How to Prevent Workplace Corruption and Collusion? Think Like a Financial Fraud Investigator

When financial fraud investigators discuss corruption in the workplace, they are usually referring to a single employee who is exploiting their position for personal benefit.

Collusion, however, involves multiple people working together to abuse their power. When a collision occurs, the damage to a company’s finances and reputation multiplies. And pinpointing the perpetrators and the extent of their wrongdoing can be far more difficult than in the case of one corrupt worker acting alone.

Though tough to spot, workers involved in corruption and collusion often leave a trail of financial breadcrumbs that savvy employers can spot if they are proactively monitoring their enterprise. Employers can also take a few steps to prevent corruption and collusion before it devastates their companies.

Monitoring Behavior

Financial schemes are tough to weed out because corrupt and colluding employees rarely ever record their financial schemes on a company’s books. That said, employers can and should enact a monitoring system that allows them to pick up on signals of corruption and collusion that can appear in the purchasing and disbursement process. They should look closely at:

1) Preset Limits. Be sure to examine preset limits, because they can deliver a treasure trove of corruption signals. In a recent case, FSS investigated, an organization set its transfer approval limit set at $50,000. Investigating a potential fraud, we analyzed transfers at $49,999. Doing so revealed 48 instances within a 60-day period of transfers a mere $1 below the approval limit.

2) Consecutive Vendor Invoice Numbers. In another investigation, we identified that 99.9% of all invoices submitted by a vendor were just below the preset limit requiring a purchase order. The vendor submitted hundreds of consecutively numbered invoices each day for purchases by the same department for similar parts. This was done to circumvent the requirement for a purchase order and supervisory approval.

3) Behavior. Pay attention to attitudinal characteristics common among perpetrators of workplace fraud. These include consistent unhappiness with their position, habitually circumventing established policies, and refusing to share tasks or information with coworkers or management. These indications—although not proof of fraud—could point toward the existence of corruption or collusion in the workplace.

Preventative Measures

Employers can and should take preemptive steps to prevent corruption and collusion from occurring or to mitigate damages from an existing fraud. Steps include:

1) Training. Employers should require ongoing fraud training for all employees so they can better understand warning signs and become effective whistleblowers within the organization. Training can be held via a number of methods, including digital videos, live sessions, or interactive self-study.

2) Creating a Safe Environment. Management should prioritize creating an environment that promotes ethical behavior, where the staff is comfortable declaring in writing any potential, perceived, or actual conflicts. Everyone should feel that it is safe to be transparent when reporting relationships and positions that could cause a conflict.

3) Educating Management. Management must be educated on the procedures for handling potential corruption and collusion cases. The moment after a problem is discovered is not the time to develop procedures. Rather, management should be implementing procedures already put into place. Make sure that leadership in your organization is properly educated by offering additional reading, learning opportunities, and courses on fraud.

Although the possibility of corruption and collusion in your company can be daunting, there are ways to combat the threat. If leadership is sensitive to the warning signs of wrongdoing and actively works to create a culture of prevention, the likelihood of corruption and collusion will drastically diminish.

Contact us to learn more about FSS and its financial fraud investigation capabilities.

The Shift to Teleworking: Protecting Your Business Data from Fraud

The mass exodus of employees from traditional offices in the wake of the COVID-19 pandemic and the growing ease with which information can be moved and shared has made one thing clear: Businesses are facing a risk-filled new frontier when it comes to their data security.

The rapid shift to telework has only expanded the size and complexity of that risk, increasing the scope of internal and external threats, and challenging the effectiveness of current data security measures. Unsuspecting businesses face breaches that may damage their brands and rob them of revenue and intellectual property.

Internal controls have long been the gold standard to help businesses identify, assess, and manage risks. Increasingly, organizations have made the shift to include proactive monitoring of their transactional data to identify fraud, waste, and abuse. However, in the post-COVID new frontier, the universe of data is so much broader than simply monitoring transactional data that may not be enough.

Hackers and cyber-criminals tend to grab the biggest headlines, but less obvious threats can be equally dangerous. While trusted employees are moving, sharing, and exposing corporate data just to do their jobs, a malicious employee may be taking confidential information for personal gain or other nefarious reasons.

A strategy to proactively monitor unstructured data such as email, voicemail, internet logs, text messages, social media, blogs, documents, presentations, websites, and online customer reviews can help companies identify and manage emerging risks before they become major crises requiring a forensic investigation.

Implement a New Strategy to Reduce Risk                                              

Developing and implementing new strategies to monitor a broader array of internal and external data may sound complex – and even a bit intrusive. Yet, if managed correctly, the new strategies will help protect sensitive data and preserve profits.  A multi-pronged approach is recommended:

  • Educate employees. Employee training and awareness is critical. Many employees are not even aware that they are putting their employers at risk by moving or sharing company information across multiple media. Others simply do not believe that taking confidential company information if wrong. Create and enforce policies detailing the do’s and don’ts of information use and provide regular security awareness training. Make sure employees are aware that policy violations will affect their jobs.
  • Establish policies on confidentiality and privacy. Make sure that policies are in place that defines an employee’s expectation of privacy and your company’s right to monitor activity conducted on the company’s premises, equipment, and networks. Policies should also include the use of personal devices used for company business.
  • Use and enforce non-disclosure agreements. Employment agreements should include specific language regarding the use of confidential company information and the employee’s responsibility to safeguard such information. Conduct exit interviews with departing employees that include a review of their non-disclosure agreement. Be sure to collect all company-owned computers, tablets, phones, and electronic storage devices.
  • Implement monitoring technology. Leverage technology to gain insight on where information is going and how it is leaving the company. Implement monitoring technology to notify management when sensitive information is sent, copied, shared, or otherwise exposed. Inbound information is equally relevant as some downloads could leave the network vulnerable or accessible to the outside. Proactively monitor unstructured data where timing and information flow generate risk – for example, the departure of key employees, new product development, shifts in corporate strategy, or other major announcements.

The U.S. Cybersecurity and Infrastructure Security Agency recently issued a warning to businesses that fraudsters are focusing on virtual private networks (VPNs) and increasing phishing emails to teleworkers to steal usernames and passwords. “As organizations use VPNs for telework, more vulnerabilities are being found and targeted by malicious cyber actors,” the agency said.

The threats are real. To remain safe in this new data security frontier, businesses must recognize the emerging challenges they face, review their protocols, and take action quickly to help prevent potentially devastating internal and external breaches.

Contact us to learn more about ways our team can help you protect your business and conduct forensic investigations.

Accountant Malpractice Claims Are Likely to Rise. Are You Prepared?

CPAs, especially those in smaller accounting practices, usually have close relationships with their clients—and rightfully so. After all, who else is better positioned to understand clients’ finances and businesses than their trusted accountants?

That is until they suffer a financial fraud scheme that a CPA has failed to uncover. Then, what I call the “client appreciation curve” takes a precipitous bend toward the negative, as the client questions whether their CPA should have done more to detect fraud. 

It’s a scenario that often ends in an accounting malpractice case against the CPA. And given the pressure businesses are facing in 2020, such litigation is likely to become a growth industry in the months ahead. This year, as a result of the financial effects of the COVID-19 pandemic, Insurance Risk & Management reports that business failures are expected to increase by 25 percent. Yet, many companies appear unprepared for the rapidly rising fraud risks that accompany such economic turmoil. 

PwC’s 2020 Global Economic Crime and Fraud Survey notes that of the 5,000 companies surveyed, half have experienced fraud in the last two years – and the majority of those failed to conduct an investigation into the incidents. Companies are also lagging in deploying modern tools to detect fraud: For instance, only a quarter of the businesses surveyed by PwC said they are using artificial intelligence tools (AI) to help spot fraudulent activity. Auditors appear even less equipped to detect fraud. A report by the Public Company Accounting Oversight Board (PCAOB) succinctly summarized the reasons: Auditors lack the knowledge, training, and experience necessary for fraud detection.

Given the growing threat, and to avoid being swept up in a wave of fraud-related accounting malpractice claims, accountants need to act now to ensure they have the training and tools necessary to uncover fraud. They also need to understand how the role of the CPA has changed—and will continue to change—in the years to come.

A Turning Point for Malpractice Claims

In December 1997, the American Institute of CPAs (AICPA) enacted a new fraud-detection standard for accountants. The “Consideration of Fraud in a Financial Statement Audit,” holds that an “the auditor has a responsibility to plan and perform the audit to obtain reasonable assurance about whether the financial statements are free of material misstatement, whether caused by error or fraud.”

At the time, I predicted that the new standard would help trigger a substantial increase in the number of lawsuits against accountants for failing to detect fraud. How true that prediction has become! Without fail, in almost all cases where fraud has occurred, a company will sue its CPA (or consider suing them). This is true no matter what service the CPA has provided, including tax and consulting and simple compilation services.

I based my prediction at the time on the fact that this was the first time that the AICPA had used the word “fraud” in its standards. At the time, fraud wasn’t even included in accounting textbooks. CPAs had been taught that it was not their duty to look for fraud—they only had a responsibility to let their clients know if they saw or suspected any “defalcations.” 

Fraud Is Serious Business

Unfortunately, many CPAs, especially the older ones, still hold the mistaken belief that they are not responsible for detecting fraud. Too many CPAs have failed to take their duty to detect fraud seriously. In fact, in a presentation I made to CPAs in 2019, 92% said they had no responsibility to detect fraud.

Professional standards require greater vigilance—and so do the public and the courts. A study by the CAMICO Insurance Services found that the public expects CPAs to detect fraud and that fraud drives the largest losses in terms of accounting malpractice claims.

Regulators have stepped up their efforts, as well. The Dodd-Frank Act lowered the legal bar to go after accounting firms for their failures, and the Commodity Futures Trading Commission has been particularly active in pursuing cases against firms that fail to detect fraud.

Scrutiny of CPAs’ actions has only intensified in the near quarter-century since 1997. The famed WorldCom and Enron frauds are just a few of the early examples. Significant fraud cases are now a matter of routine. Just last year, PwC’s failure to properly plan its audit to detect fraud at Colonial Bancorp Inc. led a federal court to award more than $625 million to the FDIC.

My prediction remains the same as in 1997: Accounting malpractice litigation is a growth industry. The coronavirus will only accelerate existing trends, creating more claims and inflating awards against accounting firms. CPAs who fail to take precautionary steps—for example, leveraging AI technology to help spot fraud—or who adhere to the notion that they aren’t obligated to find fraud are likely to pay the price.