Provided by Steven M. Neher, CPA, Cordell, Neher & Company, Wenatchee Certified Public Accountant
We have all heard horror stories or read headlines regarding the 30 plus year bookkeeper, the disgruntled employee or the nephew that fell on hard times, each of which being charged with fraud, embezzlement or the like and the owner of the business perplexed as to how something like this could have happened. In September 2017, CNBC reported that theft by employees is a $50 billion annual crime in the United States. Whether small or large, business owners are focused on their operations, and the success of their business believing that their employees and bookkeepers are loyal to them and would never do them wrong, unlike those detailed in the news. Even the most unlikely of individuals can find themselves on hard times or in a situation in which stealing from an employer seems like the easiest and often only way out. Because of this, business owners should be focused on preventative controls rather than being the next big example of loyalty gone awry and their business on the brink of disaster. The following are some best practices, easy to implement, and generally not cost prohibitive.
Policies & Procedures
- Policies and procedures aren’t just for documenting how work is completed. They are for identifying responsibilities evaluating areas of risk to the business. Consider a policy defining specific channels of reporting suspected fraud. One of the best methods for identifying frauds is anonymous tips from employees, vendors, or customers.
Separation of Duties
- An individual employee should not be tasked with custody of checks, recordkeeping / bookkeeping and authorization or the ability to sign checks. These three together increase the susceptibility of fraud and embezzlement. Therefore, any employee should only have one to two of these responsibilities, with the others being assigned to another responsible person(s).
- Approval should be required by an authorized person. Payment of invoices should require originals of invoices and not copies, e-mails, or handwritten notes. It’s a good practice to require a monthly review of disbursements or expense details to ensure consistency and comparison to expectations for fluctuation in invoice amounts. Setting up specific managers to authorize purchase transactions and supervisory approval for payroll is also a good practice.
- Blank checks and / or signature stamps should be stored in a locked location, preferably the desk or office of the authorized signer. Checks should be signed manually. However, if signature stamps are used, be certain the authorized signer is the person tasked with stamping the checks or at least reviewing them.
- Invoices should be stamped “paid” and dated.
- Whether you’re using a cloud based or desk top accounting system, using access controls to restrict users access to multiple areas of your businesses accounting software reduces the risk of an individual covering their tracks by falsifying or deleting transactions. A business owner should have full control and approval rights. However, other employees rights should be limited, separating those with accounts receivable and payable and online pay services. Credit memos should be reviewed to ensure accuracy and that they are credited to the proper accounts and not received in cash.
Standardization of Documentation
- There are a plethora of forms available for purchase or download in work environments today. Having a standard office form for expense reports, invoices, requests for donations, inventory, etc. is essential in thwarting crime before it may happen. It provides ease to search for documentation and makes it easier for the authorizing person to spot inconsistencies before they occur.
Reconciliations & Change Reports
- Bank records, including credit cards, should be reconciled monthly and require a supervisory review. The review should be dated and initialed by the reviewer. Utilizing audit reports from vendors like QuickBooks® provides insight to changed or manipulated transactions.
- Ensure that errors or inaccuracies in your bookkeeping system are corrected timely and accurately.
- A physical count of inventory and comparison to the accounting systems report of inventory on hand assists with identifying potential theft of merchandise. These counts should occur at least quarterly, if not monthly.
Vacations and Cross-Training
- Ensure your employees feel they can (some experts would even say “must”) take a vacation and are cross-trained. Cross training provides a culture allowing an employee to feel cared for and to return refreshed. Employees that say they ‘don’t need a vacation’ may find it easier to always be there if they’re attempting to cover up an ongoing fraud and you have not implemented a strong segregation of duties. It is also an opportunity for you to provide a ‘job well done’ to employees that have both done their job well and cross trained another employee.
Though damages to your reputation or employee morale may be significant after a publicized fraud has occurred, it could be devastating to the business if you are unable to recoup the costs of the loss. Setting up essential internal controls now may reduce your risk and as Benjamin Franklin said, “An ounce of prevention is worth a pound of cure”. Lastly, if you are faced with a situation of fraud or theft, talk to your legal counsel to determine whether it is worth seeking damages or if you could file a claim for prosecution, which reduces the likelihood that your disloyal employee becomes an employee of someone else in town. If you have questions about retention guidelines or internal controls, please feel free to contact Steven M. Neher, CPA at 663-1661.