Archive for Investments
Part Two: Fraud Investigation Requirements and Best Practices
Posted by: | CommentsInvestigating Internal Fraud 
Baseline Requirements – A successful internal investigation program should include the following baseline requirements:
- Independence – The group or individual(s) assigned responsibility to conduct internal investigations should have an appropriate level of independence to investigate all matters without inappropriate or undue influence by management
- Defined Scope and Responsibilities – Defining scope and responsibilities is particularly important if there is a team approach in conducting internal investigations, it minimizes confusion as to who is the lead investigator and each member’s role.
- Documented Procedures – The investigation process should be well-documented to ensure consistency in approach, work performed, and outcome.
- Case management system – There should be a case management system, the internal investigation system of record, that captures key data and information. The case management system can be as simple as hard copy files that consistently maintain the same information or as sophisticated as an electronic software solution.
- Skilled Staff – The individuals conducting the investigations must be experienced and knowledgeable; this is particularly true of the individuals who will be conducting the accusatory interviews.
Collaborative Approach Internal investigations should be collaborative, drawing on other groups’ knowledge or expertise:
- Audit has knowledge about the subject area’s internal controls and processes.
- Corporate Communications should be notified if there is a concern that the matter may be leaked to the news media.
- Corporate Security should be involved if there is a workplace violence concern, this group also usually has law enforcement contacts.
- Human Resources should be consulted and involved in all investigations involving employees to assist in ensuring consistency in employment decisions.
- IT can provide information on system access, and pull emails.
- Legal should be consulted when regulatory or legal requirements are not clearly defined.
Investigation Objectives – There should be two objectives of every investigation:
- Determining who committed the unethical or fraudulent activity
- Determining how the unethical or fraudulent activity occurred or went undetected
While investigations should strive to identify who committed the unethical or fraudulent activity; arguably, the more important of the two objectives is identifying how the unauthorized activity was allowed to occur and/or go undetected, and making recommendations to prevent future occurrences.
Investigation Plan – At the beginning of every investigation, an investigation plan should be developed; it is the formal framework as to how the investigation will proceed. The plan should be tailored to address the concerns noted in the allegation as well as the general investigation objectives. The plan should be considered a” living” document, that should be expanded or contracted as facts are discovered.
Investigation Fieldwork – The fieldwork is the means by which the plan is completed and the objectives achieved. All investigations should be conducted, and documented, as if the final work product will be scrutinized in a court of law. Ongoing communication with key stakeholders ensures there are no surprises; it allows the stakeholders to process the information, ask questions, and provide insight that may be relevant to the investigation.
Conducting the Interview – One of the last steps of an investigation is interviewing the individual(s) named in the allegation. Prior to doing so, an interview plan should be developed that details general and specific topics to be discussed. Additionally, the investigator should discuss potential interview outcomes (i.e. admission, denial but no reasonable explanation, denial and new information provided, etc.) with key stakeholders and agree upon actions to be taken for each outcome. This ensures that the interview concludes decisively.
The interview should consist of three individuals; the interviewer, the subject, and a witness. Ideally, the witness is someone from the subject’s management team who is familiar with related processes but doesn’t have a personal attachment to the subject. The role of the witness during the interview should be as an observer. At the conclusion of the interview the subject should be asked to provide a written statement and, if appropriate, restitution.
Reporting Results – One of the most difficult aspects of any investigation, particularly lengthy and/or complex investigations, is summarizing the investigation in a clear and concise report. Using a standard format simplifies the process. The report should not be a reiteration of the detailed investigation but instead a summary of the pertinent facts and conclusions drawn from the facts, and be written in the third person. The report should also include any findings and recommendations related to control weaknesses identified during the investigation. Management should be required to respond to the finding and recommendations within a specified timeframe with an action plan that will remediate identified risks.
Trend Analysis
In addition to reporting on the individual investigation results, periodically a “bird’s eye view” or holistic view of completed investigations should be performed to identify any overarching trends or systemic issues that should be addressed at an enterprise level.
by Tom Holland, CFE
Part One: Fraud Prevention and Detection Best Practices
Posted by: | Comments
It seems a day doesn’t go by where there isn’t a news article talking about an employee who stole customer data or intellectual property, embezzled funds, or committed some other nefarious act against their employer. According to the Association of Certified Fraud Examiners (ACFE) most recent Report to the Nation on Occupational Fraud and Abuse organizations lose 7% of their annual revenues to fraud; in their previous report, the ACFE indicated the figure as 5%. The current report also indicated the median loss amount was $175,000, an increase of 10% from what was reported in the previous report. There are a number of factors that can be attributed to the increase; the economy, pressure to perform, lack of loyalty to the organization, and an increasing sense of entitlement or greed.
Most reports, such as the one cited above, focus on the money that’s “walked out the door”; however, there are other costs to consider which can increase the figure by as much as 3 to 5 times the reported figure. These other costs include:
- Investigation costs – the cost of maintaining an investigations department or hiring someone to conduct the investigation
- Other Departments’ Involvement – An effective investigation program is collaborative in nature, key groups involved can include HR, IT, Legal, and management
- Business Disruption – Regardless of how confidential the investigation is there will be rumors and lost productivity
- Reputational Issues – if the matter makes the news media there will be costs associated with addressing reports and repairing the company’s image
- Cost of Hiring a Replacement – estimates to replace an employee range from 30% to 45% of the individual’s first year salary
The costs and risks associated with internal fraud can be mitigated with an effective and comprehensive investigation program. The following outlines the components of an effective and comprehensive investigation program.
Framework
A company can have some of the most skilled investigators and a well-documented investigation program; however, if there is not a strong framework for the investigators to operate in then the program will be ineffective.
Tone from the Top – Senior leadership must not only “talk the talk” but “walk the walk”, they have to send a very clear message that they will not tolerate any unethical behavior or business practices by anyone regardless of position, expertise, etc. And take appropriate action when unethical behavior is confirmed.
Code of Ethics – A company’s code of ethics must detail expected behavior. A code of ethics is not expected to deal with every possible situation; however, it should discuss, in general terms, expectations around conflicts of interests, insider trading, outside employment, compliance with policies and regulations. An effective code of ethics should require:
- Reporting of known or suspected fraudulent activity
- Cooperation in the investigation process
- Penalties for failure to cooperate
Employees should affirm their understanding and compliance upon initial employment and again on an annual basis.
Internal Controls – An effective system of internal controls not only ensures the accuracy of financial data but also can prevent and detect internal fraud. Senior leadership should hold individuals accountable for failing to adhere to internal controls.
Risk Assessments – Periodic risk assessments of functions assist in identifying what areas are vulnerable to fraud and whether adequate controls are in place to prevent or detect unauthorized activity:
- What types of fraud can occur?
- How can the fraud occur?
- What is the likelihood of occurrence?
- What is the impact (i.e. dollar amount, reputational and operational) of the fraud?
Any gaps identified during the risk assessment should be analyzed to determine if the related risks are acceptable, and if not, what actions can be taken to remediate risk / close the gaps. Risk assessments should be performed annually or as there are changes to processes, regulations, etc. and include management, as no one knows the business better than the owners of the process.
Know Who You Hire
Criminal Background Checks – Criminal background checks should be considered for positions of trust or where the individual will be controlling significant assets. Some industries such as the financial services industry, are mandated by federal regulations to perform criminal background checks. The Federal Sentences Guidelines also has a “know your employee” clause.
Financial Reviews – Financial reviews should also be considered for individuals who will be handling cash or controlling significant assets. Financial reviews are subject to Fair Credit Reporting Act and a company’s Legal department should be consulted prior to performing.
Education and Employment – Education and employment background checks should be considered for positions where acquired knowledge is critical to the success or safety of the company and its assets.
Regardless of what background checks are performed, standards or criteria should be documented as to what is acceptable or not acceptable and consistently applied.
Reporting Known or Suspected Suspicious Activity
Reporting known or suspected suspicious activity must be an easy process; if it isn’t, activity may not be reported or reported timely.
Ethics Hotline – The Sarbanes-Oxley Act requires that all publicly traded entities have the ability to receive anonymous complaints related to unethical / inappropriate accounting and/or audit activities. The complainant should also have the ability, if they desire, to report their concern directly to the Board of Directors. Though not required by the Sarbanes-Oxley Act, a best practice is that the hotline have 24 x 7 accessibility. Companies not legally required to maintain an ethics hotline should consider establishing a similar process to ensure all concerns are reported.
Other Reporting Channels – In addition to an Ethics Hotline, consideration should be given to establishing email addresses (i.e. ethicsreport@company.com) and internal numbers for employees to report their concerns. Additionally, employees should be encouraged to report their concerns directly to their contacts in Audit, HR, Legal and/or to management.
All available reporting channels should be promoted / advertised on the company’s intranet site and in common areas such as employee lounges, break rooms, etc.
Groups such as Audit, HR, and Legal as well as managers who may be the recipients of complaints must be trained as to what to do with complaints that they receive. Processes should be established to prevent two groups independently investigating the same complaint.
Internal Fraud Detection Software
Companies that conduct large volumes of transactions should consider using automated internal fraud detection tools to identify suspicious employee activity. Optimally, the software would be able to identify suspicious transactions and/or employee behavior.
— Transactional analysis identifies unusual / suspicious transactions regardless of who owns the account
— Behavioral analysis identifies pattern of activity of a system user which falls outside the range of normal activity for a pre-defined group such as call center representatives or cashiers
An example of a suspicious transaction could be an employee waiving a fee on their own account or a neighbor’s account of processing a transaction outside their authority (though there should be systemic controls to prevent the latter).
An example of unusual behavior could be a call center representative viewing a large number of customer accounts when compared to their peers (this activity could be indicative of identity theft or stealing customers).
The potential downside to internal fraud detection software solutions is that they can be costly to purchase, implement and operate. If possible, take advantage of bundling an internal fraud detection software with external fraud detection software.
Proactive Reviews
Proactive reviews should be performed in areas susceptible to fraud as identified in risk assessments. Proactive reviews not only can identify fraud in the early stages but can also identify control weaknesses which, if not corrected, would allow fraud to occur or go undetected. Areas where proactive reviews may prove most beneficial include:
Payroll Review – Payroll reviews should be performed to identify “ghost” or non-existing employees, employees receiving multiple payroll checks, and/or unusually high salaries given a position (e.g. an administrative assistance making six figures).
Travel and Business Expense Review – Travel and business expenses is one area that is often abused by employees. Reviews in this area should look for altered or missing receipts, purchases from merchants not typically associated with travel and business expenses (e.g. jewelers, home improvement stores, etc.), and excessive / unusual activity (e.g. an administrative or clerical position indicating sales call expenses).
Accounts Payable – Accounts payable is another area that is often the target of fraudulent activity. Reviews in this area should include identifying duplicate payments or payments differing by cents, two or more payments in the same month, payments sent to PO boxes, vendor tax identification numbers which are the same as employees’ social security numbers, and payments sent to addresses that match employees addresses.
Incentive Programs – Incentive programs, unless well designed and effectively monitored, can be taken advantage of by disreputable employees. This review should focus on typically poorer performers who suddenly exceed goals and employees who constantly exceed goals.
Ongoing Management Reviews
A key component of an effective internal investigation program must include ongoing management reviews and observations. Management should be aware of operational (i.e. work environment) and behavioral (individual) indicators (i.e. red flags) that could suggest unauthorized and/or fraudulent activity. Generally speaking, the greater the number of red flags, the greater the likelihood of fraud. Questionable activity or transactions should be researched to understand what is occurring and why. At the end of this article is a list of common operational and behavioral red flags.
Tom Holland is a Certified Fraud Examiner with over 28 years of experience developing and implementing global fraud prevention, detection and investigation programs, as well as conducting internal fraud investigations. During his tenure at Bank of America, Amazon.com and Capital One Financial Corporation, Tom has implemented multiple programs that have resulted in significant reduction in fraud losses, as well as increased the speed and productivity of internal investigations.
If you would like to talk to Tom or want further information about implementing or improving your fraud prevention, detection and/or investigation programs contact Fahrenheit Finance at 804-955-4440. Information
In our next newsletter, Part Two: Internal Fraud Investigations, Requirements and Best Practices
Operational / Work Environment Red Flags
— General ledger activity has increased without any apparent reason
— Average balances in general ledger suspense / float / work-in-progress accounts have been steady increasing
— There are an unusually large number credits of in the general ledger suspense accounts
— There are an unusual number of aged general ledger suspense items
— General ledger accounts are not reconciled, or reconciled timely
— Differences identified during reconciliations are not researched or documentation supporting how differences were cleared is not available
— There are unusual and/or large sundry operating losses without supporting documentation
— Expenses for local purchases of supplies, staff, entertainment of customers, etc. have increased for no apparent reason
— Receipts supporting expenses are missing or not original
— Poor internal controls or disregard of internal controls
— Sales / marketing goals are unrealistic
— There have been an unusual number of similar customer complaints or complaints involving the same individual
— Certain customers insist that only a particular employee can assist them
— Vendor payments are not supported by invoices
— Vendor addresses are PO boxes instead of physical addresses
— Vendor invoices are sequentially numbered
— Too much reliance is placed on one individual (i.e. the subject matter expert) without appropriate oversight
— Confidential customer information is not effectively controlled, particularly after business hours
Behavioral / Individual Red Flags
— Employee is living beyond their apparent means
— Employee suddenly comes into a large sum of money
— There has been a dramatic change in the employee’s life (i.e. death, illness, marriage, birth of a child, etc.)
— Change, often dramatic, in the employee’s personality
— Change, often dramatic, in the employee’s lifestyle
— Employee’s attendance pattern changes
— Other employees have raised concern about the behavior of a particular employee
— Employee is willing to work overtime without pay or historically resisted working overtime but is now willing to do so
— Employee is unwilling to take vacation or is willing to come in and work during vacation
— Employee is “protective” of certain customers and insists that they are the only one to assist these customers
— Employee is involved in processing transactions and/or performing duties that are not within their normal scope of responsibility
— Employee is knowledgeable of functions / activities that are not within their scope of responsibility or not in line with their previous work history
— The same employee always performs or oversees certain key functions
— Employee has total disregard for internal controls and transaction authorities
by Tom Holland, CFE
John Jacoby | Welcome to the Fahrenheit Team!
Posted by: | CommentsWe’re very proud and excited to announce a new member of the Fahrenheit Finance team. John Jacoby retired last June from Deloitte & Touche LLP, where he spent 25 years working with a wide variety of public and privately held companies. John served as an audit partner for clients in various industries including retail and wholesale distribution, manufacturing, government contracting and services; advancing to the level of Managing Partner. His friendship with his former client Keith Middleton led to him joining Fahrenheit Finance as a Senior Consultant.
Fahrenheit Finance evolved from a unique combination of experience and expertise. The team at Fahrenheit Finance designs solutions that fit your company’s needs and provides consulting and staffing services to help you accomplish your business goals. John notes that he was impressed with how far we’ve come in a relatively short period of time. “The nature of the work, the excitement of working with an aggressive startup company led by great people, and the extensive opportunities that exist in the marketplace all appealed to me,” he said.
John will work on-site with our clients on a project-by-project basis. Primarily, he envisions working with companies that may not have a permanent CFO, that may be preparing to obtain some bank debt or preparing for a public equity offering.
His background with Deloitte enables us to offer a level of expertise in accounting and finance matters that would be unattainable for many clients, simply based on cost.
John joined Deloitte & Touche LLP in 1985 becoming a partner in 1993 and managing partner in 1997. During his career with Deloitte he served clients both private and publically held in various industries including retail, manufacturing, transportation, wholesale distribution, government contracting, biotechnology and not-for-profit.
As Audit Partner, he was responsible for the overall performance of the audit. This included compliance with Generally Accepted Accounting Principles, compliance with Sarbanes Oxley requirements, compliance with the reporting requirements of the Securities and Exchange Commission. In addition he regularly advised his clients’ Audit Committees regarding best in class corporate governance processes. John has worked with his clients on debt and equity offerings including initial public offerings, asset securitizations, carve out audits related to the sale of subsidiaries as well as the reviews of Forms 10-K, 8-K and 10-Q. He also regularly assisted his clients in the acquisition of other companies.
Clients served include McKesson Corporation, Advance Auto Parts, Overnite Transportation, Alstom Power, Biotage LLC, Amsec LLC, The Colonial Williamsburg Foundation, Comdial Corporation and Performance Food Group in addition to others.
Prior to joining Deloitte John worked in asset based lending with Bank of America and as an accountant with RECO Industries, Inc.
As for his retirement, that’s still very much in the picture as John plans to spend the time that he’s not working at his house in Kitty Hawk, NC. So if you need a little advice on what fish are running he can probably help you with that too!
Increasing the value of a company before selling it.
Posted by: | Comments
We all know it’s necessary, right? Well, we’re not just talking about building up your billings or sales. What we’re talking about here are a few strategies you can implement to make your buyer happy when he or she examines your company’s financial health. The best overall strategy is to look for financial and performance indicators that point toward things you can do to improve the performance and profitability of your company. Specific approaches, however, include:
- If it’s not making you money, get rid of it
- If you’re going to sell your business for the maximum value, you’ve got to be willing to look at it like a buyer will. Sometimes that means making hard decisions or just doing the things you’ve known you needed too. Get rid of outdated inventory. Fix whatever may be wrong with your product or service. Write off receivables that you know you have no chance of collecting.
- Broaden your customer base, suppliers too
- This is clearly not a strategy you come into work one day and implement. This one takes time, but it’s worth it. Relying on only a few customers or seasonal customers can cripple the value of your company, as will a dependence on only a few suppliers given the impact that could have on your pricing.
- Reduce your expenses
- You have a budget at home, right? It’s a good idea to have one for your company too. Treat it just like you do at home. Look for ways to cut our unnecessary expenses. Further if you lease your office space, check into purchasing it if possible.
- Ok, building your sales and revenues is important, too
- Are there sales channels outside your business? Is your main salesperson doing all the work to keep the company pace? Can you expand the boundaries within which you do business? Do you have a new product you can launch? Are there a few people on staff who aren’t pulling their weight? Trim the fat!
These are questions a buyer will ask. You may as well go ahead ask them of yourself, but just make sure you give yourself the time to truly carry through with a few of these ideas. If you have other thoughts on what we’ve brought up here or other things you’d like to add, please let us know.
One lesson always leads to another: SXSW follow up
Posted by: | Comments
Remember last week when we told you that you had to be paying attention to what was going on in Austin, TX, at SXSW? In particular, we recommended following along online with the session about how data geeks would change the world of finance.
Well if you took our advice, then you already know how that worked out. If not, we’ll just tell you it didn’t go well. But if you’d like to read for yourself, here’s a link to the search results for , #dataismoney.
This is just one of many disgruntled tweets about the session.
“Pop quiz. Did most people leave #dataismoney panel because questions were insipid, or answers were ridiculous? Or both?”
Yikes. That was from Richard Piotrowski, or @streetbrief as his twitter followers know him.
Believe us, they don’t get much better. The panelists were discussed as being arrogant. They were accused of being politically biased in their approach to the topic. Several tweets seemed to indicate that the panelists attempted to wow the audience with overproduced information graphics while under-delivering on substance.
What we intended as a suggestion to catch a glimpse of the future of finance, became a rock solid lesson in the power of social media. Having read through the entire hashtag search, it was clear early on in the session that the whole thing was headed downhill.
The interesting thing is that there is practically no response, even after the session, from the panelists. We’re not saying that they should be shouting back at the crowd they irritated.
BUT…
Imagine how much ground they could make up with the frustrated conference goers by simply tweeting a message such as this:
“Man, we were really off base. Sorry about that folks. How can we make it better next year? (if you’ll have us back) #dataismoney”
They would definitely get a number of derogatory comments. It sounds like they may have earned them. On the other hand, they would also get some helpful suggestions and a fair amount of goodwill for taking the transparent and open route in response. That may be the best lesson of all.
Employers Expect an Uptick in Hiring in 2010
Posted by: | CommentsMany employers were cutting back on new hires in 2009; in fact, most were eliminating positions in order to survive the financial crisis. 2010 is looking quite a bit brighter!
The encouraging news regarding the economy is easing hiring fears throughout the US. Employers signal an increase in their plans to hire in the New Year according to CareerBuilder’s 2010 Job Forecast. “While employers continue to closely monitor the progress of recovery for the US economy, they are beginning to consider hiring strategies designed to preserve the health and growth of their businesses for the future.” CareerBuilder surveyed more than 2,700 hiring managers and HR professionals nationwide across multifaceted industries. The financial industry in particular is expecting 23 percent of financial service employers to add full-time, permanent employees in 2010. “There have been many signs over the past few months that point to the healing of the U.S. economy, especially the continued decrease in the number of jobs lost per month, a trend that will hopefully carry over into the new year,” said Matt Ferguson, CEO of CareerBuilder.
We’re headed in the right direction countrywide and if you pay attention to the overall pulse of current financial news, the second quarter of 2010 should prove to be a job growth period for the US. Cheers to a great New Year!
Gartner reports that “IT investment level are on the rise and growth is more important than cost cutting in 2010.” According to a targeted, web-based survey of 190 senior business executives in large U.S.- and U.K.-based compani
es, the focus for 71 percent of business leaders is a return to revenue growth. Other top priorities for CEOs and business executives in 2010 are the retaining customers, competitive positioning, and attracting and retaining talent.