By Chris Mennel,
audit manager, Alerding CPA Advisory Group
How prepared are you to prevent fraud or financial misstatements
in the digital age? Technological advances have forced everyone to continually
reassess their internal controls.
Technology has improved efficiency and expedited basic
transactions like paying by check and depositing cash and checks. On the downside, these improvements have
created opportunities for fraud.
Because technology is constantly changing, your control
environment must be continually reassessed. Here are a few technological
changes that have had an impact on a variety of cash-related transactions and
should be closely overseen to minimize opportunities for fraud.
Credit cards
Credit card use for businesses and nonprofit
organizations has dramatically increased in the past five years. Employees are being encouraged to use their
company credit cards for all business expenses, not just for travel. Whether it is for increased rewards points or
for ease of use, this method of payment is very popular. The downside is that all cardholders
essentially become authorized signers.
This may sound fine, but in our experience, organizations are more
lenient as to who may carry a company credit card or have access to the “office
card” compared with those they allow to be authorized check signers. Instead of having a few authorized check
signers, the organization now has multiple people who can make purchases with
company credit cards.
If this is the case in your organization, consider
limiting the number of cards in use or implement detailed review procedures on
all monthly statements.
And finally,
require receipts! Not only will they be
necessary for a sales tax audit, but credit cards are one of the most common
sources of fraud. Don’t make yourself an
easy target.
Electronic funds transfers
(EFTs)
Electronic funds
transfers aren’t as prevalent as credit cards, however, like credit cards,
companies and nonprofit organizations are utilizing EFTs much more frequently. Some companies, especially larger ones, are
even requiring vendors to accept payments by EFT. Again, this type of payment method can be
convenient and beneficial to organizations, but it increases their vulnerability
to new risks.
The first step in
managing this risk is to know your bank’s processes and requirements for
sending funds by EFT. Do they only allow
authorized signers to initiate an EFT?
Can anyone else gain access to this information over the phone?
Once you fully
understand the banking side, then you can properly design controls in your
organization to prevent any unintended access.
When it comes time to make the payment, every EFT request should be
documented and approved. Since there
isn’t a written document (like a check), creating a form for the requestor and
the approver to sign would be beneficial.
All invoices and receipts can then be attached to the form and filed by the
vendor.
Remote check scanning
Remote check
scanners popped up a few years ago and have become quite popular. Not only do
they prevent employees from having to leave the office to make daily deposits,
they also allow funds to be deposited faster so that they can be available for
use earlier.
As is the case with
most banking transactions, the details of remote check scanners vary from bank
to bank. Some provide copies of the
scanned check images while others do not.
Maintaining check copies is always a good idea, so whether you plan to
save the hard copies of the checks or you prefer electronic images, it’s
important to have a plan in place before you start using your remote
scanner. In addition, access to the
scanner remains important. While it
seems the risk is minimal since someone wouldn’t voluntarily deposit extra
funds into your account, limiting access to the scanner ensures you have
knowledge of who is initiating all transactions should a questionable transaction
arise.
Mobile card readers
Finally, credit
card readers that attach to a mobile phone are the latest method of receiving
payments (think of a vendor with a booth at a farmer’s market that couldn’t
accept credit cards until now). These
devices aren’t overly common among companies with more than a few employees,
but are likely to become more popular in the future. As they do, companies will want to monitor
access and ensure proper controls are in place before they jump on board.
As long as organizations have someone opening the mail,
making deposits and paying bills, they will be vulnerable to fraud. New
technologies provide many conveniences, but they also create new risks the we
must continually adopt new systems of control.
Make sure you are prepared by creating a control environment that will
deter fraud and ensure the long-term health of your business or organization.
Christopher
J. Mennel, CPA
Chris oversees audit and
accounting services, not-for-profit and consulting services. Since joining
Alerding CPA Group in 2006, Chris’ clientele has grown to include several of
the firm’s larger for-profit clients, as well as approximately 20 nonprofits
located throughout Central Indiana.
If you have
questions or would like to discuss ways to further protect yourself and your
business, contact Chris Mennel, 317-569-4181 ext. 260 or cmennel@alerdingcpagroup.com.
No comments:
Post a Comment