As accounting professionals we are always looking for ways to educate business leaders on the importance of internal accounting controls to help protect their organizations. Today we want to share a real account of fraud that we found out about from a colleague to highlight the fundamental fact that fraud can happen anywhere!
​
Although this story might be difficult to hear, we think it’s important to stress the fact that, whether we want to acknowledge it or not, fraud can happen at small businesses, family run companies, and even at nonprofit organizations. In fact, fraud is probably more likely to occur in those environments than at major corporations or publicly traded companies because bigger entities often have far more accounting protections in place to better protect their assets.

Starting out in public accounting as a fresh-faced graduate, I naively thought there was a reasonable chance I would find fraud as part of an audit. Assessing fraud risk was always part of the prep work, but after years of auditing, no fraud had turned up. Turns out I shouldn’t have been surprised. 

The 2024 Report to the Nations by the Association of Certified Fraud Examiners (ACFE) sheds light on the persistent threat of occupational fraud. According to the report, only about 3% of occupational fraud is actually discovered by external audit. Turns out that employee tipsters are responsible for the lion’s share of fraud detection.

This proved true in my experience. The one real instance of fraud I ran across wasn’t discovered through the audit process. I can’t even remember if the organization had been audited before. In this case, the fraud had already been uncovered by the organization and now they wanted to understand its scope.
​
Turns out that the Executive Director of a nonprofit was submitting invoices from a fictitious vendor and also turning in personal expenses for reimbursement. This resulted in about $250,000 in stolen funds. The mind-blowing part was that this person had stolen money from a previous employer! The former employer hadn’t charged the individual, probably to avoid bad publicity, nor had they been contacted during the ED’s hiring process. Learning from their error, the nonprofit did bring charges this time around. When the culprit was located, they were in another state already working at yet another nonprofit.

Imagine the following scenario: You discover that your accountant has been embezzling funds by submitting personal expenses for reimbursement. Their fraudulent activity is discovered because your co-owner notices a steady rise in business expense reimbursements over the last six months and asks them about it but isn’t given an explanation that makes sense and decides to investigate. Your co-owner brings this information to you along with unequivocal supporting documentation to back it up. What do you do now?  

​Whether the problem is nefarious in nature or not, incorrectly accounting for expense reimbursements can open a business up to an IRS audit. Being audited consumes time and resources even if the business being audited prevails. However, it can also cost a company in fees and penalties if misreporting problems are discovered. For this reason, improving cost reimbursement policies and processes should be a top priority for companies that want to not only mitigate fraud risk but also reduce their likelihood of being audited. 

As a business owner you need to understand that no company is immune from the possibility for fraud. Every day businesses become victims of theft, resulting in not only lost cash but also sensitive information and business data. Realizing this is paramount. Fraud does happen and it can happen to you.

The internet is buzzing right now with the high profile story of Ernst & Young (EY) being forced to pay an unprecedented $100M fine by the SEC after it was discovered that hundreds of its auditors cheated on ethics exams to obtain or maintain their CPA licenses. To say that this has rocked the accounting world would be the understatement of the century!

This astronomical fine is the highest ever imposed by the SEC and likely reflects the fact that EY allegedly was aware of the cheating, which occurred over a four-year period, and covered it up instead of reporting it. In fact, the fine is twice what competitor KPMG paid in 2019 after cheating was discovered by SEC regulators. Speculation has it that the hefty fine is also meant to act as a signal to other accounting firms that the commission is not going to tolerate ethics violations, given that the auditors cheated on the ethics portions of the exams (of all things!).

In the wake of this very public news, accounting firms nationwide are being met with a dubious eye from current clients and prospects, who are questioning their ethics as well. And who can blame them? 

​This summer, the IRS began urging tax professionals to increase their security measures amid a storm of increased cyber-attacks. Through the first half of 2021, cyber-attacks against tax professionals had already outpaced the annual numbers for 2020 and 2019. And tax pros are not alone.
​
Cyber security has become a hot topic among all financial professionals over the last year as security attacks against businesses and individuals soared during the pandemic. Michael Cohn explains the recent rise in security threats when he says, 

So, how do you keep your financial data secure? 

Whether your accounting team is employed in-house or outsourced to a third party, the question of whether it will return to the office or continue to work remotely is likely at the top of your mind. Nationwide many companies have returned the office, at least as part of a hybrid work model, but those changes have been the source of stress at various levels. With some workers wanting to go back, others desiring to stay home, and management tasked with keeping everyone happy and productive, this topic is causing friction across the board. But increasing employee satisfaction is not the only factor being considered.

More serious issues like financial integrity and risk management are also in jeopardy. Just like the concerns that arose when employees began working from home suddenly at the start of the pandemic, this transition to a permanent remote work pattern has many experts analyzing the implications for financial controls.

To understand how these internal controls can become compromised with remote workers, let’s examine the most important accounting controls in your business right now and discuss how you can strengthen them amid a remote work environment: 

The Association of Certified Fraud Examiners’ Report to the Nations reveals that on average companies lose 5% of their annual revenue to fraud with a median loss per case of $125,000 and an average loss per case of just over $1.5M.

The report further elaborates that more than half of businesses never recover any of the lost funds.

While only 20% of fraud is reportedly committed by business owners (compared to 41% by individual contributors and 35% by managers), the cost of owner-run fraud schemes cost their businesses 10 times more on average than fraud cases committed by lower-level employees.  

The average perpetrator of fraudulent crimes has been with the company for 1-5 years and engages in their fraudulent activity for 14 months before being detected. And small businesses typically carry a higher fraud risk than their larger counterparts with twice the rate of billing fraud and payroll fraud and four times the rate of check and payment tampering. 

No one wants to believe that fraud could be happening at their company, but these statistics tell the true story – fraud is far more widespread than many people think.

So, how does this kind of fraud occur and why is the risk of fraud higher this year than previous years? And most importantly, how do you identify fraud and what can you do to prevent it?