Written by: Cindy Smith, CPA, CFE
Is your company vulnerable to embezzlement? Do you have adequate controls in place to prevent it?
Most organizations believe embezzlement won’t happen to them. They want to believe all their employees are loyal, hard-working individuals. While most of them are probably honest people working for the benefit of your company, there is still a serious risk they may embezzle from you, especially if you give them the opportunity by not implementing adequate internal controls. While it is important to trust your employees, it does not mean you should turn a blind eye to what they are doing with your finances. As Ronald Reagan said, “Trust but verify.”
In order for an employee to commit fraud, three components need to be in place:
- They need to feel some type of pressure (i.e. “I need the money”)
- They need to be able to rationalize what they are doing (i.e. “I deserve the money”)
- They need to have the opportunity to take the money (i.e. “I don’t think I’ll get caught”)
The third item – opportunity - is where the business owner has the best ability to reduce the chances of embezzlement. This is why internal controls are essential. An employee can feel pressure and be able to rationalize theft, but if they don’t have the opportunity, they can’t take your money.
The following are some useful controls that should be considered in your organization:
- Separation of duties - splitting up tasks and privileges, especially those related to financial functions, between multiple employees reduces the risk that embezzlement could occur without detection.
- Bank accounts - Monthly bank reconciliations should be performed by someone who does not make deposits or initiate cash disbursements. Bank statements (including copies of cancelled checks) should be delivered directly to management or reviewed online by management. Bank accounts should be set up so a notification is sent to management if transfers to other bank accounts are made or if transactions are over a certain threshold.
- Check signing - When management signs checks, the original invoices should be attached so they can verify the payment is valid. Invoices should be marked as “paid” with the check number listed in order to avoid duplication.
- Physical access - Lock up unused checks, ensure only management has administrative rights in the accounting software, and restrict access to supplies, inventory and petty cash.
- Payroll - Payroll reports should be reviewed by someone other than the person entering hours, preparing payroll checks, or distributing checks. Look for unusual activity such as excessive hours, unauthorized bonuses, excessive withholdings, or unfamiliar names on payroll.
- Restrict use of credit cards - Control who has access to your credit card information, require detailed receipts for charges, and review each statement in detail every month. Talk to your credit card company about fraud controls such as specific-use cards and transaction limits.
- Review Financial Reports - Review your financial statements, sales, collection and/or purchasing reports, as well as your accounts receivable and accounts payable aging reports periodically. Compare them to historical data, budgets, projections, and if applicable, as a percentage of revenues. Investigate any unusual fluctuations or significant changes.
- Have an “open-door” policy - 50% of all embezzlements are discovered because a co-worker notified management.
- Be Sensitive to “Red-Flag” Behavior - While certain behaviors don’t necessarily mean someone is embezzling, there are some red-flags that should be explored.
- Employees not taking full weeks of vacation – embezzlers typically don’t take consecutive days off because they don’t want someone else covering their job and potentially discovering theft.
- Employees working outside of normal hours – dishonest employees prefer not to have anyone looking over their shoulder while they are committing their crime or concealing it. In addition, the more they embezzle the more difficult and time consuming it is to alter the records to conceal it, so they work unusual hours so they have the time and opportunity to cover it up.
- Employees who get defensive when questioned about financial transactions, job performance, or financial reports – It is common for embezzlers to react defensively or give excuses when questioned. They are usually trying to divert attention away from themselves.
- Employees whose lifestyle doesn’t match their income – It is common for embezzlers to start driving better cars, go on expensive vacations, dress better, or upgrade their homes.
- Increasing delays in receiving financial reports from staff – It takes extra time to conceal theft in the records, which causes delayed (or missing) financial reports. Plus, embezzlers may not want management to see the figures since the theft may be detected.
It is much easier and more cost-effective to prevent fraud than it is to detect it, and it is absolutely worth the time. Investing the time and resources to analyze controls and implement procedural changes is a small commitment compared to the financial loss, time loss, and emotional effects of embezzlement.
If you have any questions or would like to discuss fraud prevention strategies further, please give us a call.