Tuesday, September 2, 2014

Best practices in the digital age

By Chris Mennel, audit manager, Alerding CPA Advisory Group

How prepared are you to prevent fraud or financial misstatements in the digital age? Technological advances have forced everyone to continually reassess their internal controls. 

Technology has improved efficiency and expedited basic transactions like paying by check and depositing cash and checks.  On the downside, these improvements have created opportunities for fraud. 

Because technology is constantly changing, your control environment must be continually reassessed. Here are a few technological changes that have had an impact on a variety of cash-related transactions and should be closely overseen to minimize opportunities for fraud.

Credit cards

Credit card use for businesses and nonprofit organizations has dramatically increased in the past five years.  Employees are being encouraged to use their company credit cards for all business expenses, not just for travel.  Whether it is for increased rewards points or for ease of use, this method of payment is very popular.  The downside is that all cardholders essentially become authorized signers.  This may sound fine, but in our experience, organizations are more lenient as to who may carry a company credit card or have access to the “office card” compared with those they allow to be authorized check signers.  Instead of having a few authorized check signers, the organization now has multiple people who can make purchases with company credit cards.

If this is the case in your organization, consider limiting the number of cards in use or implement detailed review procedures on all monthly statements.

And finally, require receipts!  Not only will they be necessary for a sales tax audit, but credit cards are one of the most common sources of fraud.  Don’t make yourself an easy target.

Electronic funds transfers (EFTs)

Electronic funds transfers aren’t as prevalent as credit cards, however, like credit cards, companies and nonprofit organizations are utilizing EFTs much more frequently.  Some companies, especially larger ones, are even requiring vendors to accept payments by EFT.  Again, this type of payment method can be convenient and beneficial to organizations, but it increases their vulnerability to new risks.

The first step in managing this risk is to know your bank’s processes and requirements for sending funds by EFT.  Do they only allow authorized signers to initiate an EFT?  Can anyone else gain access to this information over the phone? 

Once you fully understand the banking side, then you can properly design controls in your organization to prevent any unintended access.  When it comes time to make the payment, every EFT request should be documented and approved.  Since there isn’t a written document (like a check), creating a form for the requestor and the approver to sign would be beneficial.  All invoices and receipts can then be attached to the form and filed by the vendor.

Remote check scanning

Remote check scanners popped up a few years ago and have become quite popular. Not only do they prevent employees from having to leave the office to make daily deposits, they also allow funds to be deposited faster so that they can be available for use earlier. 

As is the case with most banking transactions, the details of remote check scanners vary from bank to bank.  Some provide copies of the scanned check images while others do not.  Maintaining check copies is always a good idea, so whether you plan to save the hard copies of the checks or you prefer electronic images, it’s important to have a plan in place before you start using your remote scanner.  In addition, access to the scanner remains important.  While it seems the risk is minimal since someone wouldn’t voluntarily deposit extra funds into your account, limiting access to the scanner ensures you have knowledge of who is initiating all transactions should a questionable transaction arise.

Mobile card readers

Finally, credit card readers that attach to a mobile phone are the latest method of receiving payments (think of a vendor with a booth at a farmer’s market that couldn’t accept credit cards until now).  These devices aren’t overly common among companies with more than a few employees, but are likely to become more popular in the future.  As they do, companies will want to monitor access and ensure proper controls are in place before they jump on board.

As long as organizations have someone opening the mail, making deposits and paying bills, they will be vulnerable to fraud. New technologies provide many conveniences, but they also create new risks the we must continually adopt new systems of control.  Make sure you are prepared by creating a control environment that will deter fraud and ensure the long-term health of your business or organization.  

Christopher J. Mennel, CPA

Chris oversees audit and accounting services, not-for-profit and consulting services. Since joining Alerding CPA Group in 2006, Chris’ clientele has grown to include several of the firm’s larger for-profit clients, as well as approximately 20 nonprofits located throughout Central Indiana.
If you have questions or would like to discuss ways to further protect yourself and your business, contact Chris Mennel, 317-569-4181 ext. 260 or cmennel@alerdingcpagroup.com.

No comments: