Have you ever desired to become a fraud prevention champion? In this half-day course, we will peer into real-life governmental fraud cases and see how they occurred. You will leave the class with practical fraud prevention steps for any national, state or local government. The course location is the Capital Hilton Hotel in Washington DC.

Date:August 9, 2017
Time:8:00-11:35 a.m.
Event:Charles Hall Speaking at AICPA Governmental Accounting and Auditing Update Conference
Topic:How to Become a Super Fraud-Prevention Champion
Sponsor: AICPA
Public:Public
Registration:Click here to register.

Wire Transfer Theft: How to Prevent It

How to steal $6.9 million in less than an hour

In one of the easiest thefts I’ve read about, a nonprofit administrative officer wired $6.9 million from an Ohio bank account to another account in Austria. The wire transfer originated with the fax of a letter (which took less than an hour to create). Since the officer was authorized to make wire transfers, no one at the bank questioned the transaction–until it was too late. The fraudster landed in Austria, called his wife and said, “I’m not coming home.” Interestingly, the wife called the police and turned her husband in; he later came back to the states of his own volition (after his wife gave him an earful). He went to jail. I guess, after a few boat rides down the Danube, he missed his family.

Preventing wire transfer theft

Picture from AdobeStock.com

Wire Transfer Theft is Easy

It’s easy for an accounting clerk (or other authorized company official) to wire funds and to cover their tracks with a journal entry – too easy in many cases. If a company  accountant or official has the ability to (1) wire funds by himself and (2) make journal entries without a second-person review, then the organization has left the fraud door wide open. Such a situation is not uncommon in small businesses, nonprofits and governments.

As you think about wire transfers, consider that they can be originated with a fax, a phone call, a personal visit to the bank, or a computer. Determine how your bank handles wire transfers and craft your internal controls based on those dynamics.

Wire Transfer Internal Controls

Organizations should do the following to mitigate wire transfer fraud:

  1. Require the bank to limit daily wire transfer amounts (e.g., $25,000 per day for each employee)
  2. Require two persons to consummate all wire transfers to external parties (the most important control in my opinion)
  3. If the wire transfer request is by phone or by fax, require the bank to call your organization back before the wire transfer is consummated
  4. The bank should require the use of unique passwords to access wire-transfer software; consider using a bank that provides bank token keys (small hand-held devices that generate unique identification numbers; these numbers are keyed into the bank software as a part of the transfer request)
  5. Restrict the bank accounts from which a wire transfer can be made (the organization may want to limit external wire transfers to just one bank account)
  6. Restrict certain bank accounts so that wire transfers can only be made to other bank accounts of the organization (e.g., transfer from operating bank account to payroll bank account)
  7. Have someone peruse the daily bank account activity (using online access); at a minimum, reconcile bank statements in a timely fashion (large organizations should consider reconciling bank accounts more frequently than once a month; some reconcile daily)
  8. Require sufficient documentation for all wire transfer journal entries; require a second-person review of these journal entries
  9. Consider using a dedicated computer for all wire transfers; do not use this computer for any other purpose (malware is often picked up by computers as they visit Internet websites)
  10. Use all bank-provided wire transfer controls
  11. Any transactions over a certain high dollar amount (e.g., $50,000) must have the approval of the business owner/CEO

Use Fraud Prevention Controls Offered by Banks

Not using controls offered by banks may make your organization liable should funds be stolen by hackers. One company sued its bank when hackers took $440,000 from its bank account with a wire transfer; the judge ruled against the company because it had opted out of control procedures offered by the bank. Also make sure your company uses appropriate firewall and antivirus protection.

Closing Words

If one person can make external wire transfers and journal entries to record those transactions, you have the makings of wire fraud–soon you may see that employee on Facebook, riding down the old Danube.

Video from Gary Zeune

You can see a news video about the nonprofit fraud mentioned above at Gary Zeune’s website: The Pros and The Cons. (If you have not heard Gary speak about fraud, you should do so. He does a great job.)

The AICPA Consulting Standards: Another Arrow in Your Quiver

Many CPAs don't know that these standards exist, but they can be quite helpful

I find that many CPAs aren’t aware of the AICPA Consulting Standards. So, here’s a post about them.

Are you ever asked to perform an atypical engagement (e.g., creating a schedule of water losses for a city)–and then you wonder “what professional standards should I follow?”

Audit standards? No, you’re not opining on anything.

Maybe the compilation and review standards? No, a schedule is not a financial statement.

How about agreed upon procedures? Well, no again–AUPs normally include tests and conclusions.

We need another arrow in our quiver!

AICPA Consulting Standards

Picture from AdobeStock.com

Most CPAs are familiar with compilation and review standards (Statement on Standards for Accounting and Review Services – SSARS) and audit standards (Statement on Auditing Standards – SAS) and even attestation standards (Statement on Standards for Attestation Engagements – SSAEs – commonly used for agreed upon procedures), but many are not familiar with the consulting standards (Statement on Standards for Consulting Services – SSCS).

Why?

I’m not really sure. But I seldom see consulting standard CPE classes. Yet many services are subject to this guidance.

AICPA Consulting Standards Primer

You might call the AICPA Consulting Standards the CPA’s swiss army knife.

AICPA Consulting Standards

What services fall under the consulting standards?

The consulting standards specifically address six areas:

  1. Consultations – e.g., reviewing a business plan
  2. Advisory services – e.g., assistance with strategic planning
  3. Implementation services – e.g., assistance with a merger
  4. Transaction services – e.g., litigation services
  5. Staff and other support services – e.g., controllership services
  6. Product services – e.g., providing packaged training services

CPAs often provide consulting services such as the following:

  • Consultations with regard to complex transactions
  • Fraud investigation services
  • Internal control services
  • Bankruptcy services
  • Divorce settlement services
  • Controllership services
  • Business plan preparation
  • Cash management
  • Software selection
  • Business disposition planning

When can I use the consulting standards?

Usually when the information will not be provided to a third party.

When performing work under the consulting standards, you are not attesting (providing comfort) on the work performed. Usually, you need to follow the SASs, SSARS, or SSAEs if you are attesting (providing comfort to an outside party).

Characteristics of a Consulting Engagement

  • Generally nonrecurring
  • Requires a CPA with specialized knowledge and skills
  • More interaction with client
  • Generally performed for the client (usually, no third party sees the information)

Consulting Work Paper Requirements

Consulting work paper requirements are minimal. Nevertheless, documentation is always wise.

The understanding with the client can be oral or in writing (I recommend the latter).

The consulting standards do not require the CPA to prepare work papers, but you should do so anyway – the work papers are the link between your work and your report. Also the general standards of the profession, contained in the AICPA Code of Professional Conduct, apply to all services performed by members. The general standards state:

Sufficient Relevant Data. Obtain sufficient relevant data to afford a reasonable basis for conclusions or recommendations in relation to any professional services performed.

Consulting Reports

The report content and format are up to you and your client.

No Opinion or Accountant’s Report

For consulting engagements, the CPA does not issue an opinion or any other attestation report (e.g., accountant’s report on agreed-upon procedures ).

Subject to Peer Review?

Are products created using the Consulting Standards subject to peer review? No.

Where Can I Find the AICPA Consulting Standards?

You can see the consulting standards here.

Photos above are courtesy of iStockphoto.com.

Omission of MD&A from Governmental Financial Statements

Governments can exclude the MD&A from their financial statements

According to AU-C 730, the auditor’s report on the financial statements should include an other-matter paragraph that refers to the required supplementary information (RSI). In governmental financial statements, the management, discussion, and analysis (MD&A) is considered RSI. Though the MD&A is “required” supplementary information, governments can–strangely enough–exclude it from the financial statements.

omission of management, discussion and analysis

Picture from AdobeStock.com

Omitting the MD&A – Effect on an Audit Opinion

If the required supplementary information is omitted, the auditor should include an other-matter paragraph in the opinion such as the following:

Management has omitted the management, discussion, and analysis that accounting principles generally accepted in the United States of America require to be presented to supplement the basic financial statements. Such missing information, although not a part of the basic financial statements, is required by the Governmental Accounting Standards Board, who considers it to be an essential part of financial reporting for placing the basic financial statements in an appropriate operational, economic, or historical context. Our opinion on the basic financial statements is not affected by this missing information.

Notice the omission of the MD&A does not affect the opinion rendered (in other words, it does not result in a modified report).

RSI Audit Standard

AU-C 730 is the audit standard for required supplementary information. Click here for an overview of the supplementary information audit standards. The former supplementary information standards were SASs 118, 119 and 120; those standards are now–under the Clarity Standards–AU-C sections 720, 725, and 730.

Omitting the MD&A – Effect on a Compilation Report

In compilation reports, the language is as follows:

Management has omitted the management, discussion and analysis that accounting principles generally accepted in the United States of America require to be presented to supplement the basic financial statements. Such missing information, although not a part of the basic financial statements, is required by the Governmental Accounting Standards Board which considers it to be an essential part of financial reporting and for placing the basic financial statements in an appropriate operational, economic, or historical context. 

The Little Book of Local Government Fraud Prevention

Whether your government is small or large, this book provides guidance in reducing theft

Do you desire to fight fraud in governments? Or maybe you are just curious about how fraudsters get away with their wily schemes. See my book The Little Book of Local Government Fraud Prevention. You can purchase it on Amazon as a paperback. Also, the ebook is available as a Kindle download.

Local Government Fraud Prevention

Fraud occurs in local governments in a multitude of ways, yet many cities, counties, school systems, authorities, and other public entities are ill-prepared to prevent or detect its occurrence. Why is this so? Some governments place too much reliance on annual audits as a cure-all, but clean audit opinions don’t mean that fraud is not occurring. And some governments fail to understand how vulnerable they are–until it’s too late.

Why is local government fraud so common? Many small governments don’t have a sufficient number of employees to segregate accounting duties. It is also these smaller governments that place too much trust in their accounting personnel. This combination of a lack of segregation of duties and too much trust in key employees often leads to significant losses from theft.

The Little Book of Local Government Fraud Prevention provides several real-life stories of fraud. The stories will inform you about how local government employees steal. Then I provide you with prevention techniques to assist you in mitigating fraud risks. In one story, for example, the book shows how a single municipal employee stole over $53 million dollars, all from a city of just 16,000 citizens.

If you audit governments, you will find this book helpful in pinpointing common areas where governmental fraud occurs. The book also includes fraud audit checklists and fraud detection procedures. Whether you are an internal or external auditor, you will find fresh ideas for prevention and detection.

The Little Book of Local Government Fraud Prevention will assist you if you are a:

1. Local government accounting employee
2. Local government elected official
3. Local government auditor
4. Local government attorney
5. Certified Public Accountant
6. Certified Fraud Examiner

Even if you don’t work with governments, you’ll find this book useful. I provide fraud prevention steps for transaction cycles such as billing and collections, payables and expenses, payroll, and capital assets.

Together we can bring down the risk of fraud and corruption in our local governments. Come join the team. We’ll all be better for it.

If you don’t desire to spend money on the book, here’s a free list of controls.

How to Make Your Business More Profitable by Funding Depreciation

Money in the bank for capital purchases

From time to time, I have clients ask me “What is funding depreciation?” And more importantly, they ask, “How can this technique make my organization more profitable and less stressful?”

Here’s a simple explanation.

Funded depreciation is the setting aside of cash in amounts equal to an organization’s annual depreciation. The purpose: to fund future purchases of capital assets with cash.

Funding Depreciation

Picture Courtesy of Canva

Funding Depreciation

Suppose you buy a $10,000 whiz-bang gizmo – a piece of equipment – that you expect to use for ten years, and at the end of the ten years you expect it to have no value. Your annual depreciation is $1,000.

In this example, a $1,000 depreciation expense is recognized annually on your income statement (depreciation decreases net income) even though no cash outlay occurs. The balance sheet includes the cost of the whiz-bang gizmo, but at the end of ten years, the equipment has a $0 book value, being fully depreciated.

The smart manager will annually set aside $1,000 in a safe investment – such as a certificate of deposit or money market account – for the future replacement of the whiz-bang gizmo.

If the company does not annually invest the $1,000, it has a few options at the end of the ten-year period:

  • Borrow the full amount for the replacement cost
  • Seek outside funding (e.g., grants)
  • Use other funds from within the organization
  • Ask U2 to do a special benefits concert – just kidding

Obviously, if you borrow money to replace the equipment, you will have to pay interest – another cash outlay. Suppose the rate is 10%. Now the organization must pay out $1,100 each year. If the organization funds the depreciation (invests $1,000 annually), it earns interest. If the entity chooses not to fund depreciation, it will pay interest.

Businesses that fund depreciation are always making money from interest (granted not much these days) rather than paying for it.

Another advantage to funding depreciation: you know you will have the money to purchase the capital asset. You’re not concerned with whether a creditor will lend you the money for the acquisition. You’re financially stronger.

Why Doesn’t Every Entity Fund Depreciation?

So why doesn’t everyone fund depreciation?

  • Some don’t understand the concept
  • Some had rather spend the cash flows for the ten years (e.g., owners taking too much in distributions)
  • Some need the money just to run the organization
  • In governments, elected officials desire to keep tax rates low while they are in office
  • In growing businesses, the owners may need the money to fund the growth of the company
  • Most importantly, it may require two cash payments (more in a moment)

Concerning the last point, if the business had to borrow money to purchase the initial capital asset, then it must make the debt service payments (cash outlay 1). If the company also funds depreciation for that same asset (making investments equal to the annual depreciation), another cash flow occurs (cash outlay 2).

If the business can ever get into a position where it pays cash for new equipment, it will be better off. Then only one cash outlay (investment funding) occurs, and the company is making–not paying–interest.

What if the organization cannot–due to cash flow constraints–fund depreciation for all new equipment purchases? Consider doing so for just one or two pieces of equipment–over time, the entity may be able to move into a fully funded position.

Who Should Fund Depreciation?

So, who should fund depreciation?

Organizations with sufficient cash flow and discipline. It’s the smart thing to do.

Imagine a world with no debt, a world where you don’t have to wonder how you will pay for equipment. Dreaming? Maybe, but funded depreciation is worth your consideration.

Are You Looking for an Easy-to-Understand Fraud Prevention Book?

Do you lie awake at night wondering if theft is occurring in your organization?

Do you lie awake at night wondering if theft is occurring in your organization? Are you looking for an easy-to-understand guide to fraud prevention?

Find simple but insightful guidance in The Little Book of Local Government Fraud Prevention.

Written by a Certified Public Accountant and a Certified Fraud Examiner with over thirty years experience, you’ll find loads of great ideas to stop fraud dead in its tracks.

Fraud Prevention Book

How This Fraud Prevention Book Empowers You

While the book focuses on local government fraud, you’ll find fraud prevention techniques for nonprofits and small businesses as well.

The books enables you to:

  • Understand what fraud is (and what it is not)
  • Implement powerful fraud prevention techniques
  • Recognize the red flags of theft
  • Understand how frauds occur at the transaction level (e.g., accounts payable fraud)

You don’t have to be a CPA to understand this book–or to use the guidance. The book is useful to laypeople and fraud prevention experts alike.

You will also find transaction-level checklists for implementing internal controls (for example, questions prompting you to evaluate your payroll process).

Be empowered to guard your organization from fraud. See the book on Amazon by clicking here.

Praise for the Book

Here are a few comments from Amazon Reviews:

Bought it this morning and read it all in one sitting. It was clear, concise and kept my attention with practical examples. I often find that some of the books I read on fraud topics are abstract and confusing. This one was just the opposite. Thanks for authoring this book Charles.

Christopher Arsenault

Charles captures key controls required not only in government entities, but all entities and illustrates what can happen in absence of those controls. If you are an auditor, accountant, manager, or board member you will find this information useful.

Donald Vieira

The book highlights several real world case studies of fraud and abuse. This book describes various levels of controls, separation of duties and the value of a Certified Fraud Examiner. Great book!

Paul

I am looking forward to speaking the the Georgia Association of School Business Officials in Augusta, Georgia on November 8th. We’ll review a few school fraud cases and then look at how to prevent thefts in local school systems.

Date:November 8, 2016
Time:9:00 a.m. - 4:00 p.m.
Event:Charles Hall providing fraud prevention class at the Georgia Association of School Business Officials Conference
Topic:Prevention of Fraud in Local Schools
Public:Private

25 Products I Use as an Accountant

Accounting Office

Picture from AdobeStock.com

Here’s a list of accounting products that I use as an accountant and auditor:

  1. Governmental Accounting, Auditing, and Financial Reporting GFOA Blue Book
  2. Evernote (as my digital cloud library)
  3. Sharefile (as my secure means to transfer information)
  4. Caseware (electronic trial balance and working papers)
  5. Excel
  6. Word
  7. Adobe Acrobat Pro DC (PDF maker)
  8. Apple iPhone
  9. Apple iPad
  10. Dell laptop
  11. Three extra monitors
  12. Standup desk
  13. Zoom (conferencing software)
  14. Checkpoint (Thomson Reuter’s electronic guides)
  15. CheckpointLearning (Thomson Reuter’s online CPE)
  16. WordPress (blogging software)
  17. LinkedIn (to participate in accounting groups)
  18. Fujitsu i500 scanner
  19. Keynote (an alternative to PowerPoint)
  20. Outlook (for email)
  21. Fantastical (iPad calendar app)
  22. Basecamp (cloud project management software)
  23. Livescribe 3 Smartpen
  24. 1Password (to store and retrieve passwords)
  25. Amazon Tap (for music)

I use all of the above products with the exception of the stand-up desk. The desk I use is from Levenger; it appears they’ve discontinued that model.

What products do you recommend for accountants?

Note: I do receive affiliate commissions on Amazon products.