Skip to main content

Author: Paul C. Zarecki

Paul Zarecki, CPA is a Partner with Ferraro, Amodio & Zarecki CPAs (FAZ). FAZ is an experienced team of leading forensic CPAs, valuation experts, Certified Fraud Examiners (CFEs) and business advisors who seek to truly understand clients’ needs. Serving Albany, Boston, NYC, White Plains, Saratoga Springs and the surrounding areas, they leverage deep experience and a genuine, people-focused approach to provide best-in-class forensic accounting, business valuation and business advisory services. www.fazforensics.com

Internal Controls for Businesses

Written by Paul C. Zarecki on . Posted in Business Valuation, Financial Investigations and Fraud Prevention, Forensic Accounting.

Female executive showing data to team in meeting

It is too often that we see news of embezzling funds within an organization. As forensic accountants at FAZ Forensics, we have investigated these matters in Albany, Saratoga, New York City, Boston, and all over the country. A common theme within these matters is limited internal controls within the organization. 

According to the Association of Certified Fraud Examiners 2022 Report to The Nations on Occupational Fraud, it is estimated that organizations will lose 5% of revenue each year to fraud. Nearly half of the cases of fraud occurred due to lack of internal controls or an override of existing controls. 

No matter the size of your company, take steps like the following to prevent embezzlement:

Segregate Financial Duties in your Organization

Where possible, functions such as bookkeeping, deposits, and reporting should be done by different employees. This can be critical if your organization has had layoffs or departures within the finance department as adequate staff to segregate is not possible. The ACFE report states that organizations with the fewest employees had the highest median loss on average of $150,000. 

Set up Positive Pay or Reverse Positive Pay with your Financial Institution

With positive pay you send a list of checks to the bank that you approved. With reverse positive pay, the bank sends a list of all checks presented for payment. This will avoid someone including checks not approved.

Dual Signatures/Dual Authorization on Checks and Outgoing Wires for amounts over a Certain Threshold

The basic idea here is no one person, including one of the owners, CFO or other individuals, can single-handedly disburse substantial amounts.

Thoroughly Review Bank Statements and Corporate Credit Card Statements

The best way to start uncovering fraud is to review the bank and credit card statements. If anything looks suspicious, be sure to inquire about it. Review the statements regularly.

Cash Flow Projections and Budgets

A cash flow projection and budget are models against which you can compare your actual results. Review often, look for significant variances, investigate and find the cause. Aside from fraud, you can identify other problems in your business that need to be addressed.

Background Checks for Employees

It starts with the hiring process. Know how to interview and how to follow-up on their references. Especially those who will have access to or influence your business finances. 

Management and Tone at the Top

Management needs to take an active role in preventing an embezzlement and ensure internal controls are adequate. The ACFE report states that lack of management review and a poor tone at the top contribute to embezzlements within an organization. 

Hire a Consultant to Do a Periodic Review

It is always a good practice to have an independent review of your internal controls. The money spent on the consultant would be well worth it.

Another key point is to always be on the lookout for behavioral red flags that could provide insight to a potential fraud. 

The ACFE report indicates in their study that only 6% of employees committing fraud had a prior fraud conviction and that a red flag was identified in 76% of the cases studied, so be on the lookout for some of these red flags which include:

  • Employees that are living beyond their means.
  • Employees having financial difficulties.
  • Employees that have divorce/family problems.
  • Employees that complain about inadequate pay.
  • Employees that have addiction problems such as gambling, drugs, etc. 
  • Employees that have an unwillingness to share duties.

Remember, a typical fraud can last 14 months before being detected. If controls are not adequate, it could last for years and be the demise of an organization. Keep in mind that employees can only steal when they are not closely watched. Employees that are closely watched have a challenging time stealing. With that said, it is vital that you review the internal controls periodically within your organization.

Preventing Small-Business Fraud

Written by Paul C. Zarecki on . Posted in Forensic Accounting.

Small businesses are more likely to become the victims of fraud than larger businesses.

Small businesses are the most vulnerable to occupational fraud and abuse, according to the Association for Certified Fraud Examiners (ACFE). In its 2020 Report to the Nation on Occupational Fraud and Abuse, ACFE cites that the smallest organizations, 100 employees or less, suffered higher median losses than did the largest organizations (10,000 employees or more). While the largest companies suffered losses of $140,000 on average, small businesses’ losses averaged $150,000, based on its survey.

Considering the potential losses and how much more of an impact $150,000 is to a smaller business than a larger business, it befits small-business owners to make the prevention of fraud a priority. Though no business owner wants to feel it employs unscrupulous people, sometimes temptation or personal financial pressures can push even the hardest working, most trusted employee into perpetrating fraud.

Here’s how you can prevent fraudulent activity in your workplace:

Hire the right employees. Small companies seldom bother doing background checks on new employees, which means they’re potentially inviting hackers, predators and even convicted felons into the organization. While every business strives to hire honest employees, having a formal hiring routine, even at a small business, can help prevent fraud. Don’t rely entirely on references and work history. Conduct background checks for people handling inventory and money. Check past employment, criminal convictions, education and certifications. Conduct drug screening, since employees will often steal from a business to support an addiction. However, remember to always get the written consent of candidates before drug testing, since many federal and state laws govern the gathering of such information. Once the employee is being considered for hire, review their social networks for anything that could be damaging to your business’s reputation, especially any animosity against their former employer.

Maintain strong internal controls. Small businesses need to create and maintain internal controls that can prevent or detect fraud. This includes restricting access to financial account data, inventory access, establishing multi-person sign-off on expense reimbursements, overtime, all check writing functions, other accounting or payroll functions, and performing an overview of audit logs to ensure the integrity of the books.

Safeguard your entry and computer systems. Be sure to limit access to specific areas of the business for certain employees. Additionally, set up strict protocols for creating and updating passwords into computer systems.

Conduct surprise audits regularly. Occasional non-scheduled audits can also help detect fraud. Businesses should routinely audit areas that deal in cash, refunds, product returns, inventory management, and accounting functions. Include surprise audits as part of your pro-active fraud policy. All too many notable fraudsters knew that the auditors were coming, allowing them time to alter, destroy, or misplace evidence of their wrongdoing. Make it a surprise to catch an employee off guard.

Establish an anonymous reporting system. Tips from employees is the number one method for catching fraud. Because most employees are reluctant to report suspicious activity, there needs to be an avenue for them to report fraud anonymously. Establishing an anonymous reporting system or process can also set their mind at ease about letting their bosses know about a fellow coworker.

Require time away. Employees that don’t take vacations should raise a red flag. An employee who comes in early and stays late or never takes a vacation has the perfect opportunity to conceal their wrongdoing. Requiring employees to take time off can aid in the prevention of some frauds.

Train employees to detect and prevent fraud. Employees in fraud-prone areas of the business should know the warning signs of fraud, prevention skills and how to report suspicious behavior or actions by coworkers and customers. Provide periodic training to help employees understand fraud and what to do in the event of fraud.

Implement policies to protect your reputation. Institute an employee policy that outlines expected employee behavior anytime they represent the company, including any mentions on their social networks.

Set the tone at the top and have policies, including a fraud policy. Have a written ethics and fraud policy. Companies frequently have an ethics policy, which sets forth in detail what is expected in the ethical climate of the company. A fraud policy spells out actions that constitute fraud and how those actions will be punished. Simply inform employees during employee orientation, training programs, memorandums, or other communication that fraud is not tolerated and let employees know what to do if they suspect fraud.

Increasing the perception of detection is one of the best fraud deterrents. Make sure employees are aware that dishonest acts will be punished. The opportunity to commit fraud is easier to rationalize when employees believe their wrongful acts will go undetected and unprosecuted. Perception of detection is a very powerful deterrent. Essentially, let it be known to employees that you are watching for it.

Purchase Insurance. While we have discussed many items to help deter fraud, no measure is foolproof. Consider getting an insurance policy that specifically protects against various frauds.

The prevention of fraud starts with a conversation. Encourage leaders and advisors of your business to start these today!

Lawyer or judge use magnifier glass look to the paper for inspection examination to the law case

Evaluating the Business Risk of Fraud

Written by Paul C. Zarecki on . Posted in Financial Investigations and Fraud Prevention, Forensic Accounting.

More than ever, organizations of all sizes need to assess, manage and monitor risk. According to the Association of Certified Fraud Examiners’ (ACFE) 2016 Global Study on Fraud, a typical organization loses 5% of revenues in any given year as a result of theft. The longer a fraud lasted, the greater the loss to the organization. Large frauds have led to the downfall of entire organizations, significant legal costs and erosion of customer confidence in your organization. The challenge of an organization is to detect and mitigate the fraud. Therefore, an effective risk assessment program is increasingly important to promote the success of any business.

Why do you need a risk assessment?

A risk assessment is a mechanism for identifying areas of vulnerability and opportunities for improvement within an organization. A risk assessment will provide management with valuable information that:

  • reduces the potential of fraud within the organization;
  • create efficiencies and cost savings in financial operations;
  • provides reasonable assurance to management, ownership, vendors looking to do work with the organization, or potential buyers of the organization about the entity’s risks and vulnerabilities; and
  • provide additional assurance to customers, government regulators, and rating agencies, i.e. insurance companies.

Only through diligent and ongoing efforts can an organization protect itself against significant acts of fraud. The ACFE, The American Institute of Certified Public Accountants and The Institute of Internal Auditors have laid out the key principles for proactively establishing an environment to effectively manage an organization’s fraud risk.  Those principles include:

Principle 1: As part of an organization’s governance structure, a fraud risk management program should be in place, including a written policy (or policies) to convey the expectations of the board of directors and senior management regarding managing fraud risk.

Principle 2: Fraud risk exposure should be assessed periodically by the organization to identify specific potential schemes and events that the organization needs to mitigate.

Principle 3: Prevention techniques to avoid potential key fraud risk events should be established, where feasible, to mitigate possible impacts on the organization.

Principle 4: Detection techniques should be established to uncover fraud events when preventive measures fail or unmitigated risks are realized.

Principle 5: A reporting process should be in place to solicit input on potential fraud, and a coordinated approach to investigation and corrective action should be used to help ensure potential fraud is addressed appropriately and timely.

Who is responsible for minimizing risk?

Management is ultimately responsible for effectively managing organizational risk and ensuring identifiable areas of vulnerability are adequately addressed.  In the event problems emerge, governing bodies, regulators, and even law enforcement will look to see what proactive measures were taken by management to assess, control and mitigate the risk inherent in the problem area.   Whether it is setting tone at the top, adequately training staff, or establishing effective internal controls, management is ultimately responsible and accountable.

Why use an outside professional?

During tough economic times, organizations tend to eliminate or downsize internal audit and internal control functions, despite the fact that organizational risks historically increase when pressures to succeed intensify. In response to this dilemma, more and more organizations are outsourcing various aspects of internal controls and risk assessment. In addition to realizing cost-savings, outsourcing provides management with a professional, independent, and objective appraisal of the organization’s risks and vulnerabilities.  In addition, “best practice” recommendations for mitigating risks are part of the assessment.

Professionals work with management throughout the risk assessment process by:

  • gaining an understanding of the organization’s business mission, goals, objectives and control environment;
  • performing a rigorous vulnerability risk assessment tailored to the organization’s specific accounting  and business systems and identifying events that could adversely affect these systems;
  • providing feedback on the risks identified and recommending reasonable, cost-effective remediation measures based on industry “best practices”; and
  • assisting in the implementation and follow-up assessment of the suggested remediation measures.

Organizations tend to not talk about fraud.  The reality is that most organizations experience fraud to some degree. Keep in mind that a proactive approach to managing fraud risk is one of the best steps organizations can take to mitigate exposure to fraudulent activities. The combination of effective fraud risk governance, a thorough fraud risk assessment, strong fraud prevention and detection (including specific antifraud control processes), as well as coordinated and timely investigations and corrective actions, can significantly mitigate fraud risks. Organizations that vigorously interpret and act on the results of their risk assessment are better positioned to capitalize on future opportunities and direct the business toward measurable success.

Inventory Up In Smoke? A Case Study in Forensic Accounting

Written by Paul C. Zarecki on . Posted in Financial Investigations and Fraud Prevention, Forensic Accounting, Insurance Claims Services.

A convenience store was faced with a real problem…it seemed their cigarette inventory was being inhaled. Mounting past due bills forced them to take stock and confront their situation head on. Sales seemed consistent with prior years, so what was the problem?

They began by taking a look at their major purchases, specifically, cigarettes. It was soon discovered that the cost of the weekly replacement order was far exceeding their weekly sales. By installing a hidden camera, they were able to catch the store manager taking several cases of cigarettes from the store…about $900 worth. They contacted the police and continued their surveillance. The same manager continued to take cigarettes, about $1,100 more. They had found their thief…it was time to file an insurance claim.

The owner logically calculated his loss by comparing the cost of cigarettes to their sales since the hiring of the accused manager over four years ago. Indeed, their costs exceeded their sales by more than $150,000, and well in excess of the $100,000 policy limit.

The Investigation

The insured had obviously spent more money for cigarettes than the sales they recorded. They also caught their manager on videotape stealing from them. But is that all there was to it? Had they proven their case? What else may have occurred? A self-guided tour of the insured’s location revealed a situation ripe for pilferage. The entire cigarette inventory was displayed on accessible retail shelving; easy access for any shopper (or shoplifter).

The Interview

Speaking with the insured, we learned they had been notified by other local retailers in the area that a band of kids was hitting stores in the area and stealing cigarettes. We also learned that the previous store manager had stolen from them and was fired. Despite on-going losses and mounting past due bills, management had conducted no inventory counts in the last four years, nor had they made any efforts to tighten internal controls and deter thefts.

The High Cost of Bad Management

This loss occurred in small increments over an extended period of time. Previous losses had not motivated any strengthening of internal controls. Cigarettes were easy to steal…by anyone. In over four years the insured never compared cigarette revenues with their cost.

Nothing “Butt” $900

The accused manager had been videotaped stealing a total of $2,000 in cigarettes and the total theft was estimated to be in excess of $150,000!! Unfortunately, the insured’s policy did not provide coverage for the “apparent” theft losses that occurred prior to the start of videotaping and only provided coverage up until the time an individual is actually identified as a thief. Therefore, the additional losses prior to videotaping and the videotaped losses used to build a criminal case were not covered. Based on the policy in force, the claim was adjusted to just $900, the only amount proven to have been an employee theft loss prior to identification. The remainder of the loss, in excess of $150,000, was just the high cost of doing business the way they chose to do it, totally lacking in any form of internal controls or prior surveillance capabilities.

Fraud Prevention Techniques

Listed below are some steps businesses can take to save money and control inventory:

  1. Implement proper inventory counting procedures. Split responsibilities so different staff is responsible for distribution and receiving, and control access to inventory.
  2. Monitor all inventory at irregular dates, including slow moving products (these items are more susceptible to theft as it may take time to notice missing items).
  3. Hire a professional. Increase productivity and detect fraud by outsourcing inventory counting services, particularly for large jobs.
  4. Install security systems and instill a work environment focused on integrity where employees feel valued.
  5. Write-offs for obsolescent or spoiled goods should be examined for validity.
  6. Financial statements can be analyzed to compare prior and current periods. Variances from expectations should be investigated and explained. Spot unusual trends in certain financial ratios involving inventory. Possible signs of fraud include inventory balances rising faster than sales and shipping costs decreasing as a percentage of inventory.
  7. Treat physical assets like monetary assets, taking appropriate steps to protect and easily assess them. While computer programs make inventory management easier, they can also be used to hide fraud. Nothing can replace physical inventory counting as an essential process to protect against fraud and loss.

Lastly, businesses should regularly review their business insurance policies with their agents to be sure they are adequately covered.

Auditor or internal revenue service staff, Business women checking annual financial statements of company. Audit Concept

It’s Tax Time….Was Your Identity Stolen? What to do Next?

Written by Paul C. Zarecki on . Posted in Financial Investigations and Fraud Prevention, Forensic Accounting.

Every year individuals look forward to a potential refund to use for that summer vacation, new car purchase or just to pay off those overdue bills. However, not everyone will be getting that refund right away. Why? Because when you filed your return, you received a notice from the Internal Revenue Service (IRS) that your filing has been rejected.

Wait…How can that be? The reason is a return has already been filed using your social security number – you are a victim of tax fraud and identity theft.

This is an experience of far too many individuals and the IRS estimates that in 2016, they issued $4.1 billion in fraudulent tax refunds to identity thieves. The IRS is looking to reduce tax fraud and has set up the Identity Theft Tax Refund Information Sharing and Analysis Center (ISAC) to help combat it. The ISAC launched in 2017 but was not fully implemented for this filing season. What should you do if you are a victim?

The following steps should immediately occur:

  • If you are unable to e-file, file your return by paper to avoid potential penalties. Also, be sure to pay any taxes you may owe.
  • Complete IRS Form 14039, Identity Theft Affidavit which you can get from the IRS website. You can include this with your paper tax return or follow the form’s instructions to send it separately. You may need prior year tax information to complete this form.
  • When the IRS receives your Form 14039 and paper tax return and you are ultimately confirmed as a victim of ID Theft, you may be issued a separate and unique six-digit number known as an Identity Protection PIN (IP PIN). To ensure the integrity of your return, the IRS will send you a letter each year containing a new IP PIN.

The IRS states it usually takes an average of 180 days for the case to be resolved; however, if all goes as it should, most taxpayers should be able to receive their refund after that period of time.

Keep in mind that a tax return fraud is also identity fraud, so it is a good idea to also file a complaint with the Federal Trade Commission and to contact credit reporting agencies to place a freeze on your credit reports. It’s unfortunate, but now that you’re aware that someone has your personal identifiable information, you must be extra vigilant about your credit and accounts going forward. Identity thieves may choose to sit on your information before using it, or may sell it to a multitude of buyers who can continue to try and use it for years to come.

Finally, one of the best things you can do to minimize your odds of this fraud is to file your tax return as quickly as possible. In that way, if the fraudulent return is filed after you’ve already filed the real one, the fraudster’s is more likely to be rejected.

Also, keep in mind scams and what the IRS would or would not do. The IRS posted this on their website:

The IRS does not send unsolicited email, text messages or use social media to discuss your personal tax issues. If you receive a telephone call from someone claiming to be an IRS employee and demanding money, you should consult the IRS Tax Scams/Consumer Alerts webpage: http://www.irs.gov/uac/Tax-Scams-Consumer-Alerts. If you know you don’t owe taxes or have no reason to believe that you do, report the incident to the Treasury Inspector General for Tax Administration (TIGTA) at 1.800.366.4484 or at www.tigta.gov.

For those of you in New York State, here is what they recommend, per the New York State Department of Tax and Finance website:

If you are a victim or potential victim of identity theft, please send New York State the following:

  1. Form DTF-275, Identity Theft Declaration;
  2. a statement explaining why you believe you’re a victim of identity theft;
  3. a copy of the notice you received from our department (if you received one);
  4. a utility bill, lease agreement, or bank statement from the year in question to verify your address; and
  5. a photocopy of your government-issued ID, such as a driver’s license, US passport, or US military ID card.

You may fax or mail your documents to their identity verification unit, or call them with your concerns. Their contact information and further instructions will be with the form, which can be found on New York State’s website.

After you contact them, they will review your complaint promptly and, where appropriate, take corrective action. New York State may:

  • remove any fraudulent returns from your record;
  • cancel any bills you were issued as a result of the fraud;
  • allow any refunds or overpayments due to you;
  • put an identity theft indicator on your tax account for three years; and
  • manually review any returns filed under your identification number for three years, which may cause a delay in the processing of your returns.

Good luck meeting your tax deadlines if you have not filed already.

Read Our Reviews

FAZ Forensics is rated 4.95 out of 5.0 stars based on 21 review(s).

---

FAZ Forensics did a full review and evaluation of my business and I was very happy with the level of detail and expertise.

- Chris Schmidt

---

Christian has, along with his good nature and thoughtful regard, been exceedingly helpful with sorting out the complexities of our case. We could not be more pleased with our exchange. Thomas and Hema Easley

- Thomas Easley

---

Christian was patient and easy to understand. clear, concise and thorough. he spoke “plain” English and was respectful. he did not “rush” and he responded to every question i had, in a timely manner. no matter how “dumb” it may have seemed. for example, i received some paperwork by mail and i did not understand it. i emailed him about it and he cleared it up that day. thats great customer service!

- Joong Park

---

Really good, very knowledgeable and communicated with us every step of the way.

- Haartz Corporation/Tom Daigneault

---

FAZ has a great team doing terrific work for our clients.

- Jim Towne

---

Exceptional work produced.

- Matt Smith

---

Thanks!

- Arrow Bank

---

FAZ was very professional, knowledgeable and very fair priced. The work performed was prompt, accurate and reliable. I would absolutely hire them again if in need for additional accounting work.

- Arrow Financial Corporation

---

Excellent to work with. Professional and personable.

- Cambridge Central School District

---

Awesome team! They were a pleasure to work with. I would definitely recommend.

- Cambridge Central School District

---

FAZ was extremely thorough and professional in doing our business valuation. We are very pleased with the results

- Anne Choppy

---

Steve and GeNet were great at the valuation we needed. Very satisfied. Thanks,Vince and Anne

- Vincent M. Choppy

---

Perfect

- Zalazar anelardo

---

Gen'et and Paul were extremely responsive to our needs. They listened and responded to any concerns that we had. I would highly recommend them for any forensic engagement needs.

- Jennifer Mulligan

---

Thank-you for asking. Our experience was excellent. The people at FAZ showed a depth of knowledge and experience that was very helpful with the undertaking before us. Well done.

- Guy Tombs

---

The CPAs and staff at FAZ are truly amazing. They explain their process very well and always answered my questions right away. I highly recommend them for all your forensic accounting and evaluation services.

- Ashley Hart

---

Excellent and responsible.

- Peter Lee

---

Steve Ferraro did an excellent job and worked tirelessly as our expert forensic accountant witness. Based on Steve's hard work, the jury awarded every penny that Steve showed our client to be entitled to and completely rejected the conclusions of the opposing side's expert.

- Dave Paliotti

---

Great firm!

- John Harwick

---

The people at FAZ are amazing. They are true professionals. The staff is knowledgeable & kind. You feel like you matter. Anytime I have questions they take the time to go through everything in detail so I completely understand everything. I would definitely recommend FAZ.

- Dan Dagostino

Write Review