A commitment to employees, clients and community: The Bonadio Group’s response to COVID-19. View Here

Preventing Small-Business Fraud by Segregating Duties

I have quite a few clients that employ only one to three people in their accounting departments, or that compose the entire administrative staff. Most of these engagements are audits, and every year they usually receive a management comment about lack of segregation of duties or allowing one employee to collect customer payments, write and record checks, prepare bank reconciliations, and then ultimately record all these transactions.

I usually receive the same comment, “My business is too small to hire additional employees to get a true segregation of duties,” or “I have had Mr./Mrs. X doing all these transactions for 10 years and have never had any problems.” I tell them that before you dismiss my comments, please keep in mind that a large percentage of employee theft and embezzlement occurs in small businesses with fewer than 10 employees. In addition, a large number of these are perpetrated by employees who were highly trusted and have been employed for more than five years. These two statements are substantiated in the ACFE’s 2010 Report to the Nations on Occupational Fraud and Abuse.

Although many small businesses concerned about lack of money to hire additional employees and having a trusted employee that they are and have been comfortable with performing multiple accounting duties has some credence, there are some procedures and controls that can be performed, usually by the small business owner and for minimal costs, to reduce or negate the risk of employee fraud due to lack of segregation of duties. Many of these controls take little time and only have to be performed infrequently. Among these procedures and controls are:

  • Force Employees to take vacations or time-off—Many frauds perpetrated by employees are complex and time consuming. The fraudster needs to constantly be aware of all transactions that are occurring every day to continue their fraud. Forcing an employee to take vacations or time off creates a chance for that fraud to catch up with everyday activities. If an employee is handling collection, bad debt write-offs, bank reconciliations and recording those transactions and is perpetrating a lapping scheme, there is a greater possibility of stopping that fraud if the employee can’t physically be there for a week to physically monitor this complex scheme. I had a case where a 20-year trusted employee was caught performing a lapping scheme and was only caught because a customer called to complain about their bill and the employee substituting realized that the customer had actually paid several weeks earlier, but their account was listed as an open account. When the owner started doing some further investigation, the whole house of cards came down.
  • Cross train the limited employees you have—Cross training is a very effective method of stopping embezzlement. It doesn’t allow a single employee to perform any single accounting transaction for any length of time. As I stated earlier, many embezzlement schemes take place over an extended period of time and are complex in nature. Cross training employees does not allow this to happen. Also, this creates the illusion of being checked by their co-workers on a regular basis.
  • Owner receives, opens and reviews the unopened monthly bank statements—This simple control is easily dismissed as too time consuming by many small business owners. I tell my clients that this will take anywhere from a half hour to an hour each month, depending on the number of checks written by your company. This summarization of monthly bank activity gives the owner the opportunity to see if anything is amiss, deposits are less than expected, or if vendor payments are more than anticipated. Most small business owners are extremely involved in the daily operations of their companies and can spot unusual checks, vendors or endorsements easily. The real value in this control is the appearance to the employees that a control is in place that can reveal any fraud. I actually have an owner who really doesn’t have time to review the 700 to 800 checks his company writes each month, however, he makes a huge deal each month about going through the mail in the beginning of the month when the bank statements are delivered and takes the unopened statements out of the mail in front of the administrative employees religiously. He then makes sure his employees see him take the unopened bank statements into his office and close the door. Although he isn’t actually performing the control each and every month, it still gives the employees the illusion a control is in place.
  • Perform background checks, detailed screening and referral checks on new employees—This procedure is the most frequently ignored part of the employment process in small businesses. It is well worth any costs incurred or time consumed by the owner in researching the employee. Many large companies are even going as far as checking an applicant’s credit reports. Background checks and screening will reveal any prior arrests, problems, bankruptcies, etc., that could potentially be your company’s problems if the applicant is hired. The old saying goes, history repeats itself, and that is usually true with employee theft and embezzlement. A potential fraudster usually has a history with past employers. Many potential problems with an applicant can be uncovered simply by checking referrals or past employers with a phone call.
  • Bond and take out a fraud insurance policy on all accounting personnel or employees that handle cash—This procedure is easy to do and the bonding company will perform extensive background checks on all employees bonded. Bonding employees will also act as an insurance policy in case any of these employees do carry out a fraud and are able to continue it over an extended period of time. A fraud insurance policy will also take the decision to prosecute the employee out of your hands if you are reimbursed any sustained fraud losses. The insurance company can either seek reimbursement from the employee or pursue prosecution. Many small business owners refuse to prosecute employees who are caught perpetrating a fraud because of the negative publicity it brings their company, or they legitimately feel sorry for the employee and their families. I recommend bonding and taking out fraud insurance to all my small business owners.
  • Institute a fraud policy and code of ethics policy—Templates of both of these can easily be retrieved on the internet. Instituting these policies demonstrates to your employees that you are serious about deterring fraud. It also puts all employees on notice that any employee caught committing fraud will be prosecuted to the fullest extent of the law and fraud is not tolerated in the company. In addition, these policies establish a set of guidelines regarding ethics and fraud in your company that must be adhered to by ALL EMPLOYEES. It isn’t enough to institute the policies—you should have each employee sign a copy of both verifying that they have read and understand the policies fully. This procedure literally costs nothing to implement, but sends a strong message and could be the deciding factor if an employee is thinking or has the opportunity to commit a fraud in their duties as an employee.

This is not an all inclusive list of procedures or controls that a small business owner can implement to reduce the risk of a fraud loss and help prevent a loss from occurring. One of the most important things to remember in running a small business is that employees follow by example and the tone starts at the top with the small business owner.

John Dubiel is a partner based out of our Syracuse, NY office.

This material has been prepared for general, informational purposes only and is not intended to provide, and should not be relied on for, tax, legal or accounting advice. Should you require any such advice, please contact us directly. The information contained herein does not create, and your review or use of the information does not constitute, an accountant-client relationship.