Posts Tagged ‘fraud’

Yahoo Confirms Data Breach, 500 Million Users Vulnerable

Monday, September 26th, 2016
Yahoo Data Breach | Change Passwords | Ohio CPA Firm

Yahoo recently confirmed it was the victim of a large-scale data breach, which left more than 500 million users vulnerable two years ago. Read on to learn more.

Just when you think you can breathe a sigh of relief, we’re told to suck that air back in and brace for the inevitable fallout of what is now being considered the largest confirmed data breach of a single company’s computer network to date. According to officials at Yahoo, hackers gained access to more than 500 million user accounts registered with the technology company two years ago. And because so many people use Yahoo for their email, finances, fantasy sports and so on, everybody is being urged to take action immediately – before the cybercriminals have a chance to exploit the stolen data.

Read Also: Cloud-Based Data Storage Solutions Aren’t Risk-Free

Why Worry?

Depending on the type of information you have stored on your user account, there are all kinds of dangers associated with this type of data breach. Yahoo officials confirmed that hackers successfully gained access to user names, email addresses, telephone numbers, birth dates, encrypted passwords and, in some cases, security questions.

If you are one of those people who use the same password across all your online accounts, the recovery process will be difficult. Changing your Yahoo password is only the first step in the recovery process. Because cybercriminals can use the information collected to attempt to log in to other websites, you will also need to comb through your other online accounts to make sure they remain secure.

In the meantime, consider utilizing the following password best practices.

  • Change your passwords quarterly – especially those that protect your email accounts, domain logins and online banking accounts.
  • Use passphrases with at least 12 characters consisting of upper and lower case letters, numbers and special characters.
  • Never share your passphrases with others and, if you enter your passphrase on a public computer, change it once you are able to log on to your account from a secure location.
  • Use two-step verifications whenever they are available.

Think Before You Click

In addition to maintaining your passwords by taking advantage of the best practices listed above, stay vigilant when it comes to email safety. In particular, consider every unsolicited email and communication you receive as untrustworthy. A single click of the mouse can open up the flood gates and can leave your company’s network vulnerable to a myriad of cyber threats.

By Steve Roth, IT Director (New Philadelphia office)

Check out these article for even more password tips:

8 Tips For Crafting A Strong Password

Passwords Are Like Underwear …

Then And Now: Data Security In America Since The Target Breach

Share Button

Help The FBI Find A Defense Against Ransomware

Monday, September 19th, 2016
Help Fight Ransomware - Ohio CPA Firm

The FBI recommends users consider implementing prevention and continuity measures to lessen the risk of a successful Ransomware attack. Keep reading to find out how you can help the FBI combat the threat of Ransomware.

The FBI recently released a public service announcement urging victims of Ransomware attacks to come forward and report these cyber infections to federal law enforcement. Doing so, the FBI said in a statement, will “help us gain a more comprehensive view of the current threat and its impact on U.S. victims.

Read Also: Could Your Company Be Ransomware’s Next Victim?

A Closer Look At Ransomware

A computer infection that has been programmed to encrypt all files of known file types on your computer and your server’s shared drive and making them inaccessible until a specified ransom is paid; Ransomware is a very real threat to all businesses nationwide. Once a computer is infected, which usually happens once a user clicks on a malicious link, opens a fraudulent email attachment or unknowingly picks up a high-risk automatic download while surfing the web, it’s all but impossible to regain access to the data that has been infected. Upon discovering that your computer has been infected, you have two choices. You can either:

1)     Restore the machine by using backup media, or

2)     Accommodate the hacker’s demands and pay their ransom.

And both options are less than ideal.

What To Do If Your Company’s Network Becomes Infected

Ransomware infections were at an all-time high in the first several months of 2016, according to various cybersecurity companies, and because new Ransomware variants are emerging regularly, the FBI needs your help to determine the true number of Ransomware victims.

“It has been challenging for the FBI to ascertain the true number of Ransomware victims as many infections go unreported to law enforcement,” the agency stated in its recent announcement. “Victims may not report to law enforcement for a number of reasons, including concerns over not knowing where and to whom to report; not feeling their loss warrants law enforcement attention; concerns over privacy, business reputation, or regulatory data breach reporting requirements; or embarrassment. Additionally, those who resolve the issue internally either by paying the ransom or by restoring their files from back-ups may not feel a need to contact law enforcement.”

Read Also: How Much Is Your Data Worth To Criminals?

Reporting a Ransomware attack on your company’s network is not only beneficial for you, the information you provide will help the FBI as it works to identify ways to prevent future attacks. Your reports will:

  • Provide law enforcement with a greater understanding of the threat
  • Help justify Ransomware investigations
  • Contribute relevant information to ongoing Ransomware cases

Help Arm The FBI With Information

The recent PSA released by the agency requests that all Ransomware victims reach out to their local FBI office and/or file a complaint with the Internet Crime Complaint Center. Be sure to have the following details available and ready to provide to the respondent when prompted (if applicable).

  1. Date of Infection
  2. Ransomware Variant (identified on the ransom page or by the encrypted file extension)
  3. Victim Company Information (industry type, business size, etc.)
  4. How the Infection Occurred (link in e-mail, browsing the Internet, etc.)
  5. Requested Ransom Amount
  6. Actor’s Bitcoin Wallet Address (may be listed on the ransom page)
  7. Ransom Amount Paid (if any)
  8. Overall Losses Associated with a Ransomware Infection (including the ransom amount)
  9. Victim Impact Statement

The FBI recommends users consider implementing prevention and continuity measures to lessen the risk of a successful Ransomware attack. Click here to read the FBI’s complete announcement.

To learn more about protecting your business from cybercrime, download the free whitepaper, “Cybercrime: The Invisible Threat That Haunts Your Business.”

Share Button

Summer May Be Over But Top Blog Posts Are Always In Season

Friday, September 2nd, 2016

I don’t know about you, but September seemed to come out of nowhere! But fear not. Even though summer is officially over, we still have a lot to celebrate – like all those great blog posts we featured on Dear Drebit last month?! So, before we officially make the leap into fall, join me as I take a look back at some of the top posts business owners were reading in August.

  1. Get Ready, Get Set, Get Shopping! Were you one of the many shoppers flooding stores the first weekend in August in search of some great back-to-school bargains? If so, then you were able to take advantage of this year’s Sales Tax Holiday. Missed it? That is ok, read on to learn more about it and how you can take advantage of these savings next year.
  2. How To React To A Data Breach It was 2013 when a medium-sized library in Ohio found itself in the midst of a data breach that would later serve as a powerful case study warning against the very real threat of electronic fraud. While originally developed by the Ohio Auditor of State’s office as a tool for government entities throughout the state, Cash Management 240: Financial Fraud – A Case Study, has found usefulness beyond just the government sphere. Read more about it now!
  3. Did Fraudsters Counterfeit Your Organization’s Checks?The internet can be a valuable tool for so many honest, well-meaning people. Unfortunately, it can also be a playground for fraudsters. Keep reading to find out how fraudsters are counterfeiting checks.
  4. How Can You Track Use Tax in QuickBooks?Do you filed for use tax amnesty with QuickBooks? How are you going to track it daily going forward? The answer is as simple as 1-2-3.
  5. Could An FSA Bring Value To Your Business’s Benefit Plan? Does your company’s benefit package feature access to a Flexible Spending Account? Have you considered adding one in the past but still have questions? As health costs continue to rise, we continue to learn more and more about how this pre-tax health benefit can help level the playing field for employees. But in order to get maximum benefit from this incentive, your team needs to know what it’s capable of doing. Read on to learn more.

Did we leave you wanting more? Great! We love to hear from you about what information or updates you are looking forward to seeing this month. Just reach out to us with your question or topic and one of our accounting and business consulting experts may pick it up for a future post!

Share Button

Did Fraudsters Counterfeit Your Organization’s Checks?

Wednesday, July 20th, 2016

Scam Hurts Professional Caregivers, Businesses

Check Fraud  - Ohio CPA Firm

Professional caregivers are being targeted by fraudsters after marketing their services via popular online websites. Unfortunately, these professionals aren’t the only victims of this fraudulent check scheme. Read on to learn more.

The internet can be a valuable tool for so many honest, well-meaning people. Unfortunately, it can also be a playground for fraudsters.

The Federal Trade Commission (FTC) continues to warn consumers about the dangers associated with a fraudulent check scheme designed to take advantage of those offering professional caregiving services on sites such as care.com or sittercity.com. But these individuals aren’t the only targets. Fraudsters are using the existing account and routing numbers from real businesses to counterfeit checks. Oftentimes, the scammers will go so far as to reconstruct the business’s logo in an effort to appear even more authentic. Once the check is made and the target is identified, the con artist will send a large check to the service provider and ask them to send a portion of the funds to a third party for other goods and services allegedly related to the job.

Read Also: 10 Ways To Implement Internal Controls With Limited Resources

Recently, a local entity found itself in the middle of an active scam that followed a chain of events in line with the FTC’s original warning. It was only a matter of time before officials discovered that the check and the third party were fake.

“It takes only a day or two for your bank to make the money available to you, but it can take weeks for your bank to determine a check is phony. If you already withdrew that money, you’re on the hook to pay back the bank. If you’ve already transferred the money to the third party, it’s gone – like sending cash. – read the entire FTC warning.

It turns out that the local entity’s accounting vigilance and banking relationships really paid off. Rather than releasing the requested funds identified on the check, which would then be sent off to the fake third-party, the transaction was halted when the discrepancy with the numbers was identified. Because the check number and dollar amount didn’t match any payment previously authorized and issued by the entity, the bank denied payment.

Fortunately, in this scenario, the fraudster was thwarted, the entity’s funds remained secure and the service provider’s bank account remained in the black. Others won’t be as lucky. Regardless of how confident you are that this scheme would never happen to you and your business, the following are three general best practices designed to maintain your safety against a wide variety of threats.

1)      Double Check Your Checks With Positive Pay

An anti-fraud service offered by most banks, Positive Pay will match the account number, check number and dollar amount of each check presented for payment against a list of checks previously authorized and issued by the company. This will help the bank determine which checks are legit and which ones should be questioned. This service helps prevent your organization’s funds from being drawn from your bank account.

2)     Regularly Review Your Bank Activity

Sure the World Wide Web can be a scary place, but it’s also incredibly useful particularly when it comes to keeping tabs on your entity’s financial activity. Optimally, you should take a bit of time once a day to review your bank activity online. If you can’t monitor it that frequently, it should be a weekly goal – at least. Never, under any circumstances, wait until the end of the month to review your account. By then, it will be too late to take any meaningful action against a scam that’s already active.

3)     Maintain A Positive Relationship With Your Banker

Your banker should have a seat at your advisory team’s table. Not only are they providing you with essential service, they have top-notch advice at the ready. If you don’t already, get to know your primary point of contact. Then, make it a point to build a solid relationship with them and their team. Yeah – it’s just that important. This slideshow further illustrates the importance of business/banker relationships.

Email Rea & Associates to learn more about protecting your business, entity or organization from fraud.

By Annie Yoder, CPA, CFE, CFF (New Philadelphia office)

Check out these articles for more fraud prevention articles:

Where There’s Smoke, There’s Fire: 5 Internal Control Tips That Can Save Your Business From Fraud

Can A Cybercriminal Crack Your Company’s Network?

Could Your Company Be Ransomware’s Next Victim?

Share Button

Ohio’s Identity Theft Quiz Returns – With Modifications

Tuesday, February 2nd, 2016

Last year, Ohio’s Department of Taxation rolled out the Identification Confirmation Quiz, which required many Ohioans to prove their identities before receiving a refund. Needless to say, there were more than a few unhappy campers. However, despite its shortcomings, the quiz did what it was supposed to do – helped thwart tax fraud, which is why the Ohio tax quiz will make another appearance in 2016.

Read Also: How To Recover From Identity Theft & Tax Fraud

So, how successful was the quiz at stopping fraudsters from stealing refunds? Very. One Ohio news source reported that the quiz helped identify an estimated 234,336 fraudulent refund requests worth $259.1 million in 2015. The year prior, only 64,693 requests were reportedly stopped.

“We are committed to combating tax fraud and ensuring that tax refunds are paid only to legitimate filers,” said Joe Testa, Ohio tax commissioner, in an op-ed piece on the Ohio Bar Association’s website on Jan. 6. “We believe we’re among the leaders in the country in aggressively combating these fraud schemes. Last year, the Identity Confirmation Quiz was instrumental in that fight.”

Testa did go on to say that, after reviewing feedback from last year’s tax season, changes were made to the types of questions asked in an attempt to improve the entire process while facilitating a better experience overall. He said that further improvements were made to the department’s tax return analysis, which should result in fewer taxpayers from being required to take the quiz in order to receive a refund.

Tax fraud and identity theft continues to be a major problem throughout the nation, but you don’t have to stand by and do nothing. This article will provide you with some tips to help reduce your risk of becoming a victim.

By Lisa Beamer, CPA (New Philadelphia office)

Want more safety tips to help get you through tax season unscathed? Check out these articles:

Join The Fight Against Identity Theft & Income Tax Fraud

When Scammers Demand That You Pay Up, IRS Says You Should Hang Up

Let’s Talk About The F-Word

Share Button

Join The Fight Against Identity Theft & Income Tax Fraud

Friday, January 29th, 2016

Income tax identity theft and refund fraud has become a huge problem over the last few years; and while billions of dollars are finding their way into the pockets of fraudsters, the IRS is working hard to shut down these schemes.

The IRS paid roughly $5.8 billion dollars in fraudulent refunds to identity thieves over the course of the 2013 filing season. While that is a huge number, it could have been a lot worse. During the same time period, the amount the IRS successfully prevented or recovered totaled around $24.2 billion. But these statistics only take into consideration the fraud we know about.

Identity theft isn’t just a threat during tax season, scammers are exploiting a lot of cracks in your armor. Listen to episode 12: the great data saver on unsuitable on Rea Radio for insight from Joe Welker, CISA, Rea’s IT Audit Manager

The Unknown Number

While it is nice to know that the IRS is working hard to prevent identity theft and refund fraud, the truth is that we don’t yet have all the information to determine how bad the income tax fraud epidemic really is. This means that we continue to be at risk of becoming a fraud victim again this tax season. Perhaps if we knew how many fraudulent tax returns went on to be processed and how many billions of dollars were paid out to scammers looking to make a quick buck we could finally make some educated assumptions about the likelihood of being defrauded out of your refund check.

I don’t like not having all the necessary information.

Read Also: Ohio Department of Taxation Stops Thieves From Stealing Millions

This year, income tax fraud is expected to be higher than ever. This video, produced by abc6 out of Columbus, Ohio, shines more light on the topic of identity theft in Ohio.

Calling In Reinforcements

The IRS has realized that identity theft and refund fraud are threats that are showing no signs of going away. So the agency has requested help. The Internal Revenue Service, in cooperation with state tax administrators and tax industry leaders, has formed a public-private sector partnership to identify and test more than 20 new data elements on tax return submissions that will be shared with the IRS to detect and prevent fraudulent filings. The software industry is doing its part by putting enhanced identity validation requirements in place to protect customers and their personal information from identity thieves.

As of October 2015, 34 state departments of revenue and 20 tax industry members have signed memorandums of understanding regarding coalition’s roles, responsibilities and information sharing measures. More states are expected to sign on later.

Taxpayers Are Encouraged To Fight Back Against Fraud

Over the last 3 years, the IRS has initiated more than 3,000 fraud investigations. Those investigations have gone forward to convict and sentence close to 2,000 thieves to around 40 months in prison apiece. But there is still much to be done. They are doing their part.  We as taxpayers have to do ours.

In January, the IRS launched the “Taxes. Security. Together.” initiative to educate taxpayers on income tax identity theft and ways they can safeguard their information and protect themselves. According to the agency, there are several ways you can protect yourself from identity theft – especially during tax season:

  • Keep your computer secure
  • Avoid phishing email and malware
  • Protect your personal information

Above all, choose your tax preparer wisely and make sure they take their responsibility to safeguard your information very seriously. A tax preparer can also help if you do encounter a situation in which your information could be compromised.

By Ashley Matthews, CPA (Dublin office)

Want to take steps to ensure that you won’t be a fraud victim this year? These articles feature information that can help.

Should I still be concerned about identity theft and tax fraud?

How can you protect yourself from tax fraud

Identity Theft Prevention: Tips To Reduce Your Risk of Becoming a Victim

How To Recover From Identity Theft & Refund Fraud

Share Button

Are Your Employees Skimming From The Top?

Friday, January 29th, 2016

Fraud Triangle- Ohio CPA Firm Dear Drebit: As a new business without a cash register, what is the best way (accounting method-wise or other) to protect cash receipts from sales against employee theft or dishonest activity? Thanks, “Ernest”

Dear Ernest: Great question! Segregation of duties is essential when it comes to protecting your business against fraud. Here are some tips to help you protect your business from employee theft or dishonest activity.

5 Ways To Prevent Fraud In Your Small Business

  • Your bank activity and all copies of your cancelled checks should be reviewed by someone other than the individual who collected the cash. Similarly, the person who collected the cash should not be the same person responsible for taking the deposit to the bank.
  • Inventory records should be reviewed by the business owner, who should then compare them with the company’s sales totals/collections. While your number probably won’t be exact, it will help you identify large variances. Start by reviewing how much inventory was sold and identify the sales price. Then review that total with the business’s sales totals.
  • Never use the cash in the register to pay vendors for business expenses. All payables should be processed in such a way to provide you with a paper trail. A check or card payment is ideal.
  • Lead by example. Your employees are watching your behavior, which means if they see you removing cash from the till, they will have an easier time rationalizing their behavior to do the same. It’s up to you to set a good tone at the top.
  • If the person responsible for collecting payment from your customers throughout the day is also responsible for preparing a “daily reconciliation” of monies, their work should be double-checked by another employee as well. Again, because it’s just that important, someone other than the employee who collected the money in the first place should be the one to take the funds to the bank. After the deposit has been made, the employee should return with the validated deposit slip to compare with the day’s sales activity.

While you can never reduce the risk of fraud from occurring to zero, any control you put in place – even the perception of oversight – will help deter fraud.

I recently spoke about this topic on our podcast, unsuitable on Rea Radio. If you get a chance, check out episode 3: trust is not an internal control for more insight, tips and general fraud prevention advice.

If you would like more information on internal controls, email Rea & Associates. You may also find the information provided in this video to be helpful.

By Annie Yoder, CPA, CFE, CFF (New Philadelphia office)

Learn more about the impact of occupational fraud, check out these articles:

Where There’s Smoke, There’s Fire: 5 Internal Control Tips That Can Save Your Business From Fraud

Fraud Hotlines Deter Occupational Fraud

Cost-Effective Ways To Deter Fraud

Share Button

National ID Theft Awareness Month: Get in the Know

Saturday, December 26th, 2015

Stop Criminals From Hijacking Your Identity With These Top 5 ID Theft Prevention Posts

ID Theft Awareness | Rea & Associates | Ohio CPA Firm

Identity theft is a scary thing and you don’t want to become a victim. Take some steps now to protect yourself in the future.

December is National ID Theft Awareness Month and the fraud prevention team at Rea is a wealth of information when it comes to sharing great tips to help taxpayers protect their identities from fraudsters. Instead of scrolling past posts in our expansive article library or award-winning blog, we’ve compiled this Top 5 list to make your search for information easier. Read on to discover how you can prevent cyber criminals from hijacking your identity all year long.

Read Also: Let’s Talk About The F-Word

  1. WARNING: Tis The Season To Practice Safe Online Shopping Habits: While it may be the most wonderful time of the year, cyber criminals are looking for ways to stuff their own stockings – at your expense. The holiday season is also a busy time of the year for scammers because, in general, more money is being spent and more people are clicking through cyberspace for the best deals and tracking their purchases. Find out what you can do to keep your identity safe this Holiday season.
  2. Cyber Crime: It Can Happen To You: Fraudsters don’t take holidays. In fact, they tend to be more active this time of year because they believe we are more likely to let our guards down. I don’t intend on falling for any of their traps, and I encourage you to do the same.
  3. Malware Threat Spreads To Smart Phones: Researchers and IT security experts from ESET, a global IT security company, recently announced that they had discovered a malware application that is designed to encrypt files and change PINs on Android devices in the United States. In return, victims are demanded to pay up to the tune of $500. Only then will hackers provide users with the recover key. Keep reading to learn how you can protect yourself.
  4. Should I Still Be Concerned About Identity Theft And Tax Fraud?: Identity theft and tax fraud are problems that show no signs of stopping. In 2015, in an attempt to provide an added layer of protection, taxpayers in Ohio had the opportunity to get up close and personal with the Ohio Department of Taxation’s (ODT) newest fraud safety measure – the Identification Confirmation Quiz. Read on to see how this quiz has helped reduce fraud in Ohio.
  5. How To Recover From Identity Theft & Refund Fraud: Suspecting, and then confirming, that you’ve had your identity stolen is a nightmarish scenario. It combines one of your worst fears, losing your wallet or purse, with all of the work of replacing the things that were lost. It can be so overwhelming you might be wondering: “Where do I even start?” We can help you answer that question.

Identity theft is a scary thing and you don’t want to become a victim. Take some steps now to protect yourself in the future.

Want to learn more about keeping your identity safe? Email the team at Rea & Associates, our fraud prevention specialists can be an important of keeping your information protected.

By Joe Welker, CISA (New Philadelphia office)

Looking for tips to secure your business from fraudsters? Check out these posts:

Fraudulent Credit Card Transactions Will Become Merchant’s Problem On Oct. 1

Who Is That Email Really From?

Businesses Beware: Sloppy Data Security Could Cost You

Share Button

Fraudulent Credit Card Transactions Will Become Merchant’s Problem On Oct. 1

Wednesday, September 9th, 2015
Credit Card Fraud Prevention - Ohio CPA Firm.

As of Oct. 1, 2015, the liability for fraudulent transactions will no longer be assumed by the credit card issuing institution. Instead, if you (the merchant) fail to adopt EMV technology, your business will be responsible for any loss that results from a fraudulent transaction.

PCI to EMV – Protecting Credit Card Data

Your customers want their payment experience to be as easy and painless as possible, which is why you have come to depend on the ability to process credit card payments – especially if your average transaction is more than $20. But providing your consumers with the ability to pay with plastic has also been helpful to fraudsters looking to steal the information hidden within their card’s magnetic stripe. In an effort to crack down on fraudulent transactions, protect consumers and transfer liability from the credit card company to your business, the United States will begin to implement Credit Card EMV (EuroPay, MasterCard and Visa) technology.

Read Also: Businesses Beware: Sloppy Data Security Could Cost You

Change Is Necessary

Due to the increasing number of credit card breaches where millions of credit card numbers and associated data have been stolen, the industry has forced retailers and merchants to adhere to PCI (Payment Card Industry) Security Requirements. Supported by the PCI Security Council, the ultimate goal of EMV is to stop and prevent further fraudulent activity. Success has already been noted in countries outside the U.S. “Currently, almost half of the world’s credit card fraud happens in the U.S. where magnetic stripe technology is the standard,” states David Navetta and Susan Ross in a blog on Data Protection Report. “Outside the U.S., an estimated 40 percent of the world’s cards and 70 percent of the terminals already use the EMV technology. These countries are reporting significantly lower counterfeit fraud levels with EMV cards than with the magnetic stripe cards.”

Understanding EMV Technology

Credit Card EMV technology, which has been used in Europe since the early 1990s, replaces the magnetic stripe we have grown accustomed to with an embedded chip that, scrambles sensitive cardholder data at the point of sale terminal. This technology ultimately makes it more difficult to access and replicate consumer data in an attempt to commit fraud.

Businesses Can’t Afford Not To Comply

Why should you be concerned about the credit card industry’s switch-over to EMV technology? As of Oct. 1, 2015, the liability for fraudulent transactions will no longer be assumed by the credit card issuing institution. Instead, if you (the merchant) fail to adopt EMV technology, your business will be responsible for any loss that results from a fraudulent transaction. If your business currently accepts credit cards as a form of payment (and you would like to continue this practice), unless you want to be hit with potentially devastating losses, you must make sure to install and activate the new technology before the Oct. 1 deadline. That being said, some types of businesses will have a little more time to comply. If you aren’t quite sure whether or not your business is exempt, visit the website of each payment brand you accept to learn more.

Next Steps

  1. If you have not investigated or planned for EMV Technology, contact your card processor immediately to determine your business’s specific needs.
  2. Implementing EMV technology can be a cumbersome and time consuming project, but the best way to protect yourself from fraud and liability is to implement the new technology as soon as possible.
  3. If EMV technology has been implemented be sure to confirm that the chip reading capability has been enabled. In addition, confirm with issuers that cryptographic values are being associated with the card number to ensure that the EMV technology has been setup and configured properly.  Verifying that cryptographic values are being assigned will eliminate the chance of misconfiguration and possible fraudulent activity.
  4. Train your staff on the new procedures. When a customer tries to pay for a product or service using their card, they will notice some changes, such as their credit card being held in the EMV reading slot throughout the entire transaction process. This is normal, however your staff should be prepared to answer the questions that will certainly arise.

By Joe Welker, CISA (New Philadelphia office)

Want to learn more ways you can protect your business and your customers from a fraudster? Check out these articles:

Could Your Company Be Ransomware’s Next Victim? Don’t Turn A Blind Eye To PCI Compliance How Much Is Your Data Worth To Criminals?

Share Button

Where There’s Smoke, There’s Fire: 5 Internal Control Tips That Can Save Your Business From Fraud

Monday, March 30th, 2015
Prevent Fraud With Internal Controls - Rea & Associates - Ohio CPA Firm

When you implement internal control components into your management strategy, you not only deter fraudulent behavior, you help improve the overall quality of your financial statements, which could result in improved transparency, fewer external audit findings and even additional growth and sustainability. Start establishing internal controls today by incorporating these five components into your daily business or organizational activities.

Will the lack of internal control procedures result in the untimely demise of your business or organization? Studies show that if you don’t take action against fraudulent behavior today, tomorrow could be too late. The term “fraud” covers a lot of ground and includes actions that ultimately affect the accuracy of your financial statements. In fact according to the Association of Certified Fraud Examiners (ACFE), entities without internal control procedures are more likely to make errors on their financial statements and more likely to be victims of fraud, which is why it is so important for you to protect your business or organization with procedures that ensure accuracy and reliability of these records.

“The presence of anti-fraud controls is associated with reduced fraud losses and shorter fraud duration. Fraud schemes that occurred at victim organizations that had implemented any of several common anti-fraud controls were significantly less costly and were detected much more quickly than frauds at organizations lacking these controls” (ACFE, 2014).

Read: Fraud Hotlines Deter Occupational Fraud

Improve Accuracy, Eliminate Fraud

When you implement internal control components into your management strategy, you not only deter fraudulent behavior, you help improve the overall quality of your financial statements, which could result in improved transparency, fewer external audit findings and even additional growth and sustainability. Start establishing internal controls today by incorporating these five components into your daily business or organizational activities.

  1. Control environment – There’s no doubt about it, when it comes to setting the tone of your business or organization, all eyes are on you. Employees, volunteers, management and even the general public are more likely to “walk the walk” AND “talk the talk” if they see that you hold them and yourself to the same expectations. When leaders demonstrate a good ethical and moral framework, appear to be approachable about all issues and a commitment to excellence, nearly everybody takes notice and adjusts their behavior accordingly. It also helps to develop a rapport with your management team to encourage engagement throughout all levels of leadership.
  1. Risk assessment – Whether formal or informal, a risk assessment is critical to the process of identifying areas in which errors, misstatements or potential fraud is most likely to occur. By conducting a thorough risk assessment, you can identify which control activities to implement.
  1. Control activities – The best way to safeguard your business or organization is to segregate duties. This means that you should have different employees managing different areas of the company’s accounting responsibilities. When you put one person in charge of your accounting process you are freely giving them the opportunity to alter documents or mismanage inventory – and it’s a clear indication that you have weak internal controls. Dividing the work among your other employees is critical to the checks and balances of your company or organization. It’s also a good idea to develop procedures for recording, posting and filing documentation. Here are a few activities to get you started:
    1. Reconcile bank statements.
    2. Require documentation with expense reports.
    3. Match invoices with the goods and services you received prior to paying off your accounts payable balances.
    4. Make sure the person who has access to your business assets is different from the person responsible for the accounting of those assets, which will establish a form of checks and balances.
  1. Information and communication – Providing your employees with information about the internal control process and the resources available to them is a critical component to your success and the overall success of the internal control activities. In fact, simply knowing there are certain controls in place to promote accuracy and prevent fraud is enough to stop problems before they even start.
  1. Monitoring activities – Your job doesn’t end at the implementation of your internal control procedures; in fact, it’s just beginning. For your internal controls to work (and work well) you must establish your monitoring activities – and monitor frequently. Establishing internal controls is great, but they will have no effect if you neglect to monitor them. Furthermore, your internal controls should grow with your business or organization to ensure their long-term effectiveness.

Risk management and internal controls are necessary for the long-term success of every business and organization and a financial statement audit is a great way to provide you with insight into the internal controls of your organization or business. This kind of review structure can potentially reveal problems you didn’t even know were there – including fraud. But what if you are not planning on conducting an audit on your financial statements this year? Another option could be to work with a CPA who can help you document an understanding of the design and effectiveness of your internal control policies as a way to reassess your current strategies and identify areas for improvement. Email Rea & Associates to find out what options are available and how internal controls can put a stop to fraud in the workplace.

By Christopher A. Roush, CPA (Millersburg office)

 

Related Articles

How Can Analytics Help Reduce Fraud Risk At Your Business?

Does Your Audit Process Protect You From Fraud?

Fraud Prevention Through Risk Assessment

Share Button

How Can Analytics Help Reduce Fraud Risk At Your Business?

Friday, April 25th, 2014

Whether it’s due to limited resources or staffing, you may find it difficult to find time to closely review the financial activity of various departments within your business. But here’s the thing: not doing detailed reviews can leave your business exposed to increased risk of error or fraud. Incorporating analytics into your review process can be an efficient way to detect errors and fraud and will allow you to identify areas of risk within your business. Analytics are frequently part of audit procedures, and compare the correlation between key statistical data and actual financial activity.

How To Use Analytics In Your Reviews

  1. Identify the information. Identify the department, segment or line item you want to review and determine a time period that will allow the most effective review. Analytics can be used to compare financial activity on a monthly, quarterly or annual basis. Determine what information will allow for the most effective review. For example, if you’re reviewing the revenues related to food service operations you may want to breakout the revenues by type (i.e. lunches, breakfast, a la carte, adult).
  2. Identify the primary driving factors. The most important step in an analytic is identifying the primary factors that will cause significant changes in the activity you are reviewing. Use the changes in those factors to set expectations for the amount you expect the actual financial activity to change. Continuing with the example above, if you noticed the number of lunches served increased 10 percent in the current month compared to the previous month then you would expect the revenues to correlate with that change.
  3. Review the results. Compare your expectations to what actually happened. Based on the example I’ve been using, if your actual revenues decreased by 2 percent then you will want to investigate this change further. If actual revenues increased by 9 percent then you may determine the variance is acceptable and you don’t need to investigate any further.

The Discovery Of Potential Errors

If after you’ve compared the results of the analytics and identified a few areas that didn’t meet your expectations, what do you do next?

  1. Contact the person responsible for the area you reviewed. Determine if there are additional factors that would have caused the variance from your expectations.
  2. If you have determined there are no additional factors or what was communicated to you was not reasonable, you may want to consider a more detailed review. Theoretically, if you have considered all factors in your expectations, the only plausible explanation at this point for a variance is a misstatement probably due to error or fraud.
  3. If you have identified an error, review the controls and processes in place to determine what caused the error. This is where you can identify steps to improve the control strength to prevent future errors.
  4. Inform your auditors of the results of your analytics and the areas of risk you identified. This will allow your auditors to focus on these areas and provide more value to your audit. Your auditors will more than likely ask these questions and you’ll already know the answers.

Using analytics within your business will allow you to properly allocate more of your time and resources to the areas with the most risk. You will be able to efficiently identify the riskier areas and make the necessary improvements in processes and controls to address the risk.  This can prevent possible audit findings, adjustments and can even help prevent fraud.

Analytics and Financial Review Help

If you are looking to step up your game as it relates to financial reviews within your company, contact Rea & Associates. Our team of Ohio government auditors can help you incorporate analytics into your reviews so you can get a better picture of how funds are being used throughout your organization.

Authors: Chad Gorfido, CPA (Medina office), and Annie Yoder, CPA, CFE, CFF (New Philadelphia office)

 

Looking for more information on how to reduce fraud risk within your business? Check these articles out:

Does Your Audit Process Protect You From Fraud?

Have You Assessed Your Fraud Risk?

Do You Subscribe to a Fraud Hotline?

 

Share Button

What Are The Top 10 Signs Your Business’s Internal Controls Aren’t Strong?

Friday, November 8th, 2013

Internal controls are procedures that companies develop to safeguard their assets and to produce accurate, reliable financial statements. When a company doesn’t have strong internal control procedures, fraud can occur much easier. Other issues that can arise include inaccurate financial statements, the inability to find certain documents such as invoices or purchase orders, or a higher than usual number of customer complaints.  (more…)

Share Button

Does Your Company Have Solid Internal Controls?

Thursday, October 24th, 2013

Let’s admit it… we all want to be able to trust other people. And we generally do…until we’re proven wrong. Owners of small, family-owned businesses are no different, and must put their trust in someone to handle their revenue, disbursements, payroll and inventory, among other financial functions.  (more…)

Share Button

Does Your Audit Process Protect You From Fraud?

Monday, April 22nd, 2013

Fraud Reporting Hotline Could Be the Answer to Your Problems

Picture this: You have an annual audit. You comply with the auditors’ requests, provide the necessary documentation and never end up with any findings. So you’re good. Your finances are safe, right? Wrong.

Some people think conducting an audit is like a trip to the doctor – it should catch any and all financial problems. But, just as a visit to the eye doctor won’t include a check for cavities, an audit isn’t designed to uncover all financial troubles. For example: fraud. In very rare instances, an auditor may catch an occurrence of fraud, but it’s not his job to uncover it.  (more…)

Share Button

How Do You Protect Yourself from Identity Theft?

Thursday, April 11th, 2013

“Interested in credit card theft? There’s an app for that.”

Those were the recent words of Gunter Ollmann, a technology security consultant. To Mr. Ollmann’s point, identity theft is getting easier and easier to perpetrate. Identity thieves are using the internet to find victims and steal their private data.  But, the use of technology swings both ways; consumers are increasingly using it to protect themselves and their identities.  Here are some on- and offline steps you can take to protect yourself from those trying to gain access to your data: (more…)

Share Button

Does Vendor Verification Really Matter?

Wednesday, April 3rd, 2013

As a business owner you likely have heard more than once that you should treat your vendor listing like Fort Knox – keep it secure and prevent access to all but authorized personnel. Typically this conversation is geared toward access to the vendor master, which lists all the important information for approved vendors. The Fort Knox comparison is apt; vendor master security is extremely important. Access should be limited and only granted to appropriate individuals. (more…)

Share Button

How Do You Stop School Credit Card Fraud?

Tuesday, October 9th, 2012

Is your school struggling with declining funding? If so, you’re probably worried about the top line. You’re closely watching what’s coming in. You’re exploring ways to generate revenue. But, you need to be equally worried about what’s going out.

Credit cards are one of the most common ways for funds to escape your district. This type of fraud is particularly destructive because it tends to be long-term, continuous and difficult to spot. Employee fraud is like a hole in a bucket – no matter how much water you add, slowly but surely, the water level keeps going down. However, if you understand where fraud may be taking place, you can take steps to deter it. (more…)

Share Button

Fraud Prevention Through Risk Assessment

Thursday, July 5th, 2012

All too often, school clients come to us asking about fraud detection. But, needing fraud detection implies that there’s fraud to detect. Clients should really be asking us about fraud prevention. A proactive approach to fraud prevention, rather than a reactive approach to fraud, helps schools to stop fraud in its tracks.

One of the most important parts of fraud prevention is risk assessment. Determining your organization’s high risk areas will allow you to focus your efforts on the areas where they’ll be most effective – giving you the best bang for your buck. (more…)

Share Button

How Do You Protect Your Non-profit’s Donations from Fraud?

Tuesday, June 12th, 2012

In recent years, there’s been a lot of media coverage about corporate fraud. We hear about bankers embezzling millions or CEOs with hidden accounts. But, all fraud isn’t on such a large scale. Sometimes it’s a matter of a $25 check here and $50 in cash there. From a fraudster’s perspective, non-profits’ donations (especially small amounts) are often ripe for the picking. (more…)

Share Button

Where does Fraud Happen?

Thursday, May 31st, 2012

When we speak to clients about fraud prevention, they’re often overwhelmed. They often think they can’t possibly be watching every part of their operations all the time. Fraud doesn’t occur equally in all parts of an organization’s operation and is often committed in the same ways: false invoicing, fake vendors and inappropriate employee expense reimbursements. By watching for easy-to-spot signs in each of these areas, organizations can go a long way towards preventing fraud. (more…)

Share Button

How do you identify potential fraudsters?

Monday, May 7th, 2012

As auditors, we often hear about fraud after the fact. We’re asked to investigate what went wrong and how it happened. Organizations should not wait until after the fact to identify fraud. Through risk assessment and management processes, organizations can identify potential fraud and act to prevent it. (more…)

Share Button

How can you protect yourself from tax fraud?

Friday, March 16th, 2012

Tax identity theft is an increasingly enormous problem. The IRS has been bombarding us with warnings of identity theft and scams this tax season.

Here’s a summary of some of the latest information you should know. (more…)

Share Button

Fraud: Could It Happen To You?

Wednesday, November 17th, 2010

The 12-year employee at a city school managing adult education programs had her colleagues’ respect. But she made lavish purchases to redecorate her home and constantly gave gifts to others, and some wondered where the money was coming from. (more…)

Share Button