During the past 28 years that CAMICO Claims and Loss Prevention specialists have helped CPAs with fraud exposures and damages, many lessons have been learned. For instance, CAMICO claims experience consistently shows that fraud and defalcation are major contributors to significant professional liability claims for CPAs, as illustrated by the following chart on “What Causes the Big Claims.”
Another lesson learned is the importance of managing fraud risks by communicating and working with clients on fraud prevention. Many clients underestimate the consequences of fraud, which can cause significant damage to a business, its owners and employees. Robust warning letters and advisories to clients about the risks of fraud—and how to guard against it—are always beneficial loss prevention techniques.
Here are a few other lessons learned:
- Providing good client service includes helping clients become more aware of their fraud exposures. When internal controls are inadequate (e.g., no segregation of duties, or inadequate/late bank reconciliations), clients should be informed in writing of the exposures and how to reduce them.
- If a CPA’s warnings to clients of fraud exposures aren’t documented, and fraud is later alleged, it is more difficult to defend the CPA against the claim. Juries (and the public from which they are drawn) expect CPAs to document advice and warnings about important exposures such as fraud. CPAs should also advise and warn clients about financial “loose ends” such as sloppy bookkeeping and bank reconciliations. CPAs can also offer to help clients address their exposures and problems. Examples of internal control warning letters can be found in the Fraud Resource Center on the CAMICO Members-Only Site under “Risk Management Tools and Engagement Letters.”
- Juries and the public also expect CPAs to always detect fraud, even in non-attest engagements (see chart on “Fraud Claims by Engagement”). The expectation that CPAs will detect fraud in tax engagements, for example, is a result of jurors caring about the CPA “getting it right” and catching fraud. Jurors’ expectations of CPAs are higher than professional standards, which tend to be regarded as minimum requirements. Though the CPA is not required to verify much when performing non-attest services, if something looks irregular, it is prudent to investigate, document, and communicate it.
- The longer a CPA has provided services to a client, the more the CPA’s risk exposure. That exposure is also greater when the breadth of services provided is more expansive. At some point, the CPA is viewed as a trusted financial advisor with fiduciary responsibilities to safeguard the client’s financial resources. The CPA might not be expected to detect fraud in the initial years of the relationship, but in later years juries often expect CPAs to have warned clients about conditions prone to fraud.
- When the economy is doing well, and businesses are flush with money, people are less likely to notice funds missing. Fraud tends to flourish and go undetected in good times. When the economy takes a downturn, capital starts to become more precious, people look more closely at accounts, and missing funds are more often detected. The longer frauds last, the more financial damage they cause—all the more reason to help clients reduce their exposures sooner.
Small Business Fraud
Smaller businesses and organizations suffer disproportionately large losses due to occupational fraud, partly because smaller businesses have fewer anti-fraud controls. The most common incidents of occupational fraud are asset misappropriations, which account for about 85 percent of all cases and cause a median loss of $130,000, according to the Association of Certified Fraud Examiners (ACFE) 2014 Report to the Nations survey.
Losses can run much higher, however, such as the embezzlement of some $53 million from the city of Dixon, Ill., from 1990 to 2012. Although the Dixon case involved a municipality instead of a small business, the loss was caused by one person having unquestioned authority of the organization’s finances—a common fraud scenario among small businesses (see article on “Fraud Cases and Lessons Learned” in IMPACT 98).
The classic small business fraud case also typically involves one person having unquestioned authority over all of the finances—a practice that often leads to misappropriation. Many smaller businesses do not have enough staff for adequate internal controls, such as segregation of duties. That places more responsibility on the owner or management to fill the gap in controls and to verify the legitimacy and accuracy of transactions.
It also places more responsibility on the CPA to warn owners and management about gaps in controls and how to eliminate or reduce the gaps.
Employee Red Flags
Fraudsters are also known to exhibit certain behavioral traits that can be warning signs. Some of the common red flags include employees:
- living beyond their means, or having a substantial change in lifestyle
- becoming extremely possessive of their work records, or reluctant to share tasks
- becoming apprehensive about vacations and time off, or always being the first in the office and the last out
- showing signs of substance abuse
- holding grudges against their employers—whether justified or not (which makes them more likely to turn to occupational fraud)
Employers should consider purchasing fidelity bonds designed to respond to dishonest acts committed by an employee. For more information on fidelity bonds contact CAMICO direct sales at 1.800.652.1772.
Loss Prevention for Clients
A tip hotline or complaint-reporting mechanism enables employees, vendors, customers and outside sources to report suspected fraud anonymously and without fear of reprisal. This is one of the most effective fraud detection techniques and is the most common fraud detection method, according to the ACFE. In the last six ACFE surveys, the most common initial detection method of occupation fraud was by tip, with more than 40 percent of all cases detected by this method—more than twice the rate of any other detection method in the last three surveys.
Employees accounted for nearly half of all tips that led to the discovery of fraud. Organizations with hotlines experienced frauds that were 41 percent less costly and detected frauds 50 percent more quickly than organizations without hotlines, according to the 2014 ACFE survey.
Implemented anti-fraud controls generally result in reduced losses, partly because the frauds are caught early in the process. The following are other time-proven fraud prevention and detection measures that businesses can implement:
- Separate accounting/bookkeeping duties among three or more people, including bank reconciliations. If the organization is too small for separation of duties, the owner or management should receive checks and statements directly from the bank and verify them as well as endorsements, transactions and vendor names. CPAs can also offer services to help management address their fraud exposures. See “An Internal Control Checklist” for detailed steps in the Fraud Resource Center on the CAMICO Members-Only Site (www.camico.com).
- All engagements require an understanding between the CPA firm and the client, and the best way to document the understanding is with an engagement letter, signed by the client. Clearly spell out the nature of the work you and others will perform. Describe the limitations of the work and what you expect from the client. Clarify that fraud detection and prevention are management’s responsibilities.
- Offer clients a two-tiered approach to bank reconciliation services. This approach helps communicate to clients that standard bank reconciliation services are not designed or intended to deter or discover fraud. Offering basic and more thorough bank reconciliation services and having the client choose which service is performed further reduce the CPA’s risk exposure. (The client can’t later successfully allege that they would have opted for the more expensive procedures that might have identified the fraud.) See “Addendum to Engagement Letter for Bank Reconciliation Services” in the Engagement Letter Resource Center on the CAMICO Members-Only Site (www.camico.com).
- Insist that employees take a vacation for at least one week every year and use that time to have the books reviewed for discrepancies.
Additional Loss Prevention Advice for CPAs
- Obtain background, credit and reference checks for the client before accepting significant engagements, paying attention to client integrity and competency, or lack thereof.
- Always document advice and warnings to clients. Clients expect CPAs to advise them of opportunities and warn them of risks. Juries expect documentation in all engagements. If advice and warnings are not documented, juries may assume that they never occurred. Examples of internal control warning letters can be found in the Fraud Resource Center on the CAMICO Members-Only Site under “Risk Management Tools and Engagement Letters.”
- When a client or their staff does not provide the information you need, carefully consider the problem. Is the problem sloppy record keeping, or are the actions deliberate? If it appears deliberate, be cautious, especially if urged to proceed with work without sufficient documentation. Client behavior such as this is a red flag, and repeated delays could be the result of unethical or illegal activity. (See War Story 103 in this issue of IMPACT.)
As always, CAMICO policyholders can contact the Loss Prevention department with any questions by calling 1.800.652.1772, or emailing lp@camico.com.