Our Top 7 Best Practices for Preventing Fraud
You might have landed on this page, assuming that it will cost a lot of money, time, and personnel resources to implement a robust fraud prevention program in your organization. But that's not necessarily true. For most organizations, fraud prevention and detection tools can be easily implemented, rarely equate to the hiring of another individual, and don't usually equate to much more of your time or resources.

When considering fraud prevention and detection tools, it is important to understand that one size does not fit all. And, as an organization expands or contracts, these tools (or processes and procedures), need to be reconsidered to ensure they continue to meet your goals and objectives. Segregation of duties and internal controls work best when employees understand the importance of their roles, and that implementation of these strategies are not due to their untrustworthiness, but rather because we want to keep your assets safe and your employees safe in their jobs.
1. Tone at the top
There are many definitions for "Tone at the Top." Typically, it is used to describe an organization's general ethical environment or management's leadership and commitment toward openness, honesty, and ethical behavior. According to the Association of Certified Fraud Examiners, there is a correlation between a company's Tone at the Top and its fraud risk.

Tone at the Top is not a "one size fits all" definition for organizations. Just as your organization is unique, so too are the strategies to implement a positive tone. Typically, a positive or healthy Tone at the Top includes the following:

  • Open-door communication between management and lower level staff
  • Management follows through on reports of conduct breaches
  • Standard of ethical behavior is communicated, displayed by management, and expected of employees at all levels (i.e., ethics does not apply only to the lower level staff)
  • Support programs for employees (e.g., mental health, substance abuse, financial counseling)
  • Surprise audits
  • Management oversight over processes and procedures
  • Employees are expected to arrive to work on time, not to leave early, and to be productive during working hours
  • Mechanisms for positive feedback are in place and used frequently
  • Low turnover of management and staff
  • Employees receive ongoing training and opportunities for advancement
  • Hotline, or other mechanism to report anonymous tips, is in place and working
  • Participation is required in the event of an internal or external audit or investigation

There is no substitute for a positive ethical tone inside an organization. It is a key component in reducing fraud risk.
2. Cash receipts
Every organization is different in terms of how sales are made and how money comes into the organization's bank accounts. You might bill clients at the end of the month, or process transactions through a cash register at the time of sale, or, in the case of a nonprofit or church, wait for donations.

Regardless of where the money comes from, it is important to ensure that there are multiple (at least two) people overseeing the entire process from the moment it is collected to the moment the funds make it to the bank. You don't want a single person collecting the money, preparing the deposit, and taking the money to the bank. If you have money coming into an organization-whether it's through a cash register, front desk, electronically, or through the mail, make sure that:

  • Checks are endorsed immediately and taken to the bank within 24 hours
  • Invoices issued to customers are pre-numbered
  • For non-invoiced collection of funds (e.g. donations, fee collections, etc.), implement a receipting mechanism, using pre-numbered receipts, for collection of funds. When funds are counted for deposit, ensure receipts are in sequence and the total of the receipts matches the total of the funds deposited
  • Person billing customers should not also collect funds and post payments
  • Person collecting funds and posting payments should not have the ability to place a credit or make a write-off to a customer's account
  • Person who collects the money should not be the person who takes the funds to the bank
  • Cash drawers should be segregated and accessible by only one employee per shift
  • Enforce cash shortage policies
  • Customer statements are not sent by individuals involved in handling incoming cash receipts
  • Bank reconciliation is not conducted by individuals involved in posting or taking cash to the bank
3. Cash disbursements
Most businesses, large and small, pay their bills through the check disbursement process. And whether you issue a handful of checks per month or thousands, appropriate segregation of duties and internal controls is the same.

  • New vendors should be approved by management and entered into the accounting system by someone other than the accounts payable clerk
  • New vendors should be researched via an onsite visit or via your state's business registry office to ensure the vendor is not owned by an employee of the paying company
  • Invoices from vendors should be approved by the appropriate level of management prior to entry into the accounting system
  • The person signing checks should not be the person who can approve the invoices and/or enter the invoices into the accounting system
  • Checks should only be signed if they are supported by an approved invoice
  • Checks should be mailed by someone other than the accounts payable clerk
  • Bank reconciliations should be performed by someone other than the accounts payable clerk
  • Consider using your bank's positive pay system to ensure that only checks to approved payees clear your account
  • If wire transfers or online bill pay are used to pay bills, ensure that there are dual controls in place whereby one employee sets up the wire transfer/bill pay and a separate employee, using separate and distinct log-in credentials, approves and sends the wire or online bill pay
  • Ensure that all canceled check images are returned with your monthly bank statement and are reviewed consistently each month
4. Bank statement review
The number one fraud scheme is the fraudulent disbursement scheme. In other words, an employee has access to funds in your bank account and they use various mechanisms to use those funds for their own benefit.

Before we learn anything else, we want to give you a short-cut to the best practice any organization can implement: A thorough review of your monthly bank statements and cancelled checks is the single-most effective fraud detection tool. We realize that your bank is encouraging you to do everything online, and in fact, you may not be getting bank statements each month.

At Acuity Forensics, we urge you to pay the extra fee, if there is one, and get your paper statements and copies of cancelled checks returned to you each month. We realize that printing more paper is not "environment friendly", but let's face it, most of us do not have time to log into our online banking system and load every check that cleared our bank. We do, however, have 10 or 15 minutes to review a paper copy of a bank statement, with the cancelled check images, to verify that our funds were used for business purposes only and were not used by any unscrupulous employee.
5. Debit or credit card disbursements
If debit or credit cards are distributed to employees, make sure that you have appropriate policies that incorporate rules around spending, ATM withdrawals, etc. Some banks offer companies the ability to ban purchases from certain establishments. In the event that employees carry debit or credit cards, ensure that:

  • Daily and monthly spending limits are in place and monitored
  • All receipts must be retained by the employee and remitted before the end of each month
  • All charges are summarized on an expense form, with the date, amount, vendor, and purpose of the charge
  • All charges must be reviewed and approved by an appropriate-level supervisor
  • Reconcile employee receipts and expense forms to monthly debit or credit card statements
  • Reconciliation must include verification that vendors paid matches information provided by the employee
  • Employees are aware of oversight over the debit and credit card charges in that questions are asked and/or additional information is obtained.
6. Payroll
If you have a business, you likely have employees. And whether you process your payroll in-house or with an outside company, you have risk associated with this function. Best practices related to payroll include:

  • Segregating the hiring and human resources function from the payroll function
  • Payroll hours are approved by appropriate level of management before hours are entered into the payroll system
  • Paid time-off hours are related to a set benefit for all employees and usage is approved by management before being entered into the payroll system
  • Use a direct deposit system to pay employees (instead of paper checks)
  • Ensure that all tax and retirement withholdings are remitted to appropriate regulatory agencies at the same time payroll is processed
  • If using paper checks, rotate who distributes paper checks on pay day
  • A review of payroll reports each pay period, once payroll is processed, conducted by owner or appropriate level of management
7. Expense reimbursements
In the event that employees are allowed to use their own credit cards to incur business-related debt, ensure that you have appropriate polices in place that describe allowable expenditures and requirements for receipts. Similar to debit and credit card charges, internal controls should include:

  • All receipts must be retained by the employee and remitted before the end of each month
  • All charges are summarized on an expense form, with the date, amount, vendor, and purpose of the charge
  • All charges must be reviewed and approved by an appropriate-level supervisor
  • No reimbursements will be made without an original receipt (i.e., credit card statements cannot be presented as proof of a charge)
  • Employees are aware of oversight over the debit and credit card charges in that questions are asked and/or additional information is obtained (e.g., compare their calendars with their travel-related charges)
"We have been so impressed by Tiffany's professionalism and follow through. So very glad you were able to investigate this case. Thank you for the fantastic investigation letter. Well written and 'to the point'... clear and concise like your investigation in the case."
M.H.
Yakima, Washington
"Tiffany was a great speaker! I felt engaged for the entire 8 hours and would love to have her again in the future."
S.N.
Seminar Participant, 2021