Webinar Replay: Protecting Your Contractor Business from Cybercrime and Fraud
Posted December 13th, 2021
Scott Peper
Welcome, everybody. Thank you for joining us. I appreciate it. I’m very interested to get on this topic today I have an amazing guest someone that we hired here individually Mobilization Funding to just go through with our team, just the outright fraud that’s out in the marketplace, whether it’s through email IT services in the construction space, not only just to help us, but we actually had a client that was impacted by fraud, and it gave us some indications to look into it for ourselves. And then we wanted to be able to share what we learned was a valuable experience. And so I want to welcome everybody, Suzanne Cox, she’s with a company called Saltmarsh, Cleveland and Gund. She is a shareholder in the audit and audit audit and insurance service items I audit and assurance services department. She’s an active member of several associations, a regular contributor for trade publications, and she has a very, very strong background and experience in the emphasis in construction. So Suzanne, welcome.
Suzanne Cox
Thanks. Thanks, Scott, appreciate it. So hey, guys, this platform is a bit new to me. So if I screw something up, I apologize in advance, I am not the it shareholder here. So we’re gonna chat a little bit today about common types of fraud. And then what can you do to either prevented or mitigated or just reduce your risk? And so, you know, Scott mentioned, our firm and what we do, and I am an audit, but I’ve spent about 25 years working with contractors and manufacturers, specifically, not only just in audit, but also in a what we call vulnerability studies and fraud assessments, you know, how susceptible are you to fraud and, and control engagements where we go into companies and we look at their controls, and we, you know, look for areas of weaknesses, where, you know, they may be able to add some controls and, and beef up, you know, security so, so I do have some experience, you know, as it relates to fraud, and obviously, an audit. That’s one thing we look for, and keep our eyes out for.
So I’m going to give you some tips today on what successful companies do and some stories from some unsuccessful companies, of course, and some of it may seem, I know, our audience today is ranging in size of different, you know, size contractors. So you may initially think, well, that’s great, Suzanne, but you know, that just, it’s not really gonna fit my company, I’m a little bit smaller than that. And I recognize that and, and, you know, some of this advice may not be perfect for your company, but it is what the best of the best companies are doing. And so if you’re looking to grow, or you’re just looking to strengthen your, your control area and mitigate risks, these these are things that our companies are doing successful healthy companies, you know, so that’s, that’s where this is coming from. So again, just keep that in mind, I realize everyone is different. And this may not all fit for you, but what can you do at your size and your risk tolerance to you know, mitigate any risks you may have.
So here are some common types of fraud. Not all of these are exclusive to the construction industry, of course, you can see her fake vendors, fake payroll, and employees, credit card fraud, those are very common throughout all industries. Then we get into a little bit more specificity with construction with Bid rigging and change orders. And then we’re going to briefly talk about some of the craziness going on in the IoT world and cyber fraud as a as a general whole. So we’re gonna dive right in here.
So fake vendors. So what does that mean? You’re, you’re probably thinking what, you know, what does that mean? And I don’t even understand. So, for example, we had a client many years ago, that was about 4 million in size, so not a large contractor. And they had a project manager that they trusted very highly. And that project manager was you kind of in charge of a lot. You know, he was out running the jobs running the crews, paying the suppliers he was in, in most cases, choosing the suppliers and or the subs on the job. And he was a subcontractor, but for a larger GC, so it was like a sub of a sub. So he set up a vendor and he he said that this was a subcontractor that was working on the job. And he had the accounting clerk, you know, set up that vendor or that subcontractor and was paying that subcontractor for work performed. And so when the owner was checking in with him, you know, saying, Hey, how’s the job coming? You know, what percentage of completion Are you blah, blah, blah, you know, the guy is telling him hey, we’re like 80% done and And the costs that are coded to the job and that they’ve paid out of the company are in line with 80%, you know, about 80% of the budget has been spent. And so one day, the owner just happened to be driving by this job site. He was a not a hands off owner, but one that wasn’t constantly on job sites, checking things out. He drove by the job site and thought, Hmm, that does not look like 80% Complete to me. So, you know, gets out of the truck tries to figure out what’s going on comes back to the office talking to the accounting clerk, you know, who are we paying? How are we paying these people I don’t understand this job is nowhere near 80% complete. So long story short, they found out, they called us this was a tax only client. And they called us and said, Hey, we need help. We don’t even know where to start. But we know something’s wrong, something’s up. And so we found out that he had set up a fake company.
And so when I say fake, you’re thinking, Well, I don’t understand what that means. So the company probably existed, you know, he, he had to go to the bank, he had to get a checking account. You know, the, the company had a name, but it was not a legitimate company. And so he was paying this company, which was essentially him for work performed that never got performed. So you’re thinking, you know, how do I how do I prevent that from happening? So one thing we recommend to all of our contractors, GC, or sub is to do qualification on if you’re a sub qualify your GC, if you’re a GC, qualify your sub, if you’re a sub subbing to more subs qualify those subs. And so what does that mean? It you know, means going out seeing if they have a legitimate company set up? Do they have a website? Can you call a phone number? Do you get a person? You know, is it a legitimate company. So the second bullet here, double approval of new vendors, or new suppliers. So what that means is, in this case, had the project manager come back and said, Hey, accounting clerk, I need you to set up XYZ company, we need to start paying them. If that clerk at that point, did some research, you know, did it just a couple steps, she could have probably found out that, hey, this is not a live real, legitimate company. So it doesn’t need to be the owner, you know, necessarily always doing this approval process, it could be someone else in the company, because I’m sure you’ve heard of collusion before. So collusion is when two or more people get involved to do something, and and when there’s two people or more that would need to get involved, it significantly reduces the risk of fraud. So if you’ve got just one other person, you know, now the project manager would have to get the accounting clerk to to collude with him to make to make this happen. So it could be just her doing just a couple quick checks on things. It could be an owner, or executive person, just looking over vendors every month, you know, who are the new vendors who have we added Who were you know, just doing a quick oversight.
And so we’re going to talk a lot about oversight today. And in a small company oversight can sometimes, you know, be a struggle to make happen, because you might only have a couple people in the company, if you’re small. But that doesn’t mean that you should ignore it. So it just means you might have to be a little more creative or think of some different solutions to that problem. But it does not mean ignore it. So here’s another one when we get into the IT problems later is confirming payment information via telephone do not send payment information via email, don’t send account numbers, don’t send security or social security numbers, you know that that is just call, just call whoever it is that you’re supposed to be paying, whether it’s electronic deposit, and they need your routing number things like that. Make make those calls not not on email. So the final bullet point here is segregate duties between the person who enters the new vendors and the person who approves or pays the bills. And so let’s go back to our example here, say it wasn’t the project manager say it was the accounting clerk, say the accounting clerk set up a fake vendor and now she is adding bills, and she’s approving them and she’s paying them. If she has custody of all of those activities, that can be really bad. So you want to make sure that if you have an accounting person, that there is some oversight of that accounting function, whether it’s she doesn’t have the ability to pay vendors online or she doesn’t have Signing Authority. You know, that’s got to be approved by someone else. Those are important controls to have in place.
So similar to fake vendors, can also have fake employees or fake payroll. So as an example back to our segregation of duties issue, if you had an accountant that is Set up Joe Smith. And Joe Smith has a social security number that was potentially fake or stolen, who knows. And she or he sets up a new employee and then pays that employee, if that person has control of both setting up the employee and paying the employee. That’s the problem. So that’s another thing, you just want to look again, back to oversight, you know, make sure that someone is reviewing the payroll reports that’s outside of the person that sets up new employees.
So in a larger company, you might have an HR person that’s setting up the employee saying, Hey, we got this new guy, Joe Smith, here’s all his details, and he gets into the system. And then the accounting person pays that Joe Smith, you know, person. So that would be a control. If you have that many people, if you don’t have a formal HR department, which is very common, you would need to get another person involved, whether it’s an owner or an executive, you know, someone to be reviewing payroll to make sure it looks applicable. One of our audit tests that we do when we perform audits, is we will have the owner review everyone on payroll and, you know, say, Hey, do I know who Joe Smith is? If I heard of Joe Smith, you know, make sure that all the employee names sound familiar to him. And again, we realize that sometimes you have some turnover in the field. And we get that, but this is an important thing to keep an eye on, you know, back to the oversight comment. So one thing, I have a story of an employee who sent an email to HR and said, Hey, I want to change my direct deposit account. So he was getting paid on direct deposit. And it turns out that someone had spoofed his email and sent an email to HR saying, hey, I want you to change my direct deposit account. They HR people, they didn’t know any different because they got an email that said, you know, Joe Smith at XYZ company.com. And so they thought, Okay, well, yeah, Joe Smith just wants to change his direct deposit. So they went and changed it.
And the next week, Joe Smith, did not get paid. And Joe Smith calls up and he says, Hey, I didn’t get paid. And they said, Well, we you know, sent the money to your new account, you emailed us through your new account, and Joe Smith is like, I don’t have a new account, I have changed my information. And so who who what happens here, right? So Joe Smith didn’t get paid. So the company has to pay Joe Smith now because he legitimately worked. And now the company is out to two paychecks one, two, who knows who, right and then one to Joe Smith. And so where that company is now left is trying to figure out who got paid and tracking this down. And, you know, many times that that’s a very cumbersome, time consuming headache, huge headache. And so companies will just, you know, say, forget it, whatever, it’s only $500 or, you know, whatever. But this happens, you know, this happens a lot, and it can happen over and over. Again.
So just in ways to fix that is don’t, again, back to the point on the slide before, don’t take things via email, if an employee wants to change a direct deposit account, you know, they need to talk to someone physically and make a change that or you could have a change by direct deposit account form that the employee would have to fill out and sign and turn in. If you’re using cloud based computing systems, you know, you could fill out a form online and submit it, you know, that way as well that can be secured depending on what type of software you’re using. But if you’re not to that point where you have that type of software, then you know, have the employee sign something and send it in if you guys are remote, you know have a mail it in with with our signature.
So those are just some easy ways to fix that. And, you know, again, it sounds time consuming. And maybe it does add a little bit of time or headache. And you get some pushback from from employees, you know about these new controls. There’s so many reasons that we’re going to talk about today as to why you should do it that you’ve just got to say, Hey, this is what we’re doing. As you grow as your company gets bigger, you know, it’s easy to set these controls in place when you’re small. But when you’re big, and then you don’t have the controls in place, it’s so hard to go backwards and then put them in place, especially again, back to like employees push back, you know, you’ve got you’ve got more employees that are going to push back at that point. So it’s easy when you’ve got a small number of people and you can get these controls in place and start you know, functioning like a larger company.
It ended up that that we had another company similar where they changed the direct deposit and it got all the way through to payroll and payroll actually called the guy because she noticed that he was wanting to get paid on a prepaid card if you guys have heard about those, so she called them because she knew him and she’s like, Hey, why do you want to get paid on a prepaid card and they actually discovered it but only because of that only because she like knew the guy and she’s like, why would you want to do this?
So so like I said, I got stories for days on on some of the things. So credit cards, this one is probably the one I get the most pushback on. Of all my all my clients, when you get in there and start lecturing them on, you know, credit card usage and Expense Report usage, it gets it gets heated. So I’ll give you an example of one, the company had issued tire they had, they just called it the tire card. And as you all know, you know, large pieces of equipment require large tires, and they’re very expensive tires sometimes, and so the accounting clerk had access to that tire card, and she could make purchases all day, every day long. And nobody ever looked at the tire credit card, they, you know, just paid the bill and it got paid, and nobody ever looked at it. And so come to find out she had been buying tires, and selling them to other contractors. So this free money for her right, because she bought the tires on the one company and say they were a couple $1,000 She goes out and she sells them for 500 bucks on the black market, you know, the tire black market, and, but she’s pocketing 500 bucks. And you you might think this is this is not this isn’t real like this, she probably didn’t make that much money, she made about 100 grand over the course of a year. And so when we went back and audited the credit card for the tires, we found all the actual tires that the company used. And then we found about 100 grand and tires that the company did not use. And so that was another one where they called us in to help them, you know, find how much she had taken. But so here’s the the downside, right, so they press charges, criminal charges on this woman, and that’s all finding well, except she spent the money, you know, the money was gone. So they didn’t get their 100 grand back. And they’re just left with this, you know, fraud expense on their books now, you know, for 100 grand that she stole from the company.
So a lot of these things, the the retribution is slim for the for the company, they got frauded because the person has run off with the money and they can’t, you know, they certainly can’t pay it back in jail, which is where she landed, you know, so. So that’s just one example, if you do have credit cards, make sure you’re getting support for those things that are purchased on the credit card, make sure that people are approving them, whether it’s an owner, or just another person, an executive or something, you know, reviewing the credit card statements and saying yes, these are legitimate expenses, we have receipts to back them up. And you know, this is this is a legitimate expense. So the expense reports and, and credit cards, some people give fuel cards to their employees, which is I understand super common. The guys are running around, you’ve got a fleet, everybody has a credit card, fuel card, and they can only use it for fuel. Okay, I get it. And and I’ve even talked to owners that have said, well, I don’t really mind if they fill up their own truck, like what’s the big deal, it’s 30 bucks here and there. I understand that accept 30 bucks here and there is going to add up first of all, but more importantly, it is setting a tone that fraudulent or unethical or unscrupulous activity is acceptable. And so that causes a pervasive just overarching issue in the company that this, you know, this kind of behavior is okay. So when you have that kind of environment or culture that you know, starts to bleed into some other things, so when you know that guy might not be at home scheming, of ways that he can fraud the company, but he already knows that the owner doesn’t really care if he fills up his personal car with fuel with the company gas card. So he’s already feeling like the tone of the top is not one that really cares, you know about these types of things. And that can bleed into some bigger issues and some more again, pervasive issues. And so I cannot stress that enough that if, if you want to, you know, benefit your employees are like I’ve heard the term Well, it’s a perk, it’s a perk, you know, they can use the company card for some personal stuff, it’s a perk, you know, the way to give your company your your employees, perks and stuff, pay them more, okay? You want to pay them more, give them a bonus, or give them health health 100% Health care, you know, get a 401k profit sharing plan in place, don’t perk them, quote, unquote, by giving them the ability to fraud the company because that is just the wrong precedents that you want to set.
And so one of the other things I hear a lot is, well, it’s impossible Suzanne to get the guys to turn in all the receipts. So you see my fourth bullet here. No ticky No. Washi I know you guys heard that before. You don’t turn in your expensive orders with receipts you don’t get paid. That’s going to be a tough pill to swallow for some guys in the beginning. But once you say, Hey, you’re not getting paid, they’re gonna, they’re gonna make sure they turn in their receipts. So it is, again, back to that size thing, if you’ve got 20 guys that are filling out expense reports, it’s a lot easier to control than when you might have 40 or 50 guys with the same issue. So get those procedures and controls in place now, you know, make sure you’re getting receipts for things that they’re out spending another another good example of abuse of that type of thing is, you know, a lot of our our guys with fleets, you know, again, they’ll go get a repair on a truck, and they won’t turn in the receipt, and the company will just expense, you know, they’ll pay the guy like, hey, yeah, he had to get his truck fixed, he was on the road, he had to get it fixed. Sure, we understand that, except, we’ve had so many examples where when we’ve called the, the garage to get a receipt from the garage, they have turned in a receipt for a truck that is not owned by the company. And so that again, goes back to like, they’ll call us to, you know, do these vulnerabilities studies or these kind of fraud reviews, and we find out that the car or truck that was fixed was not the company truck. And so this guy now charged, you know, a $3,000 motor rebuild to the company for his personal Suzuki, well, not a Suzuki anymore, but you get my point. So those things, like I said, they can just become you know, issues if you’re if you’re not strict about about getting receipts and things. So
Scott Peper
I have a story for that. I spent probably 10 or 15 years, the majority in medic medical device sales arena with a lot of, you know, highly compensated individuals, both sales, marketing, you know, operations, all different fields, with folks that are making plenty of money to support an entire family, if not others. And in that it was the $20 the $50 $100 little things in this one particular story I remember, like gas was being used a fuel card for literally the entire family, like eight tanks of gas in a territory that if you if you filled the car up eight times, you could have driven around the state of Florida like 10 times in a week. And then another one where flights and tickets are being purchased for entire family vacations. Anyway, the reason I tell you that story is that because if there were unscrupulous people as like normal people that sort of just got upset for one day and push the line by like, expensing the first $10 parking ticket, no big deal. And as soon as you be safe, because if they don’t have clear direction, am I the greatest people with the best intent people are flawed, we all are and you do something wrong, and you don’t even intend to and next thing, you know, just runs away from them and watching that occur is so sad, because when they go back, they know they were wrong, they just couldn’t help themselves. And if you just can put protect your, your family, your work family by putting these guidelines in and look at it from that perspective, you’d be well served, in my opinion.
Suzanne Cox
Yeah, thanks for adding that. So, you know, I mentioned earlier where we’re in a lot of different companies, and within a couple hours, you can tell what the tone at the top is, you know, when you walk into a company where that sort of behavior is acceptable, you know, really quickly, especially when you come in to do audits and start checking up on things, you know, you you can get an immediate sense of whether that company has a culture of, you know, ethical behavior and controls, and you know, things like that, or if it’s a company with a culture of like, Yeah, we don’t really care, whatever. I mean, it’s fine if the guys want to charge their personal fuel, but like Scott mentioned, you know, there’s just so many rippling effects from that type of behavior. And it doesn’t like you said, Scott, it doesn’t start with people sitting at home going, huh, you know, what can I you know, for the, you know, the the company with today, it just happens. So, thanks for adding to that.
24:05
And if you want them to do that, don’t let them use a fuel card, get a $40 visa card and give them the $40 let them use it for whatever they want.
24:13
That’s what we always say like we’re like hey, if you want that to be you know, back to my perk, you know, comment if you want there to be perks like that, give them a separate card and call it a Perk Card. You know, you do run a danger of there having some employees with perk cards and some without and you know, things like that, but that’s a much cleaner, less, you know, fraudulent way to take care of that and so people know like, Hey, I get this 40 bucks or like you said 40 bucks a month for free whatever I want to spend it on. I can you know buy drinks at the gas station or food or snacks or whatever, but you do the perks that way not not with letting them you know, be unethical. Yeah. So we’re gonna move into if I Could we go, I can move my slide here, Bid rigging.
So this is very contractor specific, obviously. And I don’t know if you guys have heard one of the more high profile, Bid rigging schemes in history was not that long ago. And it was related to the Buffalo Billion project. I don’t know if you if anybody’s heard of that, but it was New York State, and they were trying to improve the northwestern part of the state. And so, Cuomo was the governor, and one of his right hand guys was long story short, you know, essentially paying contractors to bid on the work that was, you know, their huge projects. And so he was giving them inside information. You know, he was saying like, hey, you know, even though the proposal says this, we actually were going to do this. And so it was allowing those contractors to be the lowest bidder. And so they knew, you know, inside information, which allowed them to be the lowest bidder and be awarded those projects. Now, if you’re thinking that lowest bidder means they must have lowered their prices, now, they are inflating the margins and the profit on those jobs so much that they were able to give millions of dollars of profit off those jobs back to the campaign for Cuomo for governor. So that’s how it was unveiled, is because now they have a entire laundry list of problems, wire fraud, and law, you know, just all kinds of stuff, they were awarded along with the contracts, they were awarded a couple years of jail time, and some pretty hefty fines. So that one was one of the more you know, high profile cases, but that happens, you know, a lot in in smaller jobs, not just government jobs, although you’ll see it’s very prevalent in government jobs, because that’s, that’s really, it’s just really common. So if a contractor is, you know, supporting a candidate for office, you know, they may rigged some bids to let that contract or get those jobs in response, they get, you know, big contributions towards their campaign.
But on a level that’s more applicable, perhaps, if you are a general contractor, and you are working with a couple subs that you really like, who knows, one of them’s your brother, who knows, but you’re like, Hey, man, you know, I’m gonna give you a little inside scoop on this, this job, so we can give it to you. And you know, that’s the same concept, but on a lower level. So if you’re a sub, now, this gets to where it may affect you, like, really, you know, personally, because you are maybe one of the subs competing against an, you know, one of these other subs. And so, there’s a couple ways, again, you know, that people do this bid rotation. So that’s collusion of several subs. So they get together and they say, Hey, let’s all bid high, one of us will be the lowest, but we’ll all bid high. And then the next job that comes around, you know, the next guy will get it. And so we’ll take turns, or you might see that they all bid high, and then the guy that wins, it uses the other ones as subcontractors on that job. So again, they’re screwing the GC. So if you’re the GC, you want to know about these types of schemes, or at least maybe how to identify these types of schemes so that you do not get screwed. Same thing if you’re a sub that you sub, right, because I have a lot of subs that sub.
So in any situation where you’re subbing work out, whether you’re a GC or a sub, you want to pay attention to a couple things, to make sure that there aren’t, you know, they aren’t rigging your your proposal. So another thing is bid suppression. So again, this is somewhat collusion amongst the subs. So the subs will get together and say, Hey, I’m going to sit this one out, because it’s going to narrow the field and you narrow the competition. And then the next one, somebody else will sit out. This is not uncommon. So you might be thinking, this is just crazy. But my husband’s in flooring, and his dad was in the flooring business before he purchased it from his dad. So they’ve, they’ve had the company in business since the mid 70s. And I got to sit and listen to just they knew I was doing this webinar, you know, stories just in the flooring industry for a good hour the other night. You know, back in the wild wild, they called it the Wild Wild West, you know, back in the 70s in the 80s when this was there weren’t a lot of regulation against it. So people didn’t even get busted. So now you can actually get busted and there’s antitrust violations and like those guys in the Como case got thrown in jail and had fines. It used to not even be illegal. So this still happens. It’s very prevalent in construction.
So complementary bidding is when you could either not like the proposal that you you give out, or the the quote, the request for bid is not complete, you know, it doesn’t have conditions that can be met. But there’s that one guy, the one guy that you want to win it, you know, he knows what they are, and he’s gonna meet him, and he’s gonna make sure that those conditions are met. So that, again, there’s a couple different scenarios under under that, you know, type of thing, but I just want you guys to know that these things are out there. And we’re going to talk about how to identify them. Kickbacks is another thing that could be very prevalent in your specific company. So if you have a project manager that likes a certain supplier, or likes a certain sub, and you know, he’s getting maybe money on the side to always award that guy, that job, or that supplier the work, you know, you want to pay attention to, to that. And if you know, he’s driving a new GT three, you know, just curious why, you know, just look out for these things that that is very common.
And you’re probably thinking, Well, yeah, we like to work with certain people, though. And, you know, sometimes we’ll get to go on fishing trips, and hunting trips and things like that. Because we give, you know, a lot of work to these people there, there is a level of acceptability. You know, I don’t know if you guys know this, but IRS agents, if they come to your office to do work, they can’t even take coffee from you. They’re not allowed to drink your coffee, they can’t take a doughnut, you can’t take them to lunch. And the reason is, because they’re they don’t want there to be any indication that you are bribing them. So that just shows you like the difference in you know, in industries. So there are some acceptable, you know, yeah, sure, you definitely want to take your subs and your suppliers out on hunting trips and things like that. But you’ve got to make sure that line isn’t it, you know that the bids are still fair, and that you’re still fairly choosing these people and not because they take you on big hunting trips. So and again, if you’re the owner, that’s that’s kind of one thing. But if you’re the PM, and you’re not in ownership, you’re screwing the you’re screwing the owner, you know, because that sub that’s giving this higher bid, it’s costing the company money, and you personally, that Pm is getting the kick back. So hopefully that makes sense. So how do you identify some of these things?
So if you go back to that project manager example, if you notice, as the owner, that the same supplier or the same sub is always getting the jobs, you know, that might be something to look into, you might want to look at a report that shows you how often you know, subs are being used or suppliers are being used. And of course, again, you’re thinking, Well, yeah, I use certain suppliers, because they always have the lowest prices just investigated. Just look into it. So I’m not saying it’s unethical or fraudulent. Just pay attention. That’s all. That’s all I’m asking. So back to that Bid rigging slide, you know, the, the company that wins it, or they subcontracted it to the losers. You know, that could be something if you’re a GC and you’re trying to figure out if your subs are Bid rigging your jobs. If the one sub that one is hiring all the subs that last that might be a problem. So you may want to make a few phone calls, you may want to look into that a little bit more. So the third one here, quality of work is not good, or, or the supplies are not good. It’s just again, something to look into just something to pay attention to. Sometimes you just get crappy work, right? But sometimes it’s because of you know, these other other reasons. Now, this one was big when I was talking to my husband, the complaints from other bidders. So in the carpet industry, it’s kind of a weird industry, but you know, there there were a lot of jobs where the other people that bid, you know, like all the bidders that loss would get together and make complaints because they’re like, Hey, this is rigged. The guy that one is not like this is not legit and this was government work. So they were doing work for like schools and the airbase back, you know, in MacDill was fully functional. And so when the rest of the subs are the the biters are complaining, because they think that something’s up, then something’s probably up, you know, so if you’re hearing, you know, rumors or hearing things in the marketplace about reputations of other companies, you know, just look into it, just see, see what the deal is, you know, ask some questions.
Alright, foreign government projects versus private, for sure. It’s definitely more prevalent in government. However, the back to the kickbacks one we see that a lot
Scott Peper
Yeah, and I mean, the jail time and things like that whenever you’re using like federal city, state municipal taxpayer dollars, the crimes are more way bigger. Versus if if a developer who builds this hotels, and they do two hotels a year, and they like the same general contractor, they awarded them every time. Therefore the same subs, you know, that’s not illegal, right?
Suzanne Cox
Exactly. And so the, the, the risk or the downside of of this in general is even if it’s private, and people are charging more, for a job, that means the customer is ultimately paying more. So if the subs are charging the GC more, the GC is going to charge the customer more. And if the customer has to pay more, that means prices are going to go up, right? So to your hotel example, if you’re the customer, and these these guys, the GC always likes to use these guys, this one sub and that sub, you know, can charge as much as he wants, because that GC really likes him and he does good work, the GC is now charging that hotel more. And that hotel, it’s gonna end up in everybody’s in everybody’s fees, you know, it’s inflation. So ultimately, environmentally speaking from, you know, from that perspective, that’s the downside of it on the private side, is it can as your separate question real quick, it’s a little different in your experience as typical subcontractor, and maybe it’s different in the different trades. Y’all let you segregate if it’s important. What are the typical margins that you see gross margin, you see a subcontractor should bid on a project?
Suzanne Cox
What type of industry varies greatly. That’s why I was asking. So I don’t think I would leave it to you to give a range, I would say you got your major trades and thinking like, well, floor at 3015 to 30, the broad range, but my GCS are running a little bit lower, like around five, but sub should be making, you know, 15 at a minimum or you’re doing something wrong,
Scott Peper
right? And if you bid at 15, and there’s 10% retainage. Versus what your Where do you see yourself the subs that your clients you work with? How tight it is or painful it is from them from a cash flow perspective?
Suzanne Cox
Yeah, from a cash flow perspective, it’s tough because GCS expect subs to like cash flow the job, right? So they’re holding all your money, and you’ve got a couple jobs going. So cash is always tight, I don’t have one contractor where cash is not an issue, we spend a lot of time with our subs, helping them like do cash flow analysis and how to, you know how to make make it all happen. Because the and you know, when it comes to that, you’ve got to look at your GCS and who you’re doing work for and qualify them as well. We talked about like qualifying your vendors, but also qualify your customers. So if you’re working with a GC, and they’re expecting you to cash flow their projects, that’s not a, you know, not a good thing either. And, you know, contract negotiation, we’re going to get into that a little bit as well can sometimes help with cash flow.
With the subs that you see growing, having a good business living a less stressful life, where are their typical gross margins in that range between 15 and 30, probably more in the 25 to 30%. So those subs are usually sitting pretty well. Now, keep in mind, margins, depending on how you’re doing your books can vary. So some of you might be thinking, Well, my margins 50%, you’re probably not allocating overhead, which is important from an accounting perspective or a financial perspective. So if you’re not allocating overhead, that means your GNA your expenses, like your general and administrative expenses are too high. And they really should be allocated to jobs. So when I’m using these margins, I’m using in a proper accounting world where GNA is allocated to your jobs. So on some of my like site contractors, their margins can be upwards of, say, 40%, because they don’t have a lot of overhead, right? They, there’s a site guys, but my more specialty contractors are down in the 20 to 25.
Scott Peper
And if you if you have a 15 to 20% margin, and you’re not because you’re not allocating overhead to that, what’s going to happen in your opinion, where do you what do you see happen first with those businesses?
Suzanne Cox
Sure. So if you’re not allocating overhead, if you’re bonded, you’re gonna have to you know, allocate, but if if you’re not, you’re over inflating your margin, which makes most people think that they’re making more money than they are, which will ultimately affect how you’re budgeting, how you’re planning how you’re doing cash projections, how you’re doing cash flow analysis, because you think you have more money than you actually do. And then when you, you know, pay everything on the overhead side, then you’re left with, with less. So I would say that the the contractors that are allocating overhead correctly to get the right job margin are just doing better overall, because they have a better financial picture of, of where they’re at.
Scott Peper
I think that’s important for everyone to hear and listen to. If you’re not allocating overhead, those are real costs that come out. And if you’re one, if you’re living and breathing more out of your checking account, then you are really financial reporting, you’re going to find this that pain point much more severely than anyone else, because you’re going to think you have a lot of cash and all sudden, it’s just gone in your account, if you’re one that is thinking to yourself, I have multiple hundreds of 1000s, or even a million dollars a month coming into my account. And yet somehow, all of it’s gone at the end of the month, and you really can’t see that those are that’s where those problems are going to occurs. Because you’re just, you’re just not allocating the right amount of your real business costs each job or you’re just marking up, for example, your labor or marking up your materials. And you’re, then you have to hope that that’s enough to pay for your overhead instead of really allocating it. So yeah, exactly. So it’s best to do an analysis like a five year spread. Or if you haven’t been in business long, however long you’ve been in business, you know, five years part of what is my overhead rate, we do that for a lot of clients, because they don’t actually know what their overhead rate is. They’re like, Oh, it’s like 8%. And then we do the math. And it’s like 14, that’s a big swing, you know, it’s a big swing and margin. So if your estimator is out there bidding a job, and he’s got his hard costs, and he’s really comfortable with his hard costs, and you add 8% for overhead, and it turns out to be 14, you know, that job might have just gone from 15% to, you know, 9%. So, I mean, that that goes back to like having good financial information and knowing where you’re at, so you can estimate properly.
Scott Peper
Gotcha. Okay,
Suzanne Cox
I know where I think we’re running a little bit short on time. So I’m going to skip over to change order. We’ve talked a little bit on the previous slide on how to prevent Bid rigging, and I think you guys are going to get a copy of the slides. So we’re going to go straight over to change order fraud, here, it’s really similar to, to Bid rigging, you know, as far as the contract might say, you know, here’s the base contract, and then give very favorable terms for change orders. And so just those are the kind of things you want to be careful of, again, when you are giving approval authority to a person outside of the owner, you know, to a project manager, he may be able to, you know, swing the change orders for these huge profit margins and might be getting kickbacks. So in this case, you don’t always need an unscrupulous contractor. Either. It could just be a naive customer or a sub in contract negotiation, you know, you’ve got to have somebody look at your contracts, and see if they are more favorable towards you or the other person, or if they’re pretty equitable. I have a lot of clients that think their hands are tied, because the GC is big, and they run everything, and we just have to do what they say. But that’s, you know, not necessarily true, you need to have somebody looking at your contracts and making sure that your contract terms are favorable for you, as well as for your customer, whether it’s your GC or something like that. And then finally, we’re going to move over to it.
So as you can see this top sentence here, I don’t know what that means. I doubt you do either, right. And that’s what everyone feels like sometimes when people talk about it. Is is Greek, I have no idea what they’re saying. So the the ultimate overarching example here is that if you if you aren’t paying attention to IT security, and you’re not paying attention to this, get with get a good IT company. As an aside, our firm does DO DO IT services. So if you need any help with us, you know, feel free to let us know but if not us any, any IT company to make sure that you have the proper controls in place. This is really, really big right now, especially with the remote world. Everybody’s moving to remote, everybody’s moving to email and cloud computing and things like that. So you want to make sure you’re protected.
Just a couple notes on here, you know, make sure that the from email address, and the to email address if you’re responding to things, just look at them, pay attention to them. Look at them closely. Make sure they’re not different. A spoof is when someone can use your email to send someone else an email with your address. It’s very easy. I could send you an email right now from your own email address. And if if I wanted, I could change the return email to go somewhere else. So again, back to our examples of employee or vendor, you know, fraud. If if someone sends you an email that wants to change their direct deposit account, and you have that they’ve spoofed your email and they’ve sent the return back to a different email address. Now they’re corresponding with you. And that makes you comfortable. Because you, you’re like, Well, I’ve had this back and forth conversation, but really the whole time you’ve been having it with this, this fake spoofed email. So these are things to be, you know, just aware of, and Scott, I know we’re running out of time. So I’m going to just click this, this is just a couple things to check with your IT department or IT person, whether it’s outside or if you’re a savvy, you know, check some of these things yourself and make sure that you are not vulnerable. These are just some obvious ones. To prevent, like the email spoofing and the email hacking, on emails and things like that, I think we’ve seen a lot of people are trying to access money in some way. And to get to the thing that you talked about in the very beginning is if you just have dual controls on certain items, or just at least a two or three step process, these two separate steps, even if you get spooked, and even if someone falls for that second step can almost mitigate a high high high percentage of what ultimately would turn into a loss for you as a business owner. So, exactly. Back to the very beginning of this presentation. Those second steps are really the key thing to help them
Suzanne Cox
double tap question things, ask questions. Don’t you know, don’t trust email, check the TOS in the forums, check. You know, for example, our email is at Salt Marsh CPA calm if somebody were to send something to someone that just said at Salt Marsh calm most people wouldn’t notice that difference that missing couple letters. And they may respond to me you thinking yeah, I’m talking to Suzanne, but they’re talking to Suzanne, at Salt Marsh, calm, not salt marsh CPA calm. So just know those things are aware and start, you know, start checking them. And dual control, like you said Scott, and we talked about earlier is really important when it comes to financial information. If you’re just having a conversation, that’s one thing. But if you’re trading account names and financial information, you don’t want to be doing it with a fake person. So I know we’re short on time. So that was pretty much my last slide. Except questions. I just checked q&a. I didn’t notice any on there. Do you have any Scott that you’ve gotten from your side? Or?
Scott Peper
No, I would just add the only thing I didn’t see any questions. But the one thing I would add is just you know, these things happen to everybody, they’ve happened to us they happen. I mean, just if it happens, don’t beat yourself up over it. You know, if it’s happened before, there’s nothing wrong with you, you’re not you’re not necessarily doing things wrong, you just, you know, we’re all excited. We all own businesses, you all we all want to have success. And you’re it’s exciting when somebody shows interest in something and so just be a little bit more cautious. But set most importantly, set up the systems in advance so that when you are excited and you are there, your systems can catch the things that that you might not. Absolutely,
Suzanne Cox
because I always, you know, like to say, I don’t know how to lay concrete. So I don’t expect to go out and lay concrete Well, I’m going to hire somebody to lay concrete for me. So I T guys and accountants do this stuff really well. So if you’re not sure how to do this, or where to start, you know, hire somebody that knows what they’re doing. And you know, get them involved to help you because you’ve got better things to do you need to be go, you know, out there laying concrete or whatever it is that you do. So we always give our clients and advice that way as well as stick to what you’re really good at. And then trust someone you know, to do this other stuff for you so that you don’t have to keep your pulse on everything. If you’re smaller, you know, maybe that’s not an option yet. But as you continue to grow, you want to make sure these controls are in place, and doing the right thing when you’re smaller is so much better than trying to fix it later.
Scott Peper
Yeah. There was one question. Susanna, if there was if there’s a company that is a victim of fraud, is that lawsuit? Is that a deductible expense that loss?
Suzanne Cox
So if you have insurance that covers fraud, which not many people do, like the example I gave earlier, where the project manager pretty much ran this whole job through this fake company, they did not have insurance that covered that. So yes, it is deductible from, you know, a tax standpoint, right? If you do have insurance that covers it, it would just wash it, you know, wash it. Not a good reason to commit fraud though. Anything else?
Scott Peper
I don’t see any other questions, but we certainly will have our contact informations available and any questions that pop up later on please send them in. We’ll get them answered for you and reply back to anyone that has any and we’ll share this replay Way back as well. So you have the information you can resource use it as a resource.
Suzanne Cox
Absolutely. Well, Scott, anything else I it was great joining you today. I appreciate you having me on. Hopefully you guys learned something, something interesting about about fraud. And like Scott said, you’re welcome to reach out with questions, and we’ll answer them as quickly as we can.
Scott Peper
Then I want to thank you very much. Appreciate it. This is great information. I learned something today. And we’re going to incorporate these things too. And again, remember this came this idea came from us actually having some issues with fraud attempts and phishing and hacking ourselves and we thought it would be important to share with everybody else so thank you, Suzanne, for your help with us. pacifically and also willing to share with everybody else. Thank you.
Suzanne Cox
Absolutely. Y’all have a good one.