How to Implement Controls That Will Help Protect You From Fraud - 11/22/2004 - Real Estate Education Training Schools Conferences

How to Implement Controls That Will Help Protect You From Fraud

The next in a continuing series about preventing fraud from affecting your business.

If your business has assets, you’re at risk for having them stolen. As we discussed in the previous article, “Get Smart — Initiate Controls to Protect Yourself From Fraud," you need a series of controls (systems and procedures) to protect your assets and prevent fraud from occurring.

Here’s how to create effective controls and put them in place in your company:

Design the Controls

Small businesses typically operate using intuitive, informal controls. For example they:

• Plan to hire a new field supervisor or salesperson
• Organize operations by delegating certain duties to specific employees
• Direct employees to perform activities in a specific way
• Control access to assets by locking the door upon departure or checking references before hiring a new employee

This seems fairly routine. So why does this pose a problem?

Because it’s not a comprehensive, risk-based, documented or carefully planned control system. Few builders would run a project for their clients with only a few planned procedures — and then hope they got the rest right. When it comes to running your office and protecting your own assets and business, you owe yourself at least the same level of detail you give your clients.

In larger companies, management is supposed to design and implement the control systems. Their Certified Internal Auditors and CPAs then analyze the systems for adequacy. They also test the controls to make sure they work as planned.

If you decide to tackle the design of a control system on your own as a small business owner, be prepared to spend some intensive time. You will also need some skills and abilities including (but not limited to):

• Office operations experience
• Business knowledge
• Financial proficiency
• People skills
• Risk analysis methodologies
• Expertise (or access to information) regarding common fraudulent schemes

You also may want to ask your accountant for guidance or help.

Balancing Risk and Controls, Costs and Complexity

You already know that unprotected assets can practically walk away by themselves. If that happens too many times, you’ll be out of business. Consider the following equation:

Too many uncontrolled risks = too much potential for loss + reduced control over operations

However, there is such a thing as having too many controls. Going overboard can negatively impact your profits and productivity and gives new meaning to the phrase “control freak.” Here’s another equation:

Too many controls = too much cost + complexity + loss of productivity

Because it’s impossible to create a control system that ensures a completely risk-free business environment, you continually must make choices to balance risk against the cost and complexity of control systems.

Prioritize Your Risks and Determine Appropriate Control Levels

One of the primary benefits of performing the risk assessment is that the process helps you prioritize your risks and potential weak spots. You then can determine the appropriate control levels for different areas of your business.

For example, you would certainly want to put more stringent controls on purchasing and paying for materials and subcontractor services — which involve high levels of cash flow and performance risk — than you would on your $200 petty cash fund.

Or, if you had to choose between tracking down the employee who just lost his fourth shovel in two weeks vs. staying in the office on a Friday afternoon to guarantee that your computer system gets backed up because your office manager is on vacation, you would stay in the office with your computer system. You can track down the employee and his missing shovel on Monday.

Formalize the design of your control system by taking the time to list your assets and then prioritizing your risks in relationship to your capacity for loss. Once completed, you should be able to make informed decisions about the controls you truly need. This could be one of the most important things that you ever do for the ongoing health of your business.

Implement and Document Your Control Systems

The next stage of implementing an effective system of controls is integrating the new procedures into your daily operations. The new procedures must be:

 

• Clear
• Specific
• Mandatory (i.e., everyone in the organization must follow them; no exceptions)
• Matter-of-course (i.e., logical and easy for your team members and employees to understand and use).

Put the new policies and procedures in writing. Doing so helps you clarify your understanding of the situation. Written controls also help you anticipate various questions, issues, problems and consequences so that you can come up with a game plan to deal with them if they occur. Lastly, written controls are a reference tool for your team members and employees; they may need clarification on the new processes until they are used to them.

Your documented controls needn’t be long or formal; simpler is better. For example, you could include a page titled “Negotiable Instruments” in your office procedures manual that reads something like this:

SAMPLE — NEGOTIABLE INSTRUMENTS

Definition of Negotiable Instruments:

All documents that could be converted to cash. Examples include, but are not limited to:

• Blank checks for current or closed accounts
• Credit, ATM and debit cards (and related access codes, pin numbers and pass codes)
• Passbooks (or related confidential bank information).

Company Policy:

1. The company shall carry bonding insurance for all employees.
2. Negotiable instruments will be properly locked and safeguarded at all times; the primary responsibility for this shall rest with [employee name].
3. Blank, expired, surrendered or unnecessary stock or cards will be promptly destroyed so they cannot be used by unauthorized parties.
4. Access to negotiable instruments will be limited to the current employees defined in the procedures section.

Company Procedures:

1. All negotiable instruments and/or their access information shall be held in locked file cabinets at all times (exceptions: when documents are being actively printed, signed or mailed).
2. The following two people will have keys to the locked file drawers:
   a.  [Owner’s name]
   b.  [Accountant’s name]
3. Keys issued to caretakers will be held in their personal possession and safeguarded responsibly.
4. Emergency backup keys will be held in sealed, initialed envelopes in the following location: [location information]
5. Blank or pre-signed checks will (or will never) be given to employees. (If so, only by direct instruction from [employee name].)
6. Authorized signers include the following:
   a.  [Owner’s name] (all negotiable instruments)
   b.  [Owner’s sister’s name] (checks in owner’s absence, gas credit card, specific VISA card)
   c.  Supervisory level field employees (gas credit cards; individual cards limited to $500 each)
7. When employees are terminated, all related keys, cards and negotiable instruments in their possession must be surrendered and authorizations immediately revoked (preferably in writing) with banking and credit institutions.

Failure to Safeguard:

Failure to properly safeguard the company’s negotiable instruments (or access to negotiable instruments) shall be considered negligence in performing assigned job responsibilities. We may, as an at-will employer, consider failure to safeguard company assets as grounds for dismissal.

Abuse or Fraudulent Use of Negotiable Instruments:

“Borrowing,” abuse or fraudulent use of any company assets (including negotiable instruments) is theft. It threatens our company and the livelihood and well-being of each of our employees and their families.

• We are an at-will employer and will therefore immediately dismiss anyone who steals any assets from our company.
• We will prosecute and obtain full restitution from anyone who steals any assets from our company.
• Don’t do it!

Notes on the Preceding Sample

• The preceding is an abbreviated sample and should not be construed as a complete document.
• The “Failure” sections shown above are strongly worded. Soften them if you feel they could be offensive to some employees. However, keep in mind that:
  • Responsible, law-abiding employees typically understand that a loss to the company is a direct threat to them and to their families. They may very well appreciate what you are doing to protect them.
  • Some employees entrusted with safeguarding company assets do not fully realize or understand the magnitude of responsibility they have been granted; a strongly worded policy can help make the point.
  • Even if your current employees are exemplary, employees change over time. Your policies and procedures clearly state what may be missed during the training process or what you may be reluctant to directly tell an employee on your own.
  • Many employees start committing fraud by stealing/borrowing “just a little.” They don’t consider the consequences or don’t believe anyone would actually prosecute them. A strong, clearly-worded policy acts as a reality-check and reminder just in case they were thinking about “crossing over the line.” It can also act as a warning to fraudulently-inclined individuals that they should look elsewhere for a target.
  • If you discover fraud in your organization, you will have already decided how to proceed. Employees will respect you for having clearly stated the rules and for following through with the consequences.
  • Any documents regarding dismissal policies should be approved by your attorney.

Diane C.O. Gilson, CPA, CIA, is a Certified QuickBooks ProAdvisor and MasterBuilder ProAdvisor, author, trainer and construction accounting coach, as well as a frequent speaker at The International Builders’ Show and The Remodeling Show. Her firm, Info Plus Accounting PC/CPA, offers bookkeeping and support services to help construction companies do more accurate and timely job costing and run better management reports. Contact Gilson via e-mail, or call her at 734-544-7620.

Earlier Articles in This Series

• To read, “Protecting Yourself From Fraud: An Introduction,” Part 1 of this series, published Dec. 15, click here.
• To read, "Are You at Risk? Protecting Yourself From Fraud," Part 2 of this series, published Jan. 26, click here.
• To read, "Good Self-Defense Strategies Will Help Protect Your Business From Fraud," Part 3 of this series, published Feb. 9, click here. 
• To read, "Lifestyles Can Be Red Flags: Know the Warning Signs of Fraud," Part 4 of this series published  March 1, click here.
• To read, "Strange Behavior May Be Tip-Off to Possible Fraud ," Part 5 of this series published April 5, click here.
• To read, "Review Your Accounting Reports to Protect Yourself From Fraud," Part 6 of this series published May 10, click here.
• To read, "Do Your Financial Statements Add Up? If Not, Be Alert to Fraud," Part 7 of this series published June 7, click here.
• To read, "Protecting Yourself From Fraud: Watch for Warnings Signs From Others," Part 8 of this series published July 5, click here.
• To read, "Get Smart — Initiate Controls to Protect Yourself From Fraud," Part 9 of this series published Aug. 16, click here.