A recent webinar hosted by the National Automobile Dealers Association (NADA) with accounting, consulting, and wealth management firm Moss Adams provides some tips that shop owners can heed to prevent and/or detect fraud.
While the discussion centered on dealership management practices and anti-fraud measures, some of the recommendations shared can also apply to collision repair shops.
Moss Adams CPA and Senior Manager Danielle Mar shared that fraud often occurs in a triangle of elements – pressure or incentive, rationalization, and opportunity. And sometimes, there’s a fourth element – capability, meaning the ability or skills to commit fraud. Common reasons that drive someone to commit fraud are incentive-based compensation or personal reasons, such as debt, Mar said. She said those who commit fraud will then rationalize and justify their actions by believing they deserve the money or because they work so hard and don’t make as much as they should. Lastly, fraud happens when there’s an opportunity, such as a lack of proper internal controls — mechanisms, policies, and procedures – in place “to ensure the integrity of financial accounting information and mitigate fraudulent behavior.”
Moss Adams CPA and Automotive and Dealer Services Partner Lewis R. Fisher added that fraud more often occurs in parts and services departments and is “very basic on the surface.” For example, if parts inventory isn’t integrated into the general ledger and management system, accurate numbers aren’t reconciled so employees have the opportunity to sell inventory that isn’t tracked online, sometimes even under their own website using their employe’s FedEx and/or UPS accounts to ship the parts.
“There’s opportunities to prevent this,” Fisher said. “You can have annual physical counts – you should have annual physical counts. You can have monthly cycle counts where the accounting department is doing bin counts.”
He added that owners should know what access to parts inventory employees have and what manual adjustments they could be making. Something repairers would likely also want to know. It’s also important to pay attention to inventory reconciliation trends on a month-to-month basis, Fisher said.
“The thing that drives this is there’s a lot of parts,” he said. “There’s a lot of small parts. There’s a lot of high-value parts that sit in that parts warehouse so ensuring physical access is secure. Ensuring our employee’s activities are monitored and utilizing the reports that are available to us.”
Specific to the service side of operations, Fisher mentioned fraud is also possible through “manufacturer-inflicted” practices. “Many of the manufacturers want us to have a single point of activity with the customer so they want that service advisor to write the repair order, to then collect payment from the customer… That creates potential for the service advisor, who is now collecting money and may have the ability to alter that repair order. Now we have this risk where someone’s receiving money but can also change a repair order and could be taking cash or could be offering discounts in exchange for side payments.”
This could come into play at collision repair shops that work on electric vehicles (EVs) that require de-energizing by an OEM dealer and a work permit to be obtained from the OEM by a shop technician for every day of work that can’t be given electronically.
And as far as body shops, fraud can occur when collecting deductibles or through sublets and vendors, Fisher added. In general accounting practices, it’s best to know who has access to make manual payroll and vendor changes such as entering in hours worked and adding new vendors as well as “super user,” or complete administrative access, to the shop’s management systems, Mar said.
Segregation of duties is also vital, the group agreed. This means making sure that access, review responsibilities, and custody of transactions are segregated among enough people or that enough reviews are implemented reviews so that, for example, one person isn’t signing checks, reconciling bank accounts, and reporting on the accounts at the end of the month. Fisher recommends a daily reconciliation of bank accounts.
Moss Adams Director and CPA Kimberly Linebarger said internal controls should be followed by all employees at all levels, including upper management, and they should be openly discussed. That includes requiring mandatory vacations and putting in place proper employment and ownership agreements. Fisher added that mandatory time off, particularly in the accounting department, allows for “a break in the system” to have a different person look at things through fresh eyes to possibly detect fraud.
Mar noted that the Association of Certified Fraud Examiners estimates that about 5% of a company’s total revenue is lost to employee fraud every year; 46% of which could be prevented with proper internal controls.
She said, based on those statistics, that fraud typically proves more costly than anti-fraud measures, especially if an external audit is necessary due to the price tag to have one conducted and facing the loss of business relationships from having to get to that point.
“Putting into place some thoughtful, maybe even very simple controls, that don’t take a lot of time or energy to put into place could really actually be to the benefit,” she said.
Controls fall into three categories: preventive, detective, and corrective, Mar said. The first can include dual check signing, where two people have to sign checks before they’re cashed, or invoices for checks can’t be approved without first being reviewed. Preventative controls can also include spending limits, job rotations, and credit checks on financial reporting employees. Detective controls can mean surprise checks of the amount of petty cash on hand compared to how much is in the safe, timely reconciliations of accounts, and counting inventory more frequently.
Mar and Fisher also noted that internal controls aren’t just to prevent and/or detect fraud, they’re also to prevent and/or find errors in accounting practices that the business owner(s) expect to be followed.
Fisher also recommends paying attention to employees’ lifestyles. For example, are they driving a really expensive vehicle that they likely shouldn’t be able to afford with what they make? That could be a red flag for fraud, he said. Business owners can also think about what a “fraudster” might do. In other words, think like them to figure out measures that can be taken to prevent those actions.
Fisher said the following steps should be taken if fraud is discovered:
- Call legal counsel to build your case before calling the police
- Call your business insurance carrier
- Safeguard existing assets including changing passwords and limiting access
- Create an action plan for how fraud will be detected in the future, and earlier on
It’s also a good idea to set up a hotline for anonymous fraud reporting with legal counsel looped in on to not only set up but to operate, Fisher said.
Featured image credit: Galeanu Mihai/iStock