The first hint that the owner of a small service business had that his employee was stealing from him was when the IRS showed up at his door with a padlock to shut him down.
His mistake, which is common to many small business owners, was putting the trust of the accounting function in the hands of one employee. Without a system of internal controls, he was ripped off by the person minding the shop, who went undetected until the IRS came looking for its money.
|
Key Takeaways
|
While no system of internal controls can completely eliminate fraud, there are several best practices to minimize the risk of business fraud. These include segregating accounting tasks and placing controls in QuickBooks to deter fraudulent acts.
Separation of Duties
The most important best practice to prevent fraud follows the standard accounting practice of separation of duties. No one employee should ever have control of all three primary accounting functions of authorization, record keeping and custody of assets.
Separation of accounting duties is possible even in a two person office. However, the owner/CEO must be willing to take on certain financial duties or to outsource them to accounting professionals. Simply approving and signing checks is not enough management control over assets anymore.
Credit: ACFE’s 2016 Report to the Nations on Occupational Fraud and Abuse
In a two person office, a business manager should be assigned these duties:
- Write and mail checks
- Receive cash
- Approve payroll
- Record accounts receivable and general ledger entries
- Authorize purchases, check requests and invoices
The owner/manager in a two person office needs to handle the bank account responsibilities:
- Receive, open, review and reconcile bank statements
- Process vendor invoices
- Reconcile petty cash
- Perform bank transfers
- Fill out deposit slips and make deposits
- Sign checks
- Distribute payroll
Dividing the accounting responsibilities between two employees is the minimum level of separation of accounting duties necessary to deter business fraud.
In a three person office, an employee could be designated as the bookkeeper to assist the office manager and the owner/manager in record keeping, check writing, bank deposits and invoice processing.
In a four person office, a fourth employee could be assigned to role of accounting clerk to handle payroll, cash and check purchases, and further protect the books from fraud.
Get our Guide to 2, 3, or 4 person office segregation
CEO Opportunity Cost
Typically, a CEO does not want, or need, to be involved in day-to-day accounting tasks. He or she probably did not start a business to focus on bookkeeping. In addition, a CEO’s expertise typically lies in manufacturing a product or providing a service in a particular industry, not in building a scalable accounting department.
Accounting tasks distract the CEO’s time and focus away from the core competencies of the business. Yet, many small business owners believe that hiring accounting professionals cannot be cost effective because of the business’s current size. This way of thinking, can put the business in the hands of a singular bookkeeper who may not have the expertise to protect the financial interests of the business.
In addition, CEOs must consider the opportunity cost of diverting their time away from the core business.
An opportunity cost refers to a benefit that a person could have received, but gave up, to take another course of action. The opportunity for a CEO to grow the business through sales, marketing and production is much more likely, than through keeping the books in order.
More and more CEOs are outsourcing their accounting function to the experts. They are realizing that a Client Accounting Services organization can pay for itself, by allowing the CEO to spend more time building the business and generating revenue.
In addition, outsourcing accounting to professionals can provide a small business with critical financial advice on how to avoid the typical small business pitfalls and stay in business.
Common QuickBooks Fraud Scenarios
At GrowthForce, our accounting professionals are expert detectives when it comes to identifying fraudulent acts committed within QuickBooks. We know from experience that the best way to avoid business fraud is to make it harder to steal and easier to uncover.
Credit: ACFE’s 2016 Report to the Nations on Occupational Fraud and Abuse
Check Tampering Fraud
When an employee intercepts, forges or alters a check drawn on a business’s bank account, the crime is called check tampering fraud. The median loss from an incident of check tampering is $158,000, according to ACFE.
There are four types of check tampering:
- Altered checks – changing the payee
- Forged checks – forging the signature or payee endorsement
- Concealed checks – hiding a fraudulent check in a batch for signature which signer misses
- Authorized maker – misappropriating of funds by the signer who has access to checks
The IRS visit described at the beginning of this article was an example of altered check tampering. In this case, the office manager was paying herself tens of thousands of dollars, instead of sending the business’s payroll taxes to the government. Because she had the multiple authority to pay bills, reconcile the bank account and separate mail (in violation of the separation of duties rule), she was able to circumvent the system to commit fraud.
How it was done:
- Recorded payroll taxes in QuickBooks
- Wrote a check in the amount of payroll taxes to herself
- Changed the payee field in QuickBooks to the IRS
- Threw away IRS unpaid payroll taxes notices
Here are some check tampering controls:
- Hire an additional accounting person or an outsource accounting service to separate accounting duties, especially date entry and bank reconciliation
- Allow only the owner/manager to access the bank statement and view cancelled checks
- Perform audit trail report in QuickBooks looking for the changed payee
- Compare payee in QuickBooks to cancelled checks
- Switch to electronic checks and limit access to paper checks
- Set up bank accounts with daily transaction download
Unfortunately, the IRS is not known for acting fast when it comes to stopping payroll tax infringement. In this case, the office manager was able to pilfer taxes owed the government for six months. While the IRS kept sending increasingly alarming letters to the office, she kept intercepting them to put in the shredder. The unsuspecting owner was eventually alerted to his employee’s scheme when the IRS finally came knocking at his office door.
Credit: ACFE’s 2016 Report to the Nations on Occupational Fraud and Abuse
Skimming Fraud
Skimming is a common fraud scenario in businesses that continue to receive cash payments, accounting for a median loss of $53,000 per incident. The term skimming, like with milk, means taking something off the top; in this case, an employee responsible for the daily cash receipts of a business skims some cash, pockets the money and reports a lower cash total or deletes the transaction entirely in QuickBooks.
There are two ways in which a skimming theft is most often detected:
- A customer tries to return an item paid for in cash and no record is in QuickBooks
- An accountant or bookkeeper runs an audit trail in QuickBooks which shows something was deleted in a cash account
The only sure-fire way to prevent skimming is to eliminate cash receipts from coming to the office altogether.
Skimming Controls:
- Utilize automated clearing house/electronic funds transfer payments
- Send cash payments directly to an outsourced accounting firm or bank lock box
- Lock down QB Enterprise at screen level: an employee can enter transaction in QB, but only supervisor can delete transaction
- Review audit trail and require supervisor approval of customer credits/write-offs
Credit: ACFE’s 2016 Report to the Nations on Occupational Fraud and Abuse
Payroll Fraud
There are two types of payroll fraud scenarios. Either an employee inflates on their time sheet the hours he or she worked or an employee with access to QuickBooks issues payments to fictitious workers.
A small business is two times as likely to be affected by payroll fraud as a larger organization. Typically, in a smaller business, payroll is managed in-house, whereas in a larger business the complexity of the payroll function requires it to be outsourced.
The median loss from a payroll fraud incident is $90,000; therefore, a small business must pay extra attention to establishing a system of review to reduce the likelihood of false compensation claims when it does its own payroll.
Manipulating year-to-date payroll records is a particularly complicated fraud scheme, but one that should be on the radar of a small business. It starts when a bookkeeper has access to both bank accounts and payroll records in QuickBooks.
That allows a bookkeeper to increase the payroll taxes field and credit the difference to the employee’s personal W2 account, generating a refund check from the government.
The fraud went undetected by the CEO, who just looked at net checks because that is what cleared the bank.
Payroll Fraud Controls:
- Outsource payroll to an automated billing system
- Require owner/manager approval on outsourced payroll changes
- Set up positive pay service, an automated fraud detection tool offered by banks, which matches account number, check number and check amount to list of checks previously authorized and issued by the company.
Credit: ACFE’s 2016 Report to the Nations on Occupational Fraud and Abuse
Billing Fraud
Billing fraud occurs when an employee submits personal invoices or invoices for fake goods/services to the company for payment. One of the most costly means of fraud, billing fraud incurs a median loss of $100,000 per incident.
There are several types of billing fraud scenarios:
- Employee creates a fake company and bills employer
- Employee submits personal bills for payment by company
- Employee makes multiple payments to same vendor
- Non-accomplice vendor?
Billing Fraud Controls:
Traditionally, billing fraud occurs when the separation of accounting duties rule is not followed. Accounts payable, accounts receivable and check authorization/writing must be in the hands of separate employees or a company could wind up paying for an unintended purchase.
Other preventive measures to deter billing deceit include:
- Use purchase orders and match them to invoices
- Separate the duties of bank reconciliation and bill payment
- Establish and review an approved vendor list
- Scan bills and link them to the matching transaction in QuickBooks
- Use electronic bill payment with built-in workflow
- Who matches activity of receiving goods with the invoices received?
The introduction of electronic bill payment has helped to eliminate billing fraud. One of the most popular and affordable automated bill payment systems is Bill.com.
With Bill.com, a manager/owner can approve payroll and pay bills on a mobile application accessed via thumb print. Via email, the app lists bills to pay with a scanned image of the invoice attached to the bill. When a copy of the invoice accompanies each bill, an employee is not likely to put his personal AT&T bill in for payment along with the company’s phone bill.
Changing Prior Period Transactions Fraud
Changing prior period transactions fraud is when an employee accesses a prior period in QuickBooks, changes the payee and posts a check to his or herself. Because QuickBooks is date sensitive, users are not prone to look at prior periods for signs of fraudulent activity.
Changing prior period transactions controls:
- Lock down prior periods in QuickBooks so they cannot be accessed
- Use closing date exception report, set up a closing date password under Accounting Preferences.
- Use the Closed Period report under Accountant & Taxes
- Set up the CPA under Accountant User and Equity Account in QuickBooks
- Require a password instead of deleting users in QuickBooks
Conducting an audit trail report to find this type of fraud has some limitations. When an employee is deleted as a user, he or she is taken off the audit trail report. For that reason, users should not be deleted from QuickBooks. Instead, the log-in password should be changed to eliminate employee access to the QB account. In addition, the audit trail report does not track changes made to master records, such as editing a vendor account.
Outsmart Fraud
Regardless of the size of a business, corruption is the biggest fraud problem. Corruption occurs when two or more employees collude to defraud a business. For a small business with less than 100 employees, the next most prevalent fraud schemes are billing followed by check tampering, according to the Association of Certified Fraud Examiners 2014 Report.
By setting up a system of internal accounting controls, a company can avoid making it easy for honest people to commit fraud. Employing two or more people in accounting review helps lock the door to employee collusion.
Outsourcing accounting is one of the easiest ways to outsmart fraud. Outsourcing addresses the causes of fraud, such as messy books, overwhelmed and understaffed employees, and under optimization of QuickBooks.
Outsourcing also provides an immediate separation of accounting duties that provides peace of mind to a busy, business owner. Fraud happens and no accounting system should ever run on employee trust alone.
Resources: http://www.acfe.com/uploadedFiles/ACFE_Website/Content/rttn/2016/fraud-tree.pdf
