internal controls
IRS abates penalties
Monday, April 4th, 2011 | tax | No Comments
In a payroll tax case we have been working on for over a year, the IRS has agreed to abate penalties, saving the taxpayer over $200,000. This is a very unusual decision for the IRS, which considers non-payment of payroll taxes to be an unauthorized loan of government funds.
Employers are required to withhold income tax, Social Security tax, and Medicare tax from their workers’ wages and deposit these funds regularly. At the same time, employers pay their share of Social Security and Medicare taxes. Penalties mount rapidly if an employer falls behind on these deposits.
The circumstances of this taxpayer’s case were unique. Their office manager/bookkeeper had let the company get behind on their payroll tax deposits, but she had told the owners that everything was fine. She had gained unauthorized access to the company’s post office box so she could intercept the IRS notices before the owners saw them. Her ruse unraveled when she was absent one day. The owners received one of the notices in the mail and called us.
Our investigation revealed how serious the situation was, with a delinquent tax liability in the mid-six figures, plus penalties and interest. The owners amassed enough funds to get the back taxes paid. We organized the documentation, interviewed the owners, and fashioned a compelling narrative describing the course of events that led to the late deposits. Through a series of letters, conversations, and meetings, we were able to persuade the IRS to abate the penalties. If the decision had gone the other way, the burden of paying the penalties on top of the back taxes probably would have put the company out of business.
We consider this a big win against the odds for our client. Not all of our engagements with the tax authorities end this well, but this is one example in which our willingness to stand toe-to-toe with the IRS on behalf of the taxpayer turned a potentially catastrophic situation into a more manageable one. As a result, the owners can now turn their focus back to managing their company through the recession.
Do you have an IRS story you’d like to share? How can we advocate for you?
IMPORTANT: ACH Phishing Alert
Monday, February 28th, 2011 | consulting | No Comments
The Electronic Payments Association has received reports that individuals and/or companies have received a fraudulent email that has the appearance of having been sent from NACHA and signed by a non-existent NACHA employee. Specifically, this email claims to be from the “Electronic Payments Association” and appears to be coming from the email address “payments@nacha.org.” These fake e-mails falsely state that recently sent ACH (Automated Clearing House) transactions have been canceled by the Electronic Payments Association.
NACHA does not send communications to individuals or organizations about individual ACH transactions that they originate or receive. If you receive an email from NACHA that states that your ACH transaction has been canceled, please do not respond to the email, open any attachments, or follow any link. Be on the lookout for similar emails as well. You can find more information at the NACHA website.
In a previous post, we explained the risks of an ACH scammer targeting your business bank account. Businesses do not enjoy the same protections afforded consumers. Once a criminal has access to your banking information, your account can be cleaned out before you know it. Call us to discuss this and other ways to protect your cash.
Guard against electronic funds transfer fraud
Monday, November 8th, 2010 | consulting | 1 Comment
Your business, like many others, may receive and pay out funds through electronic funds transfer (EFT) and automated clearing house (ACH) transactions. Such transactions include converting paper checks to electronic payments, wiring funds, and paying taxes electronically. The frequency of EFT fraud and the size of losses have increased as cybercriminals are targeting small and medium-size businesses who have inadequate protection.
Unlike consumers, who are well-protected against ACH fraud, businesses must notify their banks within two days of a fraudulent ACH transaction or the business may be liable for the loss. Wire transfer fraud demands detection within hours. So discovering and responding to unauthorized EFT is time-critical.
Typically, a business establishes the means to conduct online EFT transactions with a financial institution. The bank has controls in place that authenticate the computer being used to initiate the process. If the computer is not recognized, another layer of security is activated, such as a security question. Once the authentication process is completed, the bank assumes that the transaction is legitimate because it originates from the authenticated computer.
The cybercriminal subverts the authentication process by installing malicious software hidden in an email attachment, web browser download, or file transfer. This malware captures keystrokes to log bank account information, credentials, and online activity such as EFT transactions. The user is usually unaware that the computer has been compromised. Then the criminal hijacks the victim’s computer to conduct the fraudulent EFT transaction, which the bank’s system sees as legitimate because it recognizes the computer. The criminal transfers most or all of the funds in the account by wire transfers under $10,000 each to avoid currency transaction reports that would detect the activity.
The bank is required to make its best effort to recover the funds, hopefully by reversing the transfer. The business often has no recourse against the bank because the bank’s security system authenticated the victim’s computer. Thus the payment order appears to be legitimate, and the bank is protected by the Uniform Commercial Code, especially if the fraud can be traced to a security breach in the victim’s computer (the malware or hijacking program). Wire transfers are difficult to recover because they are instantaneous. ACH transactions usually take longer because of the intermediary clearinghouse used to complete the transaction, thus increasing the possibility of intervention.
You can take a number of steps to minimize your risk of EFT fraud:
- Install firewall, antivirus, and malware protection on all computer systems, especially those used for online banking.
- Dedicate a computer for online banking with robust authentication features.
- Reconcile EFT transactions daily.
- Use a dedicated bank account and make sufficient “just-in-time” deposits into that account before a transfer occurs.
Contact us to learn more about these and other internal controls to safeguard your business against various forms of fraud, from within or outside your company.
Fraud protection resource
Monday, June 21st, 2010 | consulting | 1 Comment
When times get tough, more people try imaginative (and illegal) ways to outsmart the system or take advantage of others. We’ve seen it during this recession in Ponzi schemes (e.g., Madoff and Bolze), unemployment insurance fraud, bank fraud, mortgage fraud, and more. Recently, the Federal government set up the interagency Financial Fraud Enforcement Tax Force to improve enforcement actions and to help us protect ourselves from fraud. They launched the website StopFraud.gov as a central point for news and information on financial fraud.
As consumers and as business owners, we need protective measures to reduce our risk of becoming fraud victims. You may find some useful information on this website. For more specific help in boosting your fraud protection, please feel free to contact us.
Seminar presentations
Tuesday, June 8th, 2010 | consulting, tax | No Comments
Van and Karen presented at a seminar for business owners and managers in Morristown, TN today. Van talked about the increase in IRS audits and how companies can prepare for that possibility. Karen talked about detecting and preventing fraud in the workplace, which the latest study from the ACFE estimates costs the typical company 5% of annual revenue. Both shared many real-life stories from their experiences dealing with these issues. We also gave the participants practical ways to improve their recordkeeping and internal controls that they can implement in their businesses.
Fraud and Embezzlement
Tuesday, May 25th, 2010 | consulting | No Comments
Workplace fraud is an age-old problem in all types of businesses. Whether it takes the form of financial statement fraud, corruption, or misappropriation of company assets, the cost to businesses is estimated at seven percent of annual revenues, according to the Association of Certified Fraud Examiners (ACFE). Their new report, to be released June 2, indicates that almost 90% of workplace fraud consists of misappropriation of assets. This may range from pilfering office supplies to complicated large scale schemes. Frauds may continue for years before they are detected. In forty percent of cases, the fraud is revealed by a tip. This report shows a snapshot of workplace fraud and how it is detected.
Small businesses are especially vulnerable to occupational fraud because internal controls often are not robust enough and because various duties must be combined and carried out by the smaller staff.
We are presenting at a small business seminar in Morristown, TN on June 8 sponsored by First Tennessee Bank. We will show how workplace fraud and embezzlement can happen right under the owner’s nose. We will also give attendees some practical ways to improve their companies’ internal controls.
In another presentation that day, we will talk about the increase in IRS audits and what business owners can do to make sure their books and records will withstand IRS scrutiny.