In one instance a hotel general manager arranged for deposits for weddings and events booked more than six months in advance to be paid into his personal account. There was no process for reconciling deposits, reservations and accounts so the fact that the deposit had never reached the hotel account went undetected.
Robust control systems always have effective separation of functions. It simply shouldn’t be possible for an individual to direct deposit payments (or any other payments) to a different account without somebody noticing.
The email from the ‘boss’
If you received an email from the owner of your business instructing you to make a payment to a new account, what would you do? In this case the finance manager took the email as authority and made the payment.
Unfortunately the email was a fraud. It just purported to be from the business owner and looked convincing. Questioning the boss is never easy but email fraud is increasing. It wouldn’t take much research to find out who the email needs to appear to come from or what it should look like.
Always carry out supplier checks for new accounts. Make sure the check is made by somebody not involved in the transaction.
Company credit cards
These are a common tool for fraud and yet many companies still leave themselves open.
I recently came across a case where an employee managed to increase the credit limit on a corporate credit card and incurred private expenditure, which was fraudulently hidden as expenditure on behalf of the business owner.
There were poor controls for requesting or authorising credit card limit increases. There was also insufficient communication between the finance team and the business owner that would have allowed him to check expenditure coded to his loan account.
A finance team with overall weak controls was exploited. We have since helped them to put in place fully reconciled, detailed monthly management accounts so that fraudulent expenditure is harder to hide.
How good are your financial controls?
There are countless individual instances that I could list. Each case is unique but what they all have in common is that financial control systems were inadequate. This sometimes happens when businesses have grown over the years but not upgraded their systems to cope with more employees and more transactions.
Trust is also a sensitive area. Individual employees should never be left thinking that control procedures are being put in place because they are not trusted. It’s normal and reasonable for them to question why controls are being introduced when they managed just fine without them in the past.
Ultimately though, most people can see the value in simple common-sense procedures that help safeguard all of their futures. When you are acting on independent professional advice the need for more robust controls over your business finances is always easier for people to accept.
Did any of these cases raise concerns or questions in your mind about your controls? We’d be happy to carry out an independent audit of your control systems to make sure you’re protected.