Being the victim of a complicated fraud scheme is a situation every company wants to avoid, given the potential reputational and financial damage.

CPAs can help their clients mitigate their risk of business fraud effects by staying on top of current trends in this area of malfeasance and helping their clients have the right preventive measures in place.

Leading forensic accountants spoke about the fraud landscape in 2024 during an AICPA webinar, “Current Hot Topics in Fraud.” The panelists broke down what risks are out there and what CPAs need to know.

Here are their observations of which schemes are trending and how CPAs can help their business clients avoid becoming the next victim.

VENDOR FRAUD: SKIMMING OFF THE TOP

Invoices for services never delivered, kick-back schemes, and padded invoices have been persistent scourges on the business landscape.

But the shift away from in-person work during and after the COVID-19 pandemic has sparked an increase in vendor fraud, with fewer in-office interactions and less oversight of purchasing processes, said Fred Kohm, CPA/CFF, national managing partner, services industries, Grant Thornton LLP.

Companies should be “reviewing accounts payable, making sure that you’re paying who you should be paying,” Kohm said. “A lot of those controls were probably more effective when people were in the office together and had regular interaction.”

With remote work a presence in most industries, too many companies have failed to update controls or increase audits to reflect the new reality of off-site employees and the risks that carries, said Jonathan T. Marks, CPA/CFF/CITP, CGMA, partner–Forensics, Legal, Monitorships & Investigations at BDO USA PC.

Another issue is the financial pressures that some people face in their lives, prompting the occasional rogue employee to consider skimming off company profits through fraudulent vendor schemes, said Elizabeth Woodward, CPA/CFF, forensic accounting and litigation support director at Dean Dorton.

“When we see credit card, individual consumer debt, this high, I think we see that individuals may have more incentive to steal from their employers,” she said.

CPAs have an opportunity to help, however, by urging their business clients to tighten controls, training accounts payable departments to better recognize questionable transactions, and using data analytics to flag scenarios where vendors have the same addresses or other discrepancies that have long been hallmarks of fraudulent activity.

“Training and technology are tools in your box and really a way to mitigate some of the risk,” Marks said.

CPAs can also help their clients avoid becoming victims by building in processes for regularly screening separate sets of data to check for outliers and setting aside time for open conversations about where vulnerabilities exist, Kohm said.

“Sometimes it’s pulling different pieces of data together that you wouldn’t normally think about,” Kohm said. “Fraud risk assessment lets you brainstorm around how fraud could occur.”

REVENUE RECOGNITION FRAUD: TOO GOOD TO BE TRUE

Revenue recognition fraud is also a major area of concern and can carry significant consequences for publicly traded companies. These are scenarios where insiders exaggerate or falsify revenue numbers to meet targets, receive bonuses, or paint their corporations in a more favorable light than what is merited.

All industries are vulnerable to this, from high-tech startups to manufacturers, Marks said, though he has found more issues at companies that are growing and haven’t updated their controls and processes to ensure accurate information is being reported out.

Culprits tend to be those who would financially or reputationally benefit from the inflated numbers — whether it’s C-suite officials who pull down big bonuses when they meet targets or others further down the corporate ladder who could benefit from exaggerating revenue numbers.

“Those [compensation incentives] can really drive, in a lot of cases, bad behavior,” Marks said. “It really does come down to the human element.”

The SEC is ramping up its enforcement in this area, Marks said, mentioning that the SEC had set up a task force to examine publicly traded companies’ continuous earnings reports, looking for patterns and trends, including situations where companies inaccurately round up their earnings per share to appear better on paper than they actually are. CPAs working with publicly traded companies need to diligently educate clients about having checks in place to ensure information is accurate, Marks said. Workplace culture also contributes to the risk of this type of fraud, and CPAs can urge their clients to create work cultures that value transparency and accountability.

RANSOMWARE: NETWORKS UNDER ATTACK AND BIG PAYOUTS

This is the stuff of corporate officers’ nightmares: An employee clicks on a link, downloads a questionable file, and within an hour, the company’s entire network is held hostage by an off-site hacker demanding large amounts of money.

The instances of ransomware and the extent of the damage caused are going up, though the topic isn’t in the news as much, Kohm said. This devastating scheme is becoming almost commonplace, and many companies want to avoid the reputational risk that comes from publicly disclosing the fraud.

But CPAs need to continue reminding their clients, employers, and teams of the risk that exists, given that ransomware attacks can spark a crisis of the most extreme degree, with entire operations potentially taken offline and business grinding to a halt.

“It’s all hands on deck, and, unfortunately, we’re going to see more and more of these,” Kohm said.

“The numbers are staggering.” Larger organizations are generally prepared, but Kohm has found that the most vulnerable and attractive to fraudsters are companies experiencing rapid growth that may be lacking technical sophistication and robust internal processes such as effective malware prevention.

Forensic accountants often end up getting involved in these cases when it’s time to investigate and determine the damage done for insurance claims — an exciting professional challenge but one that comes at great expense to clients, Kohm said.

“It’s a lot of fun from a forensic standpoint, but a lot of pain from the organization that has to deal with that,” he said.

To help clients avoid becoming victims, CPAs can continue urging corporate management to remain vigilant. Clients should be urged to conduct penetration testing, engage with assessments to identify vulnerabilities, and train employees to recognize phishing schemes.

“Until organizations are able to get smarter around keeping these bad actors from being able to access their data, it’s going to continue to be a problem,” Kohm said.

DISASTER RELIEF FRAUD: TAKING ADVANTAGE IN UNCERTAIN TIMES

Disaster relief fraud also continues to be an issue, Woodward said.

In these situations, fraud may involve schemes seen in less dramatic times — contractors not performing work as promised, fake charities looking to cash in on people’s good intentions, inflated insurance claims, and more.

Given the chaos and uncertainty that can come in the wake of a natural disaster, CPAs will benefit from educating clients about how fraud rises during turbulent times after disasters hit, said Woodward, who also co-authored a 2020 Eye on Fraud report about global disaster relief fraud.

There may not be as much diligence or ability to spot fraudulent schemes when groups are working hard to help people who have genuinely been harmed.

“The environment is ripe when disaster has occurred,” Woodward said.

CPAs can help clients avoid issues by urging or helping clients to research charities through platforms like GuideStar, which gives insight into not-for-profits’ operations and spending. Board members, guided by the advice of accountants and financial officers, should require strong oversight and frequent audits post-disaster to ensure that insurance claims are accurate and not inflated.

Submitting claims through FEMA, the Federal Emergency Management Agency, can involve many nuances, and CPAs can be critical team players in helping clients navigate what is often a convoluted and lengthy process.

REMAIN DILIGENT

The ways unsavory actors try to extract money from corporate entities, whether through sophisticated ransomware attacks that can halt business operations after errant downloads of a virus or convoluted kick-back schemes that can take years to uncover, can change over time. But the existence of fraud in the business world itself is constant, and CPAs who stay abreast of current trends can help clients adopt the latest in prevention tactics.