In last month’s column, we outlined the procedure for establishing a risk management plan, a checklist of ways to prevent employee-related losses and the conditions favorable for fraud to occur. Internal crimes tend to follow common patterns. Even honest employees may steal if they are experiencing severe financial difficulties or feel that they are treated unfairly.
Know your personnel. If an accounts receivable clerk suddenly arrives in a new Rolls Royce and is asking for time off to sail around the world, he or she either inherited money, won the lottery or has a wealthy sponsor. Make sure that sponsor isn’t you.
It is rare for an employee to confess to a drug or gambling habit. Many people are paying high tuition bills, incurring elder care expenses and carrying large credit card debt. Knowing your employees while respecting their right to privacy is difficult and time-consuming, but necessary if you want to stay alert to changes in the pressures affecting them.
Subtle forms of theft or embezzlement affect most companies. Only you can decide whether an employee is entitled to a company pen or computer, and you won’t prevent all time slippage. Make it clear what you expect, and then implement internal controls to protect your assets.
The Institute of Internal Auditors (IIA) specifies five objectives for internal controls in its standards: reliability and integrity of information; extent of management’s compliance with company policies, plans and procedures, and government laws and regulations; safeguarding of assets; effectiveness and efficiency of operations; and accomplishment of established goals and objectives.
Your accountant can advise you of specific ways to implement internal controls, but most of them will relate to three goals. First, make sure all transactions are properly authorized and entered into the records. Second, restrict access to company assets to a limited number of people. Third, reconcile or compare accounting records to underlying assets on a regular basis (auditing).
The most cost-effective controls are preventive, but you must have the ability to detect and correct procedures that create potential loss exposure. Physical barriers such as fences, locks and safes protect property and fixed assets. Verify the location of all property, and make sure it is properly signed out, returned and maintained.
Investigate the cost of attaching global positioning systems to your vehicles and equipment to track when and where it is being operated. Unauthorized use of your property is impossible if your service truck or site equipment is programmed to shut down at the end of the shift and remains inoperable until the next shift begins.
Using sequentially numbered documents (such as checks and purchase orders) provides a way to account for all documents and detect duplications as well as missing or altered paperwork. Separation of duties is also preventive, since it precludes one person from performing functions that control both a transaction and its audit trail.
Mandating that employees take annual vacations of at least a week, as financial institutions often do, enables you to detect fraud patterns, many of which need almost constant maintenance. This policy also inhibits schemes based on collusion between an employee and a vendor or customer. All vendors should have written lists of authorized purchasers, including their signatures. Otherwise, past or present employees may print business cards and charge purchases to you without immediate detection. Changing passwords, using biometric detection and setting up firewalls also help protect critical information from unlimited access.
Your financial statements can be falsified to inflate profit and obscure problems. Shifting items between the balance sheet and income statement, creating fictitious transactions and ignoring real ones, are commonly used methods of “cooking the books.”
On the income statement, reporting sales before they are real, creating false internal sales and shifting expenses to a later accounting period are all ways to improve the bottom line, especially at year-end. On the balance sheet, exchanging depreciated assets for other similar assets inflates book value, and a one-time capital gain might be entered instead as recurring operating income.
These are the kinds of things that managers do to mislead stakeholders and earn promotions and incentive bonuses. Even owners might believe they are not doing anything wrong. After all, if you are closed from Christmas to New Year’s and don’t pick up the mail, those bills aren’t really part of your December payables, are they?
Don’t fool yourself—altering the timing of earnings or obligations is fraudulent activity. There is a fine line between creative accounting and “cooking the books.”
If you think it will cost too much to implement stronger internal controls, consider the potential financial effects of fraud—rising insurance premiums, direct loss expenses, potential legal costs, a tarnished reputation, lost customers, reduced bonding or lending limits, and employee turnover costs. Stay alert, and do what it takes to protect your assets. EC
NORBERG-JOHNSON is a former subcontractor and past president of two national construction associations. She may be reached at firstname.lastname@example.org.