MGO CPA | Tax, Audit, and Consulting Services

Topic: Forensic Services

Detecting Collusion and Conspiracy to Protect Your Business

Key Takeaways:

  • Watch for unusual behavior patterns among employees.
  • Identify abnormalities in transactional data and audit trails.
  • Pay attention to whistleblower complaints and tips.

~

Collusion and conspiracy are serious threats that can undermine your business. Employees working together to deceive others can gain unfair advantages or harm the organization. To safeguard your business, it is crucial to recognize warning signs and implement proactive measures.

Signs of Collusion and Conspiracy

Keep an eye open for these red flags to protect your business:

1. Suspicious Behavior

Be alert to suspicious behaviors among employees. Frequent communication with external parties, secret meetings, or shared access to sensitive information can indicate collusion. These patterns often signal an intent to deceive or manipulate.

2. Unusual Patterns

Be mindful of any unusual patterns that may indicate fraudulent activities. Look for abnormalities in transactional data or audit trails. Missing documentation, altered records, or gaps in the chain of custody are warning signs. These irregularities can conceal fraudulent activities and hinder detection.

3. Changes in Relationships

Pay attention to sudden changes in employee relationships. New alliances between previously unrelated individuals or departments can indicate collusion. These shifts often aim to facilitate deceptive schemes. Businesses should be aware of these changes and investigate any unusual alliances that may form within their teams.

Proactive Measures to Prevent Fraud

Take these actions to defend your organization against the threats of collusion and conspiracy:

1. Evaluate Internal Controls 

A lack of segregation of duties or internal controls can enable collusion. When employees can bypass checks and balances, they can perpetrate fraud schemes without detection. Strong internal controls are essential for preventing such activities. Evaluate your company’s internal controls to ensure duties are appropriately segregated and checks are in place.

2. Promote Whistleblower Policies

Take whistleblower complaints, tips, or allegations seriously. Reports of suspected fraudulent activities can provide critical insights. Encouraging a culture of transparency and accountability helps uncover and address collusion. Companies need to establish and promote effective whistleblower policies to ensure employees feel safe reporting suspicious behavior.

3. Review Data and Audit Trails 

Your business should regularly review data and audit trails to identify and address any discrepancies promptly. By keeping a close watch on transactional data, you can detect irregularities early and take corrective actions to prevent fraud.

Strengthening Your Organization Against Internal Threats

Collusion and conspiracy pose significant risks, but vigilance and proactive measures can mitigate them. Recognizing red flags, strengthening internal controls, and fostering a culture of trust and ethical behavior help maintain your organization’s integrity. By being mindful of these behaviors, you can strengthen your company’s defenses against fraud and pave the path for long-term success.

How MGO Can Help

MGO provides the resources and experience to effectively address fraud, collusion, and conspiracy. With services including risk assessments, forensic accounting, policy development, and staff training, we can help you identify vulnerabilities, maintain compliance, and establish strong preventive measures.

Learn more about how MGO can support your business at MGO Fraud and Litigation Support.

This is the final article in our ongoing fraud series, “Alert Signals: Uncovering the Spectrum of Fraud,” aimed at educating businesses on identifying and preventing fraudulent activities. Read the previous articles in the series now:

Bribery and Corruption: A Hidden Threat to Your Business Integrity 

Key Takeaways:

  • Identify unexplained payments or gifts to officials as potential signs of bribery and corruption.
  • Monitor procurement for abnormalities like inflated pricing or bid rigging to maintain fair practices.
  • Maintain transparency in transactions to prevent undisclosed kickbacks or facilitation payments.

~

Maintaining integrity is paramount to the long-term success of any business. Yet, bribery and corruption remain pervasive issues across industries — undermining trust and fairness in transactions. Fraudsters exploit their influence in business dealings to gain illicit benefits for themselves or others, often at the expense of their employers and the rights of others.

Warning Signs of Bribery and Corruption

Recognizing the red flags of bribery and corruption is crucial for safeguarding your business. The signs may include:

  • Unexplained payments and gifts — Watch for unfamiliar payments, gifts, or gratuities to government officials, regulatory authorities, or business partners. These can be attempts to secure favorable treatment or influence decision-making processes. Such actions often violate ethical standards and legal regulations.
  • Lack of transparency in transactions — Be wary of undisclosed commissions, kickbacks, or facilitation payments. These hidden arrangements can mask corrupt practices and lead to significant financial and reputational damage.
  • Non-compliance with policies and regulations — It is essential to comply with anti-bribery and corruption policies, regulations, and legal requirements. Non-compliance can be a sign of deeper issues and can expose your organization to legal repercussions and loss of credibility.
  • Abnormalities in procurement processes — Pay attention to abnormalities in procurement, such as sole source contracts, inflated pricing, or bid-rigging schemes. These practices benefit certain vendors or individuals, undermining fair competition and integrity.
  • Unexplained changes in business practices — Sudden shifts in business relationships or unexplained changes in practices can indicate corrupt activities or unethical behavior. These changes often aim to conceal fraudulent activities and protect those involved.

Why You Should Address Fraud, Bribery, and Corruption

Navigating the complex landscape of fraud, bribery, and corruption requires careful guidance and robust systems. Here is why your organization should take a proactive approach to addressing these issues:

  • Fraud, bribery, and corruption can severely damage your company’s reputation and financial stability. Regular fraud risk assessments identify vulnerabilities in your business processes, enabling risk mitigation and asset protection.
  • Developing and implementing anti-bribery and corruption policies is crucial for maintaining ethical standards and legal compliance. Clear policies guide employee behavior and demonstrate your commitment to integrity and transparency.
  • Training and educating your staff on recognizing and reporting red flags empowers your team to act as the first line of defense against unethical behavior. A well-informed workforce helps maintain a culture of integrity. Continuous monitoring and regular audits are vital for ongoing compliance and detecting unethical behavior early. Vigilance prevents small issues from escalating into major problems.
  • By uncovering hidden fraud, you can address issues promptly and take necessary legal actions to safeguard your organization. Forensic accounting is essential for investigating suspicious transactions. The longer it takes you to uncover fraud, the greater the damage may be.

Bribery and corruption pose significant threats, but these risks can be managed with vigilance and proper support. Recognizing red flags and implementing strong anti-fraud measures can help your organization protect its integrity and foster trust among your stakeholders, employees, and customers.

How MGO Can Help

Equip your company with the resources needed to effectively address fraud, bribery, and corruption. With services ranging from risk assessments and forensic accounting to policy development and staff training, we can help you identify vulnerabilities, maintain compliance, and establish preventive measures. Reach out to our team today to learn more.

This article is part of our ongoing fraud series, “Alert Signals: Uncovering the Spectrum of Fraud,” aimed at educating businesses on identifying and preventing fraudulent activities. Read the previous articles in the series about detecting financial reporting fraud and asset misappropriation now. Stay tuned for more insights and strategies to protect your organization.

How to Protect Your Business Against Asset Misappropriation

Key Takeaways:

  • Asset misappropriation involves the theft or misuse of an organization’s physical and digital assets, posing a major threat to businesses.
  • Red flags of asset misappropriation include unexplained shortages, unauthorized transactions, altered records, excessive resource use, and employees living beyond their means.
  • Strategies to combat asset misappropriation include strong internal controls, employee education, surveillance technology, promoting an ethical culture, and data analytics for fraud detection.

~

In the dynamic landscape of modern business, asset misappropriation remains a pervasive threat, undermining the financial stability and integrity of organizations across industries. As part of MGO’s fraud series, this article delves into the critical issue of asset misappropriation — offering your business the knowledge and tools needed to safeguard your valuable assets.

Understanding Asset Misappropriation

Asset misappropriation, a prevalent form of fraud, involves the theft or misuse of an organization’s assets. Unlike financial statement fraud, which distorts the truth on paper, asset misappropriation manifests in the direct pilfering or misuse of physical and digital assets. From cash and inventory to intellectual property and digital data, no resource is immune to this fraudulent activity.

Red Flags of Asset Misappropriation

  • Unexplained shortages or discrepancies: Whether it is cash, inventory, or other assets, unexplained shortages are classic signs of theft or embezzlement. For instance, casinos might notice discrepancies in chips or cash, pointing toward internal theft.
  • Unauthorized transactions: Any unauthorized withdrawals or transfers, especially in sensitive environments like casino accounts or gaming tables, should raise immediate concerns about asset misappropriation.
  • Alteration of records: Manipulating gaming records, player accounts, or payout systems can facilitate theft, often going unnoticed without rigorous audits.
  • Excessive use of company resources: When employees use company vehicles, equipment, or facilities beyond their professional needs, it suggests potential misuse of organizational assets for personal gain.
  • Lifestyle inconsistencies: Employees exhibiting a lifestyle significantly above their income level can be a red flag for embezzlement or fraud, often funded by stolen assets.

Strategies to Combat Asset Misappropriation

To effectively shield your organization from the perils of asset misappropriation, a multifaceted approach is necessary. These strategies are designed to fortify your defenses, helping your business operate with the highest standards of integrity and security. By implementing these measures, you can create a resilient barrier against fraudulent activities and safeguard your organization’s future.

Here are some pivotal strategies to combat asset misappropriation:

  • Establishing robust internal controls is the first line of defense. Professionals with experience enhancing internal controls can assist your organization in assessing and refining its practices — including segregation of duties, regular audits, and securing access to sensitive areas and systems. This approach establishes a solid foundation for preventing asset misappropriation.
  • Educating employees about the signs of fraud and the importance of ethical behavior is essential to deter potential fraudsters and empower your staff to report suspicious activities. Training programs, which can be supported by advisory firms, effectively communicate the risks of fraud and the importance of vigilance, helping to build a knowledgeable and proactive workforce.
  • Utilizing technology like surveillance cameras, advanced access controls, and cybersecurity measures can significantly reduce the risk of asset theft or misuse. Cybersecurity and physical security professionals can integrate cutting-edge solutions to protect your assets from both internal and external threats, providing a comprehensive defense strategy.
  • Promoting a corporate culture that values honesty and transparency can discourage fraudulent behavior. Developing policies and practices that foster open communication and a strong ethical foundation is crucial. Establishing a whistleblowing policy that encourages reporting without fear of retaliation can be an integral part of this effort.
  • Deploying data analytics and fraud detection software to monitor for unusual patterns or anomalies can indicate asset misappropriation. Advanced data analytics and forensic accounting services can identify and investigate suspicious activity, using sophisticated tools to detect early signs of fraud and prevent asset loss.

Safeguarding Your Assets Against Pervasive Threats

Asset misappropriation poses a significant risk to businesses, draining resources and eroding stakeholder trust. By understanding the red flags and implementing a comprehensive strategy to detect and prevent asset misappropriation, your organization can protect its assets and maintain its financial integrity.

MGO’s Business Advisory solutions offer a pathway to strengthen your defenses against the risks of asset misappropriation. For a deeper dive into how we can help protect your business, reach out to our team today.

This article is part of our ongoing fraud series, “Alert Signals: Uncovering the Spectrum of Fraud,” aimed at educating your business on identifying and preventing fraudulent activities. Read the previous article in the series on spotting red flags of financial reporting fraud and stay tuned for more insights and strategies to protect your organization.

Red Flags of Financial Reporting Fraud for Your Business

Key Takeaways:

  • Financial reporting fraud poses a significant threat by misleading stakeholders about a company’s true performance and financial health.
  • Warning signs that may indicate fraudulent financial reporting include unexplained fluctuations in revenues or expenses, discrepancies between financial records and supporting documentation, and intense pressure to hit financial targets.
  • Combating financial statement fraud requires strong internal controls, specialized fraud investigation support, and regular assessments to adapt to changing risks.

~

In the modern business environment, transparency and accuracy in financial reporting are not merely regulatory requirements — they are fundamental to maintaining stakeholder trust and ensuring the longevity of your organization.

Despite this, financial reporting fraud continues to pose a critical threat with far-reaching implications. It is a sophisticated malpractice, designed to create a facade of robust financial health by deliberately misleading stakeholders about a company’s performance, financial position, or cash flows.

Recognizing Common Red Flags of Financial Statement Fraud

Identifying financial statement fraud typically starts with noticing red flags, such as:

  • Unexpected revenue or expense fluctuations
  • Document mismatches (like ledger entries not aligning with system records or inconsistent invoices)
  • Undue pressure to meet financial targets

These signs — alongside vague financial reporting and insufficient disclosures — demand deeper investigation as they may indicate efforts to manipulate figures to present a misleading financial performance.

Understanding the Mechanisms of Financial Statement Fraud

At its core, financial statement fraud involves the manipulation of accounting records and financial statements. This can take several forms:

  • Overstating revenues — By recognizing revenue prematurely or recording fictitious sales, a company can appear more profitable than it is, misleading investors and creditors about its growth prospects.
  • Understating expenses — Deliberately delaying the recognition of expenses or not recording them at all inflates earnings, painting a picture of a company that is more efficient and financially stable than in reality.
  • Misrepresenting assets and liabilities — Overvaluing assets or not fully disclosing liabilities can significantly alter a company’s apparent net worth and financial solidity.

Each type of manipulation has one goal in common: to deceive users of financial statements. Whether it is investors, creditors, or regulators, the deception aims to create an illusion of success and stability, often for personal gain, to secure financing, or to maintain a company’s share price.

How You Can Combat Financial Statement Fraud

The fight against financial statement fraud requires a multi-faceted approach, encompassing the following measures:

  • Strong internal controls — Combatting fraud all starts with a strong internal control environment that includes checks and balances, rigorous accounting policies, and a corporate culture of integrity.
  • Fraud investigation support — Even with the best controls in place, the possibility of fraud cannot be eliminated entirely. This is where specialized fraud investigation services become indispensable. Advisory firms offer comprehensive fraud and litigation support that can uncover and address these fraudulent activities. Teams of professionals use forensic accounting techniques, data analysis, and investigative expertise to peel back the layers of financial deception.
  • Regular assessments — In addition to the services above, your business must also regularly evaluate its internal controls. It is not enough to have controls in place; they must be effective and adaptive to changing risks.

Recognizing the red flags of financial statement fraud and understanding its various forms are the first steps in prevention and detection. But beyond awareness, it is the proactive and reactive measures — strong internal controls, regular assessments, and skilled investigative support — that can help protect your company against such threats.

If you are looking to safeguard your financial integrity, services offered by third-party firms are invaluable assets in the continuous effort to uphold the truth in your financial reporting.

How MGO Can Help

MGO’s Business Advisory solutions offer a path to strengthen your organization’s financial defenses. For more detailed information on our approach and how we can help protect your business, let’s talk.

This article is part of our ongoing fraud series, “Alert Signals: Uncovering the Spectrum of Fraud,” aimed at educating your business on identifying and preventing fraudulent activities. Stay tuned for more insights and strategies to protect your organization.

Cybersecurity Culture: Empowering Your Employees

by Joshua Silberman, IT / Cyber Security Consultant, MGO Technology Group

Are your employees comfortable telling leadership about a potential problem at your company? Now ask yourself, are they comfortable telling leadership about a potential mistake? A large number of today’s cyberbreaches often begin as the result of an innocent mistake by an employee. It might be sharing a password over an unprotected median, a nefarious actor grabbing a picture of an employee’s laptop screen while they are working in public, or as is most common, an employee clicks on an innocuous link from a phishing email. What most employers may not realize is that many employee’s common sense regarding breaches is actually pretty good. At the very least they will suspect that something is amiss, which could be the first step in detecting a potential breach. Empowering your employees to actively look for, and report on, potential breaches goes a long way to helping your organization build a strong cyber security culture.

Creating a positive cyber security culture

The first step is to educate your employees on what to look out for when it comes to cyber and information risk. Many firms employ some form of basic cyber-security training, mostly at the time of on-boarding, but training usually ends there. Cyber security is an ever-shifting landscape where threats are always evolving. This is why it is important for firms to enact a year-round cyber security awareness program based around employee activities. A good employee-based cyber security awareness program will be light on technical jargon and focused on highlighting the vulnerabilities of the processes and systems that all employees use in their day-to-day work, such as instant messaging, answering e-mails, browsing the web, and sending documents through authorized and unauthorized means of file sharing. There is no great need to get into the technical details of how an attack might happen, but rather acknowledge that the danger is out there and focus on what employees can do to look out for potential dangers, such as noticing strange URL’s and suspicious e-mail attachments from unrecognized users. Consistently educating employees on current cyber threats and methods will give them the tools to identify a threat and be proactive in helping your company stop it.

Encouraging active breach and threat reporting

Training employees to spot the dangers is only half the battle. The other half is generating an effective reporting culture. No cyber security strategy is complete without a good cyber security reporting culture that puts a premium on reporting potential breaches. Here are a few suggestions to create a positive culture of reporting:

Have the team that provides your first level IT Support lead awareness/education sessions, as they will mostly likely also be the first point of contact for reporting potential breaches. The sessions can be developed by an outside consultant or an internal cyber security professional, but building a repertoire between those who should be reporting the incident and that first point of contact provides a sense of comfort that your employees are reporting the issue to the right group in the correct way.

In training, the IT support staff should make clear that reporting a threat is NOT a burden and that employees should err on the side of caution. If an employee receives an e-mail they find suspect they should not hesitate to contact their IT department through the designated reporting means.

Everyone from the organization must know and believe that the consequences of reporting a potential mistake will not be dire. Beyond feeling comfortable reporting suspicious activities, employees must also feel comfortable in reporting suspicious behavior that might be a direct result of their own actions. If an employee feels that admitting a mistake will be detrimental to their career they will keep quiet and a potential breach oversight could occur. Admittedly, this strategy carries some risk as you do not want certain behaviors to be consequence-free. However, the scope of consequence must be weighed against the actual action.

For example, an employee need not be officially reprimanded for admitting to clicking on a suspicious link and reporting it, but it would be prudent for the IT support staff to point out what could have been done differently to avoid the infraction. If the employee becomes a repeat offender, then a more official process might be warranted. Until then, simply pointing out of the issue should be enough to change behavior while maintaining a culture where employees are not fearful of bringing an issue forward.

Strong and proactive cyber security culture starts at the top

When setting the company’s cyber security policy, upper management must keep an eye toward baseline employees who perform the day-to-day actions of the company. Clear signals about saying something if you think something is wrong can go a long way toward changing your company culture. Having a strong IT or Cyber Security group is simply not enough when your own staff could unknowingly be your cyber Achilles Heel. There is a saying in cyber security that “every employee is a potential vulnerability.” However, if trained and leveraged correctly, your employees can also act as another safeguard, actively working to protect your information technology environment.

If you have any questions or would like support developing and implementing an effective cyber security program, reach out to the MGO Technology Group for a consultation.

Strategies for Mitigating Municipal Employee Fraud

The second article in a series for municipal executives: Avoiding the Headlines

By Scott P. Johnson, CPA, CGMA
Partner, State & Local Government, Advisory Services

As a public official for more than 24 years, I continuously strived to implement best practices, internal controls and policies and procedures to mitigate fraud, waste and abuse. Being a municipal finance officer responsible for literally billions of dollars, there were times when I would wake up in the middle of the night thinking about what could happen or what I may not know that could be occurring that could put the organization at risk. Fortunately throughout my municipal career the organizations I served did not experience headlines due to significant fraud. We had the appropriate “tone at the top” and practiced effective measures throughout the organization to mitigate potential fraud. However, from time-to-time, we would uncover the occasional lapse of an employee’s good judgement and detect inappropriate use of government funds, such as; improper procurement credit card use for personal purposes, time cards reporting that fraudulently claimed hours worked in excess of actual hours worked, and fictitious reimbursement claims for travel.

Employee fraud is a significant problem across industries and is faced by organizations of all types, sizes, locations, and industries. While employee fraud in private organizations rarely merits a mention in the local paper, the same fraud in a government agency will have editors competing to write the splashiest headlines and garner the highest reader traffic. It is critical for such organizations to maintain a positive reputation. Reputational risk can carry long-lasting damage in monetary losses, regulatory issues, and overall risk exposure. Frankly, all types of fraud are on the rise, and municipalities need an effective fraud mitigation strategy in place to protect against reputational and monetary harm.

Just a few recent examples of municipal fraud that have had significant press coverage and put the respective organizations in a challenging position: In 2014 officials in St. Louis County, IL, uncovered a $3.4 million embezzlement that escaped detection for more than six years. According to officials, a County Health Agency Division Manager overcharged for IT computer and technical services (unbeknownst to the County, the Division Manager owned the technology company). Unfortunately, the day after the suspected embezzlement was detected by County officials, the employee committed suicide, according to the County Medical Examiner.

The largest known municipal fraud in US history was uncovered in 2012 at the City of Dixon, IL. This embezzlement scheme of almost $54 million over a 22 year period was perpetrated by its Comptroller, Rita Crundwell, who used the proceeds to finance her quarter horse ranch business and lavish lifestyle. She was convicted and pleaded guilty to the crimes and is currently serving a 20 year sentence. Another recent case of an alleged fraud allegation is currently under trial in the Los Angeles Superior Court in which ex-Pasadena city employee, Danny Wooten and co-defendants are due back in court for arraignment on April 1, 2016, according to the Los Angeles County District Attorney’s Office. The criminal case involves allegations that more than $6 million in city money was embezzled over a decade in which Wooten is suspected of creating false invoices for the underground utility program between 2004 and March 2014.

Many factors can contribute to fraud, but the key factors are the improper segregation of duties, lack of management review, maintaining undocumented procedures, common exception processing, trust without verification and validation, and lack of accountability and monitoring. Employing proper risk assessments of events that could prevent, delay, or increase the costs of achieving organizational objectives and implementing a risk management plan not only ensure compliance, but strategically safeguard on organization against fraud. There are three important steps to earning a good night’s sleep.

1. Fraud Risk Assessment – understanding the organization as a whole and individual business units will lead to the most comprehensive risk management plan. Understand how resources flow as well as internal environments and processes. Conduct interviews, make observations and review all factors. Identify the possible and probable fraud schemes for all resource flows.

2. Prevention – “Tone at the Top” is critical. Inspiring employees to follow ethical standards starts with the tone at the executive level and must trickle down through the management level and ultimately throughout the entire organization. The organization needs to know that unethical practices will not be tolerated and when detected, will be dealt with in a timely and effective manner. One measure to communicate the “tone” is writing a fraud policy in concert with the employee conduct handbook will ensure the message is designed into the orientation, onboarding, and training process. Conduct management reviews, provide whistleblower channels, and communicate often with key business unit leaders, who in turn should communicate with their staff regarding fraud prevention, detection, and correction.

3. Detection – while assessment and prevention will create a strong defense against fraud, it is still important to seek out other measures to detect fraud that may not have been included in the fraud risk assessment plan. Only three percent (3%) of all fraud is discovered by accident or the good luck of the right person in the right place. Only six percent (6%) of fraud is discovered through account reconciliation. Clearly we cannot simply rely on these detection methods. In addition to account reconciliation and keeping your ears open, creating channels for detection are of the utmost importance. Eleven percent (11%) of fraud discoveries are due to an internal audit. Return to step one by assessing and re-assessing fraud risk regularly. Conduct meaningful management reviews on-time. Twelve percent (12%) of fraud detection were the result of properly conducted management reviews. Finally, be sure to enforce an open door policy and a culture of interest in detection and reporting. Fifty-four percent (54%) of all fraud detection comes through insider tips. Ensuring there are proper procedures in place to accept these tips is paramount when designing and especially, implementing the fraud management and detection plan.

Deceitful misconduct among employees significantly damages reputations, negatively affects resources, and limits the ability of any organization to effectively serve the consumer and their community. Following this roadmap on how to respond to and prevent employee fraud will not only protect the organization and its key objectives but will lead to an easier night’s sleep – even in the face of increasing fraud across all industries.

This article is only a small representation of the material presented during MGO’s “Case in Point” presentation at the 2016 CSMFO Conference. Special recognition to Ruthe Holden, Internal Audit Manager at the City of Pasadena for her contribution to the “Case in Point” presentation. Contact Scott Johnson at [email protected] if you have any questions or comments. Comments and opinions expressed in this article are those of the authors and may not reflect the positions, opinions, or beliefs of the CSFMO or MGO and should not be construed or interpreted as such.