Protecting Your Firm From the "Inside Job"

December 07, 2021

Have you ever read a media account about a dishonest employee accused of fraud at another company and thought, “I hope that never happens here”? One of the best ways to mitigate employee fraud and embezzlement at your company is to implement a system of strong internal controls.

The Basics

Strong internal controls start with accurate, timely financial information. All company transactions – including sales, invoice payments and cash receipts – should be posted daily by the accounting department. This will make it easier to detect fraudulent activity early and take steps to stop fraud in its tracks before too much damage is done.

Another crucial control is segregating financial and accounting duties among multiple employees. In other words, the same employee shouldn’t make deposits and reconcile the bank account, or both collect and deposit cash. Without this control, a financial employee could steal cash by voiding sales and falsifying deposit slips.

If your accounting staff isn’t large enough to segregate financial tasks, have your accounting firm complete some of these tasks, such as account reconciliation. Also make sure the owner is keeping a close eye on finances by spot-checking the bank statements and other financial records. Even better, send bank statements to the owner’s home.

Other Effective Measures

Here are more, cost-effective ways to reinforce your company’s internal controls:

Count inventory. Conduct periodic random counts of inventory throughout the year, rather than just conducting a year-end physical inventory. Also consider setting up cameras in your inventory areas to make it harder for employees to steal.

Monitor electronic funds transfers (EFTs). Thieves often use wire transfers and ACH transactions to commit fraud, since EFTs can make it easier to hide their tracks. So, review these transactions regularly and make sure all EFTs are supported by an invoice or other supporting vendor documentation. Also consider setting up a dual authentication process in which one person initiates the ACH transaction and another person approves or releases it. Talk to your bank to see if they can set this up.

Create an “approved vendor” list. All company vendors, from your cell phones to your most used vendors, should be documented on an official vendor list. Then check all disbursements (both paper checks and EFTs) against this list.

Watch payroll transactions. Segregate payroll duties (such as preparation, authorization and disbursement) among multiple employees, and have the controller or general manager review final payroll before it’s disbursed. Also require the payroll clerk to take an annual vacation in which he or she is gone for at least one full payroll cycle.

Be aware of relationships between employees and vendors. Kickbacks may occur when an employee is too friendly with or has a financial interest in a supplier, wholesaler or another vendor.

Also keep a close eye on adjustments employees make in the accounting system. These may be used by accounting employees to correct original posts – but sometimes they’re used to conceal fraud. Adjusted entries should always be approved by the owner or general manager.

Will This Work?

Once you have implemented a strong system of internal controls, it’s important to test them periodically. For example, when reviewing bank statements, trace a few transactions back to their origin, and ask the bank for electronic debit and credit memos.

Also consider establishing a fraud hotline that employees can use to anonymously report suspicions of fraud. Contact us and we can help you devise these and other control measures.