Because they foster a collegial, trusting environment, law firms can be more vulnerable to fraud than many other types of businesses. Enforcing internal controls may simply seem unnecessary in an office of professionals dedicated to the law. Unfortunately, occupational thieves can take advantage of such complacency.
A law firm’s accounting department — payroll and accounts payable and receivable — may be particularly vulnerable. To protect against financial losses and possible public embarrassment, implement and enforce five basic controls:
1. Screen employees. Require all prospective employees, regardless of level, to complete an employment application with written authorization permitting your firm to verify information provided. Then, call references and conduct background checks (or hire a service to do it). These checks search criminal and court records, pull applicants’ credit reports and driving records, and verify their Social Security numbers.
2. Use fraud-resistant documents. The design of financial documents can help ensure proper authorization of transactions, completeness of transaction histories and adherence to other control elements. For example, use prenumbered payment vouchers that a designated partner must approve.
3. Require authorization. Authorization procedures can help prevent transactions from occurring without proper approval. In the example above, the designated partner is the authorizing party. This control is effective because the partner is in a position to know what the transactions are and how they pertain to your firm’s clients. Similarly, restrict access by maintaining current signature cards at your bank and by protecting accounting and billing systems with difficult passwords.
4. Segregate duties. Some smaller firms assign the same person to open mail, make bank deposits, record book entries and reconcile monthly bank statements. In this environment, fraud’s not only possible — it’s likely. It’s critical that your firm distribute these tasks to two or more people.
5. Provide independent oversight. A designated partner should open all bank statements. Even if the partner doesn’t review every item individually, employees will get the message that transactions will be verified. Someone outside the accounting department, such as your firm’s CPA, might also review transactions as they’re processed and financial statements at the close of accounting cycle reconciliations.
Even if your firm is like family — especially if your firm is like family — you need to reduce fraud opportunities by strengthening internal controls. If you aren’t sure if your policies are adequate, or if you’ve experienced a fraud incident, contact Ashley Lee, CPA, CFE at firstname.lastname@example.org.