1. The Chief Areas of Fraud
One of the duties of the office is to safeguard assets. This, of course, includes the steps taken to minimise fraud and theft and the provision of security methods where required. Complete prevention of fraud and other misdemeanours is virtually impossible but, nevertheless, every endeavour must be made to reduce their incidence to the very minimum and, if possible, to introduce measures that will lead to the apprehension of the guilty persons.
The incidence of loss through fraud and theft is common in the areas of cash handled on the premises – that is, petty cash and money for wages – and in the embezzlement of funds from customers, often in the manipulation of accounts and appropriating payments. It also occurs frequently through the falsification of time returns for wages where entries are made on time reports for non-existent workers (so-called ‘dead men’), which results in the making up of pay bags (called dummy wage packets) that are pocketed by the perpetrator of the fraud – perhaps a wages clerk or a foreman.
Those seeking to profit from their employers illegally seem to have limitless ingenuity and no organisation is completely free from some form of fraud or theft whatever steps are taken for prevention. In fact, so far as petty pilfering is concerned, some undertakings accept this as being unavoidable.
An important rule in the minimising of fraud and defalcation is to ensure that only trustworthy personnel are employed. This entails taking up reliable references when staff are engaged, particularly those who will be handling cash. Contact should be made with previous employers and this should be done by telephone rather than in writing as this permits a freer exchange of information.
It is also a wise precaution to observe from time to time the behaviour of staff involved in work where fraud or theft would be likely. Though a life-style more extravagant than the salary paid will probably have a perfectly legitimate explanation, it is a point worth watching. Such things as the wearing of expensive clothes or driving to the office in an expensive sports car, for example, are very probably perfectly innocent,
but if there is evidence of fraud or theft such behaviour must attract suspicion.
The means taken to ensure the safety of the organisation’s assets can, broadly speaking, be considered under three main headings: internal check, internal audit and general security arrangements.
2. Systems Security
2.1. Internal check
This is the term given to the general organisation of the work of the office which results in practices and procedures that are designed to minimise mistakes and errors of any kind as well as losses by fraud and theft. Internal check, therefore, is carried out as part of normal office routine by the ordinary staff in the course of their day-to-day duties. The checks imposed are based on well-tried principles which can be set out as follows:
- Clearly defined responsibilities and duties should be assigned to each member of staff and exact limits of authority laid down.
- Wherever possible, duties concerning the handling of cash or goods should be divorced from the accounting records of these transactions. For example, the cashier should not also post the ledger accounts: neither should the clerks who make up the payroll be allowed to pay out the actual wages. Similarly, any checking operations should be in the form of a chain so that two workers never check each other’s work. Thus A should check B’s work, B check C’s and so on. Any attempt at dishonesty is easiest where one party only is concerned and becomes progressively more difficult the greater the number involved.
- A system of job rotation should be practised if at all possible so that clerks’ duties or places of work are changed from time to time. Similarly, each member of staff should be obliged to take all holidays due. Attempts at fraud or collusion are frequently brought to light by use of these measures.
- Cash or goods should be disbursed only against proper signed authority and on no account should any unauthorised person be admitted at any time to any office dealing with cash, or into the stores.
- All forms used for orders, sales invoices and so on should be pre-numbered serially and a strict check kept on any missing numbers. Where forms are spoilt all copies in the set should be marked ‘cancelled’, fastened together and filed in the normal way. This prevents misuse of copy forms. For the same reason the destruction of spoilt forms should never be permitted.
- Associated with 5 the ordering of goods, their receipt and the authorising of payment for them should be carried out by different people. Similarly, selling and collection of payment should be divorced. This follows the principle set out in 2 above.
- Irregular spot checks should be carried out wherever money or other valuable items are handled, especially if this work is done away from head office.
- A proper stores control system should be operated for the receipt of goods and the requisition and allocation of them.
Some methods of internal check are applicable to specific operations and will now be dealt with under their relative headings.
Cash received into the office, whether by means of legal tender, cheques or other means, should be banked the same day as received. On no account should money received be paid into petty cash; cheques, postal orders and the like received uncrossed should be crossed immediately.
Where remittances of any kind are received by post they should be listed at once by the mail department, signed for by the cashier, and the bank lodgement slip and post department list compared after banking.
It is not really good practice for sales representatives to be permitted to collect payments of accounts, but where this is necessary customers should be advised to require a temporary receipt from the representative pending an official receipt being sent by head office. Sales representatives should be instructed to bank daily at the local branch of the organisation’s bank and to forward to head office the paying-in slip together with copy temporary receipts, the totals of which should agree. Where possible it is advisable to have the representatives take predetermined routes with named customers so that expected payments can be checked against payments advised. Asking customers to pay for specific items on their accounts, where full payment is not made for some reason, rather than paying round sums on account, is also a recommended practice as it facilitates checking. In any event, customers should be asked to pay by crossed cheque and not cash, though many retailers find it easier to pay by cash.
Where instalments are collected on a house-to-house basis by a person employed as a collector a special procedure will have to be devised that minimises the possibility of defalcations. This will probably entail the working of fixed and known rounds with explanations being required of missed instalments or short payments.
Where payments are regularly made to the office by customers, for instance in connection with hire purchase, where identity of the payer is required, a cash register plus a receipt book can be usefully employed, the total of one checking the total of the other. Should no identification be needed a receipt-ticket-issuing cash register without a receipt book will be adequate, the tally roll of the cash register giving a control total of the money that should be in the till. Where only the odd remittance is paid in at the office the receipt should be made out by the accounts department and not by the cashier.
Where an organisation has branches that receive payments, such as a retail undertaking with many shops, most of the controls and checks recommended for use with sales representatives can be applied. Daily banking and advice of total daily receipts must be insisted upon, as must the daily reconciliation of tally rolls and cash in the tills of the cash registers. Irregular visits by roving inspectors making spot checks at branches are also a deterrent against defalcations.
2.3. Remittances by cheque
During the course of the financial year considerable sums are paid out by an organisation to suppliers and in various expenses and its position must be safeguarded both as regards defalcations and genuine error.
Payments to suppliers should be made only against properly checked and authorised invoices or statements and the fact of their payment should be clearly marked on the documents to avoid the risk of duplicate payments. Except for very pressing and urgent reasons remittances in excess of very small amounts should never be made in cash. Crossed cheques are the usual form of remittance and a thoroughly satisfactory one. A safer method is by bank giro where a list of creditors showing their amounts and their bankers is handed to the organisation’s bank with one cheque to cover the total involved. The bank then proceeds to arrange the transfer of the necessary sums without recourse to individual cheques. This method also avoids the necessity to make out and sign numerous individual cheques by the organisation itself, so saving time as well obviating the risk of loss or altered cheques. One not generally realised disadvantage of this system is that should the paying organisation be operating on an overdraft additional costs in interest charges will be incurred as the account is debited by the bank immediately on presentation of the list of creditors, whereas if payments are made by cheques no debits can be entered in the bank account until the cheques are presented for payment, which may be some days after their despatch.
2.4. Petty cash and floats
Every undertaking has to keep a small amount of cash on hand and this should be the responsibility of a specially appointed petty cashier. Petty cash transactions should be recorded in a proper petty cash book that should be kept on the imprest system. Spot checks can then be made from time to time to ensure that cash in hand plus vouchers do, in fact, equal the total imprest. No payments should be made out of petty cash except against a receipt voucher countersigned by someone authorised to permit the expenditure, and a receipt should be obtained by the petty cashier for every disbursement. No money of any kind should be paid into petty cash except the amount needed to reimburse the imprest, which should be done by the cashier. Neither should the amount of the imprest be increased without proper authority.
In many industries it is customary for certain members of staff – representatives, foremen and the like – to carry sums of money belonging to the organisation to meet day-to-day expenses. These should be treated in the same way as petty cash and kept on the imprest system. As a further safeguard these floats, as they are termed, should be called in from time to time and reissued. This reduces the temptation of the holders to borrow from their floats for private expenditure. Obviously, no member of staff should be permitted to have a float unless this has been properly authorised by the appropriate senior officer.
Inasmuch as labour costs in virtually all industries are a high proportion of total expenditure it follows that the sums paid out in wages form a very significant proportion of any undertaking’s outgoings and, consequently, provide much opportunity for defalcations.
Safeguards start by making sure that all the people entered on the payroll do, in fact, work for the organisation. This can be done by insisting that no name may remain on the payroll more than a stipulated number of days without a national insurance card being produced. It would be preferable to forbid the employment of anyone unless this card is handed in at the time of starting, but in some cases this is not practicable. Frequent irregular checks of national insurance cards held against names on the payroll will also assist in bringing to light ‘dead men’ as they are called.
The next safeguard is to ensure that the times stated for working times are, in fact, correct. Time clocks are the most usual check, supervised by a gateman or other overseer to make sure that an absentee is not clocked on by a fellow employee. In most organisations this practice of fraudulent clocking on may be a case for instant dismissal of both parties. Where it is not possible to use time-clocks (in the building and civil engineering industry, for example) and timesheets are filled in by foremen or the employees themselves, checks cannot be so accurate and thorough. In these instances correct reporting of working times relies to a large extent on good and effective supervision.
So far as the actual making up of wages is concerned, division of work is looked upon as the best control, so that entry on the payroll, calculations, bagging up (the term given to the process of putting the money into the wages bags) and the actual handing over of the pay packets to the employees should all be performed by different members of staff, though this is by no means always possible.
During the pay procedures several checks can be carried out to guard against genuine errors as well as dishonesty. Only the exact amount shown on the payroll should be drawn from the bank and the actual amounts in banknotes, silver and copper coins should be obtained. The amount shown on the paysheets should be checked with the total of the previous pay period and any significant difference enquired into before the money is drawn. Only the exact amount in the precise coinage for each paysheet should be handed to the relevant clerks, so that as each sheet is bagged up the money will be exhausted. During the bagging-up operation it is usual to have one clerk count and another check and insert the money into the envelopes: on no account during this work should any unauthorised person have access to the office in which the clerks are working.
The actual payment of the wages should be done by someone on the staff who knows the workers and can identify them. If this is not possible the paying officer should be accompanied by a foreman or other supervisor who can make the necessary identification to avoid payment to wrong persons. However, no one who is responsible for collecting times or supervising actual workpeople should personally pay out as a safeguard against the inclusion of ‘dead men’.
Receipts should be obtained for wages packets. One method is for the workers to sign against their names on a copy of the actual pay sheet. Another involves returning the clocking-in time cards to the workers before paying them so that they can sign and present the cards in exchange for pay packets. Where a worker is absent the packet should be returned to the cashier against the cashier’s signature and the pay sheet marked accordingly: On no account should a pay bag be handed to any person other than the worker entitled to it unless that worker s written request is presented.
Finally, in connection with wages and salaries, where it can be arranged cash should be avoided in favour of payment by cheque or bank giro. In Britain the Payment of Wages Act, 1960, legalised the payment of wages by these methods if requested by the employee in writing, but, unfortunately, a very large proportion of workers still prefer to receive their pay in cash.
3. Internal Audit
Whereas internal check is an integral part of the office systems and procedures and therefore imposed by the very fact of carrying out the work, internal audit is a method of verification imposed by special audit staff not directly involved in the work being examined. In the main the duties of the internal auditor cover much the same ground as those of the external auditor and may be enumerated as follows:
- To verify that records are being properly kept.
- To verify that expenditure, whether revenue or capital, has been properly authorised.
- To ensure that internal check methods of preventing errors and defalcations are adequate.
- To keep a watch for fraud and other irregularities and make investigations if they are suspected
- To ensure that fixed assets are properly safeguarded and disposed of only against proper authority.
- To make sure that there are no discrepancies in the payment of wages and salaries, and related expenses.
It is obvious that these matters are also the concern of the external (or statutory) auditor, but whereas this auditor is responsible to the company – namely, the shareholders (or other external authority in other cases) – and has a statutory duty to see that their interests are safeguarded, the internal auditor has a responsibility only to management to ensure that the systems and procedures are adequate and working properly, and to report on undue numbers of errors and on suspected or actual defalcations.
The assessment of the effectiveness of the current procedures in attaining efficient and economical work and results and, where necessary, the making of recommendations are also usually required of the internal auditor. It will rarely be part of the internal auditor’s brief to design and install procedures; this is best left to the specialist in such matters.
The establishment of an internal audit department is unusual in the smaller undertaking because of the expense involved and the volume of work entailed, but is a normal feature of the larger organisations.
To whom should the internal auditor report? It is sometimes suggested that this should be the accountant. However, as it is, in the main, the work of the staff under the accountant’s authority that is being audited it would seem that this is not the best plan, and it is seen to be preferable that reporting should be to some other senior officer of the organisation such as the company secretary or the general manager.
4. Security Arrangements
Under this heading the first consideration is the safeguarding of cash. All cash should be kept in a burglar-proof safe which should be the responsibility of one person. Only one set of keys should be currently available, in the keeping of the person just mentioned. Any duplicate sets required in the case of emergency should be deposited at the organisation’s bank and should be able to be withdrawn only against the signatures of two responsible officials. Unless absolutely unavoidable, wages should never be kept on the undertaking’s premises overnight.
To guard against hold-ups (not uncommon nowadays) the collection of money from the bank for wages should be done by motor vehicle and at least two members of staff. The vehicle, route and time of collection should be varied from week to week. Consideration should also be given to the use of cases for the money which will cause embarrassment to any criminal who attempts to snatch them. These include devices that spray a stain, sound an alarm or cause long telescopic legs to extend from the case. Where the risk is great enough use can be made of the services of one of the security organisations who provide special vans and trained personnel for the transport of money.
Insurance policies for money-in-transit and fidelity bonds covering relevant members of staff can be taken out but these will not prevent the loss and inconvenience; they will only compensate after the damage has been done.
The need for proper documentation for the receipt and issue of stores and stock has already been dealt with under internal check, but it is also necessary to consider the physical security of goods. Storerooms should be the responsibility of one person and storeroom staff should take instructions only from him or her. When vacant, storerooms should be kept locked and no unauthorised person should ever be given admission.
Where practicable there should be only one exit from a premises for lorries, and a gatekeeper should be permanently on duty who will check the documents of every vehicle leaving and entering. Occasional spot checks of the contents of loads should also be made. Visiting vehicles of all kinds, including cars, should also have to report to the gatekeeper before proceeding into the premises.
Petty pilfering by workers is extremely difficult to stop and there is no best solution. One method used by some organisations is to take the right (almost never exercised) of searching employees as they leave at the end of their day or shift. The possibility of this being done is reckoned to be sufficient deterrent.
In industries where valuable mobile plant is used away from head office or depot and has to be transported from place to place, there is always the risk that it will be collected by an unauthorised person. In these cases a proper system of requisition and collection notes is the only safeguard, and the operation of this procedure must be insisted upon in all cases.
Security measures, then, really entail locking up where possible, proper documentation for the movement of goods and plant, and common sense and forethought in the handling of money and valuables.
5. Machine Aids
Any mechanisation in the office tends to make fraud more difficult, but mention must be made of some of the devices that are available which are designed specifically to prevent fraud. These include the chequewriting machine which impresses the amount of the cheque right into the fabric of the paper, thus making alteration impossible, the cash register that records each item on a tally roll and gives a total at the end of the day of the amount that should be in the till in cash, and the franking machine that is used to stamp letters and parcels, so avoiding the handling of cash and loose stamps for this purpose.
6. Commercial and Industrial Espionage
Whilst there is little reason to suppose that dishonesty under this heading is rife there seems to be evidence that this sort of activity is on the increase and it therefore merits consideration.
Undoubtedly, where confidential work is done every care must be taken in the selection of staff, and references and antecedents rigorously checked. Knowledge of the work carried out must be restricted to as few people as possible and the usual security measures taken in regard to confidential papers. Where such documents have to be disposed of, then it must be remembered that torn-up papers deposited in the waste-paper basket can be reconstituted by interested parties. However, there are several machines on the market that will effectively shred papers so that it is impossible to piece them together again and one of these might prove a worthwhile investment where absolute confidence is essential.
7. Physical Security
The increasing incidence of theft by criminals breaking into premises and of sheer vandalism is one that must concern the office administrator. Vandalism, because it has no objective except that of damage or destruction is very difficult to combat. It is usually committed to the outside of premises and so even watchmen or security guards have only a limited effect. The most effective deterrents seem to be unclimbable fences erected a suitable distance from the buildings, possibly patrolled by guard dogs, and damage-resistant screens to windows and other vulnerable parts of the property. Wire-cast glass is also effective in preventing complete breakage of windows but does result in unsightly cracks if attacked.
The criminals who seek to break in to steal are another matter. The first security objective here is to deter them from effecting entry by putting a succession of obstacles in the way. Delay is a serious problem for those seeking illegal entry and the longer the delay can be maintained the more likely it is that the intending intruders will give up. Determined professional criminals will always effect entry if they are really so minded, but they will probably not persist in their attempts if they are delayed to the extent that they risk being discovered.
The means to deter breaking and entering include unclimbable fences (not really unclimbable, just very difficult), strong chainlink fences, patrols of security guards, guard dogs, burglar alarms (preferably connected to the local police station) and really secure locks and bolts on doors and windows. These sorts of preventatives require the advice of experts in the field of security to ensure maximum protection and such advice is freely available from the organisation’s insurers and from the police.
However, breaking in is not the only means of access for criminals. Walking in through the door is another and easier method, accomplished by the unauthorised use of keys. It follows, therefore, that there should be very stringent control of all keys. These should be in the hands of authorised personnel only and there should be a register of holders. As few people as possible should be in possession of keys and, except where absolutely necessary (for opening up in the morning, for instance), everyone should be required to deposit their keys with an authorised officer before leaving the building at night. Such measures make it more difficult for the criminal to obtain possession of a key and, for that matter, for a criminally-minded member of staff to coorperate with a criminal to rob the organisation.
To overcome the problems with normal keys some manufacturers of security equipment offer electronic card-operated access devices. These systems require those authorised to have access to be supplied with a coded card which will unlock the required door when inserted into a reader controlling access. Some systems rely on the card alone and others require the user also to enter a confidential code number on a keyboard. These methods operate rather like those used by the banks to dispense cash from machines outside their premises. For added security the codes can be changed at will. A further development in electronically activated access is the radiating token, which identifies the carrier without the necessity to insert a card or key in a code.
Finally in the problems of access is that of the unauthorised person just walking into the premises during working hours. All kinds of people call, including sales representatives, customers, servicing personnel and so on, and some means must be present to ensure that (a) their proper identity is established and (b) they are not permitted to enter the premises beyond the reception area until invited. The most common, and effective, solution is that of a recognisable reception area constantly staffed and, if callers are numerous, a proper waiting-room with only one door for entry and exit. There should be a barrier of some sort between the reception area (and the waiting-room) and access to the rest of the premises, usually a door, and visitors should be conducted to the office or department they want by a member of staff.
There is, of course, also the problem of the local security of the receptacles containing money or valuable documents. The safe or strongroom is the obvious place to keep such valuables and there should be an enforced rule that all such items must be deposited therein and the receptacle locked at all times when the items are not needed. How often, for instance, are money and cheques left on desks or pushed into drawers during the day, even when left unattended, and only locked away at night. The casual caller finds it easy in such circumstances to steal.
Safes should be not only fireproof but also burglar-proof and should have locking devices commensurate with the possible value of their contents. The same remarks apply to strongrooms, whose walls should be strong enough to resist external attack. Timing devices can be fitted to both safes and strongrooms so that they can be opened only at predetermined times. Here, again, the advice of the experts should be sought, not only as to the safe or strongroom itself but also to the site for installation.
Arson is a particularly heinous form of vandalism that seems to be on the increase and must, therefore, have the attention of the office administrator and others responsible for security.
The security measures just discussed will, of course, go some way to reducing this risk but it must be recognised that it takes very little effort to start a fire and actual entry into the premises is not always necessary. A flaming torch thrown over a fence on to waste material left near a building is sufficient to start a conflagration. The additional precautions advisable to reduce the risk of arson are, therefore:
- To ensure that areas not constantly occupied such as storerooms (particularly those containing readily combustible materials such as stationery), should be securely locked at all times.
- To ensure that all fences are sound with no small openings through which inflammable material can be pushed.
- To ensure that all dry and inflammable waste is cleared away and not allowed to pile up adjacent to buildings.
- To ensure that all inflammable substances, both liquid and solid, are locked away in a fireproof store and not left lying about either during the day or, especially, at night.
Finally, where the organisation is large enough the appointment of a reliable security officer to supervise all security arrangements is to be recommended. In other cases, a senior member of staff should be appointed to have this responsibility.
9. Computer Fraud
No discussion on fraud would be complete without some reference to computer fraud. This is an area where expert advice and assistance is imperative to combat defalcations and loss. Only the most prevalent areas of fraud can be looked at here, and these are:
- Fraudulent input. This can be done by entering false transaction data or by using false entry codes. Diversion to unauthorised accounts is a well-known fraud that relies on manipulating code numbers.
- Unauthorised and fraudulent amendments to computer master files.
- Falsifying output by manipulation of data or of codes.
- Unauthorised and fraudulent amendments to computer programs.
- Deliberately falsifying, or causing prolonged delays in, reconciling processing lists and balances.
It is apparent from this list that a good knowledge of computer operation is needed to perpetrate such frauds or, failing that, collusion with someone in the computer department.
Two significant contributions to reducing the incidence of such frauds are (a) as has already been mentioned, engaging staff of the highest integrity and this includes computer staff, and (b) the design and implementation of completely reliable computer systems and programs incorporating totally reliable checks. For the rest, security against computer fraud, because of its technical nature, should be applied only on the advice of a reputable expert in the field.
Source: Eyre E. C. (1989), Office Administration, Palgrave Macmillan.