Reported thefts have ranged from a few thousand to millions of thousands of dollars. Worse yet, sometimes we are talking about funds belonging to firm clients.
How does this happen?
After recently reading of another case involving the misappropriation of cash by an individual abusing trust, I thought a refresher course (or perhaps an introduction for some) on basic “blocking and tackling” might be appropriate.
As firms grow it is easy (in fact, not unusual) to fail to implement a handful of checks and balances that serve to decrease exposure to theft and fraud. Absent these business safeguards, it is easy to wake and find yourself the victim of someone all-too-willing to take advantage of your trust and a system that is far too easy to hack.
A relatively simple system of internal controls can provide significant protection, and decrease the risk of your firm falling prey to someone that doesn’t deserve your trust.
A thorough discussion of appropriate internal controls is beyond the intended scope of this post; but consider the following primer.
The Basics of Protection
Segregation of duties
As a small law firm grows — both in terms of number of individuals employed and revenue generated — there is an ever-increasing demand on the owner(s) time. The resulting tendency is to delegate activities related to receiving and accounting for funds, as well the approval, payment and accounting for payments related to obligations of the law firm.
As the volume of work delegated grows, separate individuals should have responsibility for authorizing, making and accounting for payments.
Additionally, different persons should have responsibility for opening mail, depositing payments and accounting for their receipt.
Limitations on authority
One approach to decreasing exposure is to apply limitations to authority. For example, many firms require two signatures for payments that exceed a certain threshold such as $1,000. This is not about trapping a dishonest employee; it is about installing smart checks and balances around judgements and decisions that can be pivotal in nature.
A firm owner should receive, unopened, the firm’s bank statements, and review them on a monthly basis. The simple fact that the statements are being reviewed will prompt a better decision making process.
For firms with two or more owners, it is smart to separate responsibilities, having one owner authorize payments (coupled with a requirement for two signatures), and another review the bank statement.
An annual budget reflecting anticipated expenditures and receipts is a tool that helps to minimize exposure. A monthly review of actual to expected performance will identify unplanned and perhaps inappropriate transactions.
Mandate vacations/job rotation
A practice of forcing a continuity break by mandating vacations away from the office (and away from access to the firm’s financial systems) has a strong impact on decreasing temptation and exposing inappropriate activity. A system of rotating responsibilities associated with cash related functions has a similar impact.
Contracting with an independent accounting firm for an audit of the firm’s books is a very healthy practice. Much like other aspects of a good internal control system, employee knowledge of the fact that periodic audits occur will decrease the likelihood of a problem.
Implementation of any of the above will result in a more secure operation but a professional review of your firm’s financial processes and controls is most appropriate and is recommended.
How are your internal controls?