How to implement internal controls to prevent employee theft

Frank A. Suponcic, Principal, Skoda Minotti

You think it can’t happen to you. Your employees are honest, you trust them and they would never steal from you.

But no company is exempt from the threat of fraud, says Frank A. Suponcic, CPA, CFE, CFF, principal in the Valuation & Litigation Advisory Services Group at Skoda Minotti.

“Fraud is out there, it is increasing and companies need to be more vigilant,” says Suponcic. “They need to not be so trusting and raise their level of awareness.”

Smart Business spoke with Suponcic about how to reduce the risk of your business becoming a victim of fraud.

How does fraud occur?

Ninety percent of fraud occurs in disbursements, money leaving the company in the form of unauthorized checks, electronic funds transfers and debit transactions. Employees are not as likely to steal cash receipts, but it’s easy to write a check to yourself, submit your personal credit card statement to the corporation or commit fraud on an expense report.

There are many ways that employees can unlawfully enrich themselves, so within those mechanisms, there have to be policies and procedures in place. For example, there should always be substantiating documents for disbursements. Too many companies simply pay bills without documentation and aren’t conscientious about the fact that they may not be paying for what they think or that there may be overcharges. They just don’t take the time to approve invoices and match them to other corroborating documentation.

Fraud is occurring more often in this economy as a spouse loses a job or an employee is threatened with home foreclosure or is struggling to pay their bills. And once they have a reason or rationalization, the next step is figuring out how to exploit the system to fulfill that need. Smart people with criminal intent can identify the internal control weaknesses. They know you aren’t looking at the bank statements and invoices to be paid or that the check plate or blank check stock is not secured. They know that you trust them and, as a result, will take advantage of that.

Why should businesses be concerned about fraud if they have good relationships with their employees?

Occurrences of misconduct happen in every occupation, from professional organizations to religious organizations to not-for-profit organizations to law enforcement, legal and accounting firms, and at every level, from the receptionist to the CEO.

You can’t let your guard down. Fraud is based on a violation of trust, and the more that you trust someone, the more you should have your guard up. Many cases have involved family members, people who have known each other since childhood, or even the best man at your wedding. There are no boundaries as far as who commits fraud, and if you think it can’t happen to you, invite a forensic professional into your business for an hour and he or she can likely show you several places in which you have inadequate internal controls.

How can having a forensic professional perform a fraud assessment help prevent fraud?

During a fraud assessment, the forensic accountant will interview everyone in the accounting cycle, identify the weaknesses and provide the company with suggestions for enhancement of internal controls. If there are weaknesses that can be exploited, it is well worth the cost of the assessment. It’s not uncommon for the forensic CPA to compile many valuable recommendations, some of which have a cost attached and some of which can be implemented for free.

How can surprise audits help deter fraud?

Surprise audits review specific transactions, and the fact that employees can’t prepare for them can be a deterrent. This is a valuable internal control mechanism, especially in smaller companies.

People may be aware that there is a corporate policy against fraud, but if they recognize that no one is looking over their shoulder, bringing in an outside forensic CPA can provide management with assurance that there is an invoice for every disbursement, that credit card bills don’t reflect personal purchases, that the person who issues payroll isn’t paying themselves too much, and that specific controls are operating and being adhered to.

What other steps can a business take to help prevent fraud?

Have people rotate jobs, so you don’t have just one person in a position in which fraud could occur. You can also offer financial incentives to employees to report suspicious activity. Also, have bank statements sent to your house. Don’t just hand them over to your bookkeeper. Actually look at the disbursements and examine what is being paid out of the account.

In addition, the tone at the top is critical. Employees need to see that executives are ethically handling business transactions and instilling that the company will do things right. Require employees to sign a fraud policy that discusses, in writing, the definition of stealing and what will happen should an employee decide to commit a financial crime. Make it clear that you will press criminal charges and pursue every civil course for restitution. Fraud has put companies out of businesses. Employees need to understand that everyone has a stake in making sure that the company continues and that one unethical person can jeopardize that.

Circulate the fraud policy annually, meet with the employees and have them acknowledge that they have read it, that they have not perpetrated a fraud and that they understand what stealing is. This is also a good time to ask if they have noticed anything unusual, such as someone cheating on an expense report or padding payroll. Give employees the opportunity to talk to you. You can also utilize a fraud hotline so employees can anonymously report suspicious financial activity.

Fraud can’t be eliminated, but by taking steps to implement effective internal controls, you can reduce your risk of becoming a victim.

Frank A. Suponcic, CPA, CFE, CFF, is a principal in the Valuation & Litigation Advisory Services Group at Skoda Minotti. Reach him at (440) 449-6800 or [email protected]

Leave a Reply

Your email address will not be published. Required fields are marked *