With increased regulatory demands and constant threats of fraud and misconduct, businesses have to watch their backs, especially when it comes to finances. In many cases, having a traditional accountant is not enough. Instead, you may need someone who has not only accounting skills, but investigative and analytical skills as well. In other words, you need a forensic accountant.
“Forensic accounting enables business owners to get control over possible financial fraud and mismanagement and, more importantly, to deter it before it occurs,” says James P. Martin, CMA, CIA, CFE, managing director at Cendrowski Corporate Advisors LLC.
He says forensic accountants can help companies design effective antifraud controls and mitigate the risks of future lawsuits. They also might be used to quantify economic damages in instances where value and/or profits might be lost, or in cases of business valuations to uncover reported income or expenses.
Smart Business spoke with Martin to learn more about forensic accounting.
How does a forensic accounting engagement differ from an audit?
First and foremost, forensic accounting engagements are nonrecurring and are only conducted at the request of a firm’s management. Audits, conversely, are recurring activities. Forensic accounting engagements are targeted assessments of specific areas of a business; they are not general assessments of the business as a whole or its financial statements.
The methodology employed in an audit is also quite different from that used in forensic accounting engagements. Audits are conducted primarily by examining financial data, whereas forensic accounting analyses are conducted by examining a wide variety of documents and interviews.
Lastly, the goals of forensic accounting engagements are yet again very different from audits. The goal of the latter is to detect the presence of material misstatements, irrespective of their cause. Audit activities are in no way designed to help an organization deter fraud, though they may detect such activity.
Because many frauds begin on a small scale, they may go undetected by auditors if the size of the fraud is below the auditor’s threshold for materiality. Moreover, even if the magnitude of a fraud is greater than the auditor’s threshold for materiality, a fraud may remain undetected by the auditor if it is well concealed. Forensic accounting engagements can be specifically tailored to deter fraud and potentially prevent it.
Can forensic accounting techniques be applied proactively?
Forensic accounting techniques can be used on a proactive basis in many instances, including the deterrence of fraud. More specifically, forensic accountants can proactively analyze an organization’s internal control process to determine areas of weakness and help the organization swiftly remediate these issues.
How can organizations use forensic accountants to help deter fraud?
Fraud deterrence focuses on removing one or more of the three causal factors of fraud: motive, opportunity and rationalization. Only when each of these factors is present can a fraud occur.
Motive and rationalization are generally dependent on personal situations over which the organization may have little control. This is why the opportunity for fraud is often the prime target of fraud deterrence engagements, as this factor can be controlled by an organization.
How can forensic accounting techniques be used in cases of business valuations?
Valuation professionals who are trained in forensic accounting may have significant experience in data mining and analysis, affording them the ability to supplement typical valuation techniques with information uncovered as a result of forensic accounting activities.
This additional information could result in a markedly different valuation from that which might have been calculated without the use of forensic accounting techniques, as valuations are extremely sensitive to underlying assumptions.
Insights Accounting is brought to you by Cendrowski Corporate Advisors LLC
Business operations are subject to a number of internal and external risks, as are ownership interests in businesses. How organizations and their owners address these risks can have a significant impact on the value of businesses and interests therein.
“An enterprise risk management process involves identifying risks relative to an organization’s objectives, assessing them for likelihood and impact, developing a response strategy and monitoring progress,” says John T. Alfonsi, managing director at Cendrowski Corporate Advisors.
A well-defined enterprise management process (ERM) framework can protect and create value for organizations and their owners, he says.
Smart Business spoke with Alfonsi about ERM to better understand its applications.
Where is risk addressed in a business valuation?
The most common method of valuing a business is the ‘income approach,’ which requires a valuation analyst to project a business’s future cash flows, then calculate the present value of the sum of these cash flows by employing an appropriate discount rate. The valuation analyst must address risk in two primary areas: projected future cash flows and the discount rate. Effective ERM processes can help businesses increase value by affecting the estimates for these quantities.
How does risk impact projected cash flow?
There exists a risk that an organization will not achieve its projected figures. As such, the process by which management projects future cash flows can impact a valuation analyst’s assessment of the business. A key risk in the process is information integrity, the quality of information generated through monitoring and data assimilation.
Information integrity allows management to make well-informed decisions and should provide a valuation analyst with greater confidence in a business’s projections.
Valuation analysts can analyze information integrity by examining historical projections and assessing elements of the internal control environment.
A valuation analyst also should examine the variance between historical projections and a business’s actual performance. If a strong correlation exists, a valuation analyst can be highly confident in current projections, if the process employed by the organization remains constant. If not, the analyst must examine the variance between the past projections and actual performance to discern whether bias existed in past estimates and current projections.
What about risks in the discount rate?
The discount rate is the yield necessary to attract capital to a particular investment, given the risks associated with that investment. A project with relatively high risk will require a relatively high yield to compensate an investor for bearing these risks.
In determining the discount rate, there are two sources of risk that need to be quantified: systematic and unsystematic.
Systematic risk is the risk one must bear for taking on a risky investment in the market. However, systematic risk is estimated by calculating the return to public equities due to availability of data. The ERM process has little impact on systematic risks unless the business’s performance is heavily tied to market performance.
Unsystematic risk is sometimes broken down into two components, industry risk and company-specific risk. Industry risk reflects the risks identified with the industry in which a business operates. Company-specific risks encompass all other risks, including size, depth of management, geography of operations, customer and/or vendor concentration, competition and financial health.
How can ERM processes mitigate company-specific risks and increase value?
An ERM process should quickly gather and assimilate high-quality information for use in the organization’s decision-making process, allowing the organization to rapidly assess the impact and likelihood of risks associated with changes in its internal and external environments. Early assessment and mitigation can help preserve value and capitalize on risky events when competitors do not react as swiftly to environmental changes
John T. Alfonsi is managing director at Cendrowski Corporate Advisors. Reach him at (866) 717-1607 or firstname.lastname@example.org.
Insights Accounting is brought to you by Cendrowski Corporate Advisors LLC
One of the primary functions of management is to understand what is actually going on in an organization, as opposed to what is supposed to be happening. However, for monitoring to be truly effective, there must first be good communication, a culture that promotes ethical behavior and a solid understanding of the particular organization’s risk factors.
“Organizational monitoring is not just about protecting a company from fraud,” says James P. Martin, CMA, CIA, CFE, managing director at Cendrowski Corporate Advisors LLC. “Monitoring systems can help ensure quality, that customer needs are being met and that the company is doing everything else that is necessary to achieve its goals.”
Smart Business spoke with Martin about how management can understand what is truly going on within the business.
What are the steps to an effective organizational monitoring plan?
First, the company must clearly define its goals. What is it trying to accomplish and how will it accomplish those goals? Second, what risks does it face? What can get in the way of the company accomplishing those goals? Third, what type of early warning system does the company need? How will it know if and when a risk has occurred or if someone has not performed as expected?
What impacts are electronic monitoring systems having?
Electronic monitoring systems have been around awhile but are drawing increased attention now with more severe penalties and potential outcomes for violations under Sarbanes-Oxley. Electronic monitoring systems are similar to a car’s dashboard. When trigger points, predefined events or hurdles are detected, ‘warning lights’ appear on the manager’s desktop.
While electronic monitoring is useful, it cannot — and should not — replace human involvement. The most important thing managers can do is be involved with operations on a day-to-day basis by walking around and talking with employees, holding regular meetings, receiving regular reports and phone calls, etc.
How are trigger points identified?
An organizational assessment of risk will help management identify areas that have more robust monitoring needs. Examples might include finance, everything related to potential issues arising with cash, or vendor management, such as notification every time a vendor’s address changes. Triggers also can monitor quality metrics, supply chain issues, personnel issues, etc. The system should be proactive so that management can address issues before they get out of control, preventing a crisis management situation.
It’s important to note that a monitoring system is more holistic than the definition of trigger points. The single biggest factor is people — what they will do in a given situation. The overall culture needs good communication systems and a clear understanding of management expectations.
Monitoring techniques need to continuously adapt to consider potential changes in behavior. There are a lot of examples of companies that had defined monitoring procedures, but creative people were able to identify and exploit areas that were not considered in those procedures.
How do private equity firms monitor the activities of the companies they invest in?
Private equity firms have to monitor the operations of the portfolio companies, not to the extent of detail that internal management does, but they do need to define risk. These companies have expectations, and if they identify certain events on the horizon, they can be prepared to take certain actions. Like the companies they monitor, private equity firms also must define their own particular trigger points.
Any tips for improving a system?
Make sure you’re monitoring the right areas. There may be areas you’ve historically monitored that have now changed, which is where the internal audit function comes in. The board’s audit committee must understand what is critical for the upcoming year. In examining the ‘audit universe’ — the model that defines every auditable event within the organization — areas of risk are identified, and then prioritized for audit. It's management’s responsibility to determine how many resources to invest in each given area of risk.
James P. Martin, CMA, CIA, CFE is managing director at Cendrowski Corporate Advisors LLC. Reach him at (866) 717-1607 or email@example.com.
Insights Accounting is brought to you by Cendrowski Corporate Advisors LLC
A significant part of the risk management process for any business enterprise is the proper classification of its work force for federal employment tax purposes as either employees or independent contractors.
“The risks from misclassification are a potentially significant underpayment of employer Social Security, Medicare and unemployment taxes, as well as the interest and penalty from failure to pay such employer taxes and for failure to withhold income taxes,” says Walter McGrail, senior manager, Cendrowski Corporate Advisors LLC.
Employers, he says, are responsible for withholding taxes for employees, but they are not responsible for such taxes on independent contractors.
Smart Business spoke with McGrail about the Voluntary Classification Settlement Program (VCSP) and how it can be used to a business’s advantage.
What are the factors for determining work force classification?
For more than 20 years, the IRS has adopted the so-called ‘common-law’ test for classification of workers as employees or independent contractors. The common-law test for classification is used to determine whether business managers have the right to direct the ‘means and details’ of the services being performed. Under the ‘means and details’ standard, it doesn’t matter whether the business managers actually direct the means and details, only whether they have the right to do so. The IRS has published a list of the ‘20 factors’ used to make the common-law determination of classification. Generally, such factors fall into one of three categories: behavioral control, financial control and the relationship of the parties.
What is the IRS Voluntary Classification Settlement Program?
Work force classification has long been a source of acrimony between the IRS and taxpayers. For prospective employers, classification of its work force using independent contractor status has some obvious advantages: lower employment tax costs, less burdensome reporting (1099s vs. W-2s) and non-inclusion in employee benefit programs. While the IRS has a real economic incentive to audit potential employers for taxes, interest and penalties related to prior years can be very costly for the IRS to conduct.
In an effort to coax voluntary compliance from taxpayers, the IRS has rolled out what amounts to a relatively inexpensive amnesty program, the VCSP. In exchange for taxpayers’ agreement to voluntarily treat their work force as employees for federal employment tax purposes going forward, the IRS will limit the exposure of qualifying employers to employment taxes on previous periods to a one-time surcharge equal to approximately 1 percent of the most previous year’s wages. The surcharge can be a bargain compared to the actual cost of tax, interest and penalty for all years open to IRS inspection, as well as the cost of defending an IRS audit.
How do employers qualify for the program?
In the event that a taxpayer’s risk management analysis demonstrates that the VCSP is a cost-effective means of managing its employment tax risk, the employer must meet the following qualifications: the taxpayer must enter into a closing agreement and pay the entire surcharge at closing; the taxpayer must have treated its work force as independent contractors for the previous three years; the taxpayer must have filed U.S. Form 1099 reporting the payments to such work force as non-employee compensation; and the taxpayer or its business must not be currently under audit.
What additional risk assessment might be required before taking advantage of the VCSP?
For any employer that has assessed its exposure to employment taxes, and related interest and penalties for misclassifying its work force in a prior year, there are other risks to assess. First, and as suggested, the VCSP requires full funding of the amount due at closing. To the extent that a taxpayer is in financial difficulty, they should assess whether it makes sense to even apply for the VCSP.
Secondly, taxpayers opting under the VCSP must agree to keep the statute of limitations for audits open for six years after the first year a taxpayer participates in the program. Normally, a taxpayer’s statue of limitations period for assessment of employment taxes closes after three years.
Third, the VCSP in its current form does not necessarily shelter the work force from assessment by the IRS from penalty or interest with regard to personal tax returns. While it is unclear that the IRS would pursue any claims against such employees, the IRS would have authority to do so if it chose to. The possible cost to employees should at least be considered.
Finally, each state provides for its own employment and withholding tax requirements. As it currently stands, the VCSP does not preclude a state or local taxing authority from relying on participation in the VCSP as an admission by the employer of responsibility for such state and local employment taxes for any open year.
For each of these reasons, any employer that has weighed the cost and benefit of complying with IRS guidelines for registering its work force for employment taxes must evaluate all of the risks associated with participating in the VCSP. Contact a CPA to assist you with the difficult task of properly executing the risk management process for employment taxes.
Walter McGrail is senior manager of Cendrowski Corporate Advisors LLC. Reach him at (866) 717-1607 or firstname.lastname@example.org.