Business owners don’t want to believe that a trusted employee would steal from the company. But the truth is that every organization is at some risk of internal fraud.
That doesn’t mean you can’t rein in a lot of that risk. Your company’s degree of vulnerability depends partly on your industry, as well as on a variety of factors, including your level of internal controls, communication and the ethical tone set by your leadership.
Here are eight questions to ask yourself from the Association of Certified Fraud Examiners to help you determine if you have adequate fraud controls in place.
1. Are you placing a great deal of trust in one or two key employees? The idea isn’t to raise general suspicion, but to keep your eyes wide open. Concentrated power and a high level of autonomy can be dangerous in the wrong hands. You may trust them completely, but key employees should be subject to greater scrutiny – not less – to ensure they are complying with your stated policies, procedures and controls.
2. Is there adequate separation of job duties to prevent employees from covering their own tracks? Do you rotate sensitive jobs like cash handling? Failure to segregate job duties is an invitation to steal. Employees may notice security lapses long before you do, and those few who are ethically challenged could take advantage of weaknesses. No employee should have too much access to, or responsibility for, assets. For example, the person who orders inventory should not verify shipments when they come in, and the person who receives cash at the counter should not also prepare bank deposits. In fact, sensitive tasks such as cash handling should be subject to rotation among two or more employees to make it harder to hide shady practices.
3. Does your company employ a system of positive pay controls with the bank? A positive pay system means that you provide the bank with a list of checks your company has written and authorized. The bank will then pay only those checks that appear on your list, reject any checks presented for payment that are not on the list, and alert you to potential forgeries.
4. Are there close associations between some of your key employees and your vendors? Where relationships exist, the employees should be prohibited from approving transactions with those vendors. At the very least, you should monitor those transactions carefully. After all, when two or more parties collude, crime detection becomes much harder, even for professional fraud sleuths.
5. Is your payroll roster checked periodically for problems? Missing Social Security numbers could mean there are “ghost employees” collecting paychecks, and duplicate names on the payroll could signify overlapping payments.
6. Does your organization have an established set of ethical guidelines and anti-fraud programs that are clearly communicated to your staff? Companies that establish both ethical guidelines and anti-fraud programs are generally found to fare better against internal fraud. It’s important that all employees receive training on these. But don’t push workplace ethics unless you and your management team are prepared to live by them. If employees sense a disconnection between your talk and your walk, your preaching could backfire.
7. Has your system of background checks proven effective in keeping fraud perpetrators off your payroll? Obviously, the level of background checking varies with the position. But at a minimum, you should verify the Social Security number, education, professional licenses, criminal records and convictions, civil records and judgments, previous employment, references, credit history and driving history. You can also do post-hire screenings if necessary. But in either case, check with your attorney to make sure your inquiries are lawful.
8. Is there a mechanism in place for anonymous reporting of fraud? Most fraud is uncovered by a tip, according to the ACFE. Employees, vendors and customers are often in the best positions to spot crime in your organization, but they don’t speak up because they believe doing so would put them in jeopardy. Anonymous hotlines have proven to be a highly effective method of confidential reporting.
For your protection, ask your CPA to help you tailor a program of internal controls designed to minimize your risk of internal fraud, based on your industry and the particulars of your business.