Embezzlement & A Proactive Defense
You’ve likely heard the statistics before. On average, 4 in 10 dentists will be embezzled from at some point in their career. The average loss is $104,500, and on average it goes on for over two years before being discovered. Discovery of embezzlement is often quite difficult, especially as it can be initiated by trusted employees, financial advisors, and even family members!
The Fraud Triangle
It can be helpful to consider the “Fraud Triangle”, which consists of 3 points that can explain how trusted individuals end up committing embezzlement. The triangle’s points are (1) Pressure, (2) Opportunity, and (3) Rationalization.
An individual may have pressure in the form of a known or unknown financial hardship at home. Perhaps the individual is going through a costly divorce, has growing medical bills, is subject to wage garnishment, or has a spouse who recently lost their job.
The next step is step is when the same individual has the opportunity to commit embezzlement. This typically happens when someone has the ability to use their position to steal, knowing that they have a low risk of discovery.
Lastly, an individual commits the fraud when there’s rationalization about what they’re doing. Most individuals who embezzle don’t see themselves as criminals. Perhaps they’re just skimming a little to compensate for what they view as a low pay rate.
Signs of Potential Embezzlement
Some owners suspect embezzlement when there are noticeable changes to the financial statements. Often times there may be an unexpected drop in practice income. Other times overhead expense ratios are significantly higher than professional averages.
Sometimes the embezzlement happens in the disconnect between your practice management software (e.g. Dentrix) and your company’s actual books (e.g. QuickBooks). There are many tricks that can be implemented by someone with full access to your Accounts Receivable database. When reviewing your production adjustments (a.k.a. “write-offs”) on patient accounts, have you noticed an excessive amount beyond what you’d expect? Have patients complained about billing errors--either double-billing or failure to properly apply the payments they’ve made?
The signs may also come from the behavior of the individual committing the fraud. You may observe a sudden change in an employee’s lifestyle, one that doesn’t accurately match their household income level. Is an employee driving a super expensive car, or constantly buying pricey clothing, jewelry, or accessories? It could be embezzlement, or it might just be someone living off of credit cards.
Another sign is an employee who is extremely controlling of their workspace, or someone who fights to protect their job responsibilities, especially with respect to financial records. You might experience an employee who refuses to cross-train another employee on their bookkeeping or billing activities, or an employee who adamantly resists changes to your computer or accounting systems. Sometimes an employee constantly works overtime without sufficient reason. You may not complain because they don’t request pay for the extra time, but perhaps their motivation might be just to be in the office alone.
One other potential avenue for embezzlement is relating to your vendors. An individual who has access to your Accounts Payable database might be able to delay or re-route payments to your vendors. Have your supply vendors complained about slow payments? You might also observe an unusually-friendly relationship between your vendors and the employee who handles the ordering. It’s possible that there may be a “kickback” arrangement that indirectly steals from you.
Proactive Measures & Best Practices
The first thing you can always do is background check your employees before beginning employment. Similarly, you should do the same beginning a relationship with any financial advisor that will have access to your assets. At a minimum, check with past employers when hiring a new employee, and ask for client referrals when hiring a new financial advisor.
Segregation of Duties
An important defense in combating embezzlement is segregation of duties, which is the concept that a single individual should not be entrusted with more than one of the financial areas that include authorization, custody, and record keeping. Authorization is the ability to sign checks or otherwise issue payments. Custody is access to and control of bank accounts, physical access to checks, and edit access to the office financial management system. Record keeping is the ability to make entries into an accounting system.
The concept of segregating duties is that an individual might be able to do something (e.g. sign a check), but they shouldn’t have physical access (e.g. to blank checks) or the ability to make entries in the accounting software (e.g. to cover their tracks if they wrote a check to themselves).
Segregation of duties is much easier to implement in a larger office environment, and can rarely be fully implemented in a smaller dental office. Additionally, segregation of duties fails whenever there is collusion with other individuals.
Payroll is an area where simple controls should be in place. If the owner has delegated payroll administration to an office manager, at a minimum, the owner should review and sign off on employee’s total hours (including overtime) and use of vacation and sick leave. Failing to do so may allow a tempted office manager to be generous with their own hours, or it may also allow the office manager to collude with other employees to inflate hours or overlook vacation leave. Additionally, mistakes happen, and it’s always good to have a secondary review step before payroll is completed.
Another example is with respect to Accounts Receivable. Since checks can come through the mail, it can be important to have one person open the mail, and another person make entries into the system that manages Accounts Receivable. There’s a scheme called “lapping” that would allow someone with access to both incoming checks and the Accounts Receivable system to post payments to the wrong patient’s account in order to cover a past theft.
Tracking Collections vs. Deposits
Another scheme is when an employee simply “skims” from the daily collections. A certain amount of collections is recorded daily into your practice management software (e.g. Dentrix). It’s important to ensure that all of these physical collections end up matching the bank deposits that end up in your account. Part of this can include cash collections not making it to the bank, but more advanced embezzles can also reroute collected checks. A simple technique to combat this includes printing out the Day Sheet at the end of each day and logging cash into the external accounting software (e.g. QuickBooks) such that the daily totals match. Additionally, the total of all Day Sheets at the end of the month should match the actual bank deposits, after adjusting for the 1-3 day delay in posting deposits.
If there exists in your practice an ongoing scheme of stealing from you, sometimes it requires that employee to always be at the office. They fear, often rightfully so, that if they aren’t there every day to keep their tracks covered, their fraud will be discovered. Sometimes these employees, who refuse to take vacation, are mistakenly viewed as dedicated employees. It can be important to have a policy in place that requires employees to take vacation every so often, perhaps at least once every 4-6 months.
Another helpful tool can be to having multiple employees trained to complete the same tasks, either with rotating responsibilities or “back-up” roles for when someone is out on vacation or sick leave. Some examples of these roles include who gets the daily mail, who opens the mail, who enters payments into the Accounts Receivable software, who physically makes cash and check deposits, where bank and credit card statements are sent (and who opens them), and who reconciles the bank and credit card statements.
Be Knowledgeable About Software & Utilize Unique User Accounts
Much of the time, embezzlement is enabled by an owner who places too much trust in someone else. Part of this trust occurs when an employee or financial advisor is the only person who understands how to use practice management or accounting software. The owner should completed both scheduled and random checks of the systems.
Additionally, the owner should know how to run the “audit trail” or "audit log" function of both software systems and keep an eye on the activity of the other persons using those systems. That also requires that each individual have their own username and a secret password for utilizing these systems.
It’s good to have trust of others. It’s better to have controls in place to ensure that you’re doing everything possible to combat embezzlement. If you suspect fraud, document everything and hire a Certified Public Accountant (CPA) or Certified Fraud Examiner (CFE). And finally, if fraud is uncovered, it’s important to prosecute, as only 21% of victims do!
Dave Sholer, CPA, MBA works exclusively with dentists in California, offering full-service accounting & tax solutions for dental practices of all sizes.
Want more info? Dave offers a no-cost, zero obligation consultation to answer whatever questions you have and/or to review your books, tax returns, and payroll situation. He can review your unique situation to evaluate what embezzlement risks may be present in your practice. Additionally, Dave’s full-service model is structured to reduce the most common embezzlement risks by segregating duties and implementing the techniques described in this article.