Few physicians want to believe that their employees would defraud the medical practice that provides them with jobs, paychecks and benefits. But the truth is, every organization is at some risk of internal fraud.
Like many small businesses, most medical practices rely heavily on a single employee, perhaps an office manager or a practice administrator. With a small staff, it may be difficult to establish some of the typical internal fraud controls, such as segregation of duties, that CPAs and auditors recommend.
That doesn’t mean you can’t rein in some of the risk. Your practice’s degree of vulnerability depends on a variety of factors, including your internal controls, communication and the ethical tone set by your leadership.
The Association of Certified Fraud Examiners offers some cues to help you stop fraud in its tracks. Look at your practice and ask yourself the following eight questions:
1. Are you placing a great deal of trust in one or two key employees? The idea isn’t to raise general suspicion but to keep your eyes wide open. Concentrated power and a high level of autonomy can be dangerous in the wrong hands. You may trust them completely, but key employees should be subject to greater scrutiny – not less – to ensure they are complying with your stated policies, procedures and controls.
2. Does your practice have adequate separation of job duties to prevent employees from covering their tracks? Failure to segregate job duties is an invitation to steal. Employees may notice security lapses long before you do, and those few who are ethically challenged could take advantage of weaknesses.
Do you rotate sensitive jobs like cash handling? No employee should have too much access to, or responsibility for, assets. For example, the person who receives cash at the front desk should not also prepare bank deposits, and the person who orders supplies should not verify shipments when they come in. In fact, sensitive tasks such as cash handling should be subject to rotation between at least two employees to make it harder to hide shady practices.
3. Does your practice employ a system of positive pay controls with the bank? A positive pay system means that you provide the bank with a list of checks your practice has written and authorized. The bank will then pay only those checks that appear on your list, reject any checks presented for payment that are not on the list and alert you to potential forgeries.
4. Are there close associations between some of your key employees and your vendors? Where relationships exist, the employees should be prohibited from approving transactions with those vendors. At the very least, you need to monitor those transactions carefully. After all, when two or more parties collude, crime detection becomes much harder, even for professional fraud sleuths.
5. Is your payroll roster checked periodically for problems? Missing Social Security numbers could mean there are “ghost employees” collecting paychecks. Duplicate names on the payroll could signify overlapping payments. Of course, if you have a very small staff, failing to notice a duplicate name may not be likely. But keep this type of fraud in mind if you expand your practice and add new staff members.
6. Does your practice have an established set of ethical guidelines and anti-fraud programs that are clearly communicated to your staff? Medical practices that establish both ethical guidelines and anti-fraud programs are generally found to fare better against internal fraud. It’s important that all employees receive training to understand practice policies. But don’t push workplace ethics unless you and your management team are prepared to live by them. If employees sense a disconnect between your talk and your walk, your preaching could backfire.
7. Has your system of background checks proven effective in keeping fraud perpetrators off your payroll? Obviously, the level of background checking varies with the position. But at a minimum, you should verify the Social Security number, education, professional licenses, criminal records and convictions, civil records and judgments, previous employment, references, credit history and driving history. You can also do post-hire screenings if necessary. But in either case, check with your attorney to make sure your inquiries are lawful.
8. Is there a mechanism in place for anonymous reporting of fraud? Most fraud is uncovered by a tip, according to the ACFE. Employees, vendors and patients are often in the best positions to spot crime in your practice, but they don’t speak up because they believe doing so would put them in jeopardy. Anonymous hotlines have proven to be a highly effective method of confidential reporting.
For your protection, ask your accountant to help you tailor a program of internal controls designed to minimize your risk of internal fraud, based on the size and particulars of your practice.