What steps can business owners take to prevent financial fraud and increase cybersecurity?

Jack A. Callahan
Partner, Construction Industry Practice Leader
CohnReznick, LLP

Contractors must up their game when it comes to cybersecurity’s role in protecting them from financial fraud. Ransomware became the tool of choice for a $1 billion crime with the recent attack through WannaCry/ WannaCrypt. This exploitation impacted more than 200,000 computers in more than 150 countries. Additionally, with the proliferation of the internet of things, cloud storage and electronic banking, the risks of wire fraud and cyber breach continue to rise.

The first step to protect yourself is to recognize that you are a target and take preventative action. Remember that the infamous Target hack was delivered through the exploitation of an HVAC subcontractor. Perform an audit of your major risk areas, including financial controls, insurance, firewalls, antivirus and backup procedures. Before granting a subcontractor or supplier access to your systems, review their protocols and assess potential weaknesses. Create a cybersecurity breach response plan to prepare yourself before an attack occurs. Finally, remember that these plans need to be updated annually due to new technologies, staff and business relationships.

Andy F. Jones
Senior Manager
Crowe Horwath LLP


Cybersecurity is a chief concern of executives and business owners, who have a responsibility to protect and ensure the safety of their firm’s assets. Beyond financial assets, a firm’s assets include its employees, infrastructure, computers, software, services, telecommunications system, and all transmitted or stored information in its computing environment. They also include a company’s reputation and customer confidence, which operational disruptions and information breaches can erode.

While various frameworks exist for organizations to follow when developing cybersecurity programs, these frameworks can be overwhelming. But all point in the same direction: Identify your critical data, conduct a risk assessment of data controls and remediate weaknesses by implementing security controls. 

These steps should be repeated annually and when significant changes occur in the business or IT environment. An effective cybersecurity program requires continual improvement of defenses and adaptation to the changing threats that contractors face in protecting both their digital assets and most valuable assets: their people and customers.

John Rosch
Senior Account Executive
Explorer Software

The easiest and most effective ways to prevent financial fraud are to ensure a separation of duties and to produce annual audited financial statements. Separation of duties, even in small organizations, requires at least two people to complete financial tasks (e.g., having one person responsible for entering vendor invoices and another resource for issuing payments).

If you rely on performance bonds or actively use a line of credit, audited financials typically are required. Committing to the additional expense of an audit ensures that accounts have been confirmed by an external firm.

The issue of cybersecurity will continue to be a growing concern. Ransomware attacks are a daily occurrence, and keeping your network protected requires diligence and planning.

If you are attacked, your best defense is having your data protected by daily and incremental backups. Part of your backup strategy is testing your restore process on a regular basis so you are confident you can overcome a cyber attack or system failure.

What steps can business owners take to prevent financial fraud and increase cybersecurity?

Rick Deland
Vice President/Owner
Applied Computer Systems, Inc.

Every business should take the most fundamental steps for preventing financial fraud. It is simply a matter of separating duties, adding checks and balances, and maintaining a transactional audit trail. Do not let one employee be responsible for everything. The same person who opens the mail should not be doing deposits. The one with access to check writing should not reconcile the bank account.

I have seen several cases in which a long-time trusted employee with full responsibility for all accounting tasks takes advantage to steal from his or her employer—typically resulting in six-figure losses. The temptation can become too great
to find a way around the system. I have seen the fraud occur through payroll, accounts receivable and accounts payable. For accounts receivable, incoming checks may be diverted to a shell account, and invoices adjusted or deleted. With payroll, it usually involves checks to terminated, or nonexistent employees. Accounts payable may or may not involve an outside partner, where fake invoices are entered and paid. Keep an eye out for unusual numbers of customer or vendor adjustments, or extra employees.

Why do you need a construction CPA if you have the right software?

Fred J. Ode
CEO/Chairman
Foundation Software 
I started my own business because I didn’t want to work for anyone. I think most contractors can relate, which is one reason I love the construction industry: It’s full of independent people who want to be the best at what they do, so they go out and do it.

That doesn’t necessarily work as well when you’re trying to figure out the right tax deductions or how to apply non-cash fringes for health coverage or implement a new job cost structure. We all have a trade; for construction CPAs, it’s advising the business and financial side of what you do best.

Whatever stands to improve your cash flows and profitability, technology today can absolutely make it easier to do. But a construction-focused CPA who knows your business can actually tell you what to do and why to do it, and probably present you with additional options. Plus, many experienced CPAs can help you evaluate, select and implement technology that lets both of you work more effectively to keep you on track for success.

What advice do you have for contractors with complex payroll challenges? 

Mike Ode
President
Payroll4Construction.com

Definitely don’t go it alone. There are two potential traps to be aware of with something like payroll. It’s possible to underestimate the complexity of state, federal and agency requirements, putting in a good-faith effort and counting on the best outcome. This also underestimates the penalties contractors can face and how that can tie up their business in an audit. Alternatively, it’s possible to shy away from big opportunities like government contracts and out-of-state work. I don’t think that’s an answer either.

Contractors really need the expertise of professionals who know the financial and legal picture and understand the industry. For questions around taxes, fringes and reporting, that person is a construction- specific CPA. Sometimes, contractors also need direction from a construction-focused attorney. In both cases, the more you have a working relationship with them, the better they’ll understand how best to address your specific challenges. Contractors don’t have to hesitate to get expert assistance to guide them, and they should keep in mind the uniqueness of their industry when it comes time to select these professional partners.

WHy is the capitalization of indirect costs an important issue for contractors?

Brian Drumm
Delivery and Product Director
COINS

From a management perspective, it is important to capitalize and depreciate/ amortize:

• indirect costs to allocate appropriately/equitably such costs to jobs over the useful life of the asset; and
• overhead/general and administrative costs to stabilize such costs over multiple fiscal years.

For direct costs, such as equipment owned (assets), capitalized equipment costs are typically allocated to a direct cost category by charging jobs for the ownership and operating costs when equipment is working on specified jobs.

For indirect costs, such as those associated with indirect labor or the warehouse, while normally not capitalized, allocation is typically to either the labor cost category (as part of a the fully burdened labor rate) or the allocated cost category (as a function of direct labor charged to jobs and inventory charged to jobs).

For overhead/general and administrative costs, allocations to jobs are typically not done as there is normally no reasonable allocation basis for such allocations, and therefore such an allocation would distort job costs.

What is the best strategy for ensuring companies have the visibility into critical project and business performance information so they can proactively manage the organization?

Oliver Ritchie
Vice President, Product Strategy
CMiC

Financial software issues like missing payments can cause slowdowns or work stoppages at the jobsite. Without a strong financial core, the project’s key operations slow, costs increase and schedules slide. An often overlooked solution is financial enterprise software.

Financial interoperability across disparate systems causes data-latency and obscures data-driven decisions. Enterprise financial software provides project stakeholders with the power to make data-driven decisions in the field to keep the job on track and promote client satisfaction. This is accomplished through real-time and uncompromised data integrity from a single database.

Automations like progress payment workflows, where emails are parsed using optical character recognition to collect and create invoices, removes the lengthy manual process that can cause serious delays. Project managers instantly receive electronic notifications asking to validate materials, services and cost coding. Project managers approve invoices with one click from smart devices.

Financial automation software removes concerns about timely payments so project managers can focus on managing the job.

Matt Harris
Senior Vice President, Products
Viewpoint

In an industry that is inherently high risk and low margin, having reliable and consistent visibility of project and business performance data is critical.

Too often, leaders are challenged to identify performance trends over time, and end-of-project surprises mean costly and reactive decision- making rather than proactive strategizing and planning.

The solution: true integration across all workflows from the back office, through extended project teams and into the field. True integration means all applications work seamlessly together (regardless of platform) and, most importantly, share a single source of data.

Truly integrated software solutions mean that accurate project information is entered one time as it occurs and is automatically updated and shared across workflows. This ensures leaders in the executive office, the project team, and on the jobsite have accurate, trusted and up-to-date information to make proactive decisions and adapt as new information is shared.