• Ethical training and leadership can help reduce fraud risk in your casino operations.

• Fraud prevention begins with employee awareness, transparency, and well-communicated policies.

• Internal audit and risk management efforts are strengthened by a culture that prioritizes accountability.

—

In any casino or Tribal gaming operation, the risk of fraud is an ongoing concern. With high-volume transactions, cash-intensive environments, and multiple operational layers, even well-structured controls can fall short — especially when the organizational culture does not support them.

That’s why your most effective line of defense isn’t just a system or checklist; it’s your people. How they understand expectations, perceive risk, and feel empowered to raise concerns directly influences your organization’s vulnerability to fraud.

The Human Side of Risk

When employees know what’s expected and see ethical behavior valued in practice, they’re more likely to do the right thing — and speak up when something doesn’t seem right.

Organizations that emphasize ethics and transparency often experience earlier issue detection and fewer instances of internal fraud. But that kind of culture isn’t built overnight. It requires leadership, communication, and a consistent message that ethics are part of how the business runs.

In regulated environments like gaming, where reputational and compliance risks are high, building an ethical foundation can offer both protection and a strategic advantage.

It Starts with Awareness

Employees don’t always recognize how certain actions — like offering excessive comps, skipping documentation, or bypassing approval workflows — can trigger risk. Regular, practical training helps close that gap.

Effective ethics training should be more than a once-a-year checkbox. It should reflect real-world scenarios and encourage open dialogue. Share anonymized examples of past issues, explore how breakdowns happen, and help staff understand their role in upholding financial integrity.

How leadership responds when someone raises a concern often sends the clearest message about what your organization values.

Leadership Shapes Culture

Ethics must be proven — not just stated. When senior leaders model accountability, ethical behavior becomes the standard across the organization.

This includes how issues are addressed, how support is shown for audit and compliance teams, and how ethics are reflected in performance discussions. When integrity is embedded in daily decisions, it helps foster consistency across departments.

Aligning Controls with Culture

While internal controls are essential — segregation of duties, dual approvals, surprise audits — they’re most effective when backed by a culture that supports their purpose.

For instance, employees are more likely to follow promotion approval processes when they understand why the rules exist. Controls are embraced, not resisted, when they’re reinforced by open communication and consistent expectations.

A culture that values transparency doesn’t cut fraud risk, but it creates an environment where controls are more likely to succeed.

A Real-World Perspective

One gaming organization created quarterly “Fraud Awareness Spotlights” using anonymized case studies to highlight areas where controls had been bypassed. These discussions opened space for employees to ask questions, learn from past missteps, and better understand their role in prevention.

Over time, the organization saw an increase in early reporting of process issues — helping management act before small problems escalated.

This wasn’t about policing behavior; it was about creating shared ownership over risk.

Sustaining the Effort

Building a culture of ethics is not a one-time initiative. It requires ongoing reinforcement through regular training, consistent communication, and support from leadership at all levels.

At MGO, we help casinos and Tribal gaming organizations develop fraud prevention strategies that reflect your unique culture and operational structure. Whether you’re refining reporting channels, enhancing staff education, or aligning audit procedures with your values, our team can help you build a stronger, more resilient organization.

The post Build a Culture of Ethics to Prevent Casino Fraud appeared first on MGO CPA | Tax, Audit, and Consulting Services.

• Use data analytics to detect fraud in casino financial statements and vendor activity.

• Spot hidden red flags with tools like Benford analysis and journal entry testing.

• Build dashboards and set alerts to flag anomalies in high-risk areas.

—

Your casino or Tribal gaming organization faces constant financial pressure and compliance scrutiny. High-volume transactions, cash-based operations, and complex vendor relationships create ideal conditions for fraud — if it goes unchecked.

Traditional internal controls are no longer enough on their own. That’s why forward-thinking casinos are turning to data analytics to proactively detect financial irregularities, uncover operational blind spots, and reduce risk.

In this article, you’ll learn how your finance and audit teams can use tools like Benford analysis, journal entry testing, and slot performance analytics to gain clearer insight — and act when something doesn’t look right.

Why Financial Data Alone Isn’t Enough

Your casino’s financial statements provide a snapshot of performance. But they don’t always tell the whole story.

Instead of asking “is everything fine?”, financial analytics help you ask smarter questions — like:

• Why are receivables up 400% while gaming revenue dropped?

• Why did journal entries spike in Q1?

• Why are comps and promotional expenses outpacing budget?

The right data tools turn your financials into an early warning system for fraud and operational risk.

3 Areas Where Casino Analytics Make a Difference

Using data analytics in these key areas can help you uncover irregularities early and strengthen your financial controls:

1. Detect Suspicious Patterns with Benford Analysis

Benford’s Law shows that, in most naturally occurring number sets, digits starting with 1 appear more often than those starting with 9. Large deviations from this pattern in financial data may suggest fraud or manipulation.

Example: Run a Benford test on journal entries or vendor payments. Unusual digit distributions could flag fabricated or split transactions.

2. Monitor Journal Entries for Irregularities

Journal entries are a high-risk area for fraud — especially if they’re created by the same individual who approves or posts them.

Analytics can flag entries that are:

• Made outside of normal hours

• Missing proper descriptions

• Entered by users with unusual access

• Used to override other controls

This type of testing goes beyond compliance — it helps you build trust in your financial reporting.

3. Analyze Vendor and Slot Floor Performance

Slot machines are central to your revenue but also represent risk, especially when dealing with third-party vendors.

Use data analytics to:

• Compare performance by machine and by vendor

• Flag machines that consistently underperform

• Match billing and lease activity against actual machine use

You can also cross-check vendor selection policies against performance and billing trends to uncover any potential fraud or favoritism.

Building an Analytics-Driven Risk Culture

Your organization doesn’t need a full data science department to begin using analytics effectively.

Here’s how to get started:

• Step 1: Identify two or three high-risk areas (e.g., cash deposits, comps, vendor payments)

• Step 2: Work with advisors to build dashboards or automated reports

• Step 3: Set thresholds to trigger reviews when anomalies occur

• Step 4: Train your team to interpret and act on the data

A proactive approach sends a clear message: your organization takes transparency seriously.

Real-World Example: Uncovering Promo Expense Irregularities

A gaming organization showed an unusual increase in “Other” expenses within its profit and loss statement.

Using data analytics, the finance team discovered that several high-value promotional packages had been processed outside of the standard approval workflows. Further investigation confirmed these were unauthorized comps tied to external parties.

As a result, the organization implemented stronger approval protocols and integrated real-time analytics into its oversight process to prevent future occurrences.

Strengthen Casino Oversight with MGO

We support Tribal and commercial casino operators in protecting financial integrity and achieving long-term success. Our team brings deep industry ability and delivers practical solutions tailored to the unique challenges of gaming organizations.

We help detect and prevent fraud through:

• Internal audit and fraud risk assessments

• Data analytics for financial and operational testing

• Forensic accounting and investigations

• Advisory support for vendor oversight, comps, and promotional controls

MGO works directly with CFOs, internal audit teams, and Tribal councils to design cost-effective, scalable strategies that deliver greater clarity, control, and confidence across financial operations.

Reach out to our team today to learn how we can help protect the financial integrity of your operation.

The post How Data Analytics Protects Your Casino From Fraud appeared first on MGO CPA | Tax, Audit, and Consulting Services.

• Fraud risk is constant and evolving, and companies face both internal ethical challenges and external fraud threats, requiring dynamic and proactive risk assessments.  

• Culture and leadership play a critical role, and ethical behavior modeled at the top can help prevent fraud, while weak internal accountability can enable misconduct.  

• Ultimately, fraud prevention requires collaboration, and organizations have to move beyond “check-the-box” compliance and invest in real-time information sharing and interdepartmental coordination.  

—

In today’s world, marked by uncertainty, tightening markets, and rapid technological disruption, fraud is not just a possibility but an ongoing reality that is constantly evolving. Over the past five years, it has become evident that no organization is immune. The increase in global enforcement actions has placed a significant responsibility on senior leadership, from Silicon Valley firms to state-owned banks. Chief financial officers (CFOs), non-executive board members, chief compliance officers (CCOs), and chief internal auditors (CIAs) must act swiftly and proactively. 

There are five critical actions that leaders should prioritize. These steps are grounded in established frameworks and lessons learned from some of the most significant corporate collapses in history. Each step addresses fraud mechanisms and their human and cultural roots. 

1. Identify Internal Ethical Issues and External Fraud Hazards 

Fraud poses both internal and external threats. Internally, perverse incentives and unchecked pressure can lead employees or executives to justify wrongdoing. Externally, increasingly sophisticated global supply chains, cybercrime, and corruption schemes involving third parties are heightening exposure levels. An example is an unauthorized account opening scandal within a U.S. retail bank, driven by internal pressure to meet sales quotas. Similarly, a European fintech firm hired external entities to create ghost assets, which went unnoticed. In both cases, early warning signs were ignored. 

Executives must conduct ongoing, dynamic fraud risk evaluations as part of enterprise-wide risk management, considering emerging digital, geopolitical, and compliance challenges. They must also recognize that reputational damage and loss of shareholder value are genuine costs of inaction. 

2. Investigate Root Causes of Fraudulent Activities 

Understanding why individuals commit fraud is essential to preventing it. Fraudsters are often first-time offenders who feel pressured, notice opportunities, and rationalize their actions. However, the traditional fraud triangle is no longer sufficient. The Fraud Pentagon, developed by BDO’s Jonathan T. Marks, includes capability and arrogance alongside pressure, opportunity, and rationalization, providing a more comprehensive perspective.¹  

A case involving a global aerospace producer revealed how ego and top-down rationalization could undermine protective controls. Executives misled regulators to protect their brand at the expense of public safety. In the failure of a cryptocurrency exchange, fraudsters disguised themselves as altruistic innovators while misappropriating billions of dollars in customer funds. These crises resulted not from a lack of policy but from failing to address root causes like those noted in the Fraud Pentagon. 

Risk modeling and behavioral profiling can help identify at-risk units or individuals. Importantly, companies must foster cultures that encourage accountability and incentivize truthfulness over merely meeting targets. 

3. Evaluate the Impact of Organizational Culture on Fraud Prevention 

Culture is the operating system of any organization. When integrity is modeled at the top, it permeates the organization. Conversely, when fear, ambition, or uncertainty dominate, corners might be cut. 

Examples from a Silicon Valley healthcare startup and a recent electric vehicle startup illustrate how cult-of-personality leadership can stifle dissent. Employees were encouraged to remain silent or repeat falsehoods. Open, transparent, and supportive companies are more likely to detect fraud early. 

Executive boards must formalize ethics programs, enforce desirable norms, and link performance incentives to long-term value creation rather than short-term appearances. Simple yet effective tools like employee surveys, ethics hotlines, and town halls can provide early warnings. Boards should also periodically assess their culture and compare it to industry standards. 

4. Improve Internal Controls and Anti-Corruption Programs 

Effective fraud prevention relies on having robust controls in place and ensuring their implementation. Cases involving an international bank and a derivatives exchange in the crypto space demonstrate that even sophisticated companies can fall victim to inadequately designed anti-money laundering (AML) programs, poor task segregation, or complacent boards. 

Organizations must move beyond a check-the-box mentality. Controls should be risk-driven, regularly tested, and integrated into actual operations. Internal audit staff must be empowered and not bogged down by bureaucracy. Compliance functions should report directly to and have direct access to the board. 

Technical solutions like anomaly detection via AI and blockchain technology for supply chain integrity are valuable only when combined with strong human oversight. Controls don’t fail on their own; they are typically overridden at the top level. The focus should be on the durability of controls, not just their existence. 

5. Enhance Collaboration and Communication for Anti-Fraud Efforts 

Preventing fraud requires a collective effort, not isolated actions by individual departments or individuals. Silos within finance, operations, law, and compliance provide opportunities for bad actors. In nearly every major scandal, whether involving a crypto exchange, an international aerospace and defense corporation, or a large U.S.-headquartered retail bank, some individuals were aware but did nothing. 

Organizations must invest in real-time information sharing, collaborative training, and coordinated fraud response mechanisms. Interdepartmental task forces, incident response exercises, and anonymous hotlines are proven tools. Boards should receive regular fraud risk briefs, not just audit results. 

Externally, coordination with regulators, auditors, and peers is essential. In cases involving an international investment bank and a multinational aerospace and defense corporation, FCPA issues were resolved through joint settlements with global regulators, demonstrating the benefits of open cooperation. Companies that resist coordination often face higher fines and greater scrutiny. 

When Controls Fail 

The world has evolved and so has the nature of fraud. Today’s executive leaders must manage fraud as an organizational, behavioral, and systemic risk, not merely as a compliance exercise. By following these five critical steps, CFOs, board members, and compliance leaders can identify vulnerabilities, disrupt fraud channels, and build more robust, reliable institutions. 

Fraud carries an economic cost and a strategic cost. It damages brands, dismantles cultures, and undermines trust. In an age of volatility and accountability, instilling transparency, integrity, and vigilance at every enterprise level is paramount. 

Internal controls don’t fail randomly. Failures occur because controls were not correctly designed, implemented, or respected in the following ways. 

• People: Even the best-designed control depends on people executing it correctly. Controls fail when individuals become confused, skip steps, or bypass procedures. 

• Time: Demanding schedules lead to shortcuts, bypasses, and inadequate controls. 

• Judgment: Discretion is problematic when it results in deviations without proper rationale or documentation. 

• Overriding and Workarounds: Even beneficial workarounds can circumvent critical safeguards. 

• Incentives: Performance-for-reward can encourage dangerous actions unless guardrails are established. 

• Leaders must ask themselves: Are our controls designed with these realities in mind? Are they regularly tested for resilience? 

It’s not about eliminating all risk — that’s impossible. It’s about designing a structure strong enough to withstand stress, impervious to manipulation, yet effective in fulfilling its purpose. Good controls are proactive, effective, and responsive. Controls should be integrated, not added as an afterthought. When controls fail, it’s rarely the structure — it’s the implementation, the environment, or both. 

How MGO Can Help 

At MGO, we understand that combating fraud requires more than just policies—it demands strategic insight, cultural transformation, and hands-on execution. Our team brings deep experience in forensic accounting, internal controls assessment, risk management, and regulatory compliance to help your organization proactively identify any vulnerabilities and strengthen your fraud prevention infrastructure. Whether you’re navigating complex regulatory frameworks or recovering from a control failure, we will help you design resilient frameworks, enhance interdepartmental coordination, and implement proactive, customized solutions that align with your strategic goals. Contact us to learn about how, in a world where trust is currently, MGO helps safeguard your reputation, your people…and your future.  

The post Five Strategic Steps to Combat Fraud in a Time of Market Uncertainty  appeared first on MGO CPA | Tax, Audit, and Consulting Services.

• Anti-money laundering exposure in casinos often stems from breakdowns in reconciliation, reporting, or oversight — not just suspicious patrons.

• Forensic accounting helps uncover transaction anomalies that may show internal control gaps.

• Casinos can benefit from a proactive approach to finding financial red flags tied to high-risk cash activity.

—

Casinos and Tribal gaming enterprises are no strangers to regulatory pressure when it comes to anti-money laundering (AML) compliance. But while legal teams and compliance officers handle the regulatory mechanics, financial oversight teams often play a crucial — if indirect — role in detecting the earliest signs of potential AML risk.

This is where forensic accounting becomes especially valuable. By analyzing unusual transaction flows, deposit patterns, or internal approval irregularities, forensic specialists can help your casino surface issues that, if left unaddressed, may evolve into AML exposure.

Not All Red Flags Come from Patrons

Much of AML focus centers on patron behavior — structuring, chip walking, or unusual betting volumes. But financial anomalies behind the scenes can be just as telling.

For example:

• Gaps between reported cash receipts and actual bank deposits

• High-volume promotional comps issued without consistent approval

• Unexplained manual overrides in journal entries

• Deposit delays that don’t align with cage activity

These issues might not stem from criminal intent, but they often point to control weaknesses that increase risk — especially under AML scrutiny.

Why Forensic Accounting Matters

A skilled forensic team can dive into transactional data to trace how cash flows through your organization — from table to cage to general ledger. This type of analysis helps answer key questions like:

• Are high-value comps or credits being issued outside standard processes?

• Are there timing patterns in deposits that don’t align with operational activity?

• Is there evidence of manual adjustments that bypass oversight?

While this doesn’t replace a formal AML program, it directly supports your casino’s ability to identify risks before they escalate — and equips leadership with data to take corrective action.

Case Example: Pit-Cage Mismatch

One Tribal casino flagged a pattern of recurring discrepancies between table game cash reports and deposits reaching the bank. No fraud was suspected, but the forensic review uncovered process inconsistencies between the pit and the cage — as well as late reconciliations across multiple shifts.

The result? Revised reporting procedures, clearer separation of duties, and a more consistent audit trail — all of which contributed to stronger overall financial oversight.

Strengthening Oversight Through Forensic Review

Firms with experience in forensic accounting and regulated industries can provide valuable support when financial red flags appear. At MGO, our team works with casino operators and Tribal enterprises to help review cash flow activity, show anomalies, and bring greater clarity to complex financial data.

Whether you’re responding to unusual transaction patterns or looking to enhance internal oversight, forensic analysis can offer a clearer understanding of where control gaps may exist — and how to prioritize corrective actions. Reach out to our team today to find out how our forensic accounting services can strengthen your financial oversight.

The post How to Spot Financial Red Flags That May Signal AML Exposure appeared first on MGO CPA | Tax, Audit, and Consulting Services.

• New digital tools improve casino operations but introduce new fraud exposure points. 

• Cross-functional coordination is critical to detect overrides, unauthorized access, and system anomalies. 

• Updating fraud prevention strategies to reflect evolving technology improves visibility and oversight.

—

As your casino or Tribal gaming operation invests in digital transformation — from mobile payments to cloud-based financial systems — you’re unlocking new efficiencies. But you’re also exposing your organization to new types of risk. Fraud today looks different than it did even five years ago, and traditional controls aren’t always equipped to catch red flags embedded in digital workflows. 

More than ever, your casino leadership must rethink fraud detection in terms of system access, data integrity, and cross-platform monitoring. 

When Convenience Outpaces Control

The adoption of integrated rewards systems, digital comp tracking, and automated accounting platforms has brought greater efficiency to casino operations. But as convenience increases, so do the opportunities for fraud and internal misuse — especially if controls aren’t updated alongside the technology.

In some cases, unrestricted journal entry access can allow users with elevated permissions to override approval processes without oversight. In others, digitally approved promotional expenses may be manipulated through incorrect coding or bypassed policies, making fraudulent transactions harder to detect in real time.

These risks tend to surface when technology adoption outpaces internal control updates. Without exception reporting or regular review, irregular transactions — such as off-hour entries or high-dollar adjustments — can slip through unnoticed, potentially changing both financial reporting and organizational reputation. 

Why System-Based Controls Need Cross-Team Support 

Preventing fraud in digital environments requires a coordinated effort between finance, audit, and IT — not just stronger passwords or patch management.

When your internal audit, finance, and IT teams coordinate regularly, you can reduce silos and spot digital anomalies faster. This includes mapping user roles, restricting elevated access, reconciling data across systems, and reviewing logs for overrides — all activities that help close gaps created by modern, interconnected platforms.

This kind of shared responsibility is critical in Tribal casino operations where oversight is often split between departments or governing bodies.

Adapting Your Internal Audit Program 

Firms experienced in gaming advisory — like those specializing in internal audit and IT risk integration — play a vital role in helping Tribal operations scale fraud controls alongside technology adoption. This often includes:

• Performing IT-focused fraud risk assessments 

• Designing exception reporting dashboards

• Finding high-risk transactions through digital ledger analysis

Casino operators receive help from outside perspectives that understand the intersection of financial systems, emerging risks, and the regulatory nuances unique to Tribal enterprises.

Real-World Scenario: Data-Driven Comp Abuse

In one Tribal casino, a digital comp tracking system was introduced to streamline promotional offerings. Over time, an employee issued an unusually high volume of comps without proper approval, and the system lacked real-time alerts to flag the activity. 

It wasn’t until audit staff reviewed system log data and conducted a frequency analysis of comp values that the pattern was found. Audit teams compared issuance trends over time, finding outliers tied to a single user account. The irregularities stood out against typical issuance behavior, prompting the team to implement new alert thresholds and tighten user access controls. 

Preparing for the Future 

Digital tools offer tremendous operational advantages — but only if they’re matched with adaptive fraud prevention strategies. The most effective casino operations regularly review system permissions, update audit procedures, and involve external specialists to assess risk holistically.

Firms like MGO, with experience in both internal audit and gaming operations, can provide valuable perspective by showing you gaps in digital controls, designing analytics-based testing procedures, and aligning your technology stack with evolving compliance requirements. This collaborative approach can help your casino not only stay ahead of fraud risks — but also strengthen financial resilience in a tech-driven environment.

Explore MGO’s casino risk advisory services → mgocpa.com/solution-industry/tribal-nations-and-gaming

The post How Technology Is Changing Your Casino Fraud Risks appeared first on MGO CPA | Tax, Audit, and Consulting Services.

• Audit committees (ACs) are prioritizing enterprise risk management (ERM) due to a dynamic risk environment influenced by geopolitical factors, supply chain disruptions, and technological advancements.

• The composition and structure of the board are critical for effective risk governance, and AC members need industry knowledge and relevant experience to oversee the ERM process effectively.

• Boards should clearly articulate risk appetites, engage in ongoing education, and stress-test ERM processes, with holistic risk conversations.

—

1. Enhanced Risk Governance: Audit committees (ACs) are prioritizing enterprise risk management (ERM) due to a dynamic risk environment influenced by geopolitical factors, supply chain disruptions, and technological advancements.

2. Board and Committee Composition: The composition and structure of the board are critical for effective risk governance. AC members need relevant experience and deep industry knowledge to oversee financial reporting and ERM processes effectively.

3. Leading Practices for Oversight: Boards should clearly articulate risk appetites, engage in ongoing education, and stress-test ERM processes. Effective risk conversations should be holistic, incorporating strategy and planning, and involving collaboration across the organization.

In an era when the business landscape is characterized by rapid changes and rising uncertainties, the need for robust governance oversight has never been more critical. As organizations strive to navigate an increasingly complex business environment, the role of the board in overseeing enterprise risk management, financial reporting, and compliance becomes paramount. This publication discusses the evolving priorities and responsibilities of audit committees (ACs) in 2025, emphasizing risk governance, technology integration, and investor expectations. 

Enhanced Risk Governance and Enterprise Risk Management Integration 

Today’s ACs are watching an evolving risk landscape impacted by significant geopolitical factors, continuing supply chain disruptions, global inflation, and the emergence of technology that for many companies may prove highly disruptive to their businesses. According to the BDO 2024 Board Survey of approximately 250 sitting directors, 31% identified enterprise risk management (ERM) as the governance process requiring the most significant time and effort over the next 12 months. Today’s dynamic risk environment, coupled with regulatory (e.g., SEC) and stakeholder expectations, require corporate risk assessments to cover the entire enterprise, not just financial reporting. A recent Audit Committee Practices Report found that 47% of respondents assigned ERM oversight to the AC, 15% to a risk committee, and 35% to the full board. ERM is expected to be an integrated, holistic process that considers all manner of risks to the organization (e.g., strategic, regulatory, operational, and reputational). Regardless of the express responsibilities within the board and committee charters, all board members are expected to exercise skepticism and be risk aware. 

Governance Structure and Composition   

The combined structure and composition of the board plays a crucial role in risk governance. AC members have a significant responsibility in reviewing and overseeing risk factors as part of their mandate to oversee the financial reporting function, and their directive often extends to oversight of the ERM process as well. This requires well-informed directors who understand not simply financial accounting but have relevant experience and deep industry knowledge about the company’s specific risk factors and the experience to make judgments about how well management is identifying, prioritizing, and managing risks. For example, consider the adequacy of an AC that has the additional responsibility for cyber risk oversight that is composed solely of financial experts who may have no current understanding of the cyber risk landscape or impact of emerging technology on the protection of data to ask informed questions of management about risk detection and mitigation strategies. 

Leading Practices for Board/Committee Oversight  

The board should be responsible for setting and clearly articulating risk appetites and tolerance thresholds and ensuring management is operating within those boundaries. There are several steps directors should take to advise management on risk and strategic priorities. These include: 

• Establishing incentives to provide accurate reporting on risks to the organization 

• Remaining forward thinking and open minded as the business environment rapidly changes 

• Prioritizing ongoing education, including inviting experts into the boardroom (e.g., economists, cyber specialists, technologists, and others) 

• Taking a hands-on approach by engaging with stakeholders, leveraging technology, and performing site visits 

The AC’s oversight of ERM goes beyond oversight of management’s processes to stress testing those results to help ensure priorities are aligned, mitigation efforts are sound, and the company can be resilient against new challenges. The AC should not only review the formal ERM processes performed by management but receive further reporting and updates at an established cadence throughout the year to enhance recurrent risk conversations. The Audit Committee Practices Report indicated 49% of boards discussed ERM monthly, as opposed to the 28% and 20% who add it to the agenda semiannually and annually, respectively. Effective risk conversations have several key characteristics that include considering the company holistically, incorporating the organization’s strategy and planning processes, and collaborating with professionals throughout the organization. Additionally, these conversations may benefit from this list of questions every board should ask about risk management. 

Risk Mitigation and Preparedness  

Much like our own immune systems, organizations are much better prepared to respond to risks if they are generally healthy. If the fundamentals of a business are strong and if potential shocks to the system have been considered and prepared for in advance, the business will be much better positioned to survive.  However, in today’s fast-paced business environment, the speed at which risks can materialize has a significant impact on risk management, often requiring response within minutes rather than overnight. Boards should consider whether management is prepared to identify rapidly materializing risks and react swiftly to disruptions. Resilience programs such as business continuity, IT disaster recovery, and cyber incident response programs should be adequately resourced and include formal documented processes and responsibilities, scenario planning, and crisis simulations that are updated regularly. 

Governance Oversight Priorities   

BDO’s 2024 Board Survey identified the activities directors expect to spend the most time on next year: 

Specific Governance Activities to Strengthen Both Management and the Board 

Conclusion 

Effective risk management and resilience through ERM integration are essential for navigating the complexities of the modern business environment. By adopting leading practices, aligning with strategy, and prioritizing forward-thinking approaches, ACs can enhance their oversight capabilities and help ensure the long-term success of their organizations. 

Emerging Technology and Cybersecurity 

The expanded use of technology is transforming business operations, reducing costs, and enhancing human capabilities. The challenge organizations face is balancing innovation with risk management, focusing on efficiency, productivity, cybersecurity, data governance, and human capital impacts. 

Governance Structure and Composition 

The 2024 BDO Board Survey shows the priority emerging technology and cybersecurity have in boardrooms today. Directors identified “advancing the use of emerging technology” as the second most important strategic priority and “lagging implementation of emerging technologies” as one of the most significant risks. Cybersecurity was also in the top five strategic priorities and significant risks. Additionally, 50% of directors plan to increase investments in emerging technologies, and 41% intend to boost cybersecurity investment over the next 12 months. While some organizations may create additional board committees for technology and/or cybersecurity, many consider the AC the appropriate committee to oversee these areas, given its familiarity with the need for strong implementation and internal control environments designed to protect the integrity of information being used and generated by the company.  

As boards formalize their oversight response to evolving technology, they should consider committee capacity and expertise. According to the recent Audit Committee Practices Report, 58% of AC’s have cyber responsibility, followed by 25% retaining oversight at the full board level. Seventy-three percent of directors report discussing the topic quarterly, followed by 15% semiannually. Similar to the evolution of sustainability oversight, technology is integrated throughout the corporate environment (e.g., human capital systems, operations, supply chain management, third-party risk, and financial reporting). Collaborative oversight will be essential and may require assignment to one or more board committees depending on the significance and pervasiveness of the risks. 

There is an ongoing debate about whether to bring subject matter experts onto the board or to cultivate director “generalists” supported with focused continuing education, with no definitive best practice emerging. For example, while the SEC dropped its proposed requirement to disclose whether cybersecurity expertise existed within the board, the board may determine that having a cyber expert among them may still be warranted. However, we caution about deferring responsibility for significant risks to a single board member. There is also growing support for all directors to be “technology and cyber literate,” much like they should be financially knowledgeable, with many boards encouraging directors to achieve and maintain certifications in these and other significant risk areas. 

In response to the SEC’s cybersecurity disclosures, directors report obtaining external assessments and creating internal processes as the top two areas for improvement in their oversight of cybersecurity. This includes understanding what cyber incidents may be considered material to the business and how prepared the organization is to respond timely and effectively to a cyber incident when it occurs. Consider additionally Questions Directors Should be Asking in Their Oversight of Cyber Risk. 

What is certain is that directors should continue to educate themselves in emerging and dynamic areas, including AI/generative AI and cybersecurity to continue to inform appropriate dialogues with management and auditors. Subject matter specialists may be invited to board and committee meetings to provide education to bolster collective board knowledge and address identified director skill and knowledge gaps, as well as serving as trusted advisors. Often, while these sessions may be requested by the board or AC chair, many boards encourage attendance by all directors and certain members of management.  

Oversight of Generative AI 

Board oversight of generative AI should be considered as part of the broader ERM mandate. From recognizing strategic benefits to mitigating associated risks, the board can embrace AI by establishing a safe environment and a culture of trust that accelerates innovation while promoting long term success. The board of directors further plays a pivotal role in guiding the responsible and ethical use and strategic deployment of generative AI. The board may consider establishing a cross-functional AI team that includes the CIO, CISO, general counsel, and operations providing regular reporting to the board or oversight committee. 

From an AC perspective, many finance teams are identifying efficient AI use cases to help analyze financial information, detect trends, and identify anomalies in large data sets. By the same token, auditors are incorporating AI into their auditing methodologies and tools to drive efficient and effective audits and address audit risk.  

Regulators from government to industry are also keenly focused on the role that emerging technologies play in shaping business opportunities and risks to consumers and stakeholders. We encourage the AC to remain attentive to developing rules and regulations that may impact how their business chooses to integrate and use technology and the impact those choices may have on their stakeholders.  

Questions directors should be asking in their oversight of generative AI. 

• What are the company’s policies around the ethical use of technology? How are those policies monitored, and how often are they reviewed and revised? 

• What is the process for identifying effective use of generative AI? Is the organization monitoring industry and competitor uses? Do these uses align with strategic objectives and business goals? 

• What is the process for adopting innovative technologies from identification to selection, implementation, education to monitoring and compliance? Who is responsible and accountable? 

• What monitoring and compliance controls exist? How are instances of noncompliance reported and remedied? 

• What are the risks associated with generative AI use, and what controls are in place to mitigate these risks?  

• What controls does the company have around the reliability, accuracy, and consistency of its data? 

• How does the organization monitor (and who is responsible for) the regulatory environment to ensure compliance? 

• How is the company mitigating third-party risk? 

• How are we remaining current with respect to developing laws and regulations related to the use of AI?

AI Oversight in Financial Reporting and Use by the External Auditor 

With disclosure demand increasing, it is anticipated that stakeholders will expect similar information around technology governance and oversight to what they are receiving about cybersecurity. Directors should not only confirm the company has processes around technology risk management, strategy, and governance that are operating effectively, but also that the governance oversight is established, documented, reviewed, and revised frequently.  

A recent report The Rise of Generative AI In SEC Filings, states that almost two-thirds of Fortune 500 companies mention AI in their annual report on form 10-K, 11% specifically reference generative AI, and more than half have a risk factor citing AI. ACs should ensure consistent and balanced messaging on emerging technologies, considering the materiality to their business when making public disclosures, while also anticipating stakeholder demand for details on process and governance oversight. 

Underlying the financial statements, ACs should evaluate the impact of technology, including generative AI use in the financial reporting function. Three increasingly interdependent elements — technological efficiency, regulatory compliance, and talent — impact both corporate finance teams and audit engagement teams. Data governance challenges can increase the risk for potential reporting issues, errors, or unreliable insights. 

The PCAOB has started “limited outreach” to understand audit firm and public company perspectives on the integration of generative AI in audits and financial reporting. Findings suggest that the integration is falling behind operational and customer-facing areas for many companies, which was further supported by BDO’s recent Board Survey results. Similarly, while some audit firms have started to incorporate generative AI into their audits, it remains primarily for administration and research as firms proceed cautiously in their testing and vetting of innovative technologies. 

Meanwhile, stakeholder demand for adoption is high. BDO’s inaugural Audit Innovation Survey revealed that senior finance leaders say tech-savvy auditors increase trust and influence auditor selection, while acknowledging continuing challenges in audits as technology is implemented. More than two-thirds (69%) of respondents say established data governance and internal data management are a barrier to a smooth audit experience. ACs should continue to engage in discussion with external auditors, as well as internal auditors, around their use of technology, the associated benefits, and risks. 

The CAQ recently released a resource providing an overview of the technology and regulatory environment along with audit considerations for companies deploying generative AI. They also included sample use cases that may be useful for the AC in the evaluation and oversight of their own company’s generative AI deployment. 

Investor Expectations of Audit Committee Effectiveness 

The AC’s effectiveness is vital for robust corporate governance and investor confidence. While ACs are often assigned expanding responsibilities, they must not fall behind on the traditional mandate of their role. It is important to clearly define and regularly review the AC’s responsibilities and associated charter to ensure compliance with requirements, along with assessing the capacity and experience around expanded oversight responsibilities. 

Questions ACs should be asking about fulfilling investor expectations: 

• Is the AC fulfilling its requirements per applicable rules and regulations? 

• How does the AC determine effectiveness and independence of the external auditor? 

• Is our ERM process fit for purpose with respect to identifying and prioritizing emerging areas of risk? 

• Does the AC inquire about “close calls” – e.g., areas of focus by the external auditor that were considered but didn’t rise to the level of a CAM?  

• If applicable, is management’s remediation of deficiencies being done timely and effectively? 

• How is the AC leveraging internal audit (IA) for value creation and risk mitigation? 

• How often does IA revise their audit plan and update the AC on any deficiencies found? 

• What are the qualifications and experience of the IA team? 

• How is the AC ensuring collaborative input into the company’s disclosures? 

• What disclosure controls are in place, and how does the AC monitor effectiveness? 

• To what depth does the AC review, challenge, and approve items ancillary to the earnings release? 

• Do any/all directors sit in on earnings calls? 

• How does the AC ensure consistency around the company’s internal and external messaging? 

• How are AC members staying current with rules, regulations, and environmental trends? 

• What are the AC’s responsibilities beyond the core requirements, and does the AC have the capacity and experience to execute on them? 

• Does the company’s finance function need additional support? How and when was a gap analysis performed?

Oversight of Internal Audit 

Leveraging IA effectively can provide significant insights into the company’s operations and risk management processes, including emerging and high-priority areas such as AI, cybersecurity, and controls around non-financial data (e.g., sustainability metrics). The Institute of Internal Auditors has issued new Global Internal Audit Standards, effective January 9, 2025. These standards are designed to guide the professional practice of internal auditing and serve as a basis for evaluating the quality of the IA function by those in oversight roles (e.g., ACs). While not mandatory, the standards offer 15 guiding principles and essential conditions (i.e., activities of the board and senior management) that enable effective internal auditing. ACs can facilitate indispensable value from their IA function in several ways, such as: 

• Aligning expectations with the IA mandate 

• Setting clear IA authority, roles, responsibilities, and scope of services 

• Building an open and trusting relationship 

• Understanding the risk assessment process 

• Equipping IA with adequate resources and tools 

• Promoting the IA function 

• Assessing the performance of the Chief Auditing Executive (CAE) and IA function 

• Requiring the maintenance of a current IA charter for approval 

Best practices for the oversight of IA include regular reports to the AC to ensure continued alignment on audit strategy and goals, along with timely resolution of identified deficiencies before they become material issues. The PCAOB has also taken interest and added a mid-term project to consider updates to Auditing Standard 2605, Consideration of the Internal Audit Function. See the BDO Internal Audit Webinar Series and upcoming BDO in the Boardroom Podcast for discussions around emerging topics and best practices within the IA function. 

Oversight of Financial Reporting 

The AC plays a vital role in overseeing financial reporting quality and controls. Recent studies from Ideagen Audit Analytics and the Center for Audit Quality indicate that the number of financial restatements filed by SEC-reporting companies is at or near historic lows, likely the result of continued diligence around emerging risks and robust internal control environments. The AC should remain vigilant in these areas and sensitive to the impact macroeconomic and geopolitical factors will have on their companies, including but not limited to: political elections and potential changes in legislation, geopolitical and economic indicators ( e.g., inflation, interest rate changes, supply chain disruption, changes in tariff policies, war impacts) along with human capital matters associated with cultivating and retaining a skilled finance workforce.  

Regulatory Landscape 

The regulatory landscape is continually evolving, with robust SEC and PCAOB rulemaking agendas, enforcement actions, inspection findings, and litigation continuing to make headlines. The AC must stay informed about these changes and ensure compliance with new regulations, consider priority regulatory areas, and monitor the impact of legislation, as well as an upcoming transfer of executive power in the U.S. 

The PCAOB has prioritized transparent communication and continues to issue Investor bulletins, audit focus, and spotlight publications that ACs are encouraged to monitor. Some recent examples include the PCAOB’s information about their inspection activities that include observations, inspection activities from the past year, and inspection priorities for the upcoming year that can inform ACs in their oversight of the financial reporting and audit processes. The SEC also releases examination priorities and makes public recent comment letters issued to registrants.  

Fraud Risk 

Fraud risk evaluation and oversight are critical components of the AC’s responsibilities, and the current environment constitutes a heightened risk for organizations, including digitally enabled fraud. The PCOAB recently paused its significant proposed Noncompliance with Laws and Regulations (NOCLAR) auditing standard, but ACs should continue to stay informed and involved in this and other rule and standard setting. See the 2024 BDO Board Survey and the PCAOB’s recent Spotlight for discussion around solidifying a culture of compliance.  

Board’s Actions to Prevent and Detect Fraud 

Disclosure 

Recent SEC enforcement has focused on the adequacy of company disclosure controls under Exchange Act Rule 13a-15 and emphasized the need for comprehensive disclosure controls. The Division of Corporation Finance also continues its Disclosure Review Program. ACs should be aware of cited trends — e.g., misleading non-GAAP measures and ransomware attack disclosures — to ensure their company’s own alignment with regulatory expectations. 

Companies may consider maintaining a well-structured disclosure committee, which includes diverse management representation from various departments such as accounting, finance, IT, cyber, sales, and general counsel. ACs should monitor the disclosure committee’s recommendations to ensure transparency and regulatory compliance. Additionally, the AC should discuss disclosure of material judgments to understand exclusions and evaluate the necessity of included information. 

Disclosure alignment should be a priority in AC discussions, ensuring company-wide collaboration and consistency across sources that broadly include (but are not limited to) financial statements, MD&A, earnings releases, proxy statements, company websites, sustainability reporting, and marketing materials. ACs should frequently scrutinize noted comment letter areas and emerging risks, as applicable, such as: 

• China-related matters 

• Non-GAAP measures 

• Critical accounting estimates 

• MD&A 

• Revenue recognition 

• Financial statement presentation 

• Market disruptions 

• Cybersecurity 

• Supplier finance programs 

• Inflation 

• Other related rules (e.g., pay for performance) 

The AC should inquire about the rigor for how disclosures outside the financial statements (such as those related to earnings releases and sustainability reports) are verified for accuracy and consistency, including reviewing presentation slides and management’s commentary, while overseeing internal controls around non-financial metrics. 

The SEC recently disbanded their Climate and ESG Task Force stating the priorities were determined to be well integrated into overall company strategy and risk management. Additionally, the SEC’s new climate rules remain stayed and the issuance of anticipated new human capital rules are in question given the pending U.S. election transition. However, ACs should not lose focus as jurisdictions globally and locally are moving forward with significant reporting requirements that may impact a broad group of U.S. companies and will require significant action by management and oversight of the AC. ACs should discuss the emerging ESG disclosure landscape and company controls that are in place to monitor compliance as well as stakeholder sentiment, remaining attuned to verifiable data that reflect actual practices and do not mislead investors. 

Finance Function Talent Management 

The experience, effectiveness, interactions, and reporting of professionals in the accounting and finance functions serve as an important control in the oversight of financial reporting that the AC receives. In an environment where the war for talent continues, ACs should ensure they are evaluating resources and supporting the needs of the finance function in their companies.  

Oversight of the External Auditor 

Audit quality stems from the AC’s ability to exercise professional skepticism, including challenging assessments and estimates made by auditors and management. It is considered a best practice to build a strong professional relationship with their external auditors, which includes frequent, transparent communications about the audit, including:  

• Auditor independence 

• Scope, status and conduct of the audit,  

• Audit team and the audit firm including engagement team members’ experience, supervision and review,  

• Firm structure and potential impact on audit quality 

• Recent inspection results at the engagement level and at the firm level, and 

• Firm’s system of quality control  

See the PCAOB’s recent Audit Focus: Audit Committee Communications for reminders and common deficiencies in this area.  

SEC’s Office of Chief Accountant Paul Munter released this statement on the recent increase in deficiency rates found in audit inspections and the importance of the role of the AC in ensuring high-quality audits. 

The PCAOB has been active in its rulemaking intended to support the AC’s responsibility in oversight of the auditing function and selection and retention of auditors. This includes the recently adopted standards regarding the audit firm’s system of quality control, required firm reporting, and firm and engagement metrics, which at the time of publication are still awaiting SEC approval. Directors should remain knowledgeable about auditing standards and how those standards may impact the AC’s and management’s engagement with the auditors. Similarly, they should carefully consider proposed standard setting regarding the scope and procedures of financial statement audits, such as the PCAOB’s (NOCLAR) rules. A recent roundtable briefing paper may further impact how the auditor engages with the company, along with the types of controls and additional information that may become a required component of public company audits in the future. 

In September 2024, the PCAOB issued a spotlight focused on recent inspection deficiency findings with respect to auditor independence requirements and highlighted considerations for the AC particularly around its responsibility for the pre-approval of audit firm services, including but not limited to: 

• ACs are required to consider whether any services provided by the audit firm may impair the audit firm’s independence in advance. 

• ACs should consider whether the public company’s policies and procedures require that all audit and non-audit services are brought before the AC for pre-approval.  

• ACs should consider whether their auditor has implemented processes to identify prohibited relationships.  

• If the AC pre-approves services using pre-approval policies and procedures, the AC should consider whether the pre-approval policies and procedures are sufficiently detailed as to the particular services to be provided so that the AC can make a well-reasoned assessment of the impact of the service on the auditor’s independence.  

• Independence is a shared responsibility between the entity under audit, its AC, and its auditor. It is important for the company to have policies and procedures to proactively alert auditors to proposed or pending merger and acquisition activity that could have an impact on auditor independence. 

BDO is poised to release an audit committee pre-approval guide aid in early 2025 to be posted within the practice aid section of the BDO Center for Corporate Governance. 

As the regulatory environment continues to advance at a quick pace, ACs are being encouraged by regulators, auditors, and other stakeholders to be more engaged in the rulemaking and standard-setting process, as well as to remain active in the community establishing and discussing best practices. The PCAOB continues to be especially active in their board outreach and annually publishes high-level observations and key takeaways from their conversations with AC chairs. 

Conclusion 

The AC’s effectiveness is crucial for maintaining investor confidence and ensuring robust corporate governance. By fulfilling its mandate, adapting to evolving risks, overseeing the external and internal audit functions, evaluating significant risks (including potential fraud and emerging risks), and staying informed about regulatory changes, the AC can significantly contribute to the company’s success and the delivery of high audit quality to the markets. 

Written by Mike Stevenson, Amy Rojik and Lee Sentnor. Copyright © 2025 BDO USA, P.C. All rights reserved. www.bdo.com 

How MGO Can Help 

MGO can provide significant support to audit committees as they navigate their evolving priorities in 2025 through integrating ERM processes and addressing the dynamic risk environment that includes geopolitical factors, supply chain disruptions, and technological advancements. Our team can also assist in assessing and enhancing the composition of your board and audit committees to make sure your members have the relevant experience and industry knowledge necessary for effective oversight. Lastly, we can equip you with guidance on best practices for that board and committee oversight. Contact us to learn more.  

The post Top Audit Committee Priorities for 2025  appeared first on MGO CPA | Tax, Audit, and Consulting Services.

• Managing finances in the cannabis industry is complex — with strict regulations, evolving tax laws, and banking challenges.

• Outsourcing your accounting function can help you navigate compliance, manage cash flow, and streamline operations.

• Benefits include cost savings, access to advanced knowledge, and improved financial reporting.

—

As a professional in the cannabis or hemp industry, you’re navigating an evolving landscape filled with regulatory hurdles, cash flow challenges, and tax complexities. Whether you’re managing a cultivator, manufacturer, distributor, or dispensary, staying on top of compliance while scaling your business can be overwhelming.

Outsourcing your accounting offers a powerful solution — giving you access to extensive experience, strengthening internal controls, and allowing you to focus on strategic growth. But how do you know if it’s the right move for your business?

What Is Outsourced Accounting?

Outsourced accounting can have several meanings including: 

• Fractional or temporary controller 

• Special project accounting manager 

• Fractional CFO 

• Bookkeeper 

5 Reasons to Outsource Your Cannabis Accounting

Here are key signs that outsourced accounting could be the best next step for your cannabis company:

1. You’re Struggling with Tax Compliance and Complexities

Cannabis taxation is complicated, especially with IRS Code Section 280E limiting deductions. State and local tax requirements vary widely, and tracking inventory properly for cost accounting is crucial. If you’re spending more time deciphering tax laws than managing your business, it may be time to bring in consulting professionals who are knowledgeable in cannabis financial regulations.

2. Cash Flow Is a Constant Challenge

Managing cash flow, accounts payable, and payroll efficiently is critical to keeping operations running smoothly. An outsourced accounting team can implement financial controls, improve cash management, and help you meet payroll and tax obligations without stress.

3. Your Financial Records Need to Be Organized and Audit-Ready

Accurate financial reporting is essential for regulatory compliance, securing funding, and long-term success. If your accounting team is overwhelmed with day-to-day tasks and struggling to produce clear financial statements, an outsourced team can bring structure, accuracy, and transparency to your records — helping you stay compliant and prepared for audits or sophisticated investors.

4. You Have to Scale Quickly

As the cannabis industry grows, so do the demands on your financial operations. Whether you’re expanding into new markets, acquiring licenses, or preparing for investment opportunities, your accounting needs may fluctuate. Outsourced accounting provides the flexibility to scale up or down without the costs of hiring and training an in-house team.

5. You’re Concerned About Security and Fraud Risks

If your accounting team is small or handling the majority of the accounting duties, the risk of financial mismanagement or fraud increases. Outsourcing adds an extra layer of oversight — implementing stronger internal controls and reducing the risk of errors or financial misconduct.

How Outsourcing Can Benefit Your Cannabis Business

Here are some key benefits of outsourcing to help your cannabis business grow smoothly and stay compliant:

• Industry-specific experience: Work with professionals who understand the nuances of cannabis taxation, banking restrictions, and regulatory compliance.

• Stronger financial controls: Improve security, reduce fraud risk, and implement better cash management systems.

• Improved reporting and compliance: Maintain audit-ready financials and meet tax and reporting requirements with confidence.

• Scalability: Expand or contract your accounting support as your business evolves.

• Cost and time savings: Avoid the high costs of hiring full-time staff while gaining access to skilled and knowledgeable financial support.

How MGO Can Help

At MGO, we offer tailored outsourced accounting  and advisory solutions for the cannabis industry — providing the right-size support for your organization’s unique needs. Whether you’re looking to support your team with specialized knowledge or skills, manage day-to-day tasks, get assistance with regulatory compliance, or navigate complex transactions like M&A and capital raising, we’ve got you covered.

Reach out to our team today to learn how we can help streamline your accounting operations.

The post Is Outsourced Accounting Right for Your Cannabis Business? appeared first on MGO CPA | Tax, Audit, and Consulting Services.

• Watch for phishing scams, fake tax preparers, and misleading social media advice that can lead to fraud, identity theft, and IRS penalties.

• The IRS never contacts taxpayers through email, text, or social media — avoid clicking on suspicious links or sharing personal information.

• Work with a trusted CPA to navigate tax filings, prevent fraud, and resolve IRS issues while maximizing legitimate deductions and credits.

—

Tax season brings the challenge of filing returns and the growing risk of fraud targeting individuals and businesses. Each year, criminals refine their tactics to steal personal and financial data — often posing as legitimate entities like the IRS or tax professionals.

The IRS Dirty Dozen list highlights the most common tax scams of the year, helping taxpayers recognize and avoid financial traps. Falling for one of these schemes can result in identity theft, fraudulent tax filings, penalties, and unexpected liabilities.

MGO helps individuals and businesses navigate tax complexities while offering guidance on fraud awareness and prevention. Below, we break down some of the top tax scams of 2025 identified by the IRS and how you can safeguard your finances.

1. Phishing and Smishing Scams

How the scam works: Cybercriminals pose as the IRS, financial institutions, or tax professionals through fraudulent emails (phishing) and text messages (smishing) to steal Social Security numbers, banking details, and other sensitive financial information. These scams often create a sense of urgency, claiming that your tax refund is at risk or that you owe money to the IRS.

How to stay safe:

• The IRS does not start contact with taxpayers through email, text, or social media to request personal or financial details.

• Never click links, open attachments, or respond to messages from unknown sources.

• Reporting phishing attempts to phishing@irs.gov will help prevent others from falling victim.

2. Social Media Tax Misinformation

How the scam works: Misinformation about tax credits and filing tactics spreads rapidly on social media platforms like TikTok, Twitter, and Facebook. Fraudsters encourage users to send false deductions, inflate income, or improperly claim credits to increase refunds. Falling for these schemes can result in audits, penalties, or even legal consequences.

How to stay safe:

• Only take tax advice from certified professionals or official IRS resources.

• Be cautious of viral tax “hacks” or methods promising unusually large refunds.

• If unsure about a tax strategy, consult a CPA before filing.

3. Fake IRS Online Account Assistance

How the scam works: Scammers posing as IRS representatives or tax preparers offer to help set up an IRS.gov online account. They use this opportunity to steal login credentials and file fraudulent tax returns in the victim’s name.

How to stay safe:

• Create and manage your IRS online account independently at IRS.gov.

• Never share login details with unverified individuals or third parties.

• If you suspect unauthorized access to your IRS account, report it at once.

4. Fraudulent Charities

How the scam works: Scammers exploit natural disasters, economic hardships, or trending causes by setting up fake charities that ask for donations. These fraudulent organizations steal money and personal information, leaving taxpayers at risk of financial loss.

How to stay safe:

• Verify charities through the IRS tax-exempt organization search tool before donating.

• Avoid making donations via wire transfers, gift cards, or cryptocurrency.

• Keep detailed donation records for tax reporting purposes.

5. False Fuel Tax Credit Claims

How the scam works: The fuel tax credit is intended for businesses that use fuel for off-highway purposes, such as farming and construction. However, some promoters mislead taxpayers into believing they qualify — leading to improper claims and IRS penalties.

How to stay safe:

• Confirm your eligibility for the credit with a tax professional before filing.

• Be cautious of tax preparers promising significant refunds based on fuel tax credits.

• Filing a false claim can trigger an audit and result in fines or repayment demands.

6. Ghost Tax Preparers

How the scam works: Ghost tax preparers refuse to sign returns, often submitting fraudulent claims without the taxpayer’s knowledge. They typically promise inflated refunds and charge fees based on refund amounts, leaving the taxpayer accountable for inaccuracies.

How to stay safe:

• Only use tax preparers who provide a preparer tax identification number (PTIN) and sign the return.

• Be cautious of preparers who request you to sign a blank or incomplete tax return, as this could be called fraudulent activity.

• Request a copy of your filed return and review all details before submission.

7. Spear Phishing and Business Scams

How the scam works: Cybercriminals target businesses and tax professionals with spear phishing scams, sending highly customized emails impersonating vendors, employees, or clients. These emails have malicious links or requests for sensitive financial information.

How to stay safe:

• Always verify the sender’s email address and be cautious of unexpected requests for financial details.

• Implement multi-factor authentication for financial and business accounts.

• Educate employees on finding phishing emails and encourage them to report any suspicious activity at once.

8. Misleading “Offers in Compromise”

How the scam works: Some companies aggressively market “tax debt relief” services, falsely claiming they can settle tax debt for “pennies on the dollar” through the IRS Offer in Compromise Program. Many taxpayers do not qualify for this relief, yet these firms charge hefty fees upfront without delivering results.

How to stay safe:

• Use the IRS offer in compromise pre-qualifier tool to decide eligibility before seeking outside help.

• Be wary of any company that guarantees tax debt forgiveness without reviewing your financial situation.

• Work with a licensed CPA or tax professional for legitimate tax resolution strategies.

Protect Your Finances

Tax fraud is constantly evolving and falling victim to a scam can lead to financial loss, identity theft, and unnecessary stress. Facing these risks alone can be overwhelming, but you don’t have to navigate tax season on your own.

At MGO, we do more than file tax returns — we help you avoid fraud and protect your financial security. Our tax and fraud prevention services include:

• Fraud risk assessments: We help your business detect and prevent financial fraud.

• Tax compliance and planning: Our team confirms your tax filings meet IRS guidelines while maximizing benefits.

• Audit representation and resolution: If the IRS contacts you, we help in resolving issues efficiently.

Whether you’re an individual taxpayer or a business owner, MGO provides the insights and support to help you make informed decisions, avoid fraudulent schemes, and maintain compliance with IRS regulations. Our team is dedicated to keeping you aware of emerging tax threats and helping you take proactive steps to safeguard your financial future. Connect with our Tax team today to find out how we can support you.

The post 8 Top Tax Scams to Watch Out for This Year appeared first on MGO CPA | Tax, Audit, and Consulting Services.

• To stay compliant, it’s important that you maintain accurate records, robust internal controls, and ongoing employee training.

• Risk mitigation is key, and proactive measures such as whistleblower hotlines and internal audits can help identify and address potential violations early on.

• Legal adherence is also important — make sure your compliance program aligns with all DOJ and SEC regulations to avoid severe penalties.

—

The Foreign Corrupt Practices Act (FCPA), a U.S. law enacted in 1977, targets bribery and corruption in international business transactions. The FCPA generally applies to any U.S. business entity but becomes more relevant to companies operating in foreign countries and certain foreign companies operating in the United States. The law’s accounting provisions require entities covered by the FCPA to keep accurate books and records and maintain adequate internal accounting controls. 

The Securities and Exchange Commission (SEC) and U.S. Department of Justice (DOJ) enforce the FCPA. Violations of the FCPA can result in fines, penalties, and criminal charges. Enforcement of the FCPA has increased considerably over the past decades, and both the DOJ and the SEC have expanded their roles from enforcer of anti-bribery laws to compliance regulators. Both private and public corporations are increasingly expected to adhere to a specific standard of FCPA compliance and are expected to have compliance programs that are effective and hold up to DOJ’s scrutiny. 

U.S. companies operating on the international playing field and foreign companies operating in the U.S. are both subject to the FCPA. In recent years, penalties exceeding $2 billion have been assessed against companies for FCPA violations. In 2023 alone, the SEC’s Division of Enforcement filed 784 enforcement actions, obtained nearly $5 billion in financial remedies, and awarded nearly $600 million to whistleblowers who reported their employers’ illegal activity. In this article, we provide insights into dealing with violations and offer practical ideas for mitigating risk. 

Addressing FCPA Risks 

The path to FCPA compliance is both proactive and reactive.  

A compliance program must align with the DOJ’s Evaluation of an Effective Compliance Program (as updated on Sept. 23, 2024), which serves as the Criminal Division’s guidance for prosecutors evaluating such programs. In addition, the DOJ has continued to enhance its expectations around effective corporate compliance by creating additional incentives for individuals to report information about criminal conduct directly to the DOJ. 

Determining if your company’s compliance program is well designed, resourced, and working provides a basis for evaluating the program’s effectiveness. Strong internal controls and whistleblower hotlines can help organizations identify and address problems at the earliest stages, which may then allow the organization to self-report to the SEC and the DOJ. A robust compliance program that also includes ongoing employee training can reduce the potential for FCPA violations.  

Discovering FCPA Violations 

Although effective internal controls and continuous monitoring of certain activities or transactions might catch potential acts of non-compliance, FCPA violations may come to light through various channels, including the following:   

• Whistleblower hotlines: Employees may report potentially illegal or non-compliant activities through their organization’s whistleblower hotline or other reporting mechanisms that allow them to anonymously share their concerns about potential illegal acts, including FCPA violations. Routine monitoring, triage, and escalation of these reporting channels can increase an organization’s opportunities for early identification of potentially illegal activities. 

• Employee exit interviews: Some employees may feel uncomfortable discussing their observations of allegedly illicit activity while still employed or, in certain instances, may not know about the organization’s whistleblower mechanism. Others may innocently report on illegal transactions during an exit interview. Finally, some may be unaware of the appropriate whistleblower mechanism in place. Information that comes to light during employee exit interviews must be appropriately triaged and forwarded to the proper internal parties.   

• Internal audits: Companies may develop and maintain protocols designed to uncover potential regulatory violations or non-compliance, including internal controls evaluations; financial record reviews; third-party due diligence investigations; reviews of gift, travel, and entertainment expenses; and employee training opportunities. 

• Routine business activities: During the regular course of business, an organization’s employees may notice suspicious activities that require further review. In some cases, the information may pass through the normal chain of command until a reasonable explanation is offered or an internal investigation is triggered. 

• SEC or DOJ notifications: Occasionally, the SEC or DOJ will have been notified of potential illegal activities through their respective whistleblower awards programs: the SEC Whistleblower Program and the DOJ’s Corporate Whistleblower Awards Pilot Program. In such instances, both agencies can initiate contact with an organization through informal means, such as phone calls or emails. More formal notifications — such as a Wells Notice, a Target Letter, a subpoena, or a civil complaint — alert an organization that an enforcement action is imminent or ongoing.  

Regrettably, an organization’s first notice of an FCPA violation may arrive as a result of a whistleblower report made directly to the SEC or DOJ or arise from another investigation implicating a different organization. Both the existing SEC and new DOJ whistleblower programs have further incentivized individuals to notify them of potential illegal activities and violations.  

Understanding SEC and DOJ Whistleblower Programs 

Reports of suspicious activity received through internal channels can be evaluated through substantive internal investigative work; self-reporting may then become an option. However, possible illegal behavior can be directly reported to regulatory bodies — and updated FCPA and anti-bribery anti-corruption regulations have made the process easier and more lucrative for whistleblowers. 

The SEC’s whistleblower program, created by the Dodd-Frank Act, encourages individuals to report illegal activities directly to the SEC. In return, people who divulge high-quality information that leads to an SEC enforcement action may receive between 10% and 30% of the money the SEC collects. For example, the SEC announced in August 2024 that it will be awarding two whistleblowers the sums of $4 million and $20 million, respectively, for their pivotal roles in an SEC enforcement action. 

The DOJ’s Criminal Division Corporate Whistleblower Awards Pilot Program is designed to mirror and supplement other successful whistleblower programs managed by the SEC, the Commodity Futures Trading Commission (CFTC), and the Financial Crimes Enforcement Network (FinCEN) and is specifically targeted at private non-public health care programs, privately held companies and others that are not publicly traded as well as cryptocurrency businesses. Information provided by the whistleblower through this program is intended to fill the gaps in other agencies’ whistleblower programs by advancing criminal investigations and prosecutions pertaining to compliance violations by financial institutions, foreign and domestic corruption, including violations of the FCPA and Foreign Extortion Prevention Act (FEPA), as well as specific health care fraud that is not covered by the False Claims Act qui tam program. Similar to other programs, the whistleblower may receive a percentage of any civil or criminal forfeitures that result from a successful DOJ prosecution. However, certain conditions will apply. Additionally, the DOJ may decline to prosecute companies that voluntarily self-report potential violations in a timely manner. 

Whether the FCPA violation is discovered through an internal or external channel, the organization’s leaders must respond in a manner that can withstand the scrutiny of investigators and be responsive to the organization’s stakeholders. 

Making an Organized Response to an FCPA Violation 

Reacting to a potential FCPA violation appropriately and in a defensible manner can significantly impact the outcome, the decision to self-disclose, and the resolution of the matter. In addition, amendments to the Corporate Whistleblower Awards Pilot Program give companies 120 days to self-disclose from the point of receiving a whistleblower allegation in order to benefit from the program’s presumption of declination (subject to other qualifying elements). An orderly response to any allegation often stems from plans established well before an incident occurs. Given the implications of self-disclosure, whether formal protocols are in place or not, the following eight tasks should be considered part of an organization’s course of action after learning of a potential FCPA violation:  

1. Notify the Legal Department: A company’s general counsel or outside counsel should be involved as soon as an FCPA compliance issue is suspected or identified. Not only can counsel provide legal guidance at the outset of the process, but their work is generally protected by attorney-client privilege and the work-product doctrine. Early access to the situation can also help prepare counsel for any internal investigations or litigation that may arise from the incident, as well as providing the background information needed to make an informed decision regarding self-disclosure. 
2. Identify the parties involved: Although the investigation process will be fluid and expanding, it’s crucial to gain an early understanding of the parties within the organization who were involved with any suspicious payments or activities. Learning who knew of and authorized the payments in question may significantly impact the scope of any current or future investigations. 
3. Capture the data: One of the first things legal counsel will typically do is issue a legal hold to anyone associated with the identified potential issue or with knowledge about any transactions. This notifies them to preserve certain items that could be evidence that is needed during an investigation. These types of litigation holds are instrumental in gathering the facts and circumstances needed to understand a potential FCPA non-compliance.  
4. Consider hiring independent expertise: Navigating potential FCPA violations requires the knowledge of complex laws and regulations that outside counsel may provide. Such expertise can assist in the investigative process and during potential interactions with the regulatory and enforcement authorities. In addition, evaluating the facts and circumstances surrounding any suspicious transactions will likely require the type of deep dive into the organization’s accounting systems and internal controls that typically is best handled by forensic accounting and investigations professionals.  
5. Perform a preliminary investigation: Forming a plan of action requires knowledge of the facts and circumstances surrounding the suspected illicit activity. Consider using internal groups, such as the audit department, to gather transactional data for review. Be mindful of the independence of the internal team(s) used to perform such a preliminary review, as this might impact the reliance on their findings. 
6. Inform key stakeholders: It is critical to inform the organization’s Board of Directors and Audit Committee about the possible incident early in the process. In addition, briefing the auditor can help them understand the company’s response to the allegations, as well as the potential impact on the current or past audits and help address the auditors’ obligations when such a disclosure is made.  
7. Assess the organization’s compliance programs: The strength of an organization’s compliance program may affect the outcome of an SEC or DOJ investigation. Questions regarding the effectiveness of the compliance program should include: Does the program include up-to-date training in FCPA compliance for employees? Is a whistleblower hotline in place? Has the organization engaged in due diligence for resellers and third-party vendors? Evidence of attempts to maintain good corporate governance can mitigate penalties in most cases. 
8. Keep communication channels open: In situations such as this, the organization’s reputation and financial well-being are at risk. As the investigation proceeds, communicate frequently with key stakeholders, including the Audit Committee, the Board of Directors, the C-suite, the Human Resources Department, compliance leadership, and the company’s auditors.  

Independent and thorough investigation of an FCPA violation demonstrates an understanding of the importance of internal controls, compliance programs, tone at the top, and training. Additionally, an organized response aids company leaders in developing a well-documented and defensible response to inquiries from government regulatory bodies. The results of an internal investigation may also steer the company toward self-reporting the incident through proper channels. 

Mitigating the Risks of Future FCPA Violations 

Assessment and remediation after a regulatory investigation can enhance an organization’s compliance program and, despite the human error element, can help reduce the risk of future violations. Taking a proactive approach can result in a robust compliance program that is rigorously enforced, updated, and maintained, signaling a developed culture of compliance within the organization. While there is no guarantee of leniency, the SEC and DOJ do consider the existence and effectiveness of compliance programs when determining penalties for FCPA violations. 

Organizations may focus on several key areas to mitigate potential FCPA risks, including the following: 

• Compliance program maturity: An organization may begin by evaluating the maturity of its compliance program, focusing particularly on whether the program addresses its true compliance risks. Efficient allocation of limited resources hinges on a thorough review of the current compliance program to expose any existing vulnerabilities. 

• Transactions monitoring: Failure to implement strategies and technology for data analytics and continuous transactions monitoring can be costly in the long run when not aligned with current regulatory expectations.  

• Reporting mechanisms: Employees need an accessible, confidential way to report potential violations. A working whistleblower program or similar mechanism is a critical part of an effective compliance program. 

• Training: Up-to-date training about FCPA compliance for employees and third parties not only can decrease the risk of non-compliant behavior but also demonstrates to regulators the organization’s proactive manner of addressing these risks. 

• Third-party due diligence: Organizations generally are held accountable for FCPA compliance failures that occur through third parties, including vendors and resellers. A thorough due diligence process is a must. Noncompliant and ill-trained third parties — especially when weak compliance measures are in place — can result in significant fines and legal action against the organization. 

Compliance is a critical component of ethical business conduct, relying on thorough assessment of an organization’s processes to help ensure alignment with laws and regulations. 

Is Your Organization Prepared to Manage FCPA Compliance? 

Swift, decisive action is necessary when an organization identifies a potential FCPA violation. However, a robust compliance program can proactively address the risks associated with doing business in today’s strict regulatory landscape.  

Our Forensics team members have the experience and skill to assist in both proactive and reactive situations. Before trouble strikes, we can conduct strategic evaluations of your organization and your compliance ecosystems to address overall risk. We also can help prepare your response to government enforcement and inquiries from the DOJ, SEC, or foreign regulators.  

Our professionals come from forensic, accounting, regulatory, investigative, enforcement, litigation support and operational backgrounds, with extensive experience working with counsel and regulators. As accountants and forensic specialists, we can help you navigate highly technical and operational elements in a manner that is effective, defensible, and responsive to regulatory standards and expectations. 

Written by Didier Lavion. Copyright © 2024 BDO USA, P.C. All rights reserved. www.bdo.com 

How MGO Can Help 

MGO’s team of forensic accountants can assist you in navigating the complexities of FCPA regulations, making sure you implement and maintain robust compliance programs. From conducting internal audits and risk assessments to developing whistleblower programs and providing employer training, we can provide you with tailored solutions to help your organization proactively manage the full spectrum of FCPA risks.

By leveraging our deep industry experience and regulatory insights, you can enhance your internal controls, respond effectively to potential violations, and safeguard your operations from costly penalties. Contact us to learn more.  

The post FCPA Compliance: A Practical Guide for Identifying and Mitigating the Risk of Violations appeared first on MGO CPA | Tax, Audit, and Consulting Services.

• Audit services are crucial for cannabis businesses to navigate industry changes, especially with potential rescheduling on the horizon.

• Audits can help strengthen your position in M&A deals by providing financial transparency and uncovering hidden risks or opportunities.

• Comprehensive audits enhance operational efficiency, prevent fraud, and prepare businesses for evolving regulatory frameworks.

~ 

With the potential for rescheduling continuing to move forward, companies and investors need to assess the opportunities that may emerge in the cannabis industry. Have you considered how audit services can help your company thrive in this changing environment?

Here are some key areas where audit services may be beneficial:

Strategic Positioning for Mergers and Acquisition (M&A)

Whether you’re buying or selling a cannabis business, audit services can significantly strengthen your position. By demonstrating financial transparency to potential buyers, you can potentially improve your pricing and valuation. Additionally, streamlining due diligence can shorten the time to close deals and uncover any accounting irregularities or hidden risks — such as tax exposure or liabilities.

Operational Excellence

An audit isn’t just about numbers; it’s about enhancing your business operations. Identifying areas to streamline and reduce costs can lead to significant savings. Moreover, uncovering inefficiencies in your cash flow management and receiving recommendations to enhance your internal controls can improve your overall business efficiency.

Fraud Prevention and Detection

Protecting your business and assets is crucial. A comprehensive examination of your financial records can reveal potential vulnerabilities and spot red flags that may indicate fraudulent activity. Based on audit findings, you can implement stronger safeguards to protect your business.

Regulatory Readiness

While rescheduling may ease some burdens, it could introduce new regulatory frameworks. An audit can help you assess your current compliance status and identify areas that may need attention under potential new regulations. This positions your company to adapt quickly to regulatory changes.

How MGO Can Help

With a dedicated Cannabis practice and personalized audit and assurance solutions based on your needs, we can help you navigate the evolving landscape of the cannabis industry with confidence. Schedule a consultation with Cannabis Industry Leader Scott Hammon today to discover how our audit solutions can benefit your business.

The post How Audits Can Help Your Cannabis Company Prepare for Rescheduling appeared first on MGO CPA | Tax, Audit, and Consulting Services.