How to Protect Your Service Construction Business from Embezzlement
Do you own or manage an air conditioning, heating (HVAC), plumbing, electrical, service, or construction business? Do you prefer to run service calls rather than use your accounting and job costing software? If you said yes to any of these questions, you need to read this article.
How to Prevent Theft and Embezzlement
I would like to offer the air conditioning, heating (HVAC), plumbing, electrical, service, service, or construction industries a little advice on controlling theft. Be involved in running your office and understanding accounting functions and your service accounting software. Show as much interest in accounting as the field. You don’t have to do the work but you need to know the basics so you can train and review the work of others.
Embezzlement or employee theft is one of the most common ways small businesses go bankrupt every year. There is no easy-to-identify profile for who could potentially embezzle from you. In my years of consulting with service businesses, I have heard literally hundreds of heartbreaking stories about business partners, lifelong friends and seemingly trustworthy coworkers who turned out to be thieves.
The key is to avoid the obvious pitfalls and make sure that you have set up your accounting software in such a way that prevents easy access. In the article that follows, I have outlined some of the common techniques that dishonest people have employed to steal from their employers. I hope that you find this helpful in protecting your company against embezzlement.
Common Security Breeches
The Fake Vendor
A common method of theft involves the bookkeeper creating a vendor with a name that closely resembles a vendor that you do business with. Examples could include Carrier Inc. instead of Carrier. They open an account under that name and pay bogus bills to that fake vendor. Their hope is that you won’t notice the subtle name difference.
The Fake Employee
A fake person is setup as an employee and payroll is issued. This “employee” may even received bonus and reimbursed expenses. This one is usually pulled off in a larger company where a fake employee could go unnoticed. A proper audit will usually detect this type of fraud but it occasionally goes undetected.
Editing Typewritten Checks
Crooks will sometimes type a check using a typewriter and ask you to sign it. They will then reinsert the check and use the “Correction” feature of the typewriter to remove the “Pay To”. They then enter another name into the “Pay To” field. Once the check clears, they will change the “Pay To” back to what you thought it was when you signed the check
A bookkeeper and technician join together to steal. Invoices can be destroyed along with any record of the service call. A bank account can be created with a business name that closely resembles yours, allowing them to cash your checks. If your company is called Precision Service, theirs could be called Precision Service Co. They just add “Co” to the Pay To field. Discourage your customers from paying in cash. It can be dangerous to carry around and cash is obviously a lot easier to steal.
Cash Back Deposits
An easy technique for a bookkeeper to steal is to deposit checks payable to the company into the company’ bank account and show a “Less Cash” amount, which he or she then pockets. Prevention is very simple. A bank receiving a deposit for a corporate account should not allow any “Less Cash” deposits but rather should require that checks made out to the company be deposited into the company’ account with “For Deposit Only” stamped on them. Then a company check, signed by an authorized signer on the company’ account can be written for the required amount. Of course, any deposit endorsed “For Deposit Only” should only be deposited into the account of the payee with no “Less Cash” disbursement. This type of fraud is easy to accomplish if the bank operates in a very sloppy manner, but is impossible if the bank follows industry standard banking practices and procedures. Check with your bank to make sure this is the case.
Security Policies and Procedures
Your bookkeeper should never have check signing privileges. Allow them to make basic banking inquiries, but do not grant them transfer or withdrawal privileges.
- Use purchase orders as much as possible. Nothing is purchased without a purchase order being filled out and a PO number being assigned to the purchase.
- Have your bookkeeper review all bills, write the checks and present them to you twice each month.
- Carefully review each check and bill prior to signing them. Look for bills that might be fraudulent. A common practice is to create fake bills for supplies, repairs and the like. Always match Pos to bills and bills to checks.
- When signing checks, use a unique signature style, something different than you use to sign any other documents in your business. You may want to include a subtle mark that only you know about, so you can look for that mark every time you review canceled checks with your bank statement.
- Order your bank to send all correspondence to your home address. Nothing is mailed to your office! That may stop most fraud all by itself. Read all letters. Open your own bank statements. Do not have a spouse, child or secretary do this for you. Keep this information sealed and confidential.
- Review bank statements and canceled checks. Look for forged signatures (you don’t have to cover a forged check) and altered “Pay To” entries on each check. Turn the check over and carefully examine the endorsement. Is the endorsement official and consistent with others from that vendor? Does it match the “Pay To”?
- Examine your bank statement for unusual activity such as withdrawals, transfers and drafts.
- Reconcile your bank account every single month. Also reconcile the credit card statements. This is for security.
- Do not give any single person too much accounting authority. Never allow the same person who does the bookkeeping to reconcile the bank account or credit card statements. When possible, never allow the same person who does bookkeeping to perform payroll.
- Make sure your answering service faxes or e-mails you a complete list of all evening and weekend calls. Match those calls against invoices. Match deposits against invoices.
- Study your credit card software. It’ not hard to deposit credit card charges into other bank accounts that you do not control. Most of these programs have an audit trail. Turn it on. Be sure that the owner is the only person with administrative rights to the software. This will prevent the audit trail from being deleted and account numbers from being changed.
- If you use accounting software, be sure that security is turned on. Use strong passwords and do not reveal them to anyone. Make certain that the audit trail feature (if it has one) is turned on. If you are using Total Office Manager from Aptora, the Audit Trail can never be turned off (not even by the administrator) and each permission can be assigned by employee on a form-by-form basis. Make sure that only the owner of the business has full administrative privileges. Study the audit trail report looking for unusual activity.
- Perform background checks on all employees.
- Require all key employees to sign a confidentiality agreement (protects you and your clients). Do the world a favor and commit yourself to prosecuting thieves.
- If your company has partners, hire a professional outside auditing firm to conduct an audit on your company’ books once per year. This will give all partners peace of mind.
- Do not allow anyone on your staff the ability to DELETE anything in your accounting software. With Total Office Manager from Aptora, you can set this preference in your security settings.
- Carefully consider to whom you grant Void Transactions authority.
- Check your audit trail monthly for items that have been deleted or voided!
- A good audit trail cannot be deactivated by anyone (not even the administrator) and should be capable of storing tens of thousands of transactions.
Your database (or company file) should be located on a server. This is necessary for both the speed of the TOM software and security reasons.
- Place your server in a locked and fire resistant closet or small room. Lock the computer case to the wall. Be sure the room’ door includes a strong lock. Thieves will certainly steal your server along with your company file if they have the chance. Don’t forget that the company file contains private information such as credit card numbers, social security numbers, home addresses and more. You may have some serious legal liability if “reasonable” security measures are not taken.
- Disgruntled employees could easily place a large magnet on top of the computer. This can destroy your hard drive. This is another reason to keep the server in a locked room.
- Set up your server so that backups are made every night. At least once per week, remove one backup from the building and keep it in a fire resistant safe at home. Each year, a backup might be placed in a safety deposit box.
- Your backup system might be located in a fire resistant container or safe (within the server room). You may wish to invest in a low cost safe for this purpose. Drill a hole for the cable and place the backup (like an external hard drive) in the safe. The safe must be oversized to prevent overheating situations.
In this tough economy, internal theft and embezzlement is on the rise. Employees have discovered that it’s relatively easy to steal from a company whose owner takes a “hands-off and not interested” approach to managing the financial books. Businesses without proper financial controls run the risk of financial disaster.
Managing an air conditioning, heating (HVAC), plumbing, electrical, service, or construction business is not easy. Having service technicians or bookkeeper steal from you makes it even worse. Understanding your company’ bookkeeping procedures and accounting software will help you avoid a financial disaster.