Ten Payment Fraud Protections

Transcription

1 Ten Payment Fraud Protections 1. Payee Positive Pay a. Provided by banks b. Banks match check serial numbers and dollar amounts against a company provided list of checks issued and only pays those checks that match 2. Electronic Payments a. ACH (Automated Clearing House) electronic payments work well for repetitive applications like payroll and accounts payable. b. Work with bank to restrict ACH activity c. Limit who information is given to 3. Security Features on Checks a. Minimum of three i. Watermarks ii. Micro-security print - dissolves when copied iii. Hologram foil bar difficult to duplicate iv. Heat reactive ink difficult to alter v. Background patterns or borders that are difficult to duplicate vi. Void feature word Void appears if check copied or scanned vii. Safety paper stain appears if chemicals used to alter information 4. Separation of disbursement and reconciliation duties 5. Payroll direct deposit and/or payroll card program 6. Dual security administrators for electronic payments 7. Controlled access to payment processing areas 8. Daily reconciliation of electronic transactions and checking accounts 9. Strict policy of employees NOT sharing passwords 10. Reconcile accounts and return unauthorized payments timely

2 SEGREGTION OF DUTIES CHECKLIST Prepared by Holly Scofield, CPA Process Control Considerations Recommendation Compensating Controls Does the employee responsible for Employee responsible for receipt of cash Use a lockbox system to receive customer opening customer payments also: should not be able to record or authorize payments Record payments transactions in the accounts receivable Record or authorize write-offs or ledger and customer accounts. This Two employees should receive and open adjustments person should also not be responsible for customer payments, create a list and Reconcile the bank account recording cash or reconciling the bank prepare the deposit account. Does person who prepares the deposit Employee responsible for preparing the Use a lockbox system to receive customer also: deposit should not be able to record or payments Record payments authorize transactions in the accounts Record or authorize write-offs or receivable ledger and customer accounts. Two employees should receive and open adjustments Person reconciling the bank account customer payments, create a list and Reconcile the bank account should not be involved in cash receipt or prepare the deposit disbursement process. Reconcile cash receipts to bank deposits on a daily basis Customer Payments Received Customer Payments Received Employee independent of cash receipts and deposit process should perform a detailed review of accounts receivable aging Customer Adjustments Bank Reconciliations Is the employee responsible for initiating adjustments to customer accounts able to record and authorize the adjustments? Does the employee responsible for bank reconciliations also do the following: Receive cash Prepare cash deposits Generate or print checks Execute or authorize wire transfers Sign checks Have access to check stock Review and approve the reconciliation Adjustments should be reviewed and approved by an employee who does not have responsibility for recording these transactions. The person preparing the bank reconciliation should not have responsibility for recording cash receipts or disbursements. Bank reconciliations should be reviewed and approved by someone other than the preparer, ideally someone at supervisory level. Independent person should periodically confirm AR balances Have independent person review a report o adjustments and write-offs each month Perform a review of cash receipts and disbursements (someone independent of processes) Perform an analytical review of cash receipt and disbursement entries Compare amounts to budget

3 Process Control Considerations Recommendation Compensating Controls Purchasing Does the same person: Requisitions and purchase orders should A supervisory-level employee Initiate purchase requisition be approved by someone other than the independent of the purchasing function Approve purchase requisition person who initiated the purchase. should review all purchase orders. Initiate purchase order Review and authorize purchase Employees involved in the purchase Person independent or purchasing should order function should not be able to modify the match receiving reports to bills of lading Maintain vendor records Vendor Master File, approve or record where applicable. Approve vendor invoice for invoices, receive goods. approval Person signing checks should be Receive good independent of purchasing and disbursement process and should review all supporting documentation. Vendor Set-up Cash Disbursements Cash Disbursements Payroll Does the person responsible for the Master Vendor List: Record invoices Approve invoices Print checks Sign checks Execute wire transfers Approve wire transfers Does the employee responsible for approving invoices and payments also record payables? Does the employee responsible for recording vendor invoices also: Print checks Sign checks Access blank check stock Execute wire transfers Distribute vendor checks Does the same person: Modify the Employee Master File Approve payroll Generate payroll checks Distribute payroll checks Receive final payroll reports for review and approval Employee with responsibility for adding, deleting or modifying vendor accounts should not be responsible for the cash disbursement process. Employees responsible for authorizing invoices and payments should not record the invoices. Employee responsible for printing checks should not also record disbursements. Person distributing vendor checks should not be involved in the disbursement process. The file prepared for processing payroll should be reviewed and approved by an employee not involved in the preparation of payroll or the human resource function. An employee independent of the accounts payable and disbursement process should perform a review of changes to the Vendor Master File. This person should also review cancelled checks (or copies provided with the bank statement) for unusual or unrecognized vendors. Perform a regular analytical review of disbursements. Require dual signatures. Positive pay system. Dual signatures on checks. Supervisory-level review of vendor disbursements and general ledger. Use an outside payroll service. Use direct deposit. Perform periodic analytical review of payroll expense. Supervisory-level person should periodically distribute payroll checks to employees.

4 Exhibit A Checklist to Assess Current Level of Financial Stress 1. Monthly financial statements are prepared and presented to council on a timely basis. 2. There is a finance committee that meets regularly and reviews detailed financial information. 3. There is a threshold for acceptable variances of budgeted to actual results and variances over these amounts are adequately explained. 4. The person that oversees financial operations has the necessary expertise. 5. Financial reporting is transparent. People are encouraged to ask questions. 6. There are no reportable weaknesses in internal control. 7. Reported weaknesses are addressed in a timely manner and are not repeated in subsequent auditor reports. 8. There is a policy and procedures manual that is up to date and made available to staff. 9. Internal controls have been established and are communicated to staff. 10.Internal controls are tested and updated periodically. 11.There is a fraud hot line. 12.Employees are encouraged to report suspicious activity. 13.There is a good tone at the top. 14.Periodic inventories of fixed assets are taken and reconciled to records. 15.Bank reconciliations are performed in a timely manner. 16.Bank reconciliations are reviewed by management and reconciling items are adequately monitored and explained. 17.There is adequate segregation of duties or compensating controls. YES NO Prepared by Holly K. Scofield, CPA

5 Exhibit B SAMPLE SEGREGATION OF DUTIES for SMALL TOWNS Two-Person Segregation of Duties Clerk Post accounts receivable Mail checks Write checks Post general ledger Reconcile bank statements Post credits / debits Give credits and discounts Approve payroll Open mail / receive cash Disburse petty cash Complete deposit slips Prepare invoices Mayor Sign checks Sign employee contracts Custody of securities Complete check log Perform inter-fund transfers Distribute payroll Reconcile petty cash Review invoices Approve employee time sheets Authorize purchase orders Authorize check requests Authorize invoices for payment Prepared by Holly Scofield, CPA Page 1 of 3

6 Exhibit B SAMPLE SEGREGATION OF DUTIES for SMALL TOWNS Three-Person Segregation of Duties Clerk Town Administrator Mayor Post accounts receivable Prepare invoices Sign checks Reconcile petty cash Record initial charge Sign employee contracts Write checks Open mail / receive cash Custody of securities Post general ledger Mail checks Complete deposit slips Reconcile bank statements Approve invoices for payment Perform inter-fund transfers Post credits / debits Gives credits and discounts Distribute payroll Authorize purchase orders Authorize check requests Approve employee time sheets Approve payroll Complete check log Disburse petty cash Prepared by Holly Scofield, CPA Page 2 of 3

7 Exhibit B SAMPLE SEGREGATION OF DUTIES for SMALL TOWNS Four-person Segregation of Duties Bookkeeper Clerk Town Administrator Mayor Post accounts receivable Distribute payroll slips Complete deposit slips Sign checks Reconcile petty cash Open mail / receive cash Gives credits and discounts Sign employee contracts Write checks Record initial charges Prepare invoices Custody of securities Post general ledger Complete check log Approve payroll Approve employee timesheets Post credits / debits Disburse petty cash Approve invoices for payment Reconcile bank statements Mail checks Authorize purchase orders Authorize check requests Perform inter-fund transfers Prepared by Holly Scofield, CPA Page 3 of 3

8 Exhibit C An Internal Control Checklist For Small Towns Organizational Checklist: Duties should be segregated (to the extent possible). One person should not be in control of all of the major accounting responsibilities. Example: the person having custody of the assets should be different from the one handling the record keeping. Example: the person preparing the bank reconciliation should be different from the one keeping the books and controlling cash. Example: the person signing the checks should be different from the one keeping the books and controlling cash. The Town Council should regularly receive and review periodic (monthly) financial reports, and discussions regarding financial matters should be documented in the minutes. Financial Checklist: Comparisons of budgeted and actual revenues and expenditures are made in periodic (monthly) financial reports. Compare results with actual year-to-date results from the same period in the prior year. Checks received should be restrictively endorsed upon receipt. Checks received should be deposited the same day they are received and a receipt log should be maintained. Checks paid should have accompanying documentation when reviewed and signed. Invoices should be approved and signed off on (or initialed) before payment. Only original invoices should be paid to avoid duplication of payment. Each invoice should be marked paid when the check is prepared. Have fidelity bond coverage. Processes and Procedures Checklist: Two signatures should be required for large checks. Example: amounts paid over $1,000 may require a second signature, such as by the Executive Director and Treasurer of the Board. This is one way of having internal controls for expenditures when the staff of the organization is small. Use pre-numbered documents such as invoices and checks for easier tracking. All journal entries should be reviewed and approved. Policies should be communicated throughout the staff and Town Council. Train staff on the importance of accounting controls. Prepared by Holly K. Scofield, CPA

9 Exhibit C An Internal Control Checklist For Small Towns Documentation Checklist: Supporting documentation such as deeds for buildings and loan agreements should exist for transactions. Internal control policies and procedures should be documented in an accounting policies and procedures manual or similar document. This practice saves significant time when the auditor comes in to perform the external financial audit. Have procedures in place to periodically check to see that all transactions are recorded in the proper account(s) as well as in the proper amount. Have a conflict of interest or ethics statement in place. Security Checklist: Assets should be safeguarded (e.g., proper security should be used). Authorized levels of staffing and budgeting should exist. Use appropriate levels of computer security for staff, such as one or two-level passwords for entry into the accounting system, and change them regularly. Prepared by Holly K. Scofield, CPA