Control the mail – In
small businesses, owner/management should either personally pick up the
mail, or have the mail picked up by an employee who has no responsibilities
related to the handling or recording of deposits, accounts receivable
records or revenues. All remittances from customers should be directed to a
post office box. Limiting access to the company’s mail is essential in
preventing the unauthorized negotiation of cash receipts.
Control the bank statements
– Similarly, the owner/management should personally pick up the company’s
bank statements directly from the bank, or have them picked up by an
employee who has no related responsibilities and delivered to the
owner/manager unopened. Owner/management should review the contents of the
statements before they are reconciled. Specific items that management should
be alert to include:
Checks issued out of
Checks that appear to
have been altered
Checks not signed by
Other unusual items
Control the accounts receivable
– Owner/management should limit access to accounts receivable records, and
in particular, the ability to issue credit memoranda, discounts and refunds.
Accounts receivable detail ledgers should be balanced with the control
account at regular intervals and any differences should be investigated
promptly. Only owner/management should be authorized to charge off accounts
deemed uncollectible. Any discrepancies reported by customers should be
investigated promptly. Aged accounts should be reviewed monthly and past due
Control the inventory
– Owner/management should carefully monitor gross profit, and investigate
any unexpected variances. Access to inventories should be limited as much as
possible, and the use of surveillance equipment may deter inventory theft.
If a perpetual inventory is used, periodic counts should be performed at
regular intervals for comparison with the perpetual records.
Control the accounts payable
– Establish and monitor approved vendor lists. Owner/management should
periodically review the list of approved vendors, being alert to:
Vendors with names
similar to other known vendors
Vendors with no
physical address or telephone number
addresses match employee addresses
Limit the number of authorized check signers
– If possible, only the owner/manager should be authorized to sign checks.
If not possible, consider requiring two signatures on checks, at least those
over a specified amount. The use of facsimile signatures should be avoided
if at all possible. Never sign checks in blank. Review supporting
documentation when checks are signed and investigate any discrepancies.
Account for sequences
– Whether it is checks, invoices, credit memoranda, receiving reports,
shipping documents, or other prenumbered items, all sequences should be
accounted for. Voided documents should be defaced to prevent unauthorized
use and retained to complete sequences.
Control general journal entries
– Owner/management should either make or personally review and approve all
general journal entries. Supporting documentation should be reviewed before
approving general journal entries. In particular, the following items should
Entries made to
Entries made to
receivables or revenues at or near the close of a period
Entries made by
persons whose responsibilities are not consistent with the accounts
Monitor exception reports
– Unprocessed transactions should be carefully examined for propriety.
This includes revenues, expenses, purchasing and payroll transactions.
Establish a budget –
Owner/management should establish an operating budget and monitor actual
results monthly. Any significant variances should be investigated.
Establish reasonable performance targets
– Setting incentive compensation arrangements at unrealistic performance
levels may encourage misstatement of financial results.
Perform thorough background checks on all new
employees – Call former employers and
educational institutions for verification of previous employment and
education. Beware of "gaps" in employment or educational history.
Consider obtaining a credit report (if authorized by the candidate) before
Require uninterrupted vacations for all employees and
establish a schedule of rotation of employee responsibilities
– More than just good management, rotation of duties provides a strong
disincentive to commit fraud. In addition, it provides an opportunity to
discover fraud that has already occurred.
Be alert to changes in employee attitudes, behavior
and lifestyles – Because of day-to-day
contact, management is in the best position to observe the unusual –
attitudes that are hostile or defensive toward management or the company in
general, changes in behavior that are inconsistent with employees’ normal
disposition or lifestyles that are not reasonable based on the employees’
level of compensation. Matters that may be of particular concern include:
dissatisfaction with compensation, lack of promotion
Indications of drug
use or excessive use of alcohol
Indications of severe
Provide employees an opportunity to report the
occurrence of fraud or other abuse anonymously
– In a recent survey, one in five employees said they were personally
aware of the occurrence of fraud in the workplace. Eighty percent said they
would be willing to report fraud if they did not have to identify
themselves. Management can establish hotlines, "suggestion boxes"
or other means to enable employees to bring the occurrence of fraud to its
attention without requiring employees to give their names.
Clearly communicate to employees the behavior that is
expected of them
– Believe it or not,
ignorance has been cited as a common cause of fraud. Some employees have
been trained to commit fraudulent acts without knowing what they were doing,
just assuming that "that’s they way it’s done".
Take strong action against employees who commit fraud
– Call the police or other law enforcement agency and press charges.
Failing to do so sends a message to other employees that management doesn’t
take fraud seriously.
Conduct your own activities on a high ethical level
– Employees will follow the lead of management, whether that lead is
ethical or not. More than what is said or included in a policy manual, the
actions of management establish behavioral norms.
Obtain reasonable fidelity bond coverage
– If the unthinkable occurs, insurance coverage is the most likely means
of recovery of amounts misappropriated. The amount of coverage should be
reviewed periodically for adequacy.
© Audit Litigation, Training and Efficiency Consulting,