ELECTRONIC TRANSACTIONS – Are You Leaving a Window Open for Fraud?

Washington Monument Joan M. Renner, CPA, Shareholder, Renner and Company, CPA, P.C.
Download the article e

Few execs would leave the office unlocked at the end of the day. Even fewer would leave some signed blank checks on top of their desk on the way out. Everyone is familiar with the security precautions that keep our organization’s property safe, and the procedures that control traditional financial transactions.

Today, however, financial transactions are changing. Nonprofits are saving time and money paying bills online, collecting fees by electronic transfer or on the website, paying employees by direct deposit, and more. The challenge is, as we say goodbye to paper, we’re also saying goodbye to our traditional internal control procedures. Though electronic transactions are efficient, they can completely bypass traditional controls designed for the paper world. You may put two signatures on every check, but if your controller can go back to his office and pay bills online without further approval, even three signatures on a check won’t prevent or detect fraud. As you adopt new electronic financial processes in your organization, ask yourself: are you leaving a window open for fraud?

Your bank accounts are also vulnerable to “dive bombing” attacks from outsiders. The same banking information you provide to someone sending you an electronic funds transfer can be used by criminals to prepare fraudulent checks and ACH requests. Sophisticated hackers use phishing schemes to try to attach malware to your laptop, enabling them to eavesdrop on your passwords and logins. They then use that information to take over your accounts, writing checks and even approving them through your check verification service. These types of attacks are on the rise and nonprofits are increasingly at risk.

Our biggest risk may not be from the outside. According to the Association of Certified Fraud Examiners, most frauds are occupational frauds. Many victims are smaller organizations without good separation of duties. So while news stories of outsiders attacking bank accounts are alarming, the fraud we may be most likely to experience is embezzlement. Frequently, we read about frauds in the news where a trusted employee used the authority of his position to divert funds for personal purposes. Electronic transactions can make it that much easier to divert funds if the window is left open for fraud.

Smaller nonprofits feel the most pressure. Without the resources to spend on internal control procedures, many are tempted to give up on controlling transactions in today’s environment. Is that advisable? How important is internal control? The answer is: it depends. The importance of internal control depends on the degree of risk, and the need for accountability.

A single business owner who controls his own money has little risk of embezzlement. His business model demands little accountability other than to himself. For him, internal control is not very important. With low risk and little need for accountability, the sole proprietor can decide whether or not he wishes to implement internal control procedures.

However, in a nonprofit, the risk of embezzlement is much higher. All transactions are conducted by non-owners. In addition, we all know that the nonprofit environment demands a great deal of accountability. Nonprofits are accountable to their Boards, their members, donors, grantors, to the IRS and to the general public. These factors make internal control very important in the nonprofit environment. With high risk and great need for accountability, nonprofit execs and Board members can’t ignore the need to safeguard the organization’s assets with adequate internal control procedures.

Nonprofits can close the window on fraud by following a simple maintenance routine. Inspect your transaction processes annually, and look for new areas that require new controls. Take a walk through your business cycle and ask: if an unauthorized transaction occurred here, how would we know? Ensure that procedures are adequate to cover both the risk of inside fraud as well as the risk of outside fraud. The controls you develop to prevent or detect embezzlement, will also detect fraud by outsiders. Let’s see how the maintenance routine works in these common transaction areas:

Online Payments–If your controller initiated an unauthorized payment through online bill paying, how would you know? Some free online bill paying platforms allow users to prepare payment transactions and then release them without further approval. This is like leaving a stack of signed blank checks out on your desk. Fortunately, many banks offer more than one online bill paying platform.

  • Close the window on fraud by choosing the banking platform that offers multiple levels of permission. Using a password generator token, one individual has permission to prepare payments but not release them. Another individual reviews and releases the payments.

If someone initiated a fraudulent check or ACH payment out of your account, how would you know? Anyone with your banking information can present a fraudulent check or ACH on your account.

  • Close the window on fraud by utilizing the protection services offered by your bank. Sign up for your bank’s check verification service. You tell the bank what checks you approved and the bank will only honor those checks.
  • Sign up for ACH blocks or filters. Your bank will block all ACH requests, or will only honor ACH payments from vendors you have approved in advance.
  • U need a UPIC. Ask your bank to assign you a Universal Payment Identification Code that allows you to receive electronic funds transfers without revealing your bank routing number or account number. The UPIC can’t be used to make withdrawals.
  • Use online access to watch the daily activity in your account. It sounds simple, but it’s the best way to keep an eye out for unauthorized transactions.

Website Collections–If an insider diverted some of your website collections into another account, how would you know? Individuals with authorization control the destination of website sales deposits. Some vehicles for website collections allow cash to accumulate in a separate account until transferred, and payments can be made out of this account without detection. Individuals in your organization who are authorized to make refunds can initiate fraudulent refunds to their own credit cards.

  • Close the window on fraud by comparing a report of website activity to bank deposits internally.
  • Watch for activity in the cash reservoir if you have one. Be sure the account is emptied regularly and that any payments made out of it are identified and recorded on the books.
  • Control credit card refunds with a refund authorization program.

Online payroll–If an insider gave themselves a bonus or a raise, or used a terminated or fake employee to deposit extra pay into their bank account, how would you know? When your employees are paid by direct deposit, the individual who transmits payroll to the payroll service is effectively a check signer. Some payroll service platforms permit users to initiate payroll and then release payroll without further approval. Fortunately, many payroll services offer more than one platform.

  • Close the window on fraud by choosing the payroll platform that offers multiple levels of permission. One individual is authorized to set up payroll transactions and another individual is authorized to review and release the transactions.

Today’s electronic transactions offer significant opportunities for nonprofits to save time and money. However, these new transaction processes bring a new set of risks. Nonprofit execs and Board members have a duty to be sure new controls are in place to keep assets safe. To review your risks, ask yourself the questions above, and use the answers to close the window on fraud.

Joan M. Renner, CPA, CGMA, has been providing audit and accounting services to nonprofits for more than thirty years. She is a Shareholder in Renner and Company, CPA, P.C. in Alexandria Virginia where she is in charge of the firm’s services to not-for-profit organizations. A graduate of the McIntyre School of Commerce at the University of Virginia, she has been a leader in bringing quality financial information to the nonprofit community through firm seminars, professional conferences and as Chair of a number of nonprofit Boards. Joan and her husband, John were named Living Legends of Alexandria in 2010.

©2014 Renner and Company, CPA, P.C. all rights reserved.

Why is it on my W-2?

Washington Monument November 2013, Maryland Hutchinson, Tax Supervisor, Renner and Company, CPA, P.C.
Download the article e

You hand out W-2’s every year.  How often do your employees ask “why is that on my W-2”?  By the end of this article, you’ll be able to answer many of their questions.

What is a W-2?

The IRS requires employers to report wage, salary and withholding information for each employee on Form W-2.  The IRS requires employers to send employees a W-2 no later than January 31st following the close of the tax year, which is usually December 31st.

The W-2 form is divided into boxes that report various items relating to an employee’s income. In box 1 of the W-2 you will find the employee’s annual wage and salary payments with the amount of Federal tax withheld from it in box 2. Box 1 shows compensation items subject to Federal withholding (i.e.: taxable).

Since only a portion of the employee’s income is subject to the Social Security tax, box 3 may report an amount that is less than your total compensation for the year. Effective January 1, 2014, the Social Security base will be $117, 000. Therefore, any compensation in excess of $117,000 will not be subject to Social Security withholding. Box 4 shows the amount of Social Security withheld.

Box 5 shows compensation subject to Medicare Tax. Box 6 shows the amount of Medicare Tax Withheld. Other boxes on the W-2 form include the employee’s compensation subject to state withholding and state income tax withheld. These amounts will appear in Boxes 16, and 17 of the  W-2.

W2 Form Example

Taxable vs. Nontaxable items on the W-2

Is there a difference between the ways a cash gift, bonus, gift card, or a gift of Thanksgiving turkey to an employee is taxed? The answer is Yes and No!

Generally, most gifts given to an employee (ie.turkey) can be excluded from the employee’s gross income and not subject to Federal, Social Security or Medicare withholding. Gifts of turkeys, hams, champagne, flowers, and fruit baskets are generally not taxable to the employee as a deminimis fringe benefit.

The IRS defines “deminimis” as “of minimum value”.  Whether a gift to your employee is a turkey or a gift card to a designated store for a designated item (i.e. a gift card to a grocery store for a turkey), if the amount is considered deminimis, it will not be considered taxable to the employee.

However, a gift of cash or its equivalent (i.e. a gift card for general merchandise) normally cannot be considered deminimis, no matter how small the amount.  In many cases, cash cannot be excluded from the employee’s income and should be subject to Federal Withholding, Social Security and Medicare.

Common Items on the W-2 Retirement Plans

Employee’s retirement plan deferrals are normally excluded from Federal withholding and do not appear in Box 1. However, the employee deferral retirement contributions are subject to Social Security and Medicare withholding unless the retirement plan contributions are designated Roth IRA contributions. Designated Roth IRA contributions will be subject to Federal, Social Security and Medicare withholding.

Pre-Tax Health Insurance Premiums Pre-Tax Health Insurance Premiums are not included in the employees’ W-2. However, the employer’s cost of health insurance paid on behalf of the employee should appear on the W-2 for employers filing more than 250 W-2’s annually. This amount is informational and appears in Box 12 of the W-2.

Flexible Spending Accounts

Healthcare FSA (Flexible Spending Arrangement) allows employees to set aside earnings to pay for qualified medical expenses in a cafeteria plan. Deferrals of $2,500 or less are considered non-taxable and not subject to Federal, Social Security or Medicare withholding. The amount of FSA deferrals will also appear in Box 14 as other information.

Dependent Care Assistance Dependent Care Assistance- This amount of dependent care assistance can be excluded from taxable compensation up to $5,000 per year. The requirements are that the Child/Dependent care expenses must have been incurred to allow your employees and/or their spouses to work, or look for work.

The provider of the dependent care must be someone the employee and/or his/her spouse cannot claim as a dependent. The eligible programs which qualify for dependent care are: Day camps, daycare centers, nursery schools, and after-school programs.

Additional Fringe Benefit Items on the W-2 Non-Taxable Moving Expenses

Qualified moving expenses are non-taxable to the employee and not included as wages on the employee’s W-2. Examples of qualified non-taxable moving expenses include fares for air, bus or train for the employee and their household members, moving companies including the movers, lodging for the household during the moving process, gas for rental vehicles, tolls, parking expenses and mileage for the use of personal vehicles up to the IRS rate.

Taxable Moving Expenses There are also non-qualified moving expenses that are taxable to the employee and included as wages on the employee’s W-2 in Boxes 1, 3, and 5 and are subject to Federal withholding, Social Security and Medicare. Examples of non-qualified or taxable moving expenses include put are not limited to temporary living expenses(ex. Lodging locally in the town where the employee is moving), pre-move house hunting trips, storage in excess of 30 days, and closing costs to purchase a home

Personal Vehicle The value of the personal use of a company vehicle should be included with wages as compensation and reported on the employee’s W-2.  The employer calculation of the value of personal vehicle uses the following methods mandated by the IRS: General Valuation Rule, Cents per Mile Rule, Commuting Rule, and the Lease Value Rule. Depending on your employee’s situation, one of these valuation methods will apply.

Non-Taxable Educational Assistance Amounts paid to an employee up to $5,250 per year are not taxable.  The employer cannot offer the employee cash instead of the educational assistance. The program cannot benefit only highly compensated employees.

In conclusion, there are numerous additional items which appear on the W-2 not mentioned in this article. The time is now to contact your organization’s payroll service provider and/or CPA to ensure that all related items are included (or excluded!) from your employees’ W-2 at year end.

© 2014 Renner and Company, CPA, P.C. All Rights Reserved.