Internal control weaknesses correlate with financial fraud

Former Sen. Paul Sarbanes (D-Md), co-author of the Sarbanes-Oxley Act.

Bloomberg

The audits of companies’ internal controls mandated by the Sarbanes-Oxley Act are good predictors of financial fraud, according to a new study.

The study, by professors Matthew Ege of Texas A&M University and Dain C. Donelson and John M. McInnis of the University of Texas at Austin, found the incidence of fraud disclosures at companies previously found by auditors to have material weaknesses in their internal controls is approximately 80 to 90 percent greater than companies on average, depending on how it was measured. Of the 127 fraud cases identified by the study, 36 of them, or nearly 30 percent, occurred after auditor reports of material weakness in internal controls. The study appears in the August/October issue of Auditing: A Journal of Practice & Theory, a quarterly published by the American Accounting Association.

The researchers collected 14,000 internal-control opinions from auditors for large and midsized corporations, examining the relationship between reports of material weaknesses and reports of corporate fraud within the following three years.

“Although material-weakness reports mostly reflect accounting errors and portend revelations of fraud only infrequently, the fact that they precede almost 30 percent of the instances where fraud does, in fact, come to light should lead investors, regulators and legislators to take notice,” Ege said in a statement.

The study provides ammunition for defenders of the Sarbanes-Oxley Act of 2002, particularly Section 404(b), which mandates outside audits of public companies’ internal controls. The legislation was passed in the aftermath of the wave of accounting scandals of the early 2000s at companies such as Enron and WorldCom. However, Congress later relaxed the requirement for so-called “emerging growth companies” in the JOBS Act of 2012, in an effort to spur the development of startup businesses with less than $1 billion in annual revenues that want to go public. The Financial Choice Act that the House passed in June would lower the threshold further to $50 million.

“SOX Section 404(b) provides a potential benefit of an early warning system for future fraud revelation,” said the study. “Given the criticism of SOX and discussion in favor of its repeal or curtailment, this benefit is an important consideration alongside the costs of internal control reporting.”

Source: Accounting Today

Congressmen concerned about misuse of .cpa domain

A group of four lawmakers has sent a letter to an internet governing body expressing concern about how the proposed .cpa domain extension might be exploited by fraudsters pretending to be CPAs.

The American Institute of CPAs has been working to secure a .cpa domain string, in partnership with the Australian accounting body CPA Australia, since 2014. The two groups have pending bids for what is technically known as a “generic Top-Level Domain string,” or gLTDs, before the Internet Corporation for Assigned Names and Numbers, also known as ICANN, the global nonprofit that oversees internet namespaces.

Rep. Steve Pearce, R-N.M., Michael Conaway, R-Texas, Steve King, R-Ind., and Ruben Kihuen, D-Nev., are asking ICANN to develop and promulgate verification regulations for gTLDs that are at the most risk of fraud and abuse, including “.cpa.” Conaway is a CPA who is a member of Congress’s CPA Caucus.

In a letter last month, the lawmakers pointed out that a 2013 communique by ICANN's Governmental Advisory Committee identified several domain extensions connected to regulated or professional sectors, including the accounting profession. “The GAC recognized that ‘these [gTLDs] are likely to invoke a level of implied trust from consumers, and carry higher levels of risk associated with consumer harm,’” they wrote. “Further, the communique highlighted that gTLDs such as ‘.cpa’ could be used to deceive consumers of CPA services in the United States and around the world if granted to those outside the global CPA community.”

“Ultimately,” the lawmakers added, “the communique recommended ICAAN ‘[e]stablish a working relationship with the relevant regulatory, or industry self-regulatory, bodies, including developing a strategy to mitigate as much as possible the risks of fraudulent, and other illegal, activities,’ and specifically cited ‘.cpa’ as requiring "Category 1" safeguards.”

“Unfortunately, to date, ICANN has not fully implemented this recommendation,” they noted. “While it has taken steps in the right direction, gTLDs, such as ‘.cpa,’ are still not regulated in a way to prevent fraud and abuse. For a gTLD that has a strong connection to a regulated industry, such as ‘.cpa,’ the protection of the public against fraud or other illegal activities should be of paramount concern to ICANN. Strong, reliable verification procedures are essential to protect the public interest. The importance of the public trust to the CPA profession around the world cannot be overstated, and the potential harm to the public of fraudulent or illegal use of a ".cpa" domain is immense.”

The lawmakers are encouraging ICANN to come up with verification procedures for websites that try to claim .cpa domain names. “ICANN cannot combat fraud by simply requiring applicants to make a representation, without any verification,” they wrote. “We recognize that although such verification is not a simple task, but it is an essential one.”

Source: Accounting Today

House passes bill to curb IRS asset seizures

Randy Sowers, a dairy farmer whose $60,000 bank account 

was seized by the IRS.

Photo: Institute for Justice

The House unanimously approved a bill late Tuesday to discourage the Internal Revenue Service from using civil asset forfeitures to seize money and property from taxpayers.

The bill, known as the Clyde-Hirsch-Sowers Restraining Excessive Seizure of Property through the Exploitation of Civil Asset Forfeiture Tools (RESPECT) Act, would revise the authority and procedures the IRS uses to seize property that has been structured to avoid Bank Secrecy Act reporting requirements. Under the bill, the IRS could only seize property it suspects has been structured to avoid BSA reporting requirements if the property comes from an illegal source, or if the funds were structured for the purpose of concealing the violation of a criminal law or regulation other than structuring transactions to evade BSA reporting requirements.

Within 30 days of seizing property, the IRS would need to make a good faith effort to find all owners of the property, as well as notify the owners of the post-seizure hearing rights established by this bill. The IRS could apply to a court for one 30-day extension of the notice requirement if it can establish probable cause of an imminent threat to national security or personal safety.

If the owner of the property asks for a court hearing within 30 days after the date on which notice is provided, the property would have to be returned unless the court holds a hearing within 30 days after notice is provided and finds there's probable cause to believe the property derived from an illegal source or the funds were structured to conceal the violation of a criminal law or regulation other than a structuring violation. The bill amends the Tax Code to exclude from gross income any interest received from the federal government with respect to an action to recover property seized by the IRS under a claimed violation of the structuring provisions of the BSA.

The bill was sponsored by Reps. Peter Roskam, R-Ill., chairman of the House Ways and Means Tax Policy Subcommittee, and Joseph Crowley, D-N.Y. The Clyde-Hirsch-Sowers RESPECT Act is named after two small-business owners who had their entire bank accounts seized by the IRS for alleged structuring Jeff Hirsch and Randy Sowers. Hirsch had over $400,000 seized from his convenience store distribution business on Long Island, while Sowers, a Maryland dairy farmer, lost $29,500 to the IRS. Even though neither of them was ever charged with a crime, it took years of legal proceedings before they recovered their funds. They were both represented by the Institute for Justice, a libertarian law firm and advocacy group.

“The IRS used civil forfeiture to steal from innocent, hard-working small business owners,” said Institute for Justice attorney Robert Everett Johnson in a statement. “With Congress so bitterly polarized, it’s encouraging to see hundreds of representatives stand together against this inherently abusive practice.”

A study by the Institute for Justice found that from 2005 to 2012, the IRS seized more than $242 million in over 2,500 cases for alleged structuring offenses. One-third of those cases involved nothing more than making a series of sub-$10,000 cash transactions.

House Ways and Means Committee chairman Kevin Brady, R-Texas, praised passage of the legislation. “The House sent a clear signal to the IRS this week that bullying law-abiding Americans will not be tolerated,” Brady said in a statement. “After years of bipartisan oversight to hold the IRS accountable for their wrongdoings, the Clyde-Hirsch-Sowers RESPECT Act stands up for the innocent small business owners and farmers who were forced to hand over their hard-earned dollars to the IRS—in some cases losing their livelihoods and life savings. The bill puts in place strong safeguards to prevent the IRS from wrongfully seizing the assets of hardworking Americans. I commend Tax Policy Subcommittee Chairman Roskam and Rep. Crowley for their work to protect taxpayers, and I urge the Senate to pass this important legislation.”

Two wide-ranging civil forfeiture reform bills are also under consideration in Congress. Rep. Jim Sensenbrenner, R-Wis., has reintroduced the DUE PROCESS Act, which would strengthen safeguards for business owners, while Sen. Rand Paul, R-Ky., has sponsored the FAIR Act, which would prohibit federal agencies from keeping forfeiture proceeds and abolish the so-called “equitable sharing” program, under which the proceeds of seized assets are shared between state and federal law enforcement authorities.

Under “structuring” laws, the IRS has routinely confiscated cash from ordinary Americans because they frequently deposited or withdrew cash in amounts under $10,000. The IRS is able to keep that money without ever filing criminal charges.

An April report by the Treasury Inspector General for Tax Administration found the IRS’s use of structuring laws “compromised the rights of some individuals and businesses.” In a sampling of 278 investigations, it found no evidence in 91 percent of those cases “that the structured funds came from an illegal source or involved any other illegal activity.”

In October 2014, the IRS’s Criminal Investigation unit introduced a new policy specifying that it would no longer pursue the seizure and forfeiture of funds related to legal source structuring. However, in the same month the policy changed, the TIGTA report noted, The New York Times reported that IRS Criminal Investigation had been seizing funds in structuring investigations without filing a criminal complaint, leaving property owners to prove their innocence. Many of them gave up trying.

In July, Roskam noted that the IRS had reviewed 454 petitions for the return of property forfeited under the structuring laws and returned more than $6 million to property owners. The IRS also transferred 250 petitions to the Department of Justice for review, but the DOJ has only acted on 73 of the petitions. The Justice Department approved returning money in only 32 percent of cases—far below the IRS’ recommendation of 80 percent. In their 2016 party platforms, both the Republican and Democratic Parties condemned civil forfeiture and called for reforms to the practice. Since 2014, according to the Institute for Justice, 24 states have reformed their forfeiture laws while over 260 editorials have criticized the practice.

Source: Accounting Today

Can employees be paid in cryptocurrency?

Bloomberg

Can your small business clients start paying employees with cryptocurrency? In a short answer, yes. And companies are already doing it.

So what does that look like for the average employee? What can they do with these cryptocoins? How do they pay their mortgages? Do supermarkets take these currencies? Seriously, how do people live real life on digital coins?

Let’s find out.

When a company first approaches its employees about paying them in cryptocurrencies, like Bitcoin and Ether, employees might be a bit apprehensive. It might take some good, old fashioned education to get people on board with receiving digital coins instead of pay check or cash. And that’s fine. Change takes time to be accepted. It helps to know that there are other companies already doing this and it’s working out for them. What also helps is the growing list of corporations and businesses that actually accept cryptocurrencies, such as Bitcoin.

While there are many pros to paying employees with cryptocurrency, there are also a number of drawbacks for the employee.

Some of the pros associated with this practice highlight cheaper payroll runs, ease of implementation, and ease of international transfer without high conversion fees. Cryptocurrency can also be used to buy other cryptocurrencies for future profit potential.

Some of the cons associated with paying employees cryptocurrencies, however, include capital gains tax: Employees would have to pay tax on any profits they saw above and beyond what you paid them. While it’s great if the coins go up in value, the employee might not appreciate losing most of it to the taxman. Another con associated with paying employees with cryptocurrency is the risk of losing money. Sure, a lot of cryptocurrencies are stable and do well, but markets are volatile and employees could end up with less than what you intend to pay them.

Still, working for a living has always had its risks and there is no guarantee that your fiat currency is going to be worth the same amount tomorrow. If your client is a startup looking to draw out some really great talent, offering cryptocurrency payments might attract the tech-savvy applicant that is looking to break into a new and upcoming field. Cryptocurrency also provides startups with an easy way to pay people.

What’s more, ICOs (initial coin offerings) can fund companies to get their business and technology off the ground, freeing up cryptocurrency to pay employees with the digital currency. Operating capital is vital to the success of a new company, and certainly an ICO is a great way to build a nest egg for operations.

The bottom line? We used to talk in terms of decades when we would reference the future. But big changes, like paying employees with cryptocurrencies, are already happening. If business owners continue to think and operate like nothing is changing, they are going to find themselves left out in the cold, holding money that is worthless, and scrambling to change their ways when it might already be too late.

Source: Accounting Today

IRS warns of Harvey scams

Hurricane Harvey flooded Rockport, Texas

Alex Scott/Bloomberg

The IRS is warning about possible fake charity scams emerging due to Hurricane Harvey.

Criminals may look to take advantage of the outpouring of support for victims of the hurricane by impersonating charities to get money or private information from taxpayers, the agency said.

Such fraudulent schemes may involve contact by telephone, social media, email or in-person solicitations. Criminals often send emails that steer recipients to bogus Web sites that appear to be affiliated with legitimate charitable causes. These sites frequently mimic the sites of, or use names similar to, legitimate charities, or claim to be affiliated with legitimate charities in order to persuade people to send money or provide personal financial information that can be used to steal identities or financial resources.

The IRS suggests never giving out personal financial information such as Social Security numbers or credit card and bank account numbers and passwords to anyone who solicits a contribution. Scam artists may use this information to steal a donor’s ID and money. Also, the service warns donors never give or send cash: For security and tax record purposes, contribute by check or credit card or another way that provides documentation of the donation.

The IRS Web site has a search feature, Exempt Organizations Select Check, through which people may find qualified charities; donations to these charities may be tax-deductible.

The free IRS Publication 526, “Charitable Contributions,” describes the tax rules that apply to making legitimate tax-deductible donations and provides complete details on what records to keep.

Taxpayers suspecting fraud by email should visit IRS.gov and search for the keywords “Report Phishing.”

Source: Accounting Today

IRS Computer Security Incident Response Center needs improvement

IRS
Bloomberg

The Internal Revenue Service’s Computer Security Incident Response Center is preventing some cybersecurity violations, but could use some improvements, according to a new report.

The report, from the Treasury Inspector General for Tax Administration, noted that the CSIRC is responsible for preventing, detecting, reporting, and responding to cybersecurity incidents, such as computer related threats and attacks targeting the IRS’s technology assets. As the IRS holds tax information on all taxpayers, the agency presents an attractive target for hackers. But weaknesses in the CSIRC program could prevent the timely detection, prevention, or reporting of unauthorized access and disclosure of taxpayer data.

In general, according to the report, the CSIRC prevented, detected, reported and responded to a number of cybersecurity incidents. TIGTA took a sampling of 100 incidents out of a total population of 368 incidents during fiscal years 2015 and 2016, through April 30, 2016. It found the CSIRC properly identified and documented the type, nature and scope of all 100 incidents, including the systems and applications affected, the source of the incident, and the specific kind of lost equipment. However, TIGTA found several areas in which the CSIRC could improve its operations.

For example, the report noted the CSIRC could improve some aspects of its incident case work. TIGTA found that not all cybersecurity incidents were properly reported. Some of the supporting documentation on the document was deemed insufficient, incident costs weren’t captured, and reporting procedures were inconsistently applied. Sixty-four of the 100 incidents were required to be reported to the Treasury Department’s CSIRC because the incidents were confirmed to have compromised the confidentiality, integrity or availability of a federal government information system. Of the 64 incidents, 22 were not reported as required. On Feb. 15, 2017, after bringing the noncompliance to the IRS’s attention, the 22 incidents were reported to the Treasury Department’s CSIRC.

The IRS has suffered a number of high-profile data breaches in recent years that led to shutting down several of its online applications for the public, including its Get Transcript app, its Identity Protection Personal Identification Number service and its data retrieval tool for the Free Application for Federal Student Aid.

CSIRC employees and contractors didn’t always meet training guidelines, and the skill assessments indicated a need for more training. Not all CSIRC employees complied with the Federal Information Security Modernization Act, and they needed internal specialized security training for fiscal years 2015 and 2016. The employees took courses the IRS considered specialized; however, TIGTA disagreed with the designation after a closer review of the courses’ objectives. In addition, there was no documentation that contractors met the same requirements for the same periods.

Finally, the Incident Response Plan, which provides the organization with a roadmap for implementing its incident response capability, was developed, but was not updated to fully comply with federal guidelines.

The IRS corrected several of the issues before TIGTA completed the report, but TIGTA made five recommendations to the IRS’s chief information officer. The recommendations included correcting reporting inconsistencies of incidents and ensuring the costs of handling and responding to incidents are captured. The IRS should also ensure CSIRC employees and contractors comply with specialized security training requirements, TIGTA recommended, and it should remove contractor access privileges to IRS systems when contractors don’t comply with training requirements. The IRS should also ensure employees receive the necessary training to move toward high proficiency levels.

The IRS agreed to correct reporting inconsistencies and ensure that CSIRC employees and contractors comply with specialized security training requirements. The IRS partially agreed to remove system access by removing network access and ensure its employees receive training to achieve high and intermediate proficiency levels.

But the IRS disagreed with TIGTA’s recommendation that it capture the costs of handling and responding to an incident because it is not required by federal standards. TIGTA agreed that capturing costs is not explicitly required, but pointed out that doing so can help determine if additional funding is needed for the incident response team and can be used to measure the success of the team and effect of changes to capabilities on performance.

“The IRS is committed to continuous improvement to ensure the IRS CSIRC operates at the highest level of effectiveness,” wrote IRS chief information officer S. Gina Garza in response to the report. “To achieve this objective, we have enhanced the documentation and reporting of incidents involving lost/stolen cell phones. We have also implemented new technology, policies and processes to provide, gather, track and monitor all security training for both contractors and employees.”

Source: Accounting Today

Financial Gravity hosts AI design challenge for tax planning software

CEO of Financial Gravity John PollockFinancial Gravity / YouTube

Financial Gravity, a tax services and wealth management firm in Dallas, is sponsoring an AI design challenge for the creation of an an artificially intelligent tax advisor.

The AI-enabled automated tax planning assistant software, as it’s being called, will be named Odele; and its target end users are business owners, entrepreneurs and high net worth families with multiple sources of income, some investments, and the ability to save for the future.

Odele should be able to:

• Present and compare taxes and income for a business owner for a variety of tax configurations, assumptions, and projections;
• Calculate lost income by comparing taxes paid for a previous year with taxes that would have been paid under an optimal configuration;
• Recommend optimal tax-planning configuration for the upcoming year, based on the business owner’s goals, preferences, personal lifestyle and logistics of implementing different tools and services; and
• Learn and upgrade its algorithms based on each case it handles, new tax regulations, tax court cases, IRS rulings, etc. It should also able to alert users who may be using a strategy that is no longer optimal.

Financial Gravity reports that it has a database of ideal tax scenarios that maximize take-home income. The firm wants Odele to connect individuals to their most ideal scenario.

The firm is offering a total prize pool of up to $125,000, which may be split by up to five winners. The minimum prize is expected to be $20,000. FInancial Gravity also expects to invite competitors to partner with the firm, to share proprietary data to create a new and potentially jointly owned proprietary tool.

For more information on the challenge, click here.

Source: Accounting Today