The first hint that the owner of a small service business had that his employee was stealing from him was when the IRS showed up at his door with a padlock to shut him down.
His mistake, which is common to many small business owners, was putting the trust of the accounting function in the hands of one employee. Without a system of internal controls, he was ripped off by the person minding the shop, who went undetected until the IRS came looking for its money.
Key Takeaways
|
While no system of internal controls can completely eliminate fraud, there are several best practices to minimize the risk of business fraud. These include segregating accounting tasks and placing controls in QuickBooks to deter fraudulent acts.
The most important best practice to prevent fraud follows the standard accounting practice of separation of duties. No one employee should ever have control of all three primary accounting functions of authorization, record keeping and custody of assets.
Separation of accounting duties is possible even in a two person office. However, the owner/CEO must be willing to take on certain financial duties or to outsource them to accounting professionals. Simply approving and signing checks is not enough management control over assets anymore.
Credit: ACFE’s 2016 Report to the Nations on Occupational Fraud and Abuse
In a two person office, a business manager should be assigned these duties:
The owner/manager in a two person office needs to handle the bank account responsibilities:
Dividing the accounting responsibilities between two employees is the minimum level of separation of accounting duties necessary to deter business fraud.
In a three person office, an employee could be designated as the bookkeeper to assist the office manager and the owner/manager in record keeping, check writing, bank deposits and invoice processing.
In a four person office, a fourth employee could be assigned to role of accounting clerk to handle payroll, cash and check purchases, and further protect the books from fraud.
Get our Guide to 2, 3, or 4 person office segregation
Typically, a CEO does not want, or need, to be involved in day-to-day accounting tasks. He or she probably did not start a business to focus on bookkeeping. In addition, a CEO’s expertise typically lies in manufacturing a product or providing a service in a particular industry, not in building a scalable accounting department.
Accounting tasks distract the CEO’s time and focus away from the core competencies of the business. Yet, many small business owners believe that hiring accounting professionals cannot be cost effective because of the business’s current size. This way of thinking, can put the business in the hands of a singular bookkeeper who may not have the expertise to protect the financial interests of the business.
In addition, CEOs must consider the opportunity cost of diverting their time away from the core business.
An opportunity cost refers to a benefit that a person could have received, but gave up, to take another course of action. The opportunity for a CEO to grow the business through sales, marketing and production is much more likely, than through keeping the books in order.
More and more CEOs are outsourcing their accounting function to the experts. They are realizing that a Client Accounting Services organization can pay for itself, by allowing the CEO to spend more time building the business and generating revenue.
In addition, outsourcing accounting to professionals can provide a small business with critical financial advice on how to avoid the typical small business pitfalls and stay in business.
At GrowthForce, our accounting professionals are expert detectives when it comes to identifying fraudulent acts committed within QuickBooks. We know from experience that the best way to avoid business fraud is to make it harder to steal and easier to uncover.
When an employee intercepts, forges or alters a check drawn on a business’s bank account, the crime is called check tampering fraud. The median loss from an incident of check tampering is $158,000, according to ACFE.
There are four types of check tampering:
The IRS visit described at the beginning of this article was an example of altered check tampering. In this case, the office manager was paying herself tens of thousands of dollars, instead of sending the business’s payroll taxes to the government. Because she had the multiple authority to pay bills, reconcile the bank account and separate mail (in violation of the separation of duties rule), she was able to circumvent the system to commit fraud.
How it was done:
Here are some check tampering controls:
Unfortunately, the IRS is not known for acting fast when it comes to stopping payroll tax infringement. In this case, the office manager was able to pilfer taxes owed the government for six months. While the IRS kept sending increasingly alarming letters to the office, she kept intercepting them to put in the shredder. The unsuspecting owner was eventually alerted to his employee’s scheme when the IRS finally came knocking at his office door.
Credit: ACFE’s 2016 Report to the Nations on Occupational Fraud and Abuse
Skimming Fraud
Skimming is a common fraud scenario in businesses that continue to receive cash payments, accounting for a median loss of $53,000 per incident. The term skimming, like with milk, means taking something off the top; in this case, an employee responsible for the daily cash receipts of a business skims some cash, pockets the money and reports a lower cash total or deletes the transaction entirely in QuickBooks.
There are two ways in which a skimming theft is most often detected:
The only sure-fire way to prevent skimming is to eliminate cash receipts from coming to the office altogether.
Credit: ACFE’s 2016 Report to the Nations on Occupational Fraud and Abuse
There are two types of payroll fraud scenarios. Either an employee inflates on their time sheet the hours he or she worked or an employee with access to QuickBooks issues payments to fictitious workers.
A small business is two times as likely to be affected by payroll fraud as a larger organization. Typically, in a smaller business, payroll is managed in-house, whereas in a larger business the complexity of the payroll function requires it to be outsourced.
The median loss from a payroll fraud incident is $90,000; therefore, a small business must pay extra attention to establishing a system of review to reduce the likelihood of false compensation claims when it does its own payroll.
Manipulating year-to-date payroll records is a particularly complicated fraud scheme, but one that should be on the radar of a small business. It starts when a bookkeeper has access to both bank accounts and payroll records in QuickBooks.
That allows a bookkeeper to increase the payroll taxes field and credit the difference to the employee’s personal W2 account, generating a refund check from the government.
The fraud went undetected by the CEO, who just looked at net checks because that is what cleared the bank.
Credit: ACFE’s 2016 Report to the Nations on Occupational Fraud and Abuse
Billing fraud occurs when an employee submits personal invoices or invoices for fake goods/services to the company for payment. One of the most costly means of fraud, billing fraud incurs a median loss of $100,000 per incident.
There are several types of billing fraud scenarios:
Traditionally, billing fraud occurs when the separation of accounting duties rule is not followed. Accounts payable, accounts receivable and check authorization/writing must be in the hands of separate employees or a company could wind up paying for an unintended purchase.
Other preventive measures to deter billing deceit include:
The introduction of electronic bill payment has helped to eliminate billing fraud. One of the most popular and affordable automated bill payment systems is Bill.com.
With Bill.com, a manager/owner can approve payroll and pay bills on a mobile application accessed via thumb print. Via email, the app lists bills to pay with a scanned image of the invoice attached to the bill. When a copy of the invoice accompanies each bill, an employee is not likely to put his personal AT&T bill in for payment along with the company’s phone bill.
Changing prior period transactions fraud is when an employee accesses a prior period in QuickBooks, changes the payee and posts a check to his or herself. Because QuickBooks is date sensitive, users are not prone to look at prior periods for signs of fraudulent activity.
Conducting an audit trail report to find this type of fraud has some limitations. When an employee is deleted as a user, he or she is taken off the audit trail report. For that reason, users should not be deleted from QuickBooks. Instead, the log-in password should be changed to eliminate employee access to the QB account. In addition, the audit trail report does not track changes made to master records, such as editing a vendor account.
Regardless of the size of a business, corruption is the biggest fraud problem. Corruption occurs when two or more employees collude to defraud a business. For a small business with less than 100 employees, the next most prevalent fraud schemes are billing followed by check tampering, according to the Association of Certified Fraud Examiners 2014 Report.
By setting up a system of internal accounting controls, a company can avoid making it easy for honest people to commit fraud. Employing two or more people in accounting review helps lock the door to employee collusion.
Outsourcing accounting is one of the easiest ways to outsmart fraud. Outsourcing addresses the causes of fraud, such as messy books, overwhelmed and understaffed employees, and under optimization of QuickBooks.
Outsourcing also provides an immediate separation of accounting duties that provides peace of mind to a busy, business owner. Fraud happens and no accounting system should ever run on employee trust alone.