The IRS issued a newswire (IR-2016-119) on September 2, 2016 warning practitioners of the latest way that the bad guys are scamming the IRS out of money that does not belong to them. Actually, it belongs to us, so they are stealing for all of us.
Personal tax returns (form 1040) for which an extension was filed, are due by October 15th. Now is the time that the scammers are back. The newest warning details that unscrupulous individuals, with more brains than sense, are hacking remotely into tax practitioner’s computers to file false tax returns. The bad guys are using the tax practitioner’s software and directing refunds to their own dummy bank accounts. The tax practitioner only knows he has been hacked by the e-file acknowledgements they receive after the fact, when it is too late and there is no way to un-file.
My question is this; does your tax preparer have enough security on their system to prevent this type of action? I believe we do, we take specific measures to ensure our client’s personal information is secure. We change passwords regularly and create complex passwords to deter hacking. However, do these pop up tax preparation companies put as much thought and effort into their security as we do? I would hope so, but I doubt it. Most don’t even adhere to the basic principle of circular 230 which applies to all tax practitioners.
Do your research. Ask about their security measures. Also consider, does your tax preparer charge for the services they provide? (I would think so if they want to make any money) If so, do they sign the return as the preparer? (They must according to the IRS). Do they use a PTIN “Preparer tax identification number”? (Also a requirement of the IRS) If the answer to these is no, run away as fast as you can, any tax professional worth having will adhere to the basic rules above, and the other rules in circular 230.
The ethical culture of an organization, also known as “the tone-at-the-top,” begins with top management, then trickles down to mid-level management, and last but not least, to the employees. So how does an organization develop and sustain a positive ethical culture? Many researchers have spent countless hours trying to pin point those actions that answer this very question.
Gerry Zack gave a presentation at 27th Annual ACFE Global Fraud Conference entitled “The Return of the Tone at the Top where he discussed 9 signs of a toxic organizational culture. (1) Favoritism: “It’s not what you know, it’s who you know.”
(2) Walking on eggshells: “If I tell him the truth, he will lose it!”
(3) Bad behavior: “I’ll step on whoever I have to in order to get what I want.”
(4) Lack of development: “Training and development only cuts at the budget and lowers production.”
(5) Information hoarding: “We will just keep them in the dark about this.”
(6) Lack of accountability: “We like her, so we will just look the other way and pretend it’s not happening.”
(7) Overly aggressive goal-setting/pressure cooker culture of meeting goals: “Can’t run a marathon after a month of training? Good-bye bonus.”
(8) One-way communication from executives: “It’s my way or the highway.”
(9) Decision making based on trying to hide a problem rather than fix the problem: “I know! I’ll bury it then no one will see it!”
Do any of these sound familiar? You’re not alone. Most organizations suffer from one or more of these toxic culture traits. But luckily there are ways to undo the mess and create and sustain a positive ethical atmosphere.
Bethmara Kessler also presented at the 27th Annual ACFE Global Fraud Conference. Her presentation was entitled “Sustaining an Ethical Culture: It’s Not Always Black and White.” She gave 9 tips on how to undo the mess and create and sustain an ethical culture.
The first tip is to make it a priority. Management should acknowledge the need for a change and work on it daily. Employees will not be receptive to the change if they do not see their leaders making the change. Toxic employees who refuse to embrace the new culture, under the right circumstances, should be removed. Negativity is contagious, but so is positivity, so fill the organization with positive energy which leads to the second tip, hire ethical people.
There are many ways of “weeding” through the many applications, but here are a few examples: background checks, verifying items on the resume, and asking questions such as “what would you do in this situation? Or “have you ever been in this situation and how did you handle it?”
Tip number 3 is to create great policies for your ethics program. Kessler states that these policies should resonate with and be relatable to everyone in the organization. They should also be simple, easy to understand and as transparent as possible so that employees don’t create their own interpretations. Most importantly, these policies should be there to help employees make the right decisions.
The fourth tip is to hold employees accountable. Make it clear what the expectations are and consequences for not meeting them. Then give consistent discipline with each person and each instance. If employees see that a co-worker isn’t being disciplined for actions that are clearly against the policy, they might follow suite and/or become demotivated.
Tip number 5 is to engage your people in an impactful way. Create ongoing communication about ethics. Make the topic fun and engaging and allow employees to give feedback and ideas.
The sixth tip is to have an “open door.” Allow open communication throughout the organization. Help the employees feel safe about discussing ethical dilemmas. Your biggest ally in preventing and detecting fraud and unethical behavior are your employees; they are the ones seeing the dirty details on a daily basis. Employees should be trained on what to look for in their department regarding fraud and unethical behavior.
Tip number 7 is to be quick and decisive in finding and disciplining unethical and fraudulent behavior. Remember, perception of detection is your strongest control. Create formal procedures for disciplinary actions and give an appropriate level of information to other employees. Like children, employees are sponges, they are listening and watching to see what you say and do. If employees see that you mean business, they will act like you mean business.
The eighth tip is to create teachable moments. When fraudulent or unethical behavior occurs find out why and how it happened. Use this information to teach others in the organization of what to look for and what not to do. Then evaluate the current policies and procedures and make any needed changes. Keep that open communication with the employees and develop them.
Tip number 9 is to evaluate yourself. Any goal in life is useless if you don’t evaluate your progress. Same goes for creating and sustaining an ethical culture. Goals should be set that can be measured and are realistic, then evaluated on an ongoing basis. Ask for the opinions directly from those whom it affects, which is everyone in the organization. Then make it a priority to implement those changes that are deemed reasonable. The employees of the organization need to see they are being heard and their opinions matter. Employees see the daily details and can give a wealth of knowledge on how things can improve. Here are some suggestions that Gerry Zack gives on how to measure the effectiveness of the ethics program: number of signed ethics policies, number of employees attending training, scores of pre-tests and post-tests, employee surveys, and compliance, enforcement and discipline data.
An ethical “tone-at-the-top” is attainable with dedication and with the right people. Following the tips and suggestions above will create an environment that can save your organization from losing time, resources, money, and great people.
Part 1 discussed a summary of statistics from the Report to the Nations on Occupational Fraud and Abuse produced by the Association of Certified Fraud Examiners as well as the basics of the Fraud Triangle and a few ways to prevent fraud in your organization. Part 2 dives into why people start down that slippery slope and allow themselves to be boiled in a pot of water.
This reminds me of the board game “Chutes and Ladders” where certain squares have pictures of children making good choices while others show children getting themselves on Santa’s naughty list. Landing on these squares causes a player to either climb the ladder for making good decisions or slide down the chute for making bad decisions. The picture that always stands out to me while playing this game with my own children is the child grabbing the jar of cookies and eating them all. I believe this is due to my love for cookies, but I also see how my love for cookies could get me into trouble if I let myself.
There is an old analogy about a frog who if put in a boiling pot of water will immediately jump out. But if that frog is put into a pot of cool water, then the heat is slowly turned up, the frog will be boiled without even realizing it. Now, I believe this frog’s instincts of “warning! It’s getting hot!” would kick in, but this story demonstrates a good point; how do good ethical people end up making bad ethical decisions? How did they get from point A to point B?
At the 27th Annual ACFE Global Fraud Conference, John Hurlimann, CFE taught a course entitled, “Mastering the Edge of Ethics.” In this course, he discussed two different ethical views: utilitarianism and deontological. The first is making a decision based on being for the greater good while the latter is based on laws, rules and policies. The analogy he gives is the Trolley Car Dilemma, which is a popular analogy for demonstrating ethical dilemmas and how one makes ethical decisions. The analogy goes like this: there is a runaway trolley car heading down the tracks toward five people tied up on the tracks and cannot move. You are next to the tracks and a lever that will switch the trolley car to another set of tracks. But before you pull the lever, you see one person stuck on the other tracks. What do you do? Pull the lever causing the trolley to kill the one person or do nothing and allow the trolley to kill five people? Whether your ethical compass follows the utilitarianism or deontological view will determine which choice you make. Kill the one person because saving five people is for the better good or do nothing because pulling the lever will be purposely murdering someone.
As discussed in Part 1, one of the legs of the Fraud Triangle is rationalization. Utilitarianism describes how many people can justify their actions because in their mind it’s for the greater good, such as “I was making the company more money” or “I had to help my mother with her medical bills.” The dilemma is that some good might come of the action but at what cost? But as we know, the cost of fraudulent and unethical behavior is very high to the company and to the individual who commits the wrong doing.
When I think of these dilemmas, I think of the analogy of the little shoulder angel and devil; two little creatures whispering their reasoning behind why their decision is the best. Although funny, these two creatures represent a very real process that occurs in our brains numerous times throughout each day. Rationalization is easy because it can be seen as just a small thing that won’t hurt anyone or no one will miss it or maybe everyone else is doing it or it’s for the greater good. Every time an act is rationalized and committed, the heat increases. Soon, the person has committed actions they never would have dreamed of doing before that first unethical decision; then they find themselves boiling in a pot of water. Hurlimann describes this as creating a new baseline for what is acceptable. Each time an unethical act is committed, it seems minimal because it’s the new norm. But these acts would never have seemed okay to the person in the beginning.
So how does an organization create an atmosphere of ethical behavior and prevent fraudulent actions? Part 3 will discuss specific ways that your organization can create the “tone at the top” and a culture of good behavior that will save your organization from fraud.
What would you do if someone told you they could help you save money in the amount of 5% of your total revenue? That’s quite a chunk of change that could increase overall profits and overall business performance. Did you know that organizations lose approximately 5% of their total revenue to fraud each year with median losses of $145,000 that took a median duration of 18 months to detect? Now that’s a huge chunk of change. These findings came from the Report to the Nations on Occupational Fraud and Abuse produced by the Association of Certified Fraud Examiners. In the report, 82% of the fraudsters were first-time offenders and had never been previously punished or terminated from an employer relating to fraud. This report also shows that it is more likely that an employee will commit fraud within year 1 to 5 of being employed by the organization, but the median losses are the highest after 10 years of being employed. Only 14% of victim organizations made a full recovery of losses. 58% of victim organizations, at the time of survey for the report, had not recovered any of their fraud losses. These losses can be seen as a huge glaring decrease to the bottom line.
No organization or business is immune to fraud. Unfortunately, small businesses and organizations lose a disproportionately larger amount compared to large businesses and organizations. Why is this? Why are small businesses at such risk for fraud losses that can be extremely detrimental to its overall well-being? There are three main reasons for the disproportionate losses: (1) cost (2) time and (3) lack of resources.
It does cost money, as well as time, to set up controls and monitor them. But frauds have indirect costs as well, alongside the actual amount stolen. For example the loss of productivity, damage of personal or business reputation, investigative costs, and possibly the loss of all your hard work down the drain.
There are three main categories of occupational fraud: (1) asset misappropriations (theft of cash, inventory, supplies, etc) (2) corruption (“I’ll give you money under the table if you give me that contract) and (3) financial statement fraud (“we’ve got to keep the investors happy”). According to the report mentioned above, 85% of the fraud cases examined were for asset misappropriations with median losses of $130,000, corruption were 37% of the cases with median losses of $200,000, and financial statement fraud made up only 9% of the fraud cases but had median losses of $1,000,000.
So why do employees or owners/executives commit fraud? Why do individuals who don’t have criminal records or a past history of fraud begin that fateful journey? Dr. Donald Cressey conducted extensive research and interviews to answer these very questions. His findings turned into what is known as the Fraud Triangle. The Fraud Triangle consists of three parts: (1) perceived non-shareable financial need (2) rationalization and (3) perceived opportunity. It is widely accepted that all three of these parts must be present for fraud to take place.
Non-shareable financial needs can consist of living beyond one’s means, addictions, unexpected bills, etc. You and other employees should be aware of others in the organization who might exhibit these red flags of a potential pressure to commit fraud. Other red flags include breaking other rules in the organization, unwillingness to share duties, refusal to take vacations, working earlier or later than other employees, disgruntled about work, family problems, excessive pressure from the organization, etc. It’s important to note that these pressures don’t necessarily mean there is fraud, but just something that should make your “this needs attention” antenna go up.
Rationalization is what gives the fraudster justification for his or her actions. So how do individuals convince themselves that committing fraud is okay? Dr. Cressey found that these fraudsters saw their actions as justified, noncriminal, or part of non-controllable situation. Examples of common statements from fraudsters are: “I was going to pay it back” and “I deserved it after all my hard work. My employer doesn’t appreciate me.” Remember, anyone can commit fraud. Many times, fraudsters are honest people who give in to temptation based on a severe pressure because he or she sees an opportunity to conceal the theft. Unfortunately, it is human nature that once the fraud starts, he or she continues with more frequent, larger thefts. Protect your organization from fraud and protect your employees from the temptation to commit fraud. Human beings can be greedy creatures when the right buttons are pushed.
The final part of the Fraud Triangle is the part that you have the most control over; perceived opportunity. Employees will not commit fraud, with a few exceptions, if they believe they will get caught. The perception of detection is your greatest ally with your fight against these fraudsters. Individuals are less likely to commit fraud if they believe they will get caught. According to the Report to the Nations on Occupational Fraud and Abuse, 35% of organizations who were victims of fraud used proactive monitoring and internal controls. The frauds of these organizations were 60% less costly and 50% shorter in duration.
With the potential of losing 5% of your revenue to fraud, what can you do to prevent and detect fraud in your organization? First step is to accept that your organization is not immune to fraud and that anyone in the organization can commit fraud. The next step is to conduct an assessment of risks in your organization. Ask yourself, what are the weak areas in our organization? Where could someone commit fraud? Once those risks are established, create and implement controls which will significantly reduce those risks. It is proven that properly implemented anti-fraud controls reduces fraud losses and detects fraud sooner. Examples of anti-fraud controls include management review of documents and processes, segregation of duties, employee training and awareness, audits, employee monitoring, whistleblower hotlines, etc.
Getting management and employees on board is a key element in the success of your organization’s fight against fraud. In the report mentioned above, tips are consistently the most common method of fraud detection. Employees, customers, and vendors are your friends. Over 40% of the cases in the report were detected by a tip and half of those tips came from fellow employees. Tips are more than twice the rate of any other method of fraud detection. Get other employees on your team. Let them know you need their help to combat fraud in the organization. Remember, the perception of detection is the greatest deterrent to not committing fraud. When something doesn’t look or feel right, question it.
In the next two parts of this series, we will discuss the boiling frog analogy of why good ethical people sometimes make bad ethical decisions and how you can save your organization with a positive ethical culture.
*Information taken from Report to the Nations on Occupational Fraud and Abuse produced by the Association of Certified Fraud Examiners and also “How to Prevent Small Business Fraud” also produced by the ACFE.