Fraud of any kind can occur if three conditions exist: pressure, rationalization, and opportunity, commonly known as the Fraud Triangle. Pressure and rationalization are often impacted by factors specific to the fraudster, which are outside of the Organization’s influence. To mitigate fraud, an Organization must therefore focus on, and eliminate, opportunities for fraud to occur by establishing strong controls. But what does that mean?
In this multi-part series, we will review examples of internal procedures, identify fraud opportunities, and consider strategies to eliminate fraud opportunities. Let us begin with cash receipts.
The Scenario: Mr. Liability is the trusted office manager who handles all the finances and has been with the Organization for many years. His duties are as follows:
Mr. Liability obtains any customer payments made through the mail, matches them to customer accounts and takes the funds to the bank.
Mr. Liability returns with a deposit slip and adds deposit information manually to an internal spreadsheet.
Electronic payments are received into a holding account until processed. Once processed, the funds are transferred to the Organization’s operating account. The holding account is reviewed by Mr. Liability, reconciled to customer accounts, and added to the spreadsheet.
Mr. Liability generates monthly customer statements and sends them to the customer. If customers call to discuss their balances, the receptionist forwards the call to Mr. Liability.
To increase efficiency, the owner meets with Mr. Liability weekly to review his clean and user-friendly internal spreadsheet and to address any long-outstanding customer balances. The meetings are always efficient as the owner is always satisfied with the strong cash balance and the minimal amount of delinquent customer account balances.
Fraud Opportunities: Mr. Liability works in an environment free of detailed oversight, and ripe with fraud opportunities as follows:
Trust [but no Verify]: Long-time employees are typically trustworthy. Greater trust yields more responsibility and more control. Mr. Liability operates in an environment where he can bend the rules and circumvent enforcement of official policies because he is trustworthy and efficient.
Mr. Liability alone has custody of payments and only he reconciles the payments to customer accounts. Without another person involved in the reconciliation process, no one would know what XYZ Company actually received and could not stop Mr. Liability from skimming, or pocketing payments from customers. Because Mr. Liability also has control over customer account records, he can transfer payments between customers to satisfy overdue balance notices and hide his stolen funds. This is known as “lapping.”
To complete the theft, Mr. Liability, who physically takes funds to the bank, could deposit client payments into a separate account, since no one else knows what customer payments or other funds were actually received electronically or by mail.
Spreadsheets are helpful in presenting information effectively, but they can be easily manipulated. Mr. Liability can simply hide stolen funds from the owner by altering balances or excluding stolen funds from the spreadsheet entirely.
Having control of customer statements and custody of customer payments is an extremely dangerous combination. Mr. Liability can hide thefts by simply altering customer statement balances at will. If customer questions arise, Mr. Liability would have the means to ‘address’ customer questions and concerns independently without anyone else knowing.
Recommendations:
Trust but Verify: Even with strong internal policies and controls, Organizations should always have a “trust but verify” attitude, even with highly trusted employees. The perception of being caught is often the strongest control. If you integrate this into the Organization’s identity by applying it to everyone, the employees will oblige rather than resist.
Segregate Duties Where/When Possible: Have another existing employee check the mail for customer payments alongside of the typical employee and have that employee verify that payments received are applied to the correct customer accounts alongside of the typical employee. For online giving, have a manager or accountant review the transaction history for any signs of unusual activity. Consider rotating these responsibilities among different employees to prevent collusion.
Timely Documentation: Require a receipt log or similar document be completed right after opening the mail to reduce the window of opportunity for potential illicit activity. Require that the completed log accompany the bank deposit and review for differences.
Use Bank Statements: Always reconcile cash transactions using bank statements instead of an internally generated document. Bank statements are independent (unbiased) verification of what cash activity actually occurred, which can be relied upon and used to identify any discrepancies within internal reports and records. The reconciliation of cash receipts should always be done by someone other than the person receiving customer payments.
Strengthen Customer Account Procedures: Have customer statements sent electronically or mailed from a different department other than the person in charge of cash receipts or customer accounts. Require that customer questions or complaints be handled by someone other than the employee in charge of cash receipts or customer statements. Since customers know when they make payments, making this change will greatly increase the likelihood that missing customer payments are identified in a shorter amount of time.
If this article raises any questions or concerns about your organization, please contact Shields Financial Services for a free consultation.
Read Part 2 >>
DISCLAIMER: This page and its contents are for general information and educational purposes only and posted by the author on an "as available" basis on behalf of Shields Financial Services. No specific legal, tax, investment, or other advice in any form is being offered to the reader by the author, or Shields Financial Services. By accessing this website, you implicitly agree that there is no existing client relationship between you and the author or Shields Financial Services without a prior, signed letter of engagement. The content on this website is never to be considered, or used as a substitute for, competent legal, tax, investment, or other advice from a suitably licensed professional, who has been advised of all pertinent facts and circumstances surrounding the reader’s unique individual and/or business circumstances.