From hourly employees skimming the cash register to top executives fudging their revenue numbers, fraud is an unfortunate fixture of the business landscape.
But while fraud may be a constant concern, falling victim to it isn't inevitable.
Here are some red flags that experienced forensic accountants look for, and advice for ways to ferret out and prevent wrongdoing.
Living beyond means
Signs that employees are living well beyond their means can be an initial clue that they're helping themselves to the company's assets, said David Hoffman, CPA/CFF, managing director and shareholder of Acuitas, an Atlanta CPA firm specializing in forensic accounting.
Want to avoid being the victim of this type of fraud? Make sure there's not just one person in charge of payroll or purchasing and reconciling the books.
Make it clear as well that routine audits and inspections of expenditures will be done, said Zach Richards, CPA, a senior manager in the Fort Wayne, Ind., office of Dulin, Ward and DeWald. Just knowing they could be caught is enough to shut down many employee thefts, he said.
"Send a signal to people inside the company that someone is checking," he said.
Emails that are out of character for the sender, or with directives outside the company's normal practices, could be another sign that a scam is underway, Richards said.
Richards recently had a case where the email account of a business's CFO was hacked, unbeknownst to anyone. Then, the company's controller received an email from the CFO's account requesting several hundred thousand dollars be wired to a foreign bank.
The large sum and the request to send money to a country the company doesn't do business in gave the company controller pause. She delayed filling the request and asked the CFO directly if the transaction was legitimate. It wasn't, and the transaction never went through.
In this case, a transaction that was an aberration from normal procedures was a red flag that got picked up in time, Richards said.
Being aware of inconsistencies and noticing emails written differently from how the sender normally communicates could help thwart online fraud schemes.
Another red flag that fraud could be afoot is significant staff resistance to tighter controls.
When employees are used to skimming off the top, whether it's an unsecured cash register or an open supply closet loaded with pricey items, companies might experience significant losses.
Richards recalled a situation where a golf club installed a new keypad on a gas tank employees used to fuel company maintenance vehicles. The keypad required staff to enter individualized codes each time they filled up.
There were grumblings from staff about the new system, and within a few months, Richards's firm, which was helping close out the books, noticed gas costs dropped by nearly a third under the new system. It turned out that golf club employees had been filling their personal vehicles at the pump and driving off with the company's assets almost every day, Richards said.
Small to midsize companies can easily be targets of this type of asset fraud, especially businesses that have grown quickly and haven't taken time to closely scrutinize their processes.
"A lot of times they're more susceptible because fraud's not on the foremost of their minds," Richards said.
He suggested that company leaders sit down with their CPAs and evaluate internal controls closely to make sure best practices are in place.
Overly close relationships between employees in key purchasing positions and vendors could be a sign of a kickback scheme at work.
In kickback scenarios, an employee inside the company can have a deal with a friend, family member, or just a vendor he or she has gotten to know to overcharge the company. The vendor gets more cash from the company, and the insider gets a kickback as a reward.
This can be the toughest type of fraud to uncover, because the fraud is happening outside of the company's sight, Hoffman said. The company's records simply show a purchase, not that the company paid twice what it should have.
Adopting purchasing policies to obtain several bids for large purchases can help minimize the risk associated with vendor kickback schemes, Hoffman said. Contracts with vendors should also be routinely reviewed.
Specialized software can now compare vendor addresses with employee home addresses, to make sure there's not a close relationship the company is unaware of, Richards said.
This is also where internal whistleblower hotlines or a company culture that emphasizes the need to speak up when something is amiss can also help.
Hoffman noted that statistics show most fraud schemes are discovered because of tips or whistleblowers.
"It's rare that internal controls, management review, internal audits, or external auditors uncover fraud," he said.
Exceptional performance or cooked books?
Another red flag to look out for is when things seem to be too good to be true, from startups reporting profit margins well above competitors' to sales forecasts way above the norm. Companies that are always exceeding analyst expectations — pulling in 15% profit margins while competitors see no more than 5% — may deserve some scrutiny, Hoffman said. There could be some unique, even illegal, accounting moves behind the success.
Drilling down and asking for specifics, or for an outside forensic accountant to comb the books, can help uncover this high-level fraud.
But clean audit opinions alone shouldn't assure boards, investors, and managements that all is OK, Hoffman said.
"An audit is not a gold standard that fraud isn't present," he said.
Audits, after all, are only as good as the information provided. If a corporate officer is neck-deep in a fraudulent scheme, and smart enough to know how to clean up his or her tracks, the wrongdoing may not be detected as part of a properly planned and executed audit engagement performed by an independent accounting firm, Hoffman said.
But the more internal controls and best practices in place, the harder it will be for fraudulent schemes to grab a foothold, he said.
Sarah Ovaska-Few is a freelance writer based in North Carolina. To comment on this article or to suggest an idea for another article, contact Chris Baysden, associate director for content development, at Chris.Baysden@aicpa-cima.com.