Home » Uncategorized » Audit Risk Red Flags: The Inside Story

Audit Risk Red Flags: The Inside Story

No company is safe against an unclaimed property audit.

As states struggle to balance their budgets, they increasingly look to generate revenue by enforcing unclaimed property laws — a great way for states to bring in money without raising taxes. As a result, states are conducting an unprecedented level of unclaimed property audits. In addition, more states are using third-party audit firms to track down unclaimed property holders. For companies, that means more scrutiny and surprise payments if a state decides you owe them past due unclaimed property amounts. Because of this, the question chief executives must ask themselves is not “Will my company be audited?” but rather “Are we prepared to address and survive an audit when it happens?”

If your organization has never been audited, the chances are now greater that it will be given the current economic environment. The problem is that most companies don’t have policies and procedures in place for handling unclaimed property until it’s too late and as a result, states are finding they have more to gain by conducting new unclaimed property audits than they do in conducting follow-up reviews. It’s also important to keep in mind that even if one or more states has already audited your company, that does not preclude additional states from following their lead and doing the same thing.

There are two key reasons every CEO should pay attention to unclaimed property. First, as the chief executive, you are always focused on what reputational risks exist for the company if an audit or a lawsuit by a state would occur. You may not think of an unclaimed property audit as something that could damage your company’s reputation or even be material to your company’s balance sheet. But think again! Take for example, Staples, who recently filed a lawsuit against the State of Delaware. In a recent audit of the company, Delaware calculated Staples owes it $3,962,750 in past due unclaimed property claims. In another instance, CA, Inc., a multinational computer software corporation, was found to owe the State of Delaware $17.6 million for under-reporting amounts determined under the abandoned property law. Iowa recently announced a $22 million settlement agreement between Sprint and 36 states for unclaimed property arising from uncashed consumer rebate checks. And, let’s not forget that in 2006, Waste Management, Inc. paid $20 million before taxes to settle unclaimed property obligations stemming from issues that go as far back as 1980!

Second, state unclaimed property audits can extend beyond a company’s general ledger and into the registered shareholder data. Companies that act as their own transfer agent and manage their registered shareholder data have always understood this risk. But recent audit data requests now include records that reside at a company’s external transfer agent. Such audits are targeting dormant stock accounts, uncashed dividends, un-exchanged shares from mergers or acquisitions, and even “inactive” accounts – which can be difficult to define and manage. As a result, chief executives need to be well-versed in unclaimed property and proactively managing compliance to prevent their shareholders’ accounts from becoming inadvertently caught up in the various state laws.

Common Red Flags

There are some key red flags or audit triggers the states look for, as well as other circumstances and operational procedures that can increase the risk of an audit. It’s important for CEOs to be aware of these common red flags and to weigh the risk of audit their organization faces.

The most basic risks are easy for you to spot:

Where is your company incorporated?

A company’s state of legal incorporation is the state that benefits the most from an unclaimed property audit. In addition to the right to demand property with last known addresses within the state, the domiciliary state can also extrapolate back to include periods for which records are no longer available. This results in significant revenues to boost their state budgets. Consequently, states such as Delaware, which is domiciliary to numerous companies, are aggressively pursuing unclaimed property audits.

When was your company incorporated?

A company’s date of incorporation is a critical factor in assessing the risk for unclaimed property audits. Newer companies are at a distinct advantage when it comes to avoiding audits as a company that was incorporated in 2005, cannot have more than five years worth of accumulated unclaimed property. This makes most young companies a bad risk for auditors since they would likely be wasting their time on an audit that will produce very little monetarily – therefore, states and independent third-party auditors will focus on older companies that have longer track records.

The primary concern for most older companies is the “look back” period of the auditing state. This will determine the maximum scope of the audit in terms of how many years of reporting history they are examining. For example, Delaware audits can be conducted as far back as 1981. Obviously, an audit covering nearly 30 years can add up to serious dollars if the company’s reporting practices were sub-standard. It’s worth nothing that many companies think they will be “saved” because they don’t have accounting records for more than a few years, but rest assured the states have addressed this issue by using a practice called extrapolation.

What is extrapolation? Simply stated, the auditors will review the existing books and records to establish a baseline percentage or level of unreported liability and then extrapolate that amount backward to each of the years for which no records exist. As you can imagine, these types of calculations have cost companies millions of dollars in unexpected liability.

Is your company centralized or decentralized?

The decentralization of books and records can lead to inconsistency in accounting practices and ultimately, underreporting. It is for this precise reason that states target these types of companies for audits – especially companies that are decentralized because of a merger or acquisition. Because they are naturally more complex, companies with decentralized accounting processes can expect audits to consume more time and resources. The more records there are to review, the more time an unclaimed property audit will consume.

The complexity also makes it hard to control and reduce the impact of an audit. For companies who don’t know this, an audit can be even more devastating because they will most likely over-report in an effort to be cooperative. For example, a decentralized Fortune 500 chemical company recently engaged our organization for audit support. Auditors identified accounts payable, payroll and rebate programs with initial liability of $5.4 million. After conducting an independent review on behalf of the company, we were able to provide guidance that resulted in a 92 percent liability reduction. Had the company simply accepted auditors’ initial audit findings, their bottom line would have been reduced by millions of dollars. The best practice of decentralized companies is to coordinate around a common set of policies and procedures (see below). This will increase the chances that holes in the process are eliminated and that outstanding liabilities are correctly identified and reported – both of which reduce the potential for fines and penalties.

Our essential practice for decentralized companies is to establish periodic checklists or sign-offs. If your company does not have month-end or quarterly checklists or sign-offs, it might be worthwhile to include them in the company’s financial reporting package. Typically in a decentralized environment, each group must sign-off on their activities and transactions each quarter or month. This best practice goes hand-in-hand with SOX sign-offs and, if not already in place, may be combined with them. This is a basic reconciliation practice for accounting personnel to make sure books and records are accurate.

Does your company have written policies and procedures to ensure compliance?

Most companies don’t have policies and procedures in place for handling unclaimed property until they’re subject to an audit and are forced to develop them. Yet, every company should have written policies and procedures for handling all potential unclaimed property from disbursement of checks through filing of reports. It is simply a matter of being proactive with customers, employees and vendors and making sure they manage the financial balances that are on their accounting books and records.

Auditors will request and review such policies to determine whether your business and designated service providers operate under a “culture of compliance.” Without these, compliance efforts will lack consistency, leading to overlooked property types and unaccounted for exposures and liabilities. For example, when a company is selected for an audit, they request two things: 1) copies of unclaimed property reports they had been filing to the state, and 2) copies of their written policies and procedures. Most companies don’t have both.

How many states does your company report to?

The number of states to which your company is reporting should be consistent with the size and nature of your business. If you are conducting business with a national customer base or a regional supplier base, yet only reporting property to a single state, other states will identify your organization as an audit target.

    Common mistakes include:

  • Reporting only to state of incorporation
  • Reporting only to state where your headquarters is located
  • Reporting to states that send you information in the mail

Each of these is incomplete and incorrect. The determining factor is the address of record WHERE the customer, shareholder or business partner that is owed the property was last known to reside or operate.

Does your company file negative reports?

Filing negative or zero reports is appropriate if your company conducts a thorough records review and finds that it has no reportable liability. If your organization has not conducted such a review, and the state determines there is liability, your company could be charged with engaging in fraudulent business practices. In this circumstance, again, states may assess interest and penalties.

The best practice is to conduct a thorough review and then file negative reports. This illustrates that your firm has a strong grasp on unclaimed property principles and is one additional indicator that you operate in a compliant manner and are not the best target for an audit.

Does your company ever write off unclaimed property liabilities?

The practice of writing-off liabilities as income or to bad debt is a common practice among many businesses, but it is a red flag for auditors. Such a practice circumvents the unclaimed property laws. States auditors will identify those items and presume them to be abandoned property, and will employ look-back and extrapolation techniques to maximize the amount of liability.

For example, we helped one client review potential business-to-business credit balances of $5 million dating back to 1991. The company had an accounting practice of taking these balances to income rather than accounting for them as unclaimed property. While we were able to step in and effectively reduce the actual company’s liability by $2 million, they still showed a significant past-due amount to their state of incorporation. These types of mistakes are the most glaring and where fines and penalties are common.

Has your company previously filed a voluntary disclosure agreement (VDA)?

Filing a VDA will allow your company to voluntarily come into full compliance while avoiding the fines and penalties associated with overdue filings. A VDA can also reduce the period for which your company has to report on property. If your company has not previously filed a VDA in a state, it may have the opportunity to do so now.

The benefits can be significant. For example, in one case, after reviewing the company’s books and records Keane assisted management with filing the VDA that was accepted by the state. The VDA accomplished waiving all applicable interest and penalties and provided the client with significant savings given the limited reach-back (number of reporting years) achieved through the VDA. In a second case, we learned that the client had unreported obligations in 49 states. The analysis identified over $7 million in past-due property that carried a potential interest penalty of $17.4 million. Our consultants helped the firm structure and file voluntary disclosure agreements to avoid fines and penalties. The initial obligation was reduced by 83 percent. More valuable, however, was that the company avoided 81 percent of the potential interest penalties.


No industry is “safe” from an unclaimed property audit; therefore it is important for CEOs to pay attention to some of the most common audit triggers to identify where holes might exist within their organization and what can be done to successfully prevent an audit. By putting the proper procedures and controls in place, CEOs will not only be able to mitigate and minimize audit risk, but they will also better maintain the stock price, protect shareholder interests and preserve the organization’s reputation.

Dorothy Flynn is CEO of The Keane Organization a Wayne, PA-based provider of specialty risk and compliance services.

About dorothy flynn