MGO CPA | Tax, Audit, and Consulting Services

Topic: Advisory

Detecting Collusion and Conspiracy to Protect Your Business

Key Takeaways:

  • Watch for unusual behavior patterns among employees.
  • Identify abnormalities in transactional data and audit trails.
  • Pay attention to whistleblower complaints and tips.

~

Collusion and conspiracy are serious threats that can undermine your business. Employees working together to deceive others can gain unfair advantages or harm the organization. To safeguard your business, it is crucial to recognize warning signs and implement proactive measures.

Signs of Collusion and Conspiracy

Keep an eye open for these red flags to protect your business:

1. Suspicious Behavior

Be alert to suspicious behaviors among employees. Frequent communication with external parties, secret meetings, or shared access to sensitive information can indicate collusion. These patterns often signal an intent to deceive or manipulate.

2. Unusual Patterns

Be mindful of any unusual patterns that may indicate fraudulent activities. Look for abnormalities in transactional data or audit trails. Missing documentation, altered records, or gaps in the chain of custody are warning signs. These irregularities can conceal fraudulent activities and hinder detection.

3. Changes in Relationships

Pay attention to sudden changes in employee relationships. New alliances between previously unrelated individuals or departments can indicate collusion. These shifts often aim to facilitate deceptive schemes. Businesses should be aware of these changes and investigate any unusual alliances that may form within their teams.

Proactive Measures to Prevent Fraud

Take these actions to defend your organization against the threats of collusion and conspiracy:

1. Evaluate Internal Controls 

A lack of segregation of duties or internal controls can enable collusion. When employees can bypass checks and balances, they can perpetrate fraud schemes without detection. Strong internal controls are essential for preventing such activities. Evaluate your company’s internal controls to ensure duties are appropriately segregated and checks are in place.

2. Promote Whistleblower Policies

Take whistleblower complaints, tips, or allegations seriously. Reports of suspected fraudulent activities can provide critical insights. Encouraging a culture of transparency and accountability helps uncover and address collusion. Companies need to establish and promote effective whistleblower policies to ensure employees feel safe reporting suspicious behavior.

3. Review Data and Audit Trails 

Your business should regularly review data and audit trails to identify and address any discrepancies promptly. By keeping a close watch on transactional data, you can detect irregularities early and take corrective actions to prevent fraud.

Strengthening Your Organization Against Internal Threats

Collusion and conspiracy pose significant risks, but vigilance and proactive measures can mitigate them. Recognizing red flags, strengthening internal controls, and fostering a culture of trust and ethical behavior help maintain your organization’s integrity. By being mindful of these behaviors, you can strengthen your company’s defenses against fraud and pave the path for long-term success.

How MGO Can Help

MGO provides the resources and experience to effectively address fraud, collusion, and conspiracy. With services including risk assessments, forensic accounting, policy development, and staff training, we can help you identify vulnerabilities, maintain compliance, and establish strong preventive measures.

Learn more about how MGO can support your business at MGO Fraud and Litigation Support.

This is the final article in our ongoing fraud series, “Alert Signals: Uncovering the Spectrum of Fraud,” aimed at educating businesses on identifying and preventing fraudulent activities. Read the previous articles in the series now:

How IT Assessments Strengthen Your Cybersecurity and Business Resilience

Key Takeaways:

  • IT assessments find vulnerabilities and threats, enabling organizations to implement proactive measures and strengthen their security posture.
  • Regular IT assessments help organizations adhere to industry standards and regulatory requirements, avoiding legal penalties and maintaining customer trust.
  • By safeguarding IT systems and confirming their integrity and availability, IT assessments play a crucial role in business continuity and resilience against disruptions.

~

In today’s rapidly evolving digital landscape, keeping robust and secure information technology (IT) systems is paramount for the success and sustainability of any organization. IT assessments have emerged as a vital part of an effective IT advisory strategy, providing your organization with a comprehensive understanding of its IT infrastructure, finding vulnerabilities, and helping you align with industry standards and regulatory requirements.

IT assessments involve a thorough evaluation of your organization’s IT environment — encompassing systems, networks, applications, and data assets. These assessments aim to show weaknesses, verify compliance, and offer actionable insights to enhance your overall IT performance and security. The scope of IT assessments includes various elements such as risk assessment, IT security management, policy reviews, access controls, network security, data protection, and incident response preparedness.

Key Components of IT Assessments

IT assessments typically encompass the following key components, each critical for a comprehensive evaluation of your organization’s IT infrastructure:

  1. Risk assessment: Conducting a risk assessment is foundational to understanding potential threats and vulnerabilities within your organization’s IT environment. This involves evaluating factors such as cybersecurity threats, data breaches, insider threats, and regulatory non-compliance. Identifying and prioritizing risks based on their potential impact allows your organization to implement proactive measures to mitigate these risks.
  1. Review of policies and procedures: Policies and procedures form the backbone of your organization’s IT framework. Evaluating these policies confirms they are comprehensive, up-to-date, and aligned with industry standards and regulatory requirements. Effective policies facilitate enforcement and adherence, significantly reducing the risk of IT-related incidents.
  1. Access controls: Implementing robust access controls is crucial for protecting sensitive data and systems. Assessing access controls involves evaluating user access rights, privileges, and authentication mechanisms. Effective access controls prevent unauthorized access and mitigate the risk of data breaches.
  1. Network security: Your organization’s network architecture, configuration, and security controls must be assessed to identify vulnerabilities and potential points of compromise. This includes reviewing firewalls, intrusion detection and prevention systems (IDPS), virtual private networks (VPNs), and network segmentation practices.
  1. Data protection: Data protection measures such as encryption, data loss prevention (DLP) controls, and data backup and recovery procedures are vital for safeguarding sensitive information. Confirming these measures helps protect your data against unauthorized access, disclosure, or alteration.
  1. Incident response preparedness: Effectively responding to IT incidents is critical to minimize damage and recovery time. Reviewing incident response plans and procedures — including incident detection, reporting mechanisms, and escalation processes — confirms your organization is prepared to handle IT incidents efficiently.
  1. Vendor and third-party risk management: Many organizations rely on third-party vendors and service providers, introducing additional IT risks. Assessing your organization’s practices for managing these risks, including vendor contracts and due diligence processes, is essential for mitigating supply chain vulnerabilities.

Why IT Assessments Are Essential for Your Organization

IT assessments are not just a regulatory requirement; they are a strategic necessity. IT assessments offer several key benefits for your organization, including:

  • Find potential vulnerabilities and threats before they are exploited, allowing your organization to implement proactive measures to mitigate risks.
  • Verify compliance with industry standards and regulatory requirements to help you avoid legal penalties and keep customer trust.
  • Strengthen your organization’s overall security posture to reduce the likelihood of successful cyberattacks.
  • Offer the insights you need for effective risk management, enabling the allocation of resources to address the most critical threats.
  • Safeguard your business continuity by confirming the integrity and availability of IT systems, protecting your organization against disruptions caused by IT incidents.

The Critical Importance of IT Assessments for Modern Enterprises

In an era where IT systems are the backbone of business operations, the importance of IT assessments cannot be overstated. These assessments provide your organization with a clear understanding of its IT vulnerabilities and offer you a roadmap for mitigating risks.

By investing in regular IT assessments, you will not only help protect your digital assets but also support business continuity and keep stakeholder trust. For enterprises striving to stay ahead in the digital age, IT assessments are an indispensable part of a robust IT advisory strategy.

To learn how MGO’s IT Advisory Solutions can fortify your organization’s defenses, reach out to our team today.

Bribery and Corruption: A Hidden Threat to Your Business Integrity 

Key Takeaways:

  • Identify unexplained payments or gifts to officials as potential signs of bribery and corruption.
  • Monitor procurement for abnormalities like inflated pricing or bid rigging to maintain fair practices.
  • Maintain transparency in transactions to prevent undisclosed kickbacks or facilitation payments.

~

Maintaining integrity is paramount to the long-term success of any business. Yet, bribery and corruption remain pervasive issues across industries — undermining trust and fairness in transactions. Fraudsters exploit their influence in business dealings to gain illicit benefits for themselves or others, often at the expense of their employers and the rights of others.

Warning Signs of Bribery and Corruption

Recognizing the red flags of bribery and corruption is crucial for safeguarding your business. The signs may include:

  • Unexplained payments and gifts — Watch for unfamiliar payments, gifts, or gratuities to government officials, regulatory authorities, or business partners. These can be attempts to secure favorable treatment or influence decision-making processes. Such actions often violate ethical standards and legal regulations.
  • Lack of transparency in transactions — Be wary of undisclosed commissions, kickbacks, or facilitation payments. These hidden arrangements can mask corrupt practices and lead to significant financial and reputational damage.
  • Non-compliance with policies and regulations — It is essential to comply with anti-bribery and corruption policies, regulations, and legal requirements. Non-compliance can be a sign of deeper issues and can expose your organization to legal repercussions and loss of credibility.
  • Abnormalities in procurement processes — Pay attention to abnormalities in procurement, such as sole source contracts, inflated pricing, or bid-rigging schemes. These practices benefit certain vendors or individuals, undermining fair competition and integrity.
  • Unexplained changes in business practices — Sudden shifts in business relationships or unexplained changes in practices can indicate corrupt activities or unethical behavior. These changes often aim to conceal fraudulent activities and protect those involved.

Why You Should Address Fraud, Bribery, and Corruption

Navigating the complex landscape of fraud, bribery, and corruption requires careful guidance and robust systems. Here is why your organization should take a proactive approach to addressing these issues:

  • Fraud, bribery, and corruption can severely damage your company’s reputation and financial stability. Regular fraud risk assessments identify vulnerabilities in your business processes, enabling risk mitigation and asset protection.
  • Developing and implementing anti-bribery and corruption policies is crucial for maintaining ethical standards and legal compliance. Clear policies guide employee behavior and demonstrate your commitment to integrity and transparency.
  • Training and educating your staff on recognizing and reporting red flags empowers your team to act as the first line of defense against unethical behavior. A well-informed workforce helps maintain a culture of integrity. Continuous monitoring and regular audits are vital for ongoing compliance and detecting unethical behavior early. Vigilance prevents small issues from escalating into major problems.
  • By uncovering hidden fraud, you can address issues promptly and take necessary legal actions to safeguard your organization. Forensic accounting is essential for investigating suspicious transactions. The longer it takes you to uncover fraud, the greater the damage may be.

Bribery and corruption pose significant threats, but these risks can be managed with vigilance and proper support. Recognizing red flags and implementing strong anti-fraud measures can help your organization protect its integrity and foster trust among your stakeholders, employees, and customers.

How MGO Can Help

Equip your company with the resources needed to effectively address fraud, bribery, and corruption. With services ranging from risk assessments and forensic accounting to policy development and staff training, we can help you identify vulnerabilities, maintain compliance, and establish preventive measures. Reach out to our team today to learn more.

This article is part of our ongoing fraud series, “Alert Signals: Uncovering the Spectrum of Fraud,” aimed at educating businesses on identifying and preventing fraudulent activities. Read the previous articles in the series about detecting financial reporting fraud and asset misappropriation now. Stay tuned for more insights and strategies to protect your organization.

Red Flags of Financial Reporting Fraud for Your Business

Key Takeaways:

  • Financial reporting fraud poses a significant threat by misleading stakeholders about a company’s true performance and financial health.
  • Warning signs that may indicate fraudulent financial reporting include unexplained fluctuations in revenues or expenses, discrepancies between financial records and supporting documentation, and intense pressure to hit financial targets.
  • Combating financial statement fraud requires strong internal controls, specialized fraud investigation support, and regular assessments to adapt to changing risks.

~

In the modern business environment, transparency and accuracy in financial reporting are not merely regulatory requirements — they are fundamental to maintaining stakeholder trust and ensuring the longevity of your organization.

Despite this, financial reporting fraud continues to pose a critical threat with far-reaching implications. It is a sophisticated malpractice, designed to create a facade of robust financial health by deliberately misleading stakeholders about a company’s performance, financial position, or cash flows.

Recognizing Common Red Flags of Financial Statement Fraud

Identifying financial statement fraud typically starts with noticing red flags, such as:

  • Unexpected revenue or expense fluctuations
  • Document mismatches (like ledger entries not aligning with system records or inconsistent invoices)
  • Undue pressure to meet financial targets

These signs — alongside vague financial reporting and insufficient disclosures — demand deeper investigation as they may indicate efforts to manipulate figures to present a misleading financial performance.

Understanding the Mechanisms of Financial Statement Fraud

At its core, financial statement fraud involves the manipulation of accounting records and financial statements. This can take several forms:

  • Overstating revenues — By recognizing revenue prematurely or recording fictitious sales, a company can appear more profitable than it is, misleading investors and creditors about its growth prospects.
  • Understating expenses — Deliberately delaying the recognition of expenses or not recording them at all inflates earnings, painting a picture of a company that is more efficient and financially stable than in reality.
  • Misrepresenting assets and liabilities — Overvaluing assets or not fully disclosing liabilities can significantly alter a company’s apparent net worth and financial solidity.

Each type of manipulation has one goal in common: to deceive users of financial statements. Whether it is investors, creditors, or regulators, the deception aims to create an illusion of success and stability, often for personal gain, to secure financing, or to maintain a company’s share price.

How You Can Combat Financial Statement Fraud

The fight against financial statement fraud requires a multi-faceted approach, encompassing the following measures:

  • Strong internal controls — Combatting fraud all starts with a strong internal control environment that includes checks and balances, rigorous accounting policies, and a corporate culture of integrity.
  • Fraud investigation support — Even with the best controls in place, the possibility of fraud cannot be eliminated entirely. This is where specialized fraud investigation services become indispensable. Advisory firms offer comprehensive fraud and litigation support that can uncover and address these fraudulent activities. Teams of professionals use forensic accounting techniques, data analysis, and investigative expertise to peel back the layers of financial deception.
  • Regular assessments — In addition to the services above, your business must also regularly evaluate its internal controls. It is not enough to have controls in place; they must be effective and adaptive to changing risks.

Recognizing the red flags of financial statement fraud and understanding its various forms are the first steps in prevention and detection. But beyond awareness, it is the proactive and reactive measures — strong internal controls, regular assessments, and skilled investigative support — that can help protect your company against such threats.

If you are looking to safeguard your financial integrity, services offered by third-party firms are invaluable assets in the continuous effort to uphold the truth in your financial reporting.

How MGO Can Help

MGO’s Business Advisory solutions offer a path to strengthen your organization’s financial defenses. For more detailed information on our approach and how we can help protect your business, let’s talk.

This article is part of our ongoing fraud series, “Alert Signals: Uncovering the Spectrum of Fraud,” aimed at educating your business on identifying and preventing fraudulent activities. Stay tuned for more insights and strategies to protect your organization.

Are You Ready to Take Advantage of Rescheduling?

Key Takeaways:

  • The potential rescheduling of cannabis presents an opportunity to reevaluate your company’s tax structure and increase deductions, reduce income, and simplify accounting.
  • Rescheduling may open up access to previously unavailable tax credits, incentives, and deductions at various government levels.
  • With anticipated increased investment and cash flow after rescheduling, companies should prepare for potential mergers and acquisitions by seeking support in areas like financial due diligence and post-acquisition planning.

~

The rescheduling of cannabis from Schedule I to Schedule III will unlock new opportunities for cannabis businesses. Is your company positioned to capitalize?

Tax Restructuring

If your existing operating structure was optimized for Section 280E mitigation, now is the time to evaluate whether it will still be tax-efficient after rescheduling.

MGO’s dedicated cannabis tax team can analyze your current structure and identify opportunities to increase deductions, reduce income, simplify accounting, and eliminate unnecessary tax exposures. We will help you develop a strategy specific to your business needs that aligns with your operational goals and any regulatory considerations.

Tax Credits, Incentives, and Deductions

Rescheduling should open cannabis operators to a world of previously unavailable tax benefits.

Our tax professionals can comprehensively review your business operations to uncover tax credits, incentives, and deductions that you may qualify for at the federal, state, and local levels.

Financial and Internal Control Audits

While rescheduling will eliminate the Section 280E tax burden and attract new investors to the cannabis industry, it could also lead to a new regulatory framework.

Our audit services can provide assurance to investors that your company is effectively managing risks, complying with any regulatory changes, and maintaining transparency.

Mergers and Acquisitions (M&A)

The projected wave of investment and increased cash flow resulting from rescheduling means more M&A should be on the horizon.

If your company is considering an M&A deal (either as a buyer or seller), MGO can support your efforts with structuring, financial & tax due diligence, Quality of Earnings (QoE) assessments, accounting integration, strategic guidance, and post-acquisition planning.

With a dedicated cannabis team and a comprehensive line of services, MGO can help you take full advantage of the benefits made available by rescheduling. Reach out to our team today.

Navigating QuickBooks Discontinuation: Upgrade with Client Accounting Services

Key takeaways:  

  • May 31, 2024: Support for QuickBooks Desktop 2021, including all versions like Pro, Premier, Enterprise Solutions, and Accountant Edition, will end.  
  • This includes access to live technical support, QuickBooks Desktop Payroll, Payments, and online bank feeds. 
  • June 1, 2024: Critical security updates for QuickBooks Desktop 2021 will no longer be available, increasing the risk to data security. 

~

QuickBooks Desktop 2021, including all its versions like Pro, Premier, Enterprise Solutions, and Accountant Edition, will no longer be supported after May 31, 2024.

MGO is prepared to provide assistance for businesses facing this discontinuation — preventing you from losing access to vital services such as live technical support, QuickBooks Desktop Payroll, Payments, and data integration with banking and other financial institutions. 

Additionally, critical security updates for QuickBooks Desktop 2021 will no longer be available as of June 1, 2024, posing significant risks to data security.

These dates are crucial for your company to plan your upgrade or transition with MGO’s support to ensure continued service and security.

Find out how client accounting services can benefit your organization. Take our self-assessment now.

Recommended Upgrade Options

For businesses reliant on QuickBooks Desktop 2021, our suggested path forward is to upgrade to a newer version of QuickBooks Desktop or transition to QuickBooks Online.

QuickBooks Online offers enhanced flexibility, security, and collaborative features — making it a robust alternative for modern business needs. Depending on the size of your company and complexity of its transactions, shifting to QuickBooks Online may be a daunting process; MGO can help you navigate through this transition.

Comprehensive Support Services

For businesses seeking assistance during this period, MGO’s Client Accounting Services can provide valuable support.

MGO can help migrate your financial data securely to a new system — whether it’s an upgraded QuickBooks Desktop version or QuickBooks Online. Additionally, MGO offers comprehensive accounting services that can fill the gaps left by discontinued QuickBooks services, helping your financial operations remain efficient and uninterrupted. 

For further assistance or to discuss how MGO can support you during this transition, please contact us today.

Raising Capital: Navigating Tax Challenges When Classifying Debt Versus Equity

The corporate fundraising environment has changed dramatically this year due to several factors, including a wide sell off in the equity markets, high interest rates, inflation, and a general tightening of the credit markets. Prior to the recent downturn, companies had the luxury of spending to develop their products and marketing ideas first, and then focusing on turning a profit later.

Because of these newly tightened conditions, companies may face challenges when raising capital, forcing them to adopt a more thoughtful approach to seek funding. Likewise, investors will want to ensure their priorities are protected and their returns met. The combination of a given borrower’s need for capital and a financer’s desire to seek favorable returns may lead to the creation of agreements that have characteristics of both debt and equity. As such, it is crucial for all parties involved to understand the resulting tax classification and the treatment of these arrangements, so all expectations are met.

The taxation of debt and equity

For borrowers, the difference between debt and equity can be critical because interest payments are generally tax deductible and subject to certain limitations. Dividends or other payments related to equity would not be deductible for U.S. federal income tax purposes.

Enacted as part of the Tax Cuts and Job Act (TCJA) of 2017, one main limit on interest deductibility is the IRC 163(j) limit on the amount of business interest that can be deducted each year. This limit is calculated as 30 percent of adjusted taxable income, which prior to the 2022 tax year closely resembled earnings before interest, taxes, depreciation, and amortization (EBITDA). However, starting with the 2022 tax year adjusted taxable income excludes depreciation and amortization, becoming EBIT. This should result in a lower limit on the amount of interest expense that can be deducted each year. Any interest expense exceeding this annual limit can be carried forward to future years.

Determining if an arrangement is debt or equity for federal income tax purposes

Classifying an arrangement as debt or equity is made on a case-by-case basis depending on the facts and circumstances of a given agreement. While there is currently little guidance in this area beyond case law, the Internal Revenue Service (IRS) has issued a list of factors to consider when questioning whether something is debt or equity. (Keep in mind, however, that the IRS states not one factor is conclusive.) The factors include whether:

  • An agreement contains an unconditional promise to pay a sum certain on demand or at maturity,
  • A lender can enforce the payment of principal and interest by the borrower, and
  • A borrower is thinly capitalized.

The courts have also established a broader — but similar — list of factors to consider when determining whether an instrument should be treated as debt or equity. Both the IRS and the courts have generally placed more weight on whether an instrument provides for the rights and remedies of a creditor, whether the parties intend to establish a debtor-creditor relationship, and if the intent is economically feasible. Some factors include:

  • Participation in management (as a result of advances),
  • Identity of interest between creditor and stockholder,
  • Thinness of capital structure in relation to debt, and
  • Ability of a corporation to obtain credit from outside sources.

For international companies, the characterization of debt or equity when considered in a cross-border funding arrangement is important, as withholding tax rates may apply to interest payments and may differ from tax rates applied to dividends. Further, withholding tax obligations occurs when a cash payment is made. If you have a cross-border arrangement, it is crucial to know if you have debt or equity on your hands.

Special rules related to payment-in-kind

Once it is determined that an agreement should be classified as debt for U.S. federal income tax purposes, some borrowers may prefer to set aside interest payments or pay interest with securities, which is often referred to as payment-in-kind (PIK). This is generally done to preserve cash flow for operations and growth of the business. When a borrower chooses this route, U.S. federal income tax rules will impute an interest payment to the lender.

While using a PIK mechanism will not automatically result in the debt being recharacterized as equity for federal income tax purposes, it can support viewing the instrument as equity.

Limits to deductible debt interest

There are limitations that can apply to interest deductibility. As noted above, IRC 163(j) limits deductibility of business interest; for a corporation, this is deemed to be all interest regardless of use. Another provision that can result in interest deductibility limitation is IRC 163(l), which applies to certain convertible notes and similar instruments held by corporations.

For cannabis operators, it is important to consider that IRC 280E disallows interest deductions. Hence, it is highly detrimental for cannabis operators to issue debt from entities that are cannabis plant-touching.

How we can help

Due to the nature of the debt versus equity analysis, companies thinking about fundraising should plan on how they intend to perform the raise and whether to have the raise treated as equity or debt. If debt classification is desired, a borrower should take the steps needed to strengthen the facts of the transaction to support the arrangement as a debt instrument.

MGO’s dedicated tax team has extensive experience advising companies across industries on capital-raising, debt refinancing and restructuring, recapitalizations, and other tax transactions. If you are planning to fundraise, or you are currently in the process of conducting a debt versus equity analysis, contact us today.

The Real Oversight is NOT Having an Audit Committee

By Jim Godsey, CPA, CGMA, Partner, MGO

Everything changes, except when it doesn’t

Time and time again we’ve seen reactions to various accounting scandals, after which new policies, procedures, and legislation are created and implemented. An example of this is the Sarbanes-Oxley Act (SOX) of 2002, which was a direct result of the accounting scandals at Enron, WorldCom, Global Crossing, Tyco, and Arthur Andersen.

SOX was established to provide additional auditing and financial regulations for publicly held companies to address the failures in corporate governance. Primarily it sets forth a requirement that the governing board, through the use of an audit committee, fulfill its corporate governance and oversight responsibilities for financial reporting by implementing a system that includes internal controls, risk management, and internal and external audit functions.

Governments experience challenges and oversight responsibility similar to those encountered by corporate America. Governance risks can be mitigated by applying the provisions of SOX to the public sector.

Some states and local governments have adopted similar requirements to SOX but, unfortunately, in many cases only after cataclysmic events have already taken place. In California, we only need to look back at the bankruptcy of Orange County and the securities fraud investigation surrounding the City of San Diego as examples of audit committees that were established in response to a breakdown in governance.

Taking your audit committee on the right mission

Governments typically establish audit committees for a number of reasons, which include addressing the risk of fraud, improving audit capabilities, strengthening internal controls, and using it as a tool that increases accountability and transparency. As a result, the mission of the audit committee often includes responsibility for:

  • Oversight of the external audit.
  • Oversight of the internal audit function.
  • Oversight for internal controls and risk management.

Chart(er) your course

Most successful audit committees are created by a formal mandate by the governing board and, in some cases, a voter-approved charter. Mandates establish the mission of the committee and define the responsibilities and activities that the audit committee is expected to accomplish. A wide variety of items can be included in the mandate.

Creating the governing board’s resolution is the first step on the road to your audit committee’s success.

Follow the leader(ship)

In practice we see a combination of these attributes, ranging from the full board acting as the audit committee, committees with one or more independent outsiders appointed by the board, and/or members from management and combinations of all of the above. While there are advantages and disadvantages for all of these approaches, each government needs to evaluate how to work within their own governance structure to best arrive at the most workable solution.

Strike the right balance between cost and risk

The overriding responsibility of the audit committee is to perform its oversight responsibilities related to the significant risks associated with the financial reporting and operational results of the government. This is followed closely by the need to work with management, internal auditors and the external auditors in identifying and implementing the appropriate internal controls that will reduce those risks to an acceptable level. While the cost of establishing and enforcing a level of zero risk tolerance is cost prohibitive, the audit committee should be looking for the proper balance of cost and a reduced level of risk.

Engage your audit committee with regular meetings

Depending on the complexity and activity levels of the government, the audit committee should meet at least three times a year. In larger governments, with robust systems and reporting, it’s a good practice to call for monthly meetings with the ability to add special purpose meetings as needed. These meetings should address the following:

External Auditors

  • Confirmation of the annual financial statement and compliance audit, including scope and timing.
  • Ad hoc reporting on issues where potential fraud or abuse have been identified.
  • Receipt and review of the final financial statements and auditor’s reports
  • Opinion on the financial statements and compliance audit;
  • Internal controls over financial reporting and grants; and
  • Violations of laws and regulations.

Internal Auditors

  • Review of updated risk assessments over identified areas of risk.
  • Review of annual audit plan, including status of the prior year’s efforts.
  • Status reports of ongoing and completed audits.
  • Reporting of the status of corrective action plans, including conditions noted, management’s response, steps taken to correct the conditions, expected time-line for full implementation of the corrective action and planned timing to verify the corrective action plan has been implemented.

Establish resources that are at the ready

Audit committees should be given the resources and authority to acquire additional expertise as and when required. These resources may include, but are not limited to, technical experts in accounting, auditing, operations, debt offerings, securities lending, cybersecurity, and legal services.

Taking extra steps now will save time later

While no system can guarantee breakdowns will not occur, a properly established audit committee will demonstrate for both elected officials and executive management that on behalf of their constituents they have taken the proper steps to reduce these risks to an acceptable tolerance level. History has shown over and over again that breakdowns in governance lead to fraud, waste and abuse. Don’t be deluded into thinking that it will never happen to your organization. Make sure it doesn’t happen on your watch.

Strategies for Mitigating Municipal Employee Fraud

The second article in a series for municipal executives: Avoiding the Headlines

By Scott P. Johnson, CPA, CGMA
Partner, State & Local Government, Advisory Services

As a public official for more than 24 years, I continuously strived to implement best practices, internal controls and policies and procedures to mitigate fraud, waste and abuse. Being a municipal finance officer responsible for literally billions of dollars, there were times when I would wake up in the middle of the night thinking about what could happen or what I may not know that could be occurring that could put the organization at risk. Fortunately throughout my municipal career the organizations I served did not experience headlines due to significant fraud. We had the appropriate “tone at the top” and practiced effective measures throughout the organization to mitigate potential fraud. However, from time-to-time, we would uncover the occasional lapse of an employee’s good judgement and detect inappropriate use of government funds, such as; improper procurement credit card use for personal purposes, time cards reporting that fraudulently claimed hours worked in excess of actual hours worked, and fictitious reimbursement claims for travel.

Employee fraud is a significant problem across industries and is faced by organizations of all types, sizes, locations, and industries. While employee fraud in private organizations rarely merits a mention in the local paper, the same fraud in a government agency will have editors competing to write the splashiest headlines and garner the highest reader traffic. It is critical for such organizations to maintain a positive reputation. Reputational risk can carry long-lasting damage in monetary losses, regulatory issues, and overall risk exposure. Frankly, all types of fraud are on the rise, and municipalities need an effective fraud mitigation strategy in place to protect against reputational and monetary harm.

Just a few recent examples of municipal fraud that have had significant press coverage and put the respective organizations in a challenging position: In 2014 officials in St. Louis County, IL, uncovered a $3.4 million embezzlement that escaped detection for more than six years. According to officials, a County Health Agency Division Manager overcharged for IT computer and technical services (unbeknownst to the County, the Division Manager owned the technology company). Unfortunately, the day after the suspected embezzlement was detected by County officials, the employee committed suicide, according to the County Medical Examiner.

The largest known municipal fraud in US history was uncovered in 2012 at the City of Dixon, IL. This embezzlement scheme of almost $54 million over a 22 year period was perpetrated by its Comptroller, Rita Crundwell, who used the proceeds to finance her quarter horse ranch business and lavish lifestyle. She was convicted and pleaded guilty to the crimes and is currently serving a 20 year sentence. Another recent case of an alleged fraud allegation is currently under trial in the Los Angeles Superior Court in which ex-Pasadena city employee, Danny Wooten and co-defendants are due back in court for arraignment on April 1, 2016, according to the Los Angeles County District Attorney’s Office. The criminal case involves allegations that more than $6 million in city money was embezzled over a decade in which Wooten is suspected of creating false invoices for the underground utility program between 2004 and March 2014.

Many factors can contribute to fraud, but the key factors are the improper segregation of duties, lack of management review, maintaining undocumented procedures, common exception processing, trust without verification and validation, and lack of accountability and monitoring. Employing proper risk assessments of events that could prevent, delay, or increase the costs of achieving organizational objectives and implementing a risk management plan not only ensure compliance, but strategically safeguard on organization against fraud. There are three important steps to earning a good night’s sleep.

1. Fraud Risk Assessment – understanding the organization as a whole and individual business units will lead to the most comprehensive risk management plan. Understand how resources flow as well as internal environments and processes. Conduct interviews, make observations and review all factors. Identify the possible and probable fraud schemes for all resource flows.

2. Prevention – “Tone at the Top” is critical. Inspiring employees to follow ethical standards starts with the tone at the executive level and must trickle down through the management level and ultimately throughout the entire organization. The organization needs to know that unethical practices will not be tolerated and when detected, will be dealt with in a timely and effective manner. One measure to communicate the “tone” is writing a fraud policy in concert with the employee conduct handbook will ensure the message is designed into the orientation, onboarding, and training process. Conduct management reviews, provide whistleblower channels, and communicate often with key business unit leaders, who in turn should communicate with their staff regarding fraud prevention, detection, and correction.

3. Detection – while assessment and prevention will create a strong defense against fraud, it is still important to seek out other measures to detect fraud that may not have been included in the fraud risk assessment plan. Only three percent (3%) of all fraud is discovered by accident or the good luck of the right person in the right place. Only six percent (6%) of fraud is discovered through account reconciliation. Clearly we cannot simply rely on these detection methods. In addition to account reconciliation and keeping your ears open, creating channels for detection are of the utmost importance. Eleven percent (11%) of fraud discoveries are due to an internal audit. Return to step one by assessing and re-assessing fraud risk regularly. Conduct meaningful management reviews on-time. Twelve percent (12%) of fraud detection were the result of properly conducted management reviews. Finally, be sure to enforce an open door policy and a culture of interest in detection and reporting. Fifty-four percent (54%) of all fraud detection comes through insider tips. Ensuring there are proper procedures in place to accept these tips is paramount when designing and especially, implementing the fraud management and detection plan.

Deceitful misconduct among employees significantly damages reputations, negatively affects resources, and limits the ability of any organization to effectively serve the consumer and their community. Following this roadmap on how to respond to and prevent employee fraud will not only protect the organization and its key objectives but will lead to an easier night’s sleep – even in the face of increasing fraud across all industries.

This article is only a small representation of the material presented during MGO’s “Case in Point” presentation at the 2016 CSMFO Conference. Special recognition to Ruthe Holden, Internal Audit Manager at the City of Pasadena for her contribution to the “Case in Point” presentation. Contact Scott Johnson at [email protected] if you have any questions or comments. Comments and opinions expressed in this article are those of the authors and may not reflect the positions, opinions, or beliefs of the CSFMO or MGO and should not be construed or interpreted as such.

Top 10 Procurement Issues for Public Agencies

Is your organization getting the most from your procurement department? Public sector procurement has more demands to meet than other sectors – deliver products/projects on budget, to specifications, adhering to government policies and regulations, while delivering quality products/performance that will benefit its citizens. Purchasing is no longer considered a clerical function. Today, purchasing agents are subject to emerging technologies, increasing product diversity and choice, environmental concerns, and a new emphasis on quality and best value, not just lowest price. The top ten issues in the procure to pay cycle are:

  • Insufficient outreach to vendors
  • Lowering of bonding requirements
  • Burdensome administrative requirements
  • Insufficient segregation of procurement approval and receiving duties
  • Lack of cross-department evaluation of vendor proposals
  • Inconsistent management and designated authority levels
  • Organizations are unaware of procurement process times – from start of requisition until vendors are paid
  • Procurement activities are not aligned with overall organizational activities
  • Too many sign offs/approvals

If any of these issues sound familiar, or your organization has not reviewed its procurement function in a while, you run the risk that your procurement strategies are inconsistent with organizational needs, which can result in paying higher prices for the goods and services required to run your agency, insufficient number of competitive bids, or worse, violating your grant or service agreements.

IntelliBridge Partners has the expertise to improve the procure to pay cycle through business process reviews, risk assessments, and performance audits. If you would like help with your procurement department, please contact Greg Matayoshi at [email protected].