Anti-Fraud Controls: Ten Things Every Business Owner Should Know
David Zweighaft CPA/CFF, CFE, CBA
Regardless of industry, location, size or phase of the economic cycle, every business is susceptible to fraud in one form or another. Briefly, there are three principal types of fraud that occur: i) misappropriation of assets, ii) financial statement misrepresentation, and iii) corruption. Owing to the diversity of clients and the unique facts and circumstances that each business faces, there is no “one-size-fits-all” set of rules that would apply to all businesses equally in addressing these types of fraud. There are however, leading practices based on sound principles that every business owner can apply in order to mitigate the risks:
- Ensure there is sufficient segregation of duties so that no one individual has more than one of the following: access to assets, the ability to record transactions and record keeping responsibilities. An example of this would be a bookkeeper who has control of the checkbook, maintains the cash receipts and disbursements journal and receives and reconciles the banks statements.
- For all disbursements above a specified amount, require two signatures for approval of checks.
- Require multiple bids on all purchases above a specified amount.
- Conduct surprise cash counts or inventory counts at least twice a year.
- All employees should take their full vacation allotment, with at least one full week taken consecutively.
- Incorporate a Vendor Audit Clause into all purchase agreements that allows the customer to review or audit the vendor’s records for that customer.
- Develop a Code of Conduct/Ethics that defines and expands the company’s mission statement and explicitly states what types of behaviors are unacceptable, as well as the consequences of violating the Code. Have all employees, officers and owners read the essay moment Code and sign a document stating that they have read the Code, understand it and agree to abide by it. Require that all personnel sign a re-affirmation of the Code annually.
- Perform thorough background checks of all employees prior to hiring.
- Communicate a zero-tolerance policy for any fraud, dishonesty, conflicts of interest, or other prohibited practices.
- Maintain a hotline or other anonymous reporting mechanism for employees to report unethical behavior without fear of retribution. Provide a feedback mechanism so that employees reporting suspicious activity can learn the outcome of their calls.
While implementing these “top ten” business controls don not necessarily guarantee the total elimination of opportunities for fraud to occur, they will provide a system of oversight that will result in prevention, deterrence and timely detection of attempts to commit material frauds against a business.
One parting thought: the most robust and thorough system of anti-fraud controls are of negligible value if i) management personnel are not they are not tasked with responsibility for them, ii) exceptions are not reported or investigated, and iii) they are not periodically tested for operating effectiveness.