A few years ago I joined an international company as a regional Finance Manager and managed to uncover the fact that my predecessor had been embezzling funds from the company. Unfortunately you only need to watch the news to know that this kind of thing happens all too often. What companies need is better measures in place to minimise the risks of this sort of thing happening.
Having had personal involvement in such a matter, discovering the ways in which the embezzlement happened, I now have some good examples of the security measures that should be in place to help ensure that this type of fraud can’t happen or go undetected:
Corporate Credit Cards
With any employee using a corporate credit card it is important that all the costs expended on the card be approved by a manager. However, it is especially important that checks are put in place when it is the Accountant, or the Finance Manager, or someone senior in Finance (depending on the size of the company) who has a corporate credit card. Since they would usually be the ones who are verifying the use of any other employee’s cards, ensuring management approvals etc. it is important that someone independent to the finance department, another senior manager, be the one to approve and verify the Accountants use of the card.
Any online banking payments should require two individual approvals before the payment can be made. One of the approvals can be from the accountant but the other should be from a different manager, someone outside of the finance/accounting team. This manager should be given the payments report from an accounting system and/or copies of all the relevant invoices/paperwork. This will allow them to verify the payments being made before approving them. It is always a good measure to have at least three people with online banking approvals so that if one is away there are still two who can do the approvals. At no time should online banking passwords ever be shared.
Suppliers and Invoices
Where possible, the person who sets up a new supplier/vendor on the accounting system should be a different person than the one who enters the purchase invoices. This helps to ensure that no “dummy” suppliers or invoices can be entered.
Suppliers Bank Accounts
Random checks should be made by those approving the payment of invoices to ensure that the bank accounts that the payments are being made to match the bank account details given on the invoices.
Ensure that the petty cash tin is audited by someone other than the person who issues the cash on a regular basis. Ensure that all issues of cash have been duly authorised and that the receipts and the cash total up to the balance of the float.
Allowing for seasonal adjustments the cash flows of most companies will be reasonably consistent with the occasional spike for such things as income tax payments. Keeping a check on the cash flow should therefore help to indicate if something is amiss, especially if the expenditure suddenly starts looking high in comparison to the income.
Are the costs on any of the expense accounts in the P&L suddenly looking much higher than they usually do? While there could be a legitimate reason check it out as potentially it could indicate “dummy” costs being entered and paid for.
Above all, follow through on any queries you have made to the accountant (accounts department) about any concerns you may have. Insist on an answer and don’t just let your query be ignored.