By Christina Solomon, CPA/CVV, CFE, CGMA and Michael J. Devereux II, CPA, CMP, Wipfli/Mueller Prost
Fraud takes on many forms, resulting in substantial financial losses and exposing your company to undue risk. Fraud can be perpetrated by internal sources – those employees, managers and even owners who are implicitly trusted, yet this group historically has caused losses exceeding a median loss of $240,000 per instance of fraud because they are able to circumvent or override existing controls that are in place. Your business also can be targeted by external sources, which may include your suppliers, customers or contractors looking primarily to overcharge for materials or services that may not have been provided, were provided but improperly billed or do not otherwise meet specifications. Furthermore, your employees also may be unwittingly put your business’s confidential information and reputation at risk, by falling victim to attacks by cyber criminals.
Because of the varied ways, reasons and opportunities for fraud, a good defense is your best strategy to deter and identify fraud within your company. In this article, we explore five areas to be on the lookout for fraud in your company.
1. The shop floor
Your shop employees can commit fraud in many ways, but the greatest opportunity often exists with timekeeping matters and the theft of physical and intangible assets.
Timekeeping fraud occurs when an employee mischaracterizes the hours they worked or took as paid leave. Strong internal controls regarding clocking in/out, and supervisory review and approval of leave requests are important to control any potential misuse or abuse by your employees. Brainstorming ways employees can work together to cover for each other, or collude, will help identify weakness in the process that should be strengthened. Automating processes so that key tasks can increase the effectiveness and efficiency of controls that are implemented, along with periodic testing, can ensure that those controls are operating as intended.
Your shop’s physical assets are at risk of theft or misuse by your employees. Commonly, one or more employees may identify that certain raw or finished goods can be taken without notice and sold to third parties on various social media marketplaces. While physical controls, such as surveillance cameras, are an important element to deter and detect, strong inventory
controls are even better. There are two main types of inventory controls. The first is to control the physical movement and access to inventoriable assets, which commonly includes designated locations by inventory type, barcoding and restricted physical access to products with high-dollar value, fungible or at greatest risk of theft. The other type of inventory controls relates to performing cycle counts, periodic inventories and using data analytics to identify unusual trends in the purchasing, usage or scrap of inventoriable goods.
Theft of mold builders’ intangible assets can occur just as easily. This can range from the theft and sale of the company’s pricing model to the use of the company’s design software licenses to perform services “on the side.” Internal controls can be developed that can deter the use of these assets.
2. The accounting office
The accounting office is a hot spot for fraud in any industry, and fraud risks are compounded when one or two trusted employees are responsible for sensitive jobs. The danger is even greater, when these same employees have administrative access and password control to manipulate the accounting system, as well as control over financial reports. Over 14% of fraud committed by employees occurs within the accounting department, with a median loss of over $200,000 per instance. Fraud perpetrated by your company’s accounting department can be very complicated and well-concealed, but most often it is hiding in plain sight. The following are common fraud schemes affecting the manufacturing industry and simple strategies to help you identify and deter them.
Ghost Employees. An employee with the control to create a new employee in the payroll system, record and submit payroll, and make changes to the payroll master file easily can create a false employee, increase amounts or fail to terminate an employee. Direct deposit or mailing information easily can be updated. While it is a best practice to segregate the duties outlined above, it may not be practical to do so. If this is the case, having another person reconcile the payroll registers between pay periods and/or reviewed against a simple list of verified employees would be advised. In addition, “change” reports, which summarize the additions/deletions/changes for the pay period, can be a quick and efficient internal control – just be certain that the designated reviewer can run the report on his/her own or that the report is generated by the payroll provider, if applicable, and sent directly by them to the reviewer.
AP Ghost Vendors. Like ghost employee schemes, ghost vendors are a common problem for manufacturers. An employee who has control over both the creation of a vendor in the payables file and the payment of invoices can create a vendor or edit an existing one, receive fake invoices for common goods or services, approve the invoice and pay the bill. To the extent duties cannot be segregated easily, regular scrutiny of your vendor master list – including the frequency and amount paid during the period(s) under review – is a strong mitigating control. In addition, regular maintenance of your vendor file will decrease fraud risks by ensuring that unused vendors are deactivated, active vendors are not duplicative and that active vendors have full and complete contact information.
Other Disbursement Schemes. An employee who has access to check stock or online banking tools often has the access to commit fraud against your company if the need, opportunity and rationalization for the misconduct exist. Such misconduct may include making checks payable to cash or him/herself directly, the payment of personal expenses using online banking tools or misrepresenting the payee or amount on a “blank” check they may present for signature. As mentioned earlier, these schemes are not cleverly concealed and, as are result, often are detected with a careful review of the monthly bank statement, including the check and deposit images.
3. The sales office
Your sales staff, given their role and relationship with your company’s customers, puts your organization at risk of fraud stemming from that relationship. These frauds commonly are referred to as corruption schemes and may include kickbacks or conflicts of interest. While close relationships between your sales staff and your customers and clients are important, recognizing red flags that may indicate an unusually close relationship, such as taking on responsibilities outside of their normal job duties or excess possessiveness regarding the contract, are important to deter misconduct.
Commission schemes often inflate the sales amount, quantity or the rate of commission. Aside from behavior red flags that may be present, a manufacturing company may identify anomalies with its accounts receivables and related discounts/write-offs, customer information irregularities or complaints, and inconsistencies with the employees’ performance and compensation when compared over time or to their peers.
An employee expense reimbursement scheme involves an improper claim for the reimbursement of expenses. A good employee reimbursement system should include prior approval for large expenditures and enforcement of submission of receipts as proof of purchase. Generally, expense reimbursement forms are treated as an administrative task and rarely are the forms – and the required receipts – reviewed with the appropriate care to identify mistakes, much less deceit. Using automated expense reporting tools or detailed spreadsheet-based templates can allow for advanced data analysis to help your company identify anomalies and inconsistencies.
4. The supply chain
Fraud risks within your supply chain are present and put your shop at unnecessary financial and reputational risk.
Billing Fraud. Billing fraud results when a supplier submits multiple invoices for work that was only incurred once or issues false or inflated invoices. Strong controls over the purchasing cycle – including vendor selection, inventory tracking and diligent three-way matching controls to ensure that discrepancies between purchase orders, packing slips and invoices are identified, investigated and sufficiently resolved before payments are due – strengthen your shop’s internal controls and mitigates the risk of fraud loss from billing discrepancies, whether incidental or intentional.
Misrepresentation of Goods. Fraud involving the
misrepresentation of goods occurs when a supplier knowingly misconstrues the products sold or offered. For example, a supplier may knowingly deliver products that fail to meet the contract specifications. This misrepresentation, even if not fraudulent, puts your company at risk for reputational harm and can cause the loss of established or new business, customers and relationships. Ensuring that your contracts have a “right to audit” clause can be an effective tool, if enforced, to identify misrepresentation issues, billing discrepancies or other contractual breeches.
Corruption. The employees responsible for the purchasing of goods used in the manufacturing process can collude with vendors to exploit your company. This can take the form of bribes and kickbacks and can come in various forms (e.g. gifts, money, favors, etc.). As a result, your shop may overpay for goods, accept inferior quality products, create a conflict-of-interest or simply create a supply chain that is not properly diversified. Identifying behavioral red flags and having strong purchasing controls, including periodic request from bids, coupled with data analytics will help you identify and mitigate risks associated with supply chain corruption schemes.
5. Your employee’s inbox
Email has become an essential means of doing business; however, the expectations it sets regarding the immediacy of responses allows cybercriminals to exploit your employees, ultimately leading to the comprise of your company’s most sensitive data. This data can be held for ransom; to gain access to financial and personally identifiable information of your employees, vendors customers necessary to commit identity theft fraud; or can be used to gain illegal access to your company’s propriety processes or intellectual property. The stakes are high, with significant economic losses and exposing your shop to debilitating reputational risks.
Cybercriminals use different ways to breach your systems and social engineering techniques to cause your employees to take inappropriate actions. Phishing and other email compromise schemes today are masterful – they look legitimate, are personalized and are carefully worded to create a sense of legitimacy by the sender and create a sense of urgency by the recipient. It has been estimated that up to 90% of successful breaches involve a phishing scheme.
The best defense strategy to this type of fraud is first acknowledging that it can happen to your company. Your company is not “too small” to be targeted – you have information that is valuable, and your firewalls and information technology controls are not likely to prevent all attacks. Increasing employee training on cyber fraud, particularly phishing schemes, is just as important as instituting password requirements and keeping firewalls and email filters up to date. This training also should include strong practices regarding verifying information before taking action. This could include developing protocols for secondary authorization of wire transfers and verifying instructions with the sender by using contact information in your records, not those listed in the body of the email.
In addition, protecting your company with cyber insurance, developing a proactive incident response plan and testing to ensure information technology controls are in place and functioning as intended are excellent strategies to mitigate your risks and exposure from cyber fraud.
Call to action
The five places to look for fraud addressed in this article provide your mold building company a good starting place to identify where your fraud risks are and develop strategies to mitigate them. At a minimum, this risk assessment should:
- Solicit feedback regarding key risks across levels of management and departments. These risks should consider both fraud that can occur by your employees and fraud that can be initiated outside of the company.
- Prioritize risks that are likely to occur and, if so, cause significant losses.
- Consider the importance of a fraud hotline and data analysis to identify and deter fraudulent activities.
- Train your employees on risks they may observe or encounter and ensure they understand their role in reporting potential fraudulent behavior.
- Consider the prevalence of fraud from external sources, including but not limited to attacks by cyber criminals.
Michael J. Devereux II, CPA, CMP, is a partner and director of Manufacturing, Distribution & Plastics Industry Services for Wipfli/Mueller Prost. Devereux’s primary focus is on tax incentives and succession planning for the manufacturing sector. He regularly speaks at manufacturing conferences around the country on tax issues facing the manufacturing sector. For more information, visit www.wipfli.com.