If you think your business is too small to be a target for embezzlement, think again. We wish it weren’t true, but your small business with a handful of trusted employees actually puts you at the highest risk for employee theft. In the insurance company Hiscox’s 2017 Embezzlement Survey, 68 percent of embezzlement cases occurred at companies with fewer than 500 employees. Small businesses must be diligent about internal controls and financial safeguards in order to protect against employee theft. That’s where we can help. We’ve identified financial safeguards you can implement in your business today to protect against fraud or embezzlement. Use our department-by-department checklist to decrease the risk of theft in your small business.
- Conduct background and reference checks before hiring. This is especially important for employees whose job duties involve finances, such as bookkeeping, accounting, payroll, or handling cash.
- Payroll should be approved before it is processed. One employee should record the hours and process payroll. A second would approve payroll to ensure that the employees are all valid, that the amount paid (salary) is valid, and that the hours worked are reasonable.
- Require employees to utilize vacation time. Often, embezzlement can be discovered when the perpetrator is out of the office and someone else steps into the role for a short time.
- Employee expense reports should be approved by a manager with documentation of the expense (receipts) attached.
- Your business should have written procedures for financial departments and should ensure employees adhere to those procedures.
- Computers should contain a password. The screen should be locked when employees walk away to keep unauthorized users from access to information.
- Know your team members. Employees intent on committing fraud typically have one or more “red flag” personality traits.
- Living beyond one’s means
- Financial problems
- Unusually close association with vendors or customers
- Excessive control issues
- Wheeler-dealer attitude
- Recent divorce or family problems
- Use a budget. If your actual cash flow falls short of or differs from your budget, you can easily identify the discrepancy and can investigate further.
- Every month, reconcile the collections reported from your internal management software against your bank account, your merchant (credit card) account, and any outside customer financing statements you receive. At the very least, your accountant should provide reporting that reflects your collections from your internal software against your bank account to ensure everything collected is deposited. Slight variations can be expected since sometimes it takes a day or two for the bank to post a deposit, but over time, your collections should equal your bank deposits.
- Check with your insurance agent to confirm you have fidelity coverage (fraud insurance). If you can prove an employee stole from you, you can collect on the policy.
- Maintain separate logins for your accounting and practice management software. Both likely contain audit trail reports that show any changes or adjustments made by specific users.
- The act of dividing the accounting and finance duties provides potentially the best security. One person should schedule the accounts payable, write the checks, or set up the online bill pay. Another should approve by signing the checks or releasing the bill pay. Use an online system, like bill.com to allow for separation of duties. Approval can also be done before the bills are paid. A manager or a management team approves the vendors to be paid each week, and then the AP clerk only pays the invoices that were approved. One step further, if you have enough staff members, the acts of approving invoices, preparing checks, signing checks, and reconciling the bank accounts would be handled by four separate individuals.
- If you use paper checks, the owner of the business should sign the checks.
- Do not sign blank checks or allow checks to be written to “cash”.
- Take the deposit to the bank daily!
- Any authorized credit card users should code their credit card statements, approving their expenses. Consider having a manager approve the credit card statement, too.
- Allowing one individual to handle cash or checks received, the deposits, and the posting of payments in the system increases the risk of fraud. These processes should be segregated among different individuals. If this is not feasible for your organization, it is advisable to rotate individuals performing the above tasks periodically.
- Account statements should be sent to all customers indicating balances due. Fraud can occur when payments are applied to the incorrect customer because a previous customer’s payment was stolen. Future payments from other customers are then applied to that balance, and then that fraud is carried forward. Statements to customers can catch payments that are incorrectly applied because the customer will observe, and hopefully report, that their payment was not properly posted to their account.
- Perform daily reconciliations of payments. The day sheet or management system report of collections posted should tie to the credit card report for the day and to the bank deposit slip. These should be kept and reviewed periodically.
- Closely review reports that show adjustments to patient accounts to confirm refunds, credits, or other adjustments were authorized.
- Do not allow employees to cash their own checks with cash collected during the day. It may seem harmless to allow an employee to write a check to the business in exchange for cash on hand–until that check is returned for insufficient funds, and you later learn this was a common occurrence with the employee.