Oliver Wendell Holmes once said, “Learn from the mistakes of others … You can’t live long enough to make them all yourself!”
An administrative manager who was working for 5 years from 2015 to 2020 for a clinic misappropriated a total of $550,000 (The Straits Times 21 April 2022).
How did she do it?
- Misappropriated a total of 8 pre-signed blank cheques by the clinic’s medical director for vendors’ payment. 6 of the pre-signed cheques were Issued and deposited directly into her personal bank account. Duping two of her friends into receiving 2 cheques issued in their respective names and transferring the receipts back to her.
- Depositing 4 cash payments received from customers totalling $216,300 into personal bank account.
- Duping a customer to transfer a $25,000 payment for the settlement of his medical fees to her bank account instead of the clinic bank account.
How are this discovered?
It was the last crime relating to the $25,000 payment on 28 October 2020 that did her in. The medical director asked for the status of the patient’s payment and noticed the amount received in the clinic’s bank account were multiple tranches from credit cards (presumably she paid from credit card loan facility). In addition, the amount in the invoices were lower and billed items were different. An internal investigation was started and the rest was history.
What are the things that went wrong?
- There is no segregation of functions
The administrative manager was responsible for finance, general office administration, cash collection as well as invoicing and accessing the front end clinic’s client management system.
- There is no segregation of duties
The same person was given the preparation, review and approval role for the finance system and clinic’s management system.
- There is no oversight control
There is no independent supervisory oversight over this “super user”.
How can we learn and prevent this ?
- Segregation of functions
The person handling finance should not handle the front office function of sales or customer management. This is to prevent situation for one who is dealing and billing customer be also given the same access to finance posting and access to bank accounts. You may want to consider the feasibility of getting an independent outsourcer for finance function to ensure a certain degree of segregation. It may not be practical and sustainable for SME or clinic to employ a full time finance staff due to the unpredictable staff turnover, specific skillset and continuous professional upskilling and most importantly the risk of loss of independence for long-time staff. It is strongly recommended that within the finance function, all finance staff must be rotated every 3 to 5 years eg the person handling accounts payable must be rotated to handle a separate finance function periodically eg accounts receivable, general ledger etc. (see article: “The importance of good accountant for your business dated March 6, 2019”)
- Segregation of duties
There should be a segregation of duty within the right access to systems (finance or client management system) that different persons perform the preparation, review and approval role. In a small SME setup, the preparation and or review function can be performed by the same staff but the approval function must be performed by another person.
- Never use pre-signed blank cheques
Pre-signed blank cheques should never be used. Even in a proper approved and signed cheque process, we have seen cases of cheque payee name and amount tempered. The use of cashless payment eg Giro, Paynow would help to eliminate any possibility of fraudulent exposure in this. (see article: “The Magic of erasable ink and Bank reconciliation dated March 14, 2019”)
- Do not take bank reconciliation for granted
Many owners of businesses have taken the view that looking and reconciling details in bank statements to financial system is a domain strictly restricted to the finance (or accountant). For most SME, cash is the lifeline and the top number that business would need to hawk over daily. The way to do this is not to just look for any differences between what is shown in the bank statement vs Cash book. But rather, the amount that you see at the end of the month in the bank statement is it consistent with what you understand to be the flow of business (ie customer sales or patients’ volume) or whether transactions reflected In the bank statement make sense. If you as the business owner or keyman of the business does not even have that sensing, then who else would that be? (see article: “Taking bank reconciliation for granted dated March 7, 2019”)
Interestingly, there was the involvement of two unsuspecting friends in receiving and transferring the fraudulent receipts. It is important to be aware that if you are one of the “friends” in receiving or transferring any proceeds relating to scam, you may be convicted as a “money mule”. (see article: “Man jailed 20 months for role in “money mule” scam dated September 23, 2016”)