I was talking to a colleague and he asked me for my thoughts regarding a particular client of his who was dealing with the issue of FRAUD. After we talked about it for a while, I realized this conversation would be very helpful to many business owners and executives who may or may not be aware fraud might be going on in their business and they don’t even know it.
So I wanted to share with you some of my thinking in this area since I have already seen way too many fraud situations over my years of being a CFO. In the case of my colleague’s client, they have suffered three separate embezzlement frauds in as many years. I have to admit, my first thought was, “You’ve got to be kidding me!” Then it was followed closely by, “Something is going horribly wrong at this company.” But in reality, there are three primary problem areas that immediately come to mind, any of which can open the door to fraud.
Since each of these is a “story” in and of itself, I thought it might be helpful to break this discussion into three separate stories and allow you to think of each one in a bit more detail. So let me start with the first primary problem area for a business – INTERNAL CONTROL PROBLEMS. It’s easy to say this is an internal control problem. All three of my colleague’s client frauds were in the accounts payable function and there are discrete controls that should be routinely applied to plug holes in AP (accounts payable).
- Vendor Master Controls – these controls ensure that the vendors in your system are valid. Some of these should include the following: there is vendor profile with a W-9 on file; inactive vendors are purged at least annually; the vendor address is validated and duplicates purged; etc.
- Invoice Processing Controls – these controls ensure that vendors are paid the appropriate amounts timely. They should include components such as the vendor is only paid with documentation of goods received and a matching purchase order; vendors are paid according to contract terms and do not exceed authorized amounts; purchases have appropriate approval limits; etc.
- Disbursement Controls – these controls ensure that any fraud will be detected in a timely manner. For example, check requests should be routed to the appropriate reviewer for approval prior to processing; disbursement activities are traceable to the general ledger; disbursements are posted in the period in which the payment was made; blank checks are properly stored and void checks are accounted for every month; etc.
This should get you started thinking about some solid and tested internal controls that will help you as you move forward in “locking down” the potential for fraud. In my next post I will talk about the second problem area, called “The Perception of Detection.” It is the single best way to prevent fraud…