By: Jennifer French CPA CGMA, Principal –
With the COVID-19 pandemic, we are experiencing unprecedented times, that came upon us both quickly and unexpectedly. While navigating new waters in relation to the Coronavirus Aid, Relief and Economic Security Act (“CARES Act”), including the Paycheck Protection Program and Loan Forgiveness, and working to keep your business viable, it’s easy to lose sight of the day to day oversight of your company’s financial processes. While you are dealing with the direct economic impact of COVID-19, who is overseeing the financial processes of your business? Unfortunately, during times like these, when our focus is diverted elsewhere, this is when fraud can be easily perpetrated as proper segregation of duties tend to go by the wayside.
For auditors, the “fraud triangle” is a framework commonly referenced in order to explain the motivation behind an individual’s decision to commit fraud. When all three components exist, conditions for fraud to occur increase. The three components that comprise the fraud triangle are (1) opportunity, (2) incentive, and (3) rationalization. I was once told that no one will steal from you unless you allow them to. Ouch, this one was hard to hear, as oftentimes a lot of truths are.
- Opportunity – occurs when there is a lack of segregation of duties, controls or oversight over financial processes such as check processing, wire transfers, payments to vendors, issuance of credit memos, receipt of payments, dipping into petty cash, or etc.
- Incentive – normally, this occurs when there is financial pressure resulting from a lost job, sick relative, college loans, and etc. For example, a long-time faithful employee can have a life-changing event that changes their mindset in an instance. (In January, did you think this is where we would be?)
- Rationalization – this is when the perpetrator convinces himself or herself that the fraudulent act is acceptable. He or she could rationalize they are simply borrowing the funds and have the intent to pay it back at a later date, such as when the crises have passed.
Due to the increased risk of fraud during this time, what steps or preventative methods as a business owner or executive can you take? We are happy to share several cost prohibited steps you can take in order to mitigate the occurrence of fraud within your organization.
- Set the “Tone at the Top” by leading by example. Recommended processes for this are to have written policies and procedures, a “Code of Conduct”, implement an “open-door” policy, establish an Ethics Policy that is published for all employees to see. Some companies have a confidential “fraud hotline”, website reporting or email address to report suspected fraud. There are services you can hire to monitor calls or reporting, or you can simply have a dedicated line at work or email address that funnels directly to your human resources manager. Some companies extend this to customers and vendors as well, as their success coincides with your company’s success.
- If you currently have strong internal controls in place, keep them. Do not compromise them during this season of change. If controls start becoming “lax”, employees will take notice. Don’t tell yourself you can review disbursements or bank statements a few months from now. If you do, it will most likely be too late to recoup losses due to a simple error, mistake, or the perpetration of fraud.
- If your organization does not have strong internal controls, now is the time to implement them. Segregation of duties is one of the key components of internal controls. One example is the employee who processes disbursements should not also be the one who approves the disbursements. The employee who bills customers, should not be the same employee who receives and applies the payments received from customers. Journal entries and credit memos should be reviewed and approved.
- Review the bank statement(s) in a timely manner. Login to the financial institution and download the statement yourself. When reviewing the transactions, ask the simple question, “does this make sense”? Look at who the disbursements are made to. Are the deposits reasonable? If not, ask. I have coached several clients to ask whether or not something looks suspicious just to instill to the employees that you’re always looking.
- Ensure company assets and inventories are properly safeguarded. Are assets inventoried? Would you know if five laptops were ordered but only four were placed in service? If your company manufactures or distributes product, would you know if something was “sold out of the back door”? Are blank check stocks and signature stamps locked up?
- Monitor your employees’ vacation balances. You may like that your “key” employee never misses a day or takes a vacation, but heed this as a warning sign. It could be this employee has something to hide and is worried fraudulent activity could be detected in his or her absence.
- Instill “job rotation” or ensure each financial position has a backup person. Thus, when an employee goes on vacation, ensure someone else performs their duties. Do not let his or her job sit and wait for their return.
- Compare budgeted amounts to actual results. Are the revenues reasonable in relation to what was expected? If expenses are higher than normal can you explain why?
- Take time to get to know your employees and engage them in conversation. Are they experiencing any hardships? Is there a change in attitude? There may not be fraud, but this allows you to be in tune with heavy workloads or frustrations that may exist.
- Verify your company has adequate fidelity bond coverage. A fidelity bond is a form of insurance protection that covers policyholders for losses they incur as a result of fraudulent acts by specific employees. Be sure to read the fine print. Oftentimes, they do not cover contractors or temporary employees. Thus, if you have an employee out on medical leave and hire a temporary employee during that time, this coverage may not extend to them. Discuss this with your policyholder.
- Engage an independent CPA firm to conduct an audit of the financial statements or perform an engagement relating to the assessment of internal controls. Having an outside party looking in can deter employees from committing fraudulent acts.
We are in this together and our firm is here to help each one of you get through this. Reach out if there are any questions or something you’d like to discuss. We’d love to hear from you, how your business is weathering this storm and know that you are safe and healthy.