Fraud Prevention Procedures for Cleaning and Security Companies

“The best offence is a good defence,” is an old saying that has been used for centuries and still applies today, especially with fraud prevention and company theft. “When it comes to money, don’t make the temptations doable,” said Gail Tutt, Senior Implementation Consultant at TEAM Software, who suggests that companies follow actionable steps to protect themselves.

The Association of Certified Fraud Examiners (ACFE) reports that private companies and small businesses rank highest in occupational fraud frequency at 42%, compared to large corporations, government and nonprofits. A typical fraud case lasts 12 months before detection and causes a median loss of $117,000, and organisations with the fewest employees had the highest median loss of $150,000, according to an ACFE report.  

Scammers who target private and small businesses can drastically hurt the reputation and the bottom line of those organisations, especially security and cleaning companies where relationships and repeat business are key. Since experts agree that fraud prevention requires taking proactive steps, the following is a list of measures to prevent fraud in your back-office.

Segregation of Duties

When it comes to fraud prevention, having internal accounting controls in place can help deter and detect fraud in the organisation. To start, a company should use a system of checks and balances. This will prevent a situation where one single person can write a check, void a check or finalise bank reconciliation without some oversight or approval.

An employee with the power to complete a financial transaction from start to finish could easily draught a payment to either a fictitious company or themselves, as fraudulent check writing is extremely common in businesses. This same rule applies to Accounts Receivable, meaning it avoids allowing one person to create or change AR invoices and make a cash payment, which enables a person to make deposits for themselves. 

It may be harder to segregate duties at smaller companies. However, business owners should consider making certain that a separate party reviews bank reconciliation. Additionally, only a limited number of personnel should have the ability to set up a vendor account. If necessary, give other employees read-only rights to prevent other forms of fraudulent behaviour. 

Bank Statement Reconciliation

Company fraud prevention in terms of bank account reconciliation begins with making sure that the process is performed by someone who does not have either bookkeeping or cheque signing responsibilities. Also, make sure that all cancelled cheques are from approved vendors and that cheques for expenditures refer to costs incurred in the course of doing business.

Consider asking the following questions while performing bank reconciliation:

  • Voided cheques: Are there any voided cheques that were cashed?
  • Adjustments: What expenses did your company write off and what was the specific dollar amount? Adjusted journal entries can allow the bad actor to cover their tracks.
  • Miscellaneous expenses: Review these closely every month. Are they truly miscellaneous? Were they coded incorrectly (possible training opportunity for your team)? Or, were expenses categorised as such for other purposes?

Credit Card Reconciliation

Some individuals at your organisation will have a company credit card to allow for the timely procurement of necessary supplies. A common example here would be providing a credit card for your cleaners or guards to purchase gas for fleet vehicles. 

But credit card statements must be reconciled every month to ensure that every purchase is for a legitimate business expense. This activity is typically performed by the accountant or controller at your organisation. It ensures that asset misappropriation isn’t occurring in your organisation and that all charges are business-related.

Here are additional fraud prevention procedures, while performing credit card reconciliation:

  • Use job costing to compare the budget to the actual costs and analyse discrepancies; for example, if the monthly gas budget for a security guard is $500, but your business was charged $1,000, find out the reason for the significant increase
  • Make sure there are itemised invoices or receipts for all charges
  • Inform all credit card holders of valid corporate expenses that can be charged to a company credit card before assigning one

Limit Permissions on Reprinting Cheques

Another aspect of your fraud prevention plan should include limiting permissions on employees who can reprint cheques. Naturally, there are many legitimate reasons to reprint a cheque, such as issues with losing a cheque in the mail or the prior cheque being damaged by the printer. 

However, there should be limitations on who can reprint checks at a business. Fraudulent behavior could involve an employee printing and then reprinting checks one or multiple times. In this instance, a new check number could be issued over and over again. 

While reviewing internal controls to prevent fraud, know that an integrated software solution may have a security setting that only allows a very limited group of individuals in your company the right to reprint checks. Although this may slow down the process, it helps deter theft.

Preventing Ghost Employees

A ghost employee is a worker who exists on paper, receives a payroll cheque, but provides no services to your company. A common example of a ghost employee could be an individual who is no longer with the organisation. Other times, a ghost employee or a fictitious person is created to commit fraud.

Ghost employees are one of the more prevalent forms of payroll fraud. While considering methods on how to prevent fraud in business, know that the best way to detect ghost employees is through regular payroll audits. Steps you can take to prevent payroll fraud include:

  • Setting up daily labour budgets per contract and comparing budgeted labour costs to actual. Dig in where you find significant variances. 
  • Taking a look at which supervisors are making the most corrections with timekeeping. It may only be a training issue for employees on clocking in/out. Or, it could be that the supervisor is going back in and giving employees more hours than they worked.

For more information on fraud risk mitigation, review the following case study from Advantage Maintenance, Inc. This company was able to use time and attendance software to detect an estimated $1 million in fraud on their payroll.

Regular Review of Permissions

Most ERP solutions include security settings. Avoid initially managing those internal controls to prevent fraud and moving on. Instead, regularly review your settings to ensure you have the proper financial controls in place.

Specifically, review the user history. Find out if there is functionality that a user has access to that they rarely, if ever, use. If so, it’s best to safeguard your solution and remove access. Request employees who question this step to provide legitimate business reasons on why they need this access going forward.

Another thing you’ll want to do regularly is review the audit log in your ERP system. In the most simplistic terms, this tells you who made changes, what changes were made and when those changes occurred. 

Additionally, you can drill down to a more granular level and see what data was changed, and on what date. In some cases, you’ll also be able to see when certain data was changed back to its original state. Some instances where you’ll want to investigate further include answering the question: why was a vendor name changed? Also, make sure to review all changes to compensation and bonuses. 

More about fraud prevention procedures 

Actively following these fraud prevention procedures can help security and cleaning contractors protect themselves against scammers. Confirm that your software tools are also working to help protect your organisation from fraudulent behaviours. Want to find out more? Set up some time, and let’s chat.