As organizations go through any kind of transition, it is natural and fairly common for them to lose focus of other systems and business operations. It could be a new software system that is being implemented, the opening of a new location, or the purchase/sale of a line of business. I have heard countless executives say that, no matter what new project they take on, they absolutely must focus on existing businesses to make sure steps aren’t missed. While this viewpoint is certainly necessary for the operations of the business, the same is true for the financial controls of the business. As new systems and processes come online, mission-critical controls still need the crisp execution that makes them effective.
For healthcare organizations far and wide, the last few years have brought a focus on the development of systems to safeguard sensitive health information as new HIPAA regulations are issued. This article suggests that a particular healthcare institution may have been distracted by such an implementation and allowed monitoring of existing systems to slip. Regardless of your industry affiliation and regardless of your specific distraction, the need for effectively operating internal controls for basic safeguarding of assets, particularly cash, is critical.
The article reminded me of some good best practices around cash management that I wanted to highlight. Schemes, especially complicated schemes like the one in the article, are growing in frequency. Over the last few years I have seen banks react with the creation of new programs and services to protect your accounts. Your bank undoubtedly has a treasury management officer who would be happy to tell you about those programs and collaborate with you on shoring up defenses. Take their call and invest some time to understand what is available to you. It is time well spent.
Particularly as it relates to electronic payments, I have seen some sophisticated systems for limiting how electronic payments can be initiated and executed that can be effective preventers. These additional mechanics may seem like an inconvenience at times, but in the long run it is far better than unwinding a $1M fraud. One key control is to have a dedicated station that only handles electronic bank payments and is cut off from the rest of the network. By quarantining this machine from all other activity, you are far less likely to have it infected with a virus that could unknowingly leak information to outsiders.
Cash is king, and when it comes to prioritizing internal controls, those impacting cash balances should come first. Develop processes to reconcile cash activity in your bank account on a daily basis. Certain transactions can only be recovered from a bank within a short time window, a matter of hours in some cases. If you are not reviewing activity on a daily basis you might miss your chance to recover what was wrongly taken.
© Clark Nuber PS and Focus on Fraud, 2014. Unauthorized use and/or duplication of this material without express and written permission from this blog’s author and/or owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to Clark Nuber PS and Focus on Fraud with appropriate and specific direction to the original content.