Another lesson learned is the importance of managing fraud risks by communicating and working with clients on fraud prevention. Many clients underestimate the consequences of fraud, which can cause significant damage to a business, its owners and employees. Robust warning letters and advisories to clients about the risks of fraud—and how to guard against it—are always beneficial loss prevention techniques.
Here are a few other lessons learned:
- Providing good client service includes helping clients become more aware of their fraud exposures. When internal controls are inadequate (e.g., no segregation of duties, or inadequate/late bank reconciliations), clients should be informed in writing of the exposures and how to reduce them.
- If a CPA’s warnings to clients of fraud exposures aren’t documented, and fraud is later alleged, it is more difficult to defend the CPA against the claim. Juries (and the public from which they are drawn) expect CPAs to document advice and warnings about important exposures such as fraud. CPAs should also advise and warn clients about financial “loose ends” such as sloppy bookkeeping and bank reconciliations. CPAs can also offer to help clients address their exposures and problems.
- Juries and the public also expect CPAs to always detect fraud, even in non-attest engagements. The expectation that CPAs will detect fraud in tax engagements, for example, is a result of jurors caring about the CPA “getting it right” and catching fraud. Jurors’ expectations of CPAs are higher than professional standards, which tend to be regarded as minimum requirements. Though the CPA is not required to verify much when performing non-attest services, if something looks irregular, it is prudent to investigate, document, and communicate it.
- The longer a CPA has provided services to a client, the more the CPA’s risk exposure. That exposure is also greater when the breadth of services provided is more expansive. At some point, the CPA is viewed as a trusted financial advisor with fiduciary responsibilities to safeguard the client’s financial resources. The CPA might not be expected to detect fraud in the initial years of the relationship, but in later years juries often expect CPAs to have warned clients about conditions prone to fraud.
- When the economy is doing well, and businesses are flush with money, people are less likely to notice funds missing. Fraud tends to flourish and go undetected in good times. When the economy takes a downturn, capital starts to become more precious, people look more closely at accounts, and missing funds are more often detected. The longer frauds last, the more financial damage they cause—all the more reason to help clients reduce their exposures sooner.
Small Business FraudSmaller businesses and organizations suffer disproportionately large losses due to occupational fraud, partly because smaller businesses tend to have fewer anti-fraud controls. A common example of occupational fraud is asset misappropriation.
The classic small business fraud case also typically involves one person having unquestioned authority over all of the finances—a practice that often leads to misappropriation. Many smaller businesses do not have enough staff for adequate internal controls, such as segregation of duties. That places more responsibility on the owner or management to fill the gap in controls and to verify the legitimacy and accuracy of transactions. It also places more responsibility on the CPA to warn owners and management about gaps in controls and how to eliminate or reduce the gaps.
Employee Red FlagsFraudsters are also known to exhibit certain behavioral traits that can be warning signs. Some of the common red flags include employees:
- living beyond their means, or having a substantial change in lifestyle
- becoming extremely possessive of their work records, or reluctant to share tasks
- becoming apprehensive about vacations and time off, or always being the first in the office and the last out
- showing signs of substance abuse
- holding grudges against their employers—whether justified or not (which makes them more likely to turn to occupational fraud)
Employers should consider purchasing fidelity bonds designed to respond to dishonest acts committed by an employee.
Loss Prevention for ClientsA tip hotline or complaint-reporting mechanism enables employees, vendors, customers and outside sources to report suspected fraud anonymously and without fear of reprisal. This is one of the most effective fraud detection techniques and a common fraud detection method. Employees account for many of the tips that lead to the discovery of fraud.
Implemented anti-fraud controls generally result in reduced losses, partly because the frauds are caught early in the process. The following are other time-proven fraud prevention and detection measures that businesses can implement:
- Separate accounting/bookkeeping duties among three or more people, including bank reconciliations. If the organization is too small for separation of duties, the owner or management should receive checks and statements directly from the bank and verify them as well as endorsements, transactions and vendor names. CPAs can also offer services to help management address their fraud exposures.
- All engagements require an understanding between the CPA firm and the client, and the best way to document the understanding is with an engagement letter, signed by the client. Clearly spell out the nature of the work you and others will perform. Describe the limitations of the work and what you expect from the client. Clarify that fraud detection and prevention are management’s responsibilities.
- Offer clients a two-tiered approach to bank reconciliation services. This approach helps communicate to clients that standard bank reconciliation services are not designed or intended to deter or discover fraud. Offering basic and more thorough bank reconciliation services, and having the client choose in writing which service is performed, will further reduce the CPA’s risk exposure. (This makes it more difficult for the client to successfully allege that they would have opted for the more expensive procedures that might have identified the fraud.)
- Insist that employees take a vacation for at least one week every year and use that time to have the books reviewed for discrepancies.
Additional Loss Prevention Advice for CPAs
- Obtain background, credit and reference checks for the client before accepting significant engagements, paying attention to client integrity and competency, or lack thereof.
- Always document advice and warnings to clients. Clients expect CPAs to advise them of opportunities and warn them of risks. Juries expect documentation in all engagements. If advice and warnings are not documented, juries may assume that they were never given.
- When a client or their staff does not provide the information you need, carefully consider the problem. Is the problem sloppy record keeping, or are the actions deliberate? If it appears deliberate, be cautious, especially if urged to proceed with work without sufficient documentation. Client behavior such as this is a red flag, and repeated delays could be the result of unethical or illegal activity.