance. I go on to say that once the work is complete, “that fraud can still occur.” (Check with your insurance carrier for appropriate language.)

In other words, your engagement is to lessen fraud risk, not to eliminate it, a reasonable proposition. (The risk of fraud can seldom, if ever, be fully eliminated. And I tell my clients this.)

Fraud Prevention Services Create Risk

But doesn’t providing fraud prevention services create additional risks for the CPA?

Yes.

Providing any additional service creates risk for the CPA. So this is ultimately a business decision for you and your firm. Additionally, contact your insurance company to see what they say.

If you desire to provide fraud prevention services, consider becoming a Certified Fraud Examiner (CFE) or obtain your Certified in Financial Forensics Credential. I became a CFE in 2004 and found the training eye-opening. Though I had been a CPA since 1987, I gained valuable knowledge about system design and fraud prevention.

CPA Independence

Will providing fraud prevention services impair your independence? Under existing AICPA independence standards, the answer could be yes (because you are assisting with the design of the internal control system). But the independence issue depends on what you do. Making recommendations probably would not impair independence. Fully designing the internal control structure would impair independence.

If your independence is impaired, you need to say so in the compilation report. Independence is not required in compilations. Take a look at Definitive Guide to Compilation Engagements.

Agree or Disagree?

What do you think about offering fraud prevention services to compilation clients?

You can learn more about white-collar crime here.

Mar 17

Efficient CPA: 10 Steps for Productivity

By Charles Hall | Accounting and Auditing , Technology

Do you want to be an efficient CPA?

Here are ten super easy ways to increase your productivity.

10 Ways to Become an Efficient CPA

1. Use Control f

First, I see too many CPAs hen-pecking around, trying to find information in their electronic piles. Many times the quickest route to finding information is Control f (Command f on a Mac). Hold your control key down and type f. This action will usually generate a find dialog box–-then key in your search words. Control f works in Excel, Word, PowerPoint, and Adobe Acrobat.

2. OCR Long Documents

Computers can’t read all electronic documents (that is, not all documents are electronically searchable). Sometimes you need to convert the document using OCR. OCR stands for optical character recognition. So how can you make an electronic document readable and searchable?

Scan documents into Adobe Acrobat and use the OCR feature to convert bitmap images into searchable documents. Then use Control f to locate words. When should you OCR a document? Typically when it’s several pages long. Do so when you don’t want to read the entire document to find a particular word or phrase.

For example, suppose your client gives you a one-hundred-page bond document, and you need to locate the loan covenants. Rather than reading the entire document, convert it to searchable text (using Adobe Acrobat) and use Control f to locate each instance of the word covenant.

3. Dispatch Paper Quickly

A clean work surface enables you to think clearly.

So make filing decisions quickly–as soon as a paper or electronic document is received. Keep your desk (and computer desktop) clean.

If you can dispatch a document in less than two minutes, do so immediately. For documents that take more than two minutes to file, electronically scan them. Then place the document in an action folder on your computer’s desktop. (If you don’t have time to scan the document at the moment, create a To Be Scanned pile in a paper tray.)

You’re thinking, “But I’ll forget about the document if it’s not physically on my desk.” Allay this fear by adding a task in Outlook to remind you of the scanned document (you can even add the document to a task). I create tasks with reminders. So, for example, the reminder pops up at 10:00 a.m. on Tuesday; attached is the relevant document. That way I don’t forget.

For more information about scanning, see my post How to Build an Accountant’s Scanning System. I also recommend David Allen’s book Getting Things Done which provides a complete system for making filing decisions.

4. Close Your Door

An open door says what? Come in.

A cracked door says what? Knock and come in.

A closed door says what? Don’t enter, especially without knocking.

I close my door for about an hour at a time. Additionally, I turn off all electronic devices and notifications. Doing so allows me to focus on the task at hand.

5. Use a Livescribe Pen

Do you remember everything someone says in a meeting? I sure don’t. Livescribe allows me to take notes and simultaneously record the conversation. Then I can hear any part of the discussion. For example, if–in a meeting–I write the words “intangible amortization,” I can (later) touch the tip of my pen to that phrase (in my Livescribe notebook) and hear what was said at that moment. The recording plays back through my Livescribe pen. That way, I don’t have to call and ask, “What did you say about intangible amortization?”

If you have an iPad, a cheaper alternative to Livescribe is Notability.

6. Take Breaks and Naps

Another idea to become a more efficient CPA is to take breaks and naps.

Counterintuitive? Yes, but it works.

Breaks

I come from the old school of “don’t lift your head or someone will see how lazy you are.” I’m not sure where this thinking comes from, but you will be more efficient–not less–when you take periodic breaks. I recommend a break at least once every two hours.

Naps

Naps? You may be thinking, “Are you kidding?”

Research shows you will be more productive if you take a nap during the day. It doesn’t have to be long, maybe ten or fifteen minutes after lunch. You’ll feel fresher and think more clearly. According to Dr. Sandra Mednick, author of Take a Nap, Change Your Life, napping can restore the sensitivity of sight, hearing, and taste. Napping also improves creativity.

Michael Hyatt recently listed several famous nappers:

Leonardo da Vinci took multiple naps a day and slept less at night.
The French Emperor Napoleon was not shy about taking naps. He indulged daily.
Though Thomas Edison was embarrassed about his napping habit, he also practiced his ritual daily.
Eleanor Roosevelt, the wife of President Franklin D. Roosevelt, used to boost her energy by napping before speaking engagements.
Gene Autry, “the Singing Cowboy,” routinely took naps in his dressing room between performances.
President John F. Kennedy ate his lunch in bed and then settled in for a nap—every day!
Oil industrialist and philanthropist John D. Rockefeller napped every afternoon in his office.
Winston Churchill’s afternoon nap was non-negotiable. He believed it helped him get twice as much done each day.
President Lyndon B. Johnson took a nap every afternoon at 3:30 p.m. to break his day up into “two shifts.”
Though criticized for it, President Ronald Reagan famously took naps as well.

For empirical evidence that naps help, check out the book Rest, Why You Get More Done When You Work Less.

Also, here are more ideas to create energy in your day.

7. Answer Emails and Phone Calls in Chunks

If you pause every time you get an email or a phone call, you will lose your concentration. Therefore, try not to move back and forth between activities. Do one thing at a time since multitasking is a lie.

Pick certain times of the day (e.g., once every three hours) to answer your accumulated emails or calls. Doing so will make you a more efficient CPA.

See my article Text, Email or Call: Which is Best?

8. Exercise

I run (by myself) or walk (with my wife) six days a week–usually in the morning before work. Exercising helps my attitude and clears my mind. Also, I feel stronger late in the day.

9. Lunch at 11:30 a.m. or 1:00 p.m.

Another idea: Go to lunch at 11:30 a.m. or 1:00 p.m. Why stand in line?

10. Take One Day Off a Week

Finally, I usually don’t work on Sundays (even in busy season). For me, it’s a day to worship, relax, see friends, and revive. I find the break gives me strength for the coming week.

Muddled minds destroy productivity.

Your Ideas?

These are my thoughts about becoming an efficient CPA. Please share yours.

1 2 Next »

Search Results for: Knocking at your