Earlier this year, a company approached us after identifying some unusual checking activity while their bookkeeper was out of town for a week at training. They asked us to come in to look at all of the activity and determine if their accounting records were accurate. One of our accounting managers went to their office the following day to review the books (while the bookkeeper was still away at training) and identified that the bookkeeper had been colluding with a vendor to issue fraudulent payments and splitting the proceeds.
Needless to say, the company fired the bookkeeper for theft. The company requested that our accountants take over the role until they could find a replacement and we have continued to provide ongoing internal control accounting support to the company, including oversight for the new bookkeeper.
As a business owner, often your main focus is on the operations of the business. We have worked with several business owners who did not make financial information a priority, instead of focusing only on revenue. We work with other business owners who also recognize the importance financial statements play in understanding the state of the operations of their assets; however, with the best of intentions, they delegated the accounting work to an available employee (such as an office manager or admin), or to a bookkeeper with little to no accounting background, while providing no oversight at all.
How to Protect Your Business From Employee Fraud
Employee fraud is more common than you may think, with small organizations (those with fewer than 100 employees) being the most common victims of organizational fraud. As a business owner, you have to take the necessary steps to ensure you’re protected.
Here are 5 ways to improve internal controls and oversight within your organization to help protect your business from employee fraud:
1. Segregate Accounting Duties
Small businesses usually depend on one employee or a bookkeeper to ensure the process in all aspects of the accounting process, including authorization, execution, custody, and posting of transactions. Ideally, the processing of cash receipts and payments will be separated, with segregation of duties with different people approving invoices, preparing checks, signing checks, and reconciling the bank accounts. Allowing one individual to handle cash or checks received, the deposits, and the posting of payments in the system increases the risk of fraud. These processes should be segregated among different individuals. If this is not feasible for your organization, it is advisable to rotate individuals performing the above tasks periodically.
Additionally, you could use an AP risk and control matrix to help your company assess and minimize inherent risks resulting from faulty accounting data and residual risks, which can remain even with good controls. AP automation providers, like Sampli, can help companies prepare AP risk and control matrices by keeping detailed and easily accessible accounting data, which gives business owners and CEOs a complete picture of what they’re up against.
You could also consider the use of an online payment service that can be accessed anywhere and provide you with increased account control over the payment process. Bills and payments can be authorized conveniently prior to any cash disbursement. If your situation still warrants physical check policies, consider signing them yourself or authorizing an additional signer. Ensure objectives that the signer is separate from the person issuing the checks and that the signer matches the checks to invoices prior to mailing. Finally, be sure to store blank checks in a safe place restricting access to avoid risk.
2. Restrict Access to Financial Systems
The most common accounting software used by businesses gives its users the ability to edit and delete previous transactions which could lead to easy concealment of theft. Business owners should retain ADMIN rights (if possible) to the company’s accounting system and consider restricting user access to only areas necessary for their functions. This will help reduce the chances of an individual creating false entries and covering up their tracks. A review of voided and deleted transactions will show any adjustments or deletions and can be instrumental in exposing irregularities in procedures.
If approval rights are granted to an employee or bookkeeper in your online payment service, a review of credit memos should be performed to ensure the validity of issued credits and deter the creation of false credit memos to cover any intercepted cash.
3. Increase Oversight
Internal controls without oversight are not good enough. You, or a trusted resource, should diligently review bank statements, check or payment registers, and bank reconciliations regularly. Review payroll statements for phantom employees and unapproved raises, hours, or even expenses. Impress upon the employee the need to keep supporting documents and you should periodically review some transactions and supporting documents for validity and accuracy.
Most importantly, business owners need to follow policies and procedures to make it a priority to review financial reports and understand the trend and changes in the business’s financial data. There should be a focus on understanding month over month or quarterly fluctuations as well as variances between budget and actuals.
4. Have Financial Statements Reviewed by a Third Party
To support bookkeepers and other in-house accounting efforts, business owners should consider utilizing their CPA to periodically review the financial statements. An individual who knows that the work performed will subsequently be reviewed is more likely to be deterred from committing fraud. An outside accountant can be instrumental in identifying inaccuracies and inconsistencies in the financial records as well as helping business owners better understand the procedures of their financial data.
5. Require Employees to Take Vacation
In the client example mentioned earlier, the company identified the unusual checking activity while their bookkeeper was out of town for training. Embezzlement and other types of fraud require a constant paper trail cover-up in order to go undetected in accounting records. Therefore, business owners should insist that employees who perform the company’s accounting/bookkeeping duties take a vacation every year and designate a backup person to cover their responsibilities during that leave. Ideally, the vacation should be at least a week-long and occur over a month-end when the books are being closed.
We Can Help
Signature Analytics provides small and mid-sized businesses with the resources of a full accounting team on an outsourced basis, so our clients achieve effective segregation of accounting duties without having to hire additional full-time accounting staff. We ensure that all of our clients have preventative controls in place and provide an appropriate level of oversight and challenge for the company’s financial books and records.
To learn more about how Signature Analytics can help ensure your business is protected from employee fraud, contact us for a free consultation.