KEEPING YOUR BUSINESS SAFE FROM FRAUD - PART TWO
in this article:
In the first article, Steve Davis looked at common types of fraud which can affect both franchisees and franchisors. Here he suggests some controls to help you avoid getting caught out.
In my first article I looked at the startling statistics around fraud, including the fact that over 50% of New Zealand businesses have experienced at least one case in their own companies. I outlined some of the causes of fraud then looked at typical types of fraud and the warning signs that business owners should look out for. This established that, sadly, the Number One prerequisite for fraud is trust. In this second article, I'd like to outline some of the controls that wise business owners can put in place to reduce both temptation and opportunity for fraud.
In smaller stores and businesses, the most practical method of minimising the risk of fraud calls for the owner/manager to assume some of the duties of an internal auditor. The close involvement of an accountant is a practical but more expensive alternative. These duties include frequent (or at least periodic) checks of regular and irregular transactions, sighting original documents, confirmation of merchandise received, verification of sales and banking records, invoice reconciliation, bad cheques and other areas with high potential for fraud.
If the owner is not the manager, then the owner needs to assume a monitoring role (or delegate this to an independent, qualified third party). This will mean reviewing accounts and sales, reconciling original banking and financial documents, evaluating stock/supplies with sales/consumption and re-order quantities, reviewing sales register/POS transaction records, analysing stocktake results (and conducting periodic random double-counts), and checking other critical or vulnerable areas of company operations as previously identified.
To insist upon close (or closer) financial/sales and activity monitoring does not imply - and should not be interpreted as - mistrust of the business's manager. It is nothing more than good and prudent management practice on the part of the owner and is for the protection of all parties. This applies no matter who is managing the business or for how long they have been doing it.
In general, wherever possible the following procedures should be followed:
- Separation of duties. In one recent retail store risk appraisal, a single employee was found to be in sole charge of ordering the stock, receiving stock, authorising payments and writing cheques to the suppliers, personally conducting the stocktakes, maintaining the stock records and adjusting the stock. If the person in such a position were dishonest, consider the available potentials for long-term fraud.
- Multiple Involvement. In many small/medium-sized stores, only one or two persons may be responsible for the performance of numerous functions which, in larger organisations, are kept separate. These people often combine all the functions of bookkeeping, accounts payable and receivable, payroll, cheque disbursement, cash deposits and banking, etc.
- Such activities with potential for fraud should, as much as possible, be done by different people so that a ‘check-and-balance' can exist that may serve to deter (or detect) the onset of fraud. Good internal control requires work to be divided so that there is less opportunity for theft, fraud or embezzlement without collusion between two or more persons. This applies to any two or more critical functions where an individual might have the ability to initiate, commit, and then conceal any dishonest actions. For example, delivery truck drivers should not be the ones to load their own vehicles from the stockroom or warehouse.
- Accountability. Groups of people often find it hard to manage the sharing and acceptance of responsibility. Identify each specific area or vital process then make one individual responsible for that area, with another person (probably the manager) responsible for oversight and control-monitoring. Individuals usually perform better when they know they are directly accountable and, if problems do occur, management knows exactly who is responsible.
- Monitor your controls. Whatever procedural controls you put in place over any area, make sure that you incorporate some system of checks, to monitor adherence to and effectiveness of those procedures. Look for ways that you, in that role, could bypass procedures/controls and commit theft or fraud. If you find that you could do it, devise improved methods to counter these weaknesses.
- Do not assume just because you run a small business with just a few key people that this confers any kind of ‘immunity' to fraud - it happens to small businesses regularly. Frequent unannounced audits should be randomly conducted in each fraud/theft-potential area or process by someone other than the people operating in that area.
- All cash receipts should be verified and deposited daily. Reconcile till tapes, store books, cash receipt documents with banking deposit slips. At least every month, owners should personally reconcile the above with the bank statements. Note deposit dates shown on the statements as compared to deposit dates shown by the cash receipts. Any curious time-delays in making deposits should be queried.
- All disbursements (other than petty cash or retail refunds) should be made by cheque, examined and signed by the manager.
- On occasion, the owner/manager should verify outgoing customer-account statements, where applicable, check them against the accounts receivable ledger and personally post them out.
- During the first few days of each month, and as often as possible, the manager should receive and open the incoming mail. Usually, the mail should be opened by someone other than the head cashier or accounts receivable bookkeeper. Have incoming mail classified as to cheques, money orders, etc, and compare with the cash receipts ledger.
- Reconcile EFTPOS sales/settlement details with those on daily reports/audit rolls.
- Someone other than the head cashier/accounts receivable bookkeeper should directly receive bank debit statements. The duties of head cashier, accounts receivable bookkeeper and general bookkeeper should be performed by different people. They are intended to act as a mutual cross-check.
- Someone other than the bookkeeper/inventory controller should do all the receiving and shipping of merchandise.
- Journal entries and bad debt write-offs should receive the approval of the owner/manager, especially if they have to do with bad cheques, credit sales or claims.
- The bookkeeper should be bonded for a suitable amount of money.
- All financial or transactional documents (including refund slips, credit notes, sales docket books, etc) should be pre-printed with the company and/or store name details and serially pre-numbered. Their issue should be controlled. Any obsolete versions of documents should be verifiably destroyed.
- Totals of cash disbursements journals should be periodically verified and compared to general books by people other than those usually performing your accounting/payables functions.
- Be sure that all credits to accounts not arising from cash remittances or cash discounts are approved by authorised persons other than the cashier or accounts receivable bookkeeper.
- Watch out for cheque diversion or theft. Crooked employees have often opened bank accounts with names almost identical to the business's trading name and this means that unwary bank clerks can permit the deposit of your cheques in the employee's account.
- Occasionally audit your employee pay-rates, time-worked calculations and Electronic Funds Transfer payments.
- On occasion, if you pay any wages by non-electronic means, these should be distributed to employees by the manager.
- All purchases should be authorised/approved by management.
- All purchase invoices should be approved for payment only upon evidence of receipt, correct count and inspection of the merchandise (or verified performance of services). ‘Paid' invoices should not be rubber-stamped as ‘Paid' - clerks have been known to use ink eradicator to process the same invoice twice to get kickbacks from the payee. Use a ‘Paid' paper-perforation device for marking invoices instead.
- Merchandise received should be logged in a Goods Inwards Register, shipments numerically controlled and checked against the purchase order. Too many receiving discrepancies should be investigated. Consider having receivers use ‘blind counts' - copies of receiving Purchase Orders but with the quantities blacked out. This forces them to count goods received rather than just copying quantities off the slips.
- Purchasing, receiving and storeroom functions should be performed by different people who are responsible for discrepancies in their areas.
- All receiving documents should be checked for quantity, prices, terms, freight charges, additions, extensions and dates.
- Returns to manufacturer should be based on written authorisation only and should be well-accounted for. Develop better checks in any areas where problems occur. Verify credits or replacements received.
- Ensure that all adjustments for inventory differences, price changes and markdowns, etc, are approved and checked by management or by authorised persons.
- Conduct frequent spot inventory counts, especially of popular, high-price items. Do this particularly following reported merchandise refunds. Too many ‘one-short' counts involving the same cashier should be regarded as suspect and watched more closely.
- Ensure that stock adjustments are well controlled and that all adjustments are kept in a secure ‘owner access only' file that cannot be tampered with. Write-downs, write-offs or other irregular adjustments should show who performed them and why.
- Wherever possible, rotate critical duties periodically. Ensure that all staff take vacations and have their duties during that period performed by someone else.
- Ensure that cash and vital documents are physically protected and limit access.
- Ensure that you have good, structured access/password controls over your computer functions and data, with protected log-on reports of staff access.
- Consider having an internal security review conducted by a qualified person. This should take place periodically.
- Petty cash should never be made from the cash registers but from a separate fund.
- Carefully monitor petty cash disbursements so that cash and payout slips balance at all times. Regularly review reasons for disbursements.
- When the petty cash fund is reimbursed, all supporting vouchers should be examined and cancelled by management. All receipts should be in ink, signed and dated by the person receiving the money.
- Original invoice/receipts should be mandatory or obtained whenever possible.
- Frequent unannounced inspections of petty cash should be made by someone other than the usual custodian.
- All bank cheques should be pre-printed, pre-numbered, well-controlled, and accounted for. They should be written only in permanent ink or by a cheque-writing machine. Have extra controls if you use PC-banking/EFT payments.
- Be sure at the time of signing that cheques are completed, except for your signature, and are accompanied by supporting documents which you examine. Your signing of cheques must not be just a ‘rubber-stamp' function.
- Prohibit the drawing of cheques to ‘cash'. Never sign cheques in advance.
- Get into the habit of querying anything that is out of the ordinary or not fully clear.
These are some basic guidelines which can help minimise accounting and data-related frauds. The key things to remember are double-checks, careful managerial oversight and frequent audits by persons not directly involved in those functions.
Putting these procedures in place - and carrying them out regularly - does take time but it's essential to protect your business. By doing so, you also protect the jobs of your staff. After all, the money you lose might be the very money your business needs to survive and grow in difficult times.
This material is copyright © Franchise NZ Marketing Limited, Franchise New Zealand ™ magazine and Franchise New Zealand On Line . While it may be downloaded for personal use, no part may be reproduced in any form whatsoever without the specific written permission of the publisher.